Re: [openssl-dev] OpenSSL_1_0_2-stable Windows build

2016-08-22 Thread Richard Levitte 
In message  on Mon, 22 Aug 
2016 19:35:35 +0100, Matt Caswell  said:

matt> 
matt> 
matt> On 22/08/16 18:12, John Foley wrote:
matt> > Is anyone seeing the following error when building 1.0.2 stable on 
Windows:
matt> > 
matt> >   Creating library tmp32dll\junk.lib and object tmp32dll\junk.exp
matt> > IF EXIST out32dll\sslv2conftest.exe.manifest mt -nologo 
-manifest out32dll\sslv2conftest.exe.manifest 
-outputresource:out32dll\sslv2conftest.exe;1
matt> > cl /Fotmp32dll\dtlstest.obj -Iinc32 -Itmp32dll /MD /Ox /O2 /Ob2 
-DOPENSSL_THREADS  -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 
-DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE 
-DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT 
-DOPENSSL_BN_ASM_GF2m 
-IC:\Users\testuser\workspace\CiscoSSL\ciscossl-platform-tests-win32\fips/include
 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM 
-DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_USE_APPLINK -I. 
-DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_SSL2 -DOPENSSL_NO_KRB5 
-DOPENSSL_NO_BASE_EC -DOPENSSL_NO_BASE_ECDSA -DOPENSSL_NO_BASE_ECDH 
-DOPENSSL_NO_GOST -DOPENSSL_FIPS -DOPENSSL_NO_JPAKE 
-DOPENSSL_NO_WEAK_SSL_CIPHERS -DOPENSSL_NO_STATIC_ENGINE /Zi /Fdtmp32dll/app -c 
.\ssl\dtlstest.c
matt> > dtlstest.c
matt> > link /nologo /subsystem:console /opt:ref /debug 
/out:out32dll\dtlstest.exe @C:\Users\testuser\AppData\Local\Temp\nm6DBA.tmp
matt> >Creating library tmp32dll\junk.lib and object tmp32dll\junk.exp
matt> > dtlstest.obj : error LNK2019: unresolved external symbol 
_create_ssl_ctx_pair referenced in function _test_dtls_unprocessed
matt> > dtlstest.obj : error LNK2019: unresolved external symbol 
_create_ssl_objects referenced in function _test_dtls_unprocessed
matt> > dtlstest.obj : error LNK2019: unresolved external symbol 
_create_ssl_connection referenced in function _test_dtls_unprocessed
matt> > dtlstest.obj : error LNK2019: unresolved external symbol 
_bio_f_tls_dump_filter referenced in function _test_dtls_unprocessed
matt> > dtlstest.obj : error LNK2019: unresolved external symbol 
_mempacket_test_inject referenced in function _test_dtls_unprocessed
matt> > out32dll\dtlstest.exe : fatal error LNK1120: 5 unresolved externals
matt> > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual 
Studio 12.0\VC\BIN\link.EXE"' : return code '0x460'
matt> > Stop.
matt> 
matt> Yes. It needs this to be merged:
matt> 
matt> https://github.com/openssl/openssl/pull/1470

... which finally happened, just now.

Cheers,
Richard

-- 
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] OpenSSL_1_0_2-stable Windows build

