Re: [openssl-dev] rejecting elliptic_curves/supported_groups in ServerHello (new behavior in master/1.1.1 vs 1.1.0)

On Wed, Oct 04, 2017, Mahesh Bhoothapuri wrote: > Thanks for the hint. The problem is fixed. > > Server was setting: > > if (SSL_CTX_set1_groups_list(ctx, "X25519:P-256") == 0) { > // > } > > The call succeeds. > > But the old TLS 1.2 code was setting: > > int nid =

Re: [openssl-dev] rejecting elliptic_curves/supported_groups in ServerHello (new behavior in master/1.1.1 vs 1.1.0)

On Wed, Oct 04, 2017, Mahesh Bhoothapuri wrote: > if (SSL_CTX_set1_groups_list(ctx, "P-521:P-384:P-256") == 0) { >//error > } > If you have the above line you're telling the client to advertise support for P-521:P-384:P-256 in that order and the server to only use them. >

Re: [openssl-dev] [RFC] enc utility & under-documented behavior changes: improving backward compatibility

On Wed, Oct 04, 2017, Matt Caswell wrote: > > As Tomas said - that ship has sailed. In my mind that change was a > mistake. It could have been done in a non-breaking way by introducing a > new header format at that time. > As regards a new header format. In the case of some of the structures

Re: [openssl-dev] Missing EVP_PKEY_meth_get_xxx methods?

On Mon, Oct 02, 2017, Matt Caswell wrote: > > > On 02/10/17 15:00, Blumenthal, Uri - 0553 - MITLL wrote: > > Moving to openssl-dev, because I think OpenSSL-1.0.2 needs a fix. > > > >   > > > > To be more specific, the following get methods are missing in 1.0.2: > > > >   > > > > -

Re: [openssl-dev] Bug in pkey_rsa_encrypt() and _decrypt()

On Tue, Sep 26, 2017, Blumenthal, Uri - 0553 - MITLL wrote: > Working on pkcs11 engine, I discovered a bug in crypto/rsa/rsa_pmeth.c in > pkey_rsa_encrypt() and pkey_rsa_decrypt(). > > They cause a crash when called with out==NULL. Normally it should not happen > ??? but when an engine is

Re: [openssl-dev] Plea for a new public OpenSSL RNG API

On Tue, Aug 29, 2017, Richard Levitte wrote: > I'm late in the game, having only followed the development very > superficially... > > If I understand correctly, the RAND_DRBG API is really a completely > separate API that has nothing to do with the RAND_METHOD API pers se, > i.e. any association

Re: [openssl-dev] confusion with rsa_meth_st in a custom RSA engine

On Mon, Aug 28, 2017, Brett R. Nicholas wrote: > > > One more follow up question: > > > > If possible you should set the public key components anyway: some operations > > > such as generating certificate requests require them to be present > > I'm confused what you mean here, since my

Re: [openssl-dev] Upgrading OpenSSL

On Mon, Aug 28, 2017, Leon Brits wrote: > The upgrade is now working fine in one of the applications which make TLS > connections. I can see the engine functions being called when some action > (sign/verify) which require the privatekey. > > However, this engine is also used in a patched

Re: [openssl-dev] confusion with rsa_meth_st in a custom RSA engine

On Mon, Aug 28, 2017, Brett R. Nicholas wrote: > > The rsa_mod_exp function is only called for private key operations. You > > can't > > tell if it is a private encrypt or a private decrypt though but that > > shouldn't matter because the operation performed at that level is the same > > for >

Re: [openssl-dev] confusion with rsa_meth_st in a custom RSA engine

On Sun, Aug 27, 2017, Brett R. Nicholas wrote: > > This makes sense to me, and it seems that is the desired behavior. However, > if I *only* reimplement the rsa_mod_exp() function, and leave the > encrypt/decrypt functions to the default openSSL implementations, how can my > engine know which of

Re: [openssl-dev] GCM tag in manual and examples

On Tue, Aug 22, 2017, Lukasz Kostyra wrote: > Hello, > > I've been trying recently to work with OpenSSL and use it to encrypt and > decrypt data with AES cipher in GCM mode. While reading the documentation, I > noticed an inconsistency between example code and manual. > > My concern is the