2016-08-22 Thread Matt Caswell 


On 22/08/16 18:12, John Foley wrote:
> Is anyone seeing the following error when building 1.0.2 stable on Windows:
> 
>   Creating library tmp32dll\junk.lib and object tmp32dll\junk.exp
>   IF EXIST out32dll\sslv2conftest.exe.manifest mt -nologo -manifest 
> out32dll\sslv2conftest.exe.manifest 
> -outputresource:out32dll\sslv2conftest.exe;1
>   cl /Fotmp32dll\dtlstest.obj -Iinc32 -Itmp32dll /MD /Ox /O2 /Ob2 
> -DOPENSSL_THREADS  -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo 
> -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN 
> -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 
> -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m 
> -IC:\Users\testuser\workspace\CiscoSSL\ciscossl-platform-tests-win32\fips/include
>  -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM 
> -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_USE_APPLINK -I. 
> -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_SSL2 -DOPENSSL_NO_KRB5 
> -DOPENSSL_NO_BASE_EC -DOPENSSL_NO_BASE_ECDSA -DOPENSSL_NO_BASE_ECDH 
> -DOPENSSL_NO_GOST -DOPENSSL_FIPS -DOPENSSL_NO_JPAKE 
> -DOPENSSL_NO_WEAK_SSL_CIPHERS -DOPENSSL_NO_STATIC_ENGINE /Zi /Fdtmp32dll/app 
> -c .\ssl\dtlstest.c
> dtlstest.c
>   link /nologo /subsystem:console /opt:ref /debug 
> /out:out32dll\dtlstest.exe @C:\Users\testuser\AppData\Local\Temp\nm6DBA.tmp
>Creating library tmp32dll\junk.lib and object tmp32dll\junk.exp
> dtlstest.obj : error LNK2019: unresolved external symbol _create_ssl_ctx_pair 
> referenced in function _test_dtls_unprocessed
> dtlstest.obj : error LNK2019: unresolved external symbol _create_ssl_objects 
> referenced in function _test_dtls_unprocessed
> dtlstest.obj : error LNK2019: unresolved external symbol 
> _create_ssl_connection referenced in function _test_dtls_unprocessed
> dtlstest.obj : error LNK2019: unresolved external symbol 
> _bio_f_tls_dump_filter referenced in function _test_dtls_unprocessed
> dtlstest.obj : error LNK2019: unresolved external symbol 
> _mempacket_test_inject referenced in function _test_dtls_unprocessed
> out32dll\dtlstest.exe : fatal error LNK1120: 5 unresolved externals
> NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 
> 12.0\VC\BIN\link.EXE"' : return code '0x460'
> Stop.

Yes. It needs this to be merged:

https://github.com/openssl/openssl/pull/1470

Matt

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] OpenSSL_1_0_2-stable Windows build

2016-08-22 Thread John Foley 

Is anyone seeing the following error when building 1.0.2 stable on Windows:

  Creating library tmp32dll\junk.lib and object tmp32dll\junk.exp
IF EXIST out32dll\sslv2conftest.exe.manifest mt -nologo -manifest 
out32dll\sslv2conftest.exe.manifest -outputresource:out32dll\sslv2conftest.exe;1
cl /Fotmp32dll\dtlstest.obj -Iinc32 -Itmp32dll /MD /Ox /O2 /Ob2 
-DOPENSSL_THREADS  -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 
-DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE 
-DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT 
-DOPENSSL_BN_ASM_GF2m 
-IC:\Users\testuser\workspace\CiscoSSL\ciscossl-platform-tests-win32\fips/include
 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM 
-DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_USE_APPLINK -I. 
-DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_SSL2 -DOPENSSL_NO_KRB5 
-DOPENSSL_NO_BASE_EC -DOPENSSL_NO_BASE_ECDSA -DOPENSSL_NO_BASE_ECDH 
-DOPENSSL_NO_GOST -DOPENSSL_FIPS -DOPENSSL_NO_JPAKE 
-DOPENSSL_NO_WEAK_SSL_CIPHERS -DOPENSSL_NO_STATIC_ENGINE /Zi /Fdtmp32dll/app -c 
.\ssl\dtlstest.c
dtlstest.c
link /nologo /subsystem:console /opt:ref /debug 
/out:out32dll\dtlstest.exe @C:\Users\testuser\AppData\Local\Temp\nm6DBA.tmp
   Creating library tmp32dll\junk.lib and object tmp32dll\junk.exp
dtlstest.obj : error LNK2019: unresolved external symbol _create_ssl_ctx_pair 
referenced in function _test_dtls_unprocessed
dtlstest.obj : error LNK2019: unresolved external symbol _create_ssl_objects 
referenced in function _test_dtls_unprocessed
dtlstest.obj : error LNK2019: unresolved external symbol _create_ssl_connection 
referenced in function _test_dtls_unprocessed
dtlstest.obj : error LNK2019: unresolved external symbol _bio_f_tls_dump_filter 
referenced in function _test_dtls_unprocessed
dtlstest.obj : error LNK2019: unresolved external symbol _mempacket_test_inject 
referenced in function _test_dtls_unprocessed
out32dll\dtlstest.exe : fatal error LNK1120: 5 unresolved externals
NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 
12.0\VC\BIN\link.EXE"' : return code '0x460'
Stop.


-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2676] 1.0.1-beta1 issue: RSA exponent 1 is NOT ok

2016-08-22 Thread Rich Salz via RT 
This is fixed in 1.0.2 (commit 561530d) and master/1.1.0 (commit 464d59a).
Thanks!

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2676
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4628] EVP_f_cipher regression due to overlapping regions check

2016-08-22 Thread David Benjamin via RT 
I may not have time to fully digest the change before the release date, but
I'm not sure this snippet quite works:

   if (ctx->read_start == ctx->read_end) { /* time to read more data */
   ctx->read_end = ctx->read_start = &(ctx->buf[BUF_OFFSET]);
   ctx->read_end += BIO_read(next, ctx->read_start, ENC_BLOCK_SIZE);
   }
   i = ctx->read_end - ctx->read_start;

   if (i <= 0) {

It's kind of an odd error-checking pattern and is only saved from undefined
behavior by BUF_OFFSET. (Is a custom BIO allowed to return -1,000,000 on
error or must it be -1? There are definitely some OpenSSL APIs which return
-2 expecting that the usual error-check patterns don't care.) Anyway, I
believe it gets stuck if non-blocking BIO causes BIO_read to fail on a
retryable error like EWOULDBLOCK and we try again. I see calls to
BIO_should_retry, so I gather this BIO is intended to work in front of a
non-blocking BIO.

Since the error path should only be reachable when BIO_read fails, maybe
move that inside the "read more data" codepath? Then you don't need pointer
tricks to avoid duplicating the code.

David

On Sun, Aug 21, 2016 at 5:57 PM Andy Polyakov via RT  wrote:

> There are two commits, one that addresses bio_enc problems and one
> adding test. Please double-check.
>
>
> --
> Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4628
> Please log in as guest with password guest if prompted
>
> --
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4628
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4655] Openssl req seems not to work with precreated key

2016-08-22 Thread Richard Levitte via RT 
All merged now, closing ticket.

On Mon Aug 22 13:30:02 2016, levitte wrote:
> Perfect.
>
> Fix has been merged into master, but I'll wait with closing this until
> I get a
> yay or nay about the corresponding 1.0.2 fix.
>
> Cheers,
> Richard
>
> On Mon Aug 22 13:12:58 2016, beld...@gmail.com wrote:
> > Dear Richard,
> >
> > Thank you, it works.
> >
> > On Mon, Aug 22, 2016 at 4:00 PM, Richard Levitte via RT
> > 
> > wrote:
> >
> > > The issue isn't with the pre-created key, but because '-x509'
> > > doesn't
> > > fully
> > > flag that something new is to be created. The freeze is because
> > > 'openssl
> > > req'
> > > tries to read a csr... '-newkey', however, does flag the creation
> > > of
> > > a csr
> > > /
> > > x509, that's why the alternative command works.
> > >
> > > Fix in https://github.com/openssl/openssl/pull/1479
> > >
> > > Cheers,
> > > Richard
> > >
> > > On Mon Aug 22 12:33:47 2016, beld...@gmail.com wrote:
> > > > Hello openssl team,
> > > >
> > > > I experience problems with openssl version OpenSSL 1.1.0-pre7-dev
> > > >
> > > > I use Debian GNU Linux, the version is 8.5
> > > > The kernel version is
> > > > Linux vr-dev 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-2 (2016-
> > > > 04-
> > > > 08)
> > > > x86_64 GNU/Linux
> > > >
> > > > I have created a private key with a command
> > > >
> > > > LD_LIBRARY_PATH=. apps/openssl genrsa -out rsa2048.pem 2048
> > > >
> > > > in the build directory.
> > > >
> > > > When I execute the command
> > > > OPENSSL_CONF=apps/openssl.cnf LD_LIBRARY_PATH=. apps/openssl req
> > > > -x509
> > > -key
> > > > rsa2048.pem -keyform PEM -out cert.pem
> > > >
> > > > in the build directory, it seems to hang and does not print any
> > > > prompt.
> > > >
> > > > The command line
> > > > OPENSSL_CONF=apps/openssl.cnf LD_LIBRARY_PATH=. apps/openssl req
> > > > -x509
> > > > -newkey rsa:2048 -keyout key.pem -out req.pem -nodes
> > > >
> > > > works ok.
> > > >
> > > > What's done wrong by me?
> > > >
> > >
> > >
> > > --
> > > Richard Levitte
> > > levi...@openssl.org
> > >
> > > --
> > > Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4655
> > > Please log in as guest with password guest if prompted
> > >
> > >
>
>
> --
> Richard Levitte
> levi...@openssl.org


--
Richard Levitte
levi...@openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4655
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4657] Bug - SSL Library Error - BUF_MEM_grow:malloc failure

2016-08-22 Thread Nomalatha Aerampu via RT 
Hi,

Our product (32-bit process) uses OpenSSL third-party libraries for EAP 
protocols. During the debugging of a customer issue in PEAP protocol, we got to 
understand that SSL_Accept has returned failure.