Re: [openssl-dev] Fwd: openssl-fips build on cygwin 64bit

On Thu, Jul 20, 2017, Cristi Fati wrote: > Apologies for spam, if this isn't the right place: > > > *Details*: > >- *cygwin* *64bit* running on *Win10* (*CYGWIN_NT-10.0 cfati-e5550-0 >2.8.0(0.309/5/3) 2017-04-01 20:47 x86_64 Cygwin*) >- *openssl-1.0.2l* - irrelevant >-

Re: [openssl-dev] Windows system cert store

On Thu, Jul 13, 2017, Matthew Stickney wrote: > > You may have been looking at a different version of IE than what I've > got on my Windows 7 VM, but at least here IE doesn't allow you to set > certificate purposes: it has a dialog that looks just like that (under > the "Advanced" button in the

Re: [openssl-dev] Windows system cert store

On Sun, Jul 09, 2017, Matthew Stickney wrote: > The Certificate Manager in Windows does allow you to change the trust > settings for root certs (including the purposes reported by openssl > x509 -purpose), although those changes don't appear to be reflected in > the cert dumped from the store (so

Re: [openssl-dev] Dynamically adding a NID

On Sun, Jul 02, 2017, Salz, Rich via openssl-dev wrote: > > I tried using OBJ_create() with NULL or an empty string for the OID, but > > currently it checks that the given OID is actually a valid one. Is there > > any workaround to avoid this other than issuing my own OID? > > No. Just get an

Re: [openssl-dev] Dynamically adding a NID

On Mon, Jun 26, 2017, Nicola Tuveri wrote: > Hi, > > I'm working on ENGINE development, and I have the need to add an NID for a > custom message digest, and eventually for ciphers and PKEY methods. > Some of the associated object don't (and won't ever) have an associated > OID, but I need to add

Re: [openssl-dev] How to define EVP_EncryptUpdate and EVP_EncryptFinal functions for an AES engine? (and a separate question re: padding)

On Mon, Jun 26, 2017, Brett R. Nicholas wrote: > AFAIK (and please correct me if this is wrong) my init_key function is > invoked by the EVP interface when I call the EVP_[En/De]cryptInit_ex > function, and the do_cipher function is called upon EVP_[En/De]cryptUpdate. > But how should I

Re: [openssl-dev] Question about commit 222333cf01e2fec4a20c107ac9e820694611a4db

On Tue, Apr 11, 2017, Michael Reilly wrote: > Hi, > > commit 222333cf01e2fec4a20c107ac9e820694611a4db added a check that the size > returned by EVP_PKEY_size(ctx->pkey) in M_check_autoarg() in > crypto/evp/pmeth_fn.c is != 0. > > We are in the process of upgrading from 1.0.2j to 1.0.2k and

Re: [openssl-dev] Query about CRLDistributionPoints extension data

On Thu, Mar 30, 2017, Winter Mute wrote: > Hello, > All certificates I have encountered with this extension seem to have a > problem with the encoding of the distributionPoint. > According to the specs: > >DistributionPointName ::= CHOICE { > fullName[0]

Re: [openssl-dev] [RFC v2 0/2] Proposal for seamless handling of TPM based RSA keys in openssl

On Tue, Dec 13, 2016, David Woodhouse wrote: > On Tue, 2016-12-13 at 13:09 +0000, Dr. Stephen Henson wrote: > > The reason for that is that the PEM forms which contain > > the key algorithm in the PEM header were considered legacy types and new > > methods > > sh

Re: [openssl-dev] [RFC v2 0/2] Proposal for seamless handling of TPM based RSA keys in openssl

On Tue, Dec 13, 2016, Dr. Stephen Henson wrote: > > So if we wanted to go down this route all that is needed to get a form of this > functionality is a function to set the PEM decoder in EVP_PKEY_ASN1_METHOD. > Note however that this currently assumes the data between the PEM heade

Re: [openssl-dev] [RFC v2 0/2] Proposal for seamless handling of TPM based RSA keys in openssl

On Wed, Nov 30, 2016, James Bottomley wrote: > One of the principle problems of using TPM based keys is that there's > no easy way of integrating them with standard file based keys. This > proposal adds a generic method for handling file based engine keys that > can be loaded as PEM files.