STATE_HANDSHAKE SSL_ERROR_SSL error retrun code [1] and peak error translate 
code [39] and err_get_reason [1048] // Error code, Error cases(Reason)
8900:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown 
ca:.\ssl\s3_pkt.c:1235:SSL alert number 48 // Error Queue
SSL_ERROR_SSL Handshake failure

On further analyzing, we found that handshake failure is due to the 
"BUF_MEM_grow : malloc failure" in the server after the 'n' number of 
authentications.
The memory buffer gets completely allocated and handshake is failed when we 
tried to allocate the memory.

STATE_HANDSHAKE SSL_ERROR_SSL error retrun code [1] and peak error translate 
code [2] and err_get_reason [65]
7820:error:07064041:memory buffer routines:BUF_MEM_grow:malloc 
failure:.\crypto\buffer\buffer.c:122:
SSL_ERROR_SSL Handshake failure

Total memory that is installed on the server: 4GB
Process memory size when the issue occurs: 360 ~ 370 MB

Operating System Version - Windows Server 2008
OpenSSL version - 0.9.7e, 1.0.0s

Please let us know if there are known issues related to the same or let us know 
if you require further information for your debugging.

Regards,
Nomalatha A

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4657
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4656] [BUG] print_bin could access memory off the end of a buffer

2016-08-22 Thread Perrow, Graeme via RT 
In file crypto/ec/eck_prn.c, if the function print_bin is called with len >= 15 
and off >= 124, we would eventually hit line 261:

memset( &(str[1]), ' ', off + 4 );

which would write >= 128 bytes into a 127-byte buffer.



-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4656
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4655] Openssl req seems not to work with precreated key

2016-08-22 Thread Richard Levitte via RT 
Perfect.

Fix has been merged into master, but I'll wait with closing this until I get a
yay or nay about the corresponding 1.0.2 fix.

Cheers,
Richard

On Mon Aug 22 13:12:58 2016, beld...@gmail.com wrote:
> Dear Richard,
>
> Thank you, it works.
>
> On Mon, Aug 22, 2016 at 4:00 PM, Richard Levitte via RT
> 
> wrote:
>
> > The issue isn't with the pre-created key, but because '-x509' doesn't
> > fully
> > flag that something new is to be created. The freeze is because
> > 'openssl
> > req'
> > tries to read a csr... '-newkey', however, does flag the creation of
> > a csr
> > /
> > x509, that's why the alternative command works.
> >
> > Fix in https://github.com/openssl/openssl/pull/1479
> >
> > Cheers,
> > Richard
> >
> > On Mon Aug 22 12:33:47 2016, beld...@gmail.com wrote:
> > > Hello openssl team,
> > >
> > > I experience problems with openssl version OpenSSL 1.1.0-pre7-dev
> > >
> > > I use Debian GNU Linux, the version is 8.5
> > > The kernel version is
> > > Linux vr-dev 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-2 (2016-04-
> > > 08)
> > > x86_64 GNU/Linux
> > >
> > > I have created a private key with a command
> > >
> > > LD_LIBRARY_PATH=. apps/openssl genrsa -out rsa2048.pem 2048
> > >
> > > in the build directory.
> > >
> > > When I execute the command
> > > OPENSSL_CONF=apps/openssl.cnf LD_LIBRARY_PATH=. apps/openssl req
> > > -x509
> > -key
> > > rsa2048.pem -keyform PEM -out cert.pem
> > >
> > > in the build directory, it seems to hang and does not print any
> > > prompt.
> > >
> > > The command line
> > > OPENSSL_CONF=apps/openssl.cnf LD_LIBRARY_PATH=. apps/openssl req
> > > -x509
> > > -newkey rsa:2048 -keyout key.pem -out req.pem -nodes
> > >
> > > works ok.
> > >
> > > What's done wrong by me?
> > >
> >
> >
> > --
> > Richard Levitte
> > levi...@openssl.org
> >
> > --
> > Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4655
> > Please log in as guest with password guest if prompted
> >
> >


--
Richard Levitte
levi...@openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4655
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4655] Openssl req seems not to work with precreated key

2016-08-22 Thread Dmitry Belyavsky via RT 
Dear Richard,

Thank you, it works.

On Mon, Aug 22, 2016 at 4:00 PM, Richard Levitte via RT 
wrote:

> The issue isn't with the pre-created key, but because '-x509' doesn't fully
> flag that something new is to be created. The freeze is because 'openssl
> req'
> tries to read a csr... '-newkey', however, does flag the creation of a csr
> /
> x509, that's why the alternative command works.
>
> Fix in https://github.com/openssl/openssl/pull/1479
>
> Cheers,
> Richard
>
> On Mon Aug 22 12:33:47 2016, beld...@gmail.com wrote:
> > Hello openssl team,
> >
> > I experience problems with openssl version OpenSSL 1.1.0-pre7-dev
> >
> > I use Debian GNU Linux, the version is 8.5
> > The kernel version is
> > Linux vr-dev 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-2 (2016-04-08)
> > x86_64 GNU/Linux
> >
> > I have created a private key with a command
> >
> > LD_LIBRARY_PATH=. apps/openssl genrsa -out rsa2048.pem 2048
> >
> > in the build directory.
> >
> > When I execute the command
> > OPENSSL_CONF=apps/openssl.cnf LD_LIBRARY_PATH=. apps/openssl req -x509
> -key
> > rsa2048.pem -keyform PEM -out cert.pem
> >
> > in the build directory, it seems to hang and does not print any prompt.
> >
> > The command line
> > OPENSSL_CONF=apps/openssl.cnf LD_LIBRARY_PATH=. apps/openssl req -x509
> > -newkey rsa:2048 -keyout key.pem -out req.pem -nodes
> >
> > works ok.
> >
> > What's done wrong by me?
> >
>
>
> --
> Richard Levitte
> levi...@openssl.org
>
> --
> Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4655
> Please log in as guest with password guest if prompted
>
>


-- 
SY, Dmitry Belyavsky

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4655
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4655] Openssl req seems not to work with precreated key

2016-08-22 Thread Dmitry Belyavsky 
Dear Richard,

Thank you, it works.

On Mon, Aug 22, 2016 at 4:00 PM, Richard Levitte via RT 
wrote:

> The issue isn't with the pre-created key, but because '-x509' doesn't fully
> flag that something new is to be created. The freeze is because 'openssl
> req'
> tries to read a csr... '-newkey', however, does flag the creation of a csr
> /
> x509, that's why the alternative command works.
>
> Fix in https://github.com/openssl/openssl/pull/1479
>
> Cheers,
> Richard
>
> On Mon Aug 22 12:33:47 2016, beld...@gmail.com wrote:
> > Hello openssl team,
> >
> > I experience problems with openssl version OpenSSL 1.1.0-pre7-dev
> >
> > I use Debian GNU Linux, the version is 8.5
> > The kernel version is
> > Linux vr-dev 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-2 (2016-04-08)
> > x86_64 GNU/Linux
> >
> > I have created a private key with a command
> >
> > LD_LIBRARY_PATH=. apps/openssl genrsa -out rsa2048.pem 2048
> >
> > in the build directory.
> >
> > When I execute the command
> > OPENSSL_CONF=apps/openssl.cnf LD_LIBRARY_PATH=. apps/openssl req -x509
> -key
> > rsa2048.pem -keyform PEM -out cert.pem
> >
> > in the build directory, it seems to hang and does not print any prompt.
> >
> > The command line
> > OPENSSL_CONF=apps/openssl.cnf LD_LIBRARY_PATH=. apps/openssl req -x509
> > -newkey rsa:2048 -keyout key.pem -out req.pem -nodes
> >
> > works ok.
> >
> > What's done wrong by me?
> >
>
>
> --
> Richard Levitte
> levi...@openssl.org
>
> --
> Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4655
> Please log in as guest with password guest if prompted
>
>


-- 
SY, Dmitry Belyavsky
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4655] Openssl req seems not to work with precreated key

2016-08-22 Thread Richard Levitte via RT 
The issue isn't with the pre-created key, but because '-x509' doesn't fully
flag that something new is to be created. The freeze is because 'openssl req'
tries to read a csr... '-newkey', however, does flag the creation of a csr /
x509, that's why the alternative command works.