Re: [openssl-dev] [RFC 1/2] engine: add new flag based method for loading engine keys

On Wed, Nov 16, 2016, James Bottomley wrote: > The assumption in all the current engine code is that key_id can be > passed as something like a file name. Well no it's a null terminated string whose meaning is engine specific. In some cases it is a key ID, in others it is a more complex string

Re: [openssl-dev] [RFC 0/2] Proposal for seamless handling of TPM based RSA keys in openssl

On Wed, Nov 16, 2016, Richard Levitte wrote: > If I understand correctly, the intention is to avoid having to use > ENGINE_load_private_key() directly or having to say '-keyform ENGINE' > to the openssl commands, and to avoid having to remember some cryptic > key identity to give with '-key'.

Re: [openssl-dev] custom X509_LOOKUP_METHOD in openssl 1.1.0 / load cert from memory

On Thu, Sep 15, 2016, Sebastian Andrzej Siewior wrote: > Hi, > > I've been looking at spice-gtk to get it compiled against openssl 1.1.0. > One problem I have is that they are using a custom X509_LOOKUP_METHOD > struct which is now not possible. > It seems that this requirement was introduced

Re: [openssl-dev] [openssl-users] PKCS7_sign conflict with PKCS7_decrypt?

On Thu, Aug 04, 2016, Jim Carroll wrote: > I had heard a patch was being worked on, but I do not believe it has been > released (or if it is -- I can't find it). > > I can confirm that "OpenSSL 1.1.0-pre7-dev" still has the bug which > prevents PKCS7 sign-->encrypt->decrypt from working. >

Re: [openssl-dev] Load secrets to context.

On Wed, Jul 27, 2016, john gloster wrote: > Hi, > > Can we use both the following APIs in the same application to load > certificate to the SSL context? > > *SSL_CTX_use_certificate_file()* > *SSL_CTX_use_certificate_chain_file()* > You should only use one. If you use

Re: [openssl-dev] [TLS1 PRF]: unknown algorithm

On Wed, Jul 27, 2016, Catalin Vasile wrote: > Hi, > > I'm trying to use the EVP_PKEY_TLS1_PRF interface. > > The first thing I do inside my code is: > pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL); > But pctx is NULL after that call. > > I've watched test/evp_test.c and it does not

Re: [openssl-dev] Discrepancy between docs and actual behavior: CMS in 1.0.2

On Mon, Jul 25, 2016, Blumenthal, Uri - 0553 - MITLL wrote: > I confess I did not test this with 1.1.x. But in 1.0.2h there???s a problem. > > CMS man page says: > > If the -decrypt option is used without a recipient certificate then an > attempt is made to locate the > recipient by trying each

Re: [openssl-dev] Clear X509 OBJECT cache

On Wed, Jul 20, 2016, Dr. Stephen Henson wrote: > On Wed, Jul 20, 2016, Patel, Anirudh (Anirudh) wrote: > > > "X509_LOOKUP_hash_dir is a more advanced method, which loads certificates > > and CRLs on demand, and caches them in memory once they are loaded. As of > >

Re: [openssl-dev] Clear X509 OBJECT cache

On Wed, Jul 20, 2016, Dr. Stephen Henson wrote: > On Wed, Jul 20, 2016, Dr. Stephen Henson wrote: > > > On Wed, Jul 20, 2016, Patel, Anirudh (Anirudh) wrote: > > > > > "X509_LOOKUP_hash_dir is a more advanced method, which loads certificates > > > and

Re: [openssl-dev] Clear X509 OBJECT cache

On Wed, Jul 20, 2016, Patel, Anirudh (Anirudh) wrote: > "X509_LOOKUP_hash_dir is a more advanced method, which loads certificates > and CRLs on demand, and caches them in memory once they are loaded. As of > OpenSSL 1.0.0, it also checks for newer CRLs upon each lookup, so that newer > CRLs are

Re: [openssl-dev] pkcs12 settings, Was: Re: [openssl.org #4588] pkcs12 -info doesn't handle PKCS#12 files with PKCS#5 v2.0 PBE

On Tue, Jul 19, 2016, Hubert Kario wrote: > I have few questions now though: > > I've noticed that 1.0.2 uses sha1 hmac for the PRF while the master > uses sha256 > > is there a way to set this? > Not currently no (at least not from the command line, maybe by delving into the pkcs12

Re: [openssl-dev] MGF1-OAEP with SHA2

On Thu, Jul 07, 2016, c.hol...@ades.at wrote: > > I try to get RSA enryption/decryption (over the API) with MGF1 > OAEP-padding other then SHA1. > You need to use the EVP_PKEY API and pass the required algotithm to EVP_PKEY_CTX_set_rsa_oaep_md() which is currently undocumented (fix coming up).

Re: [openssl-dev] Null Ciphers in FIPS mode

On Wed, Jun 01, 2016, Mody, Darshan (Darshan) wrote: > > Does Openssl allows NULL ciphers when we put openssl in FIPS mode? > If you mean NULL ciphersuites then yes though they're not enabled by default just like non-FIPS mode. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer.

Re: [openssl-dev] Does OpenSSL support ECC-based S/MIME as defined in RFC 5753?

On Tue, May 31, 2016, Blumenthal, Uri - 0553 - MITLL wrote: > Does OpenSSL support ECC-based S/MIME as defined in RFC 5753? > > I was trying to create an encrypted S/MIME message using OpenSSL-1.0.2h, > and got the following: > > $ openssl smime -encrypt -aes128 -inform SMIME -in

Re: [openssl-dev] Signing Internet-Drafts and RFCs

On Thu, May 12, 2016, Matt Caswell wrote: > > > On 11/05/16 22:03, Russ Housley wrote: > > Today, the IETF uses OpenSSL to digitally sign Internet-Drafts. If > > you care about the details, please see RFC 5485. > > > > We are looking to expand Internet-Draft signing, and start signing > >

Re: [openssl-dev] Getting raw ASN1 data from X509 certificate

On Tue, Apr 26, 2016, Kurt Roeckx wrote: > Hi, > > I'm working on a tool that checks various things related to X509 > certificates. I want to check that the encoding is actually > correct DER. With things like ASN1_TIME is seems easy to get to > the raw data, it just seems to contain it. But

Re: [openssl-dev] [openssl.org #4429] Cannot decrypt RC4-encrypted CMS object

On Mon, Mar 14, 2016, Blumenthal, Uri - 0553 - MITLL wrote: > On 3/14/16, 14:45, "openssl-dev on behalf of Viktor Dukhovni" > > wrote: > > >On Mon, Mar 14, 2016 at 05:45:34PM +, Stephan Mühlstrasser via RT > >wrote: >

Re: [openssl-dev] links to KDF functions from pkeyutl man are broken

On Fri, Mar 04, 2016, Dmitry Belyavsky wrote: > Dear Rich, > > Is it possible to add a command line option to select hash algorithm used > in the PRF calculations? > GOST ciphersuites, for example, use TLS1 PRF based on the GOST digest > algorithms. > I think it's already there -pkeyopt md:

Re: [openssl-dev] PHP openssl ext port for 1.1 - cert->name

On Tue, Mar 01, 2016, Jakub Zelenka wrote: > Hello, > > I'm just slowly porting PHP core openssl ext to work with OpenSSL 1.1 and > just came across one thing that I can't find a function for. > > We have got a part in openssl_x509_parse where we display cert->name (cert > is X509 struct) if it

Re: [openssl-dev] OpenSSL 1.1.0 and FIPS

On Mon, Feb 22, 2016, Wall, Stephen wrote: > I wonder if I could get the thoughts of some of you developers on how > difficult it would be to build an engine for OpenSSL 1.1.0 that makes use of > the current (2.0.11?) fipscanister.o. Also, opinions on if this would be a > legitimate way to get

Re: [openssl-dev] Call for testing: OpenSSH 7.2

On Mon, Feb 15, 2016, The Doctor wrote: > Just tested this on the old BSD/OS machine > > works with openssl 1.0.2X > > Openssl 1.1.X issues > > cipher.h in openssl 1.1 needs to read > > struct sshcipher; > struct sshcipher_ctx { > int plaintext; > int encrypt; >

Re: [openssl-dev] PKCS12_Parse() no longer extract certificate

On Thu, Feb 11, 2016, Michel wrote: > Hi, > > > > I have a test program which is failing using version 1.1 because > PKCS12_Parse() doesn't return the certificate, just the key. No error is > signaled. > > I supposed it is not intended. Is it work in progress ? > That's a bug which should

Re: [openssl-dev] [openssl.org #4301] [BUG] OpenSSL 1.1.0-pre2 fails to parse x509 certificate in DER format

On Thu, Feb 11, 2016, Blumenthal, Uri - 0553 - MITLL wrote: > ^ > Probably correct IN THIS ONE CASE, because Most Significant Bit is zero > even without the leading zero byte. See below. > > >>The problem is that is an invalid encoding. An ASN.1 INTEGER cannot >

Re: [openssl-dev] [openssl-users] pkeyutl does not invoke hash?

On Wed, Jan 20, 2016, Blumenthal, Uri - 0553 - MITLL wrote: > On 1/20/16, 5:10 , "Hubert Kario" wrote: > > It appears to me that pkeyutl is more an instrument to access those > primitive operations, unlike dgst that provides access to the ???true??? > (complete) signature

Re: [openssl-dev] Keyed hashing APIs for EVP?

On Sat, Jan 16, 2016, Bill Cox wrote: > > I feel keyed hashing is here to stay. Keccak also has this feature. > Assuming I'm reading the EVP API correctly, should add support for keyed > digests to EVP. What do you folks think? > Support for MAC already exists in EVP. It's possible to access

Re: [openssl-dev] [openssl-users] pkeyutl does not invoke hash?

On Thu, Jan 14, 2016, Blumenthal, Uri - 0553 - MITLL wrote: > On 1/14/16, 16:51 , "openssl-dev on behalf of Dr. Stephen Henson" > <openssl-dev-boun...@openssl.org on behalf of st...@openssl.org> wrote: > > >On Thu, Jan 14, 2016, Salz, Rich wrote: > > >

Re: [openssl-dev] [openssl-users] pkeyutl does not invoke hash?

On Wed, Jan 13, 2016, Blumenthal, Uri - 0553 - MITLL wrote: > > > If the input to "pkeyutl ???sign??? is supposed to be digest output only ??? > then > what???s the point of having command line arguments specifying the digest to > use? And if the input can be an arbitrary file (like for

Re: [openssl-dev] [PATCH] Declare/Implement ASN1_FUNCTIONS for NAME_CONSTRAINTS

On Sat, Jan 09, 2016, Paul Kehrer wrote: > The ASN1 functions for NAME_CONSTRAINTS are not declared or implemented in > the current OpenSSL releases. This is inconsistent with other extension > structs and (I believe) means you either need to declare them yourself or > attempt to build

Re: [openssl-dev] Variable length of digest

On Thu, Dec 24, 2015, Dmitry Belyavsky wrote: > > If you try to change the output length via the -macopt option of the dgst > command, you'll see that the text output will be 4 bytes. > It seems to happen because of the internal call to the EVP_MD_size() > function. > > If we change the

Re: [openssl-dev] Variable length of digest

On Wed, Dec 23, 2015, Dmitry Belyavsky wrote: > Hello OpenSSL Team, > > I have a question. > > I need to implement a digest with variable length of output. The length of > output can be easily specified by the control function, but EVP functions > expect the constant length of the digest

Re: [openssl-dev] ECDH engine

On Fri, Dec 18, 2015, Alexander Gostrer wrote: > Hi Steve, > > John and I completed writing an ECDH engine based on the > OpenSSL_1_0_2-stable branch. We were planning to expand it to the master > but found some major changes made by you recently. What is the status of > this task? Is it stable

Re: [openssl-dev] openssl pkeyutl unable to use keys on a PKCS11 token?

On Thu, Dec 10, 2015, Blumenthal, Uri - 0553 - MITLL wrote: > Much better now - but at this time I hit ???unsupported algorithm???. The key > in question is RSA-2048, with SHA256. > > $ LOAD_CERT_CTRL=true VERBOSE=7 openssl pkeyutl -engine pkcs11 -sign > -keyform engine -inkey >

Re: [openssl-dev] openssl pkeyutl unable to use keys on a PKCS11 token?

On Thu, Dec 10, 2015, Blumenthal, Uri - 0553 - MITLL wrote: > On 12/10/15, 16:56 , "openssl-dev on behalf of Dr. Stephen Henson" > <openssl-dev-boun...@openssl.org on behalf of st...@openssl.org> wrote: > > > > >As I indicated the fix I suggested it tem

Re: [openssl-dev] Windows x86_64 build broken -- RE: [openssl-users] OpenSSL version 1.0.1q released (corrected download)

On Fri, Dec 04, 2015, Carl Tietjen wrote: > Folks, > > It looks like the Windows x86_64 build for OpenSSL version 1.0.1q is broken. > > > I am building a FIPS capable version, and have verified that I have the > corrected download build: SHA1 checksum: >

Re: [openssl-dev] Windows x86_64 build broken -- RE: [openssl-users] OpenSSL version 1.0.1q released (corrected download)

On Fri, Dec 04, 2015, Carl Tietjen wrote: > Folks, > > It looks like the Windows x86_64 build for OpenSSL version 1.0.1q is broken. > > > I am building a FIPS capable version, and have verified that I have the > corrected download build: SHA1 checksum: >

Re: [openssl-dev] [openssl-users] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback

On Fri, Nov 13, 2015, Benjamin Kaduk wrote: > > As another thread calls to mind, PKCS#12 could potentially just use > triple-DES. (BTW, the CMS tests fail when openssl is configured with > no-rc2, due to this; I have a WIP patch sitting around.) > The issue is that some cuurent software

Re: [openssl-dev] OCSP issues in master 2015-10-17

On Sat, Oct 17, 2015, Roumen Petrov wrote: > Hello, > > After embed some attributes OCSP in master stop to work. > > The current status is the client comment report "Cert Status: > unknown" and "Nonce Verify error" for X.509 certificates used in my > ssh regression tests. > > The last known

Re: [openssl-dev] Strange problem with cms_cd.o?

On Fri, Sep 11, 2015, Blumenthal, Uri - 0553 - MITLL wrote: > I am trying to build the current Github version of openssl on Ubuntu-14.04 > LTS. Must add that this system has openssl-1.0.1f already installed (relict > of Ubuntu software update process). > > Everything seems to compile fine, but

Re: [openssl-dev] [openssl.org #3978] RE: Openssl 1.0.2c include the FIPS 140-2 Object Module

On Mon, Aug 17, 2015, Patil, Ashwini IN BLR STS via RT wrote: Hi Mr. Stephen N. Henson, Thankyou so much for the reply. We would like to use the option1 mentioned by you. But unfortunately the dll's were not generated, only static lib's were generated. Please guide if we have

Re: [openssl-dev] [openssl.org #3978] RE: Openssl 1.0.2c include the FIPS 140-2 Object Module

On Mon, Aug 17, 2015, Patil, Ashwini IN BLR STS wrote: Please let me know if I need to make changes in ntdll.mak file to generate the corresponding fipslibeay32.dll . As I need to include this dll in my test application to turn on the fips module. There is no fipsleay32.dll

Re: [openssl-dev] Localised Error

On Sun, Jul 19, 2015, The Doctor wrote: On Sun, Jul 19, 2015 at 06:05:26AM -0600, The Doctor wrote: What should I be looking at when signed content test streaming S/MIME format, 2 DSA and 2 RSA keys: verify error occurs? Further from the code i =

Re: [openssl-dev] RSA SigVer (FIPS 186-4) Issue

On Mon, Jun 29, 2015, rst...@symsysresearch.com wrote: I am getting incorrect False-Negative results when performing tests with 186-4 vectors (generated by CAVS 17.6). This vector is being reported false while CAVS says they should pass. [mod = 1024] n =

Re: [openssl-dev] RSA SigVer (FIPS 186-4) Issue

On Mon, Jun 29, 2015, rst...@symsysresearch.com wrote: I am getting incorrect False-Negative results when performing tests with 186-4 vectors (generated by CAVS 17.6). This vector is being reported false while CAVS says they should pass. [mod = 1024] n =

Re: [openssl-dev] Extended master secret goober in s3_srvr.c

On Fri, Jun 12, 2015, Bill Cox wrote: Here's some code in master starting at line 