Fix in https://github.com/openssl/openssl/pull/1479

Cheers,
Richard

On Mon Aug 22 12:33:47 2016, beld...@gmail.com wrote:
> Hello openssl team,
>
> I experience problems with openssl version OpenSSL 1.1.0-pre7-dev
>
> I use Debian GNU Linux, the version is 8.5
> The kernel version is
> Linux vr-dev 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-2 (2016-04-08)
> x86_64 GNU/Linux
>
> I have created a private key with a command
>
> LD_LIBRARY_PATH=. apps/openssl genrsa -out rsa2048.pem 2048
>
> in the build directory.
>
> When I execute the command
> OPENSSL_CONF=apps/openssl.cnf LD_LIBRARY_PATH=. apps/openssl req -x509 -key
> rsa2048.pem -keyform PEM -out cert.pem
>
> in the build directory, it seems to hang and does not print any prompt.
>
> The command line
> OPENSSL_CONF=apps/openssl.cnf LD_LIBRARY_PATH=. apps/openssl req -x509
> -newkey rsa:2048 -keyout key.pem -out req.pem -nodes
>
> works ok.
>
> What's done wrong by me?
>


--
Richard Levitte
levi...@openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4655
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4655] Openssl req seems not to work with precreated key

2016-08-22 Thread Dmitry Belyavsky via RT 
Hello openssl team,

I experience problems with openssl version OpenSSL 1.1.0-pre7-dev

I use Debian GNU Linux, the version is 8.5
The kernel version is
Linux vr-dev 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-2 (2016-04-08)
x86_64 GNU/Linux

I have created a private key with a command

LD_LIBRARY_PATH=. apps/openssl genrsa -out rsa2048.pem 2048

in the build directory.

When I execute the command
OPENSSL_CONF=apps/openssl.cnf LD_LIBRARY_PATH=. apps/openssl req -x509 -key
rsa2048.pem -keyform PEM -out cert.pem

in the build directory, it seems to hang and does not print any prompt.

The command line
OPENSSL_CONF=apps/openssl.cnf LD_LIBRARY_PATH=. apps/openssl  req -x509
-newkey rsa:2048 -keyout key.pem -out req.pem -nodes

works ok.

What's done wrong by me?

-- 
SY, Dmitry Belyavsky

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4655
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Partially- vs. full- reduced inputs to ecp_nistz256_neg

2016-08-22 Thread Andy Polyakov 
>>> * Fix ecp_nistz256_mul_by_2 and ecp_nistz256_mul_by_3 to fully reduce
>>> their outputs.
>>>
>>> * Fix ecp_nistz256_add to fully reduce its output.
>>
>> As for specifically addition see below. As for fixing mul_by_[23] and
>> the fact that they use addition. There are two ways. a) Modify addition
>> so that it *preserves* property of being fully reduced and leave
>> mul_by_[23] as is. b) Let addition as is and add additional step to
>> mul_by_[23]. The choice of approach can be platform-specific. For
>> example on x86_64 a) is simpler and appears more efficient.

After considering other ecp_nistz256-enabled platforms a) appears better
choice on all of them. It probably holds universally true, but I would
still mention b) in commentary...


-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Crypto Module Config

2016-08-22 Thread Richard Levitte 
In message <42bcb3fd-f5e2-404e-8981-e5cd304f4...@unh.newhaven.edu> on Mon, 22 
Aug 2016 04:16:22 +, "Schmicker, Robert"  said:

rschm2> Hello,
rschm2> 
rschm2> I am working on building a new crypto module that works with openssl.
rschm2> I have looked through the source code and found the /crypto/ folder
rschm2> which would be where this module would reside. However, if I duplicate
rschm2> a folder such as md5 within the /crypto/ folder and rename it to say
rschm2> “helloworld”, helloworld does not show up to be compiled in the
rschm2> makefile. I edited line 856 to include “helloworld” in the config
rschm2> file. What is the proper way for the config file, in the root
rschm2> directory, to add “helloworld” into the makefile.
rschm2> 
rschm2> Any guidance would be much appreciated.

Assuming we're talking about the master branch (i.e. upcoming version
1.1), then you need to add "helloworld" to the 'sdirs' configuration.
In line 250 in Configure, you will find this line:

$config{sdirs} = [

Simply add "helloworld" to the values you find following that line.

Assuming we're talking about the version 1.0.2 series, then the
procedure is approximately the same.  There, you have to look up this
line in Makefile.org:

SDIRS=  \

... and add helloworld to its values.

Cheers,
Richard

-- 
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] Crypto Module Config

2016-08-22 Thread Schmicker, Robert 
Hello,

I am working on building a new crypto module that works with openssl. I have 
looked through the source code and found the /crypto/ folder which would be 
where this module would reside. However, if I duplicate a folder such as md5 
within the /crypto/ folder and rename it to say “helloworld”, helloworld does 
not show up to be compiled in the makefile. I edited line 856 to include 
“helloworld” in the config file. What is the proper way for the config file, in 
the root directory, to add “helloworld” into the makefile.

Any guidance would be much appreciated.

Best,
Rob Schmicker
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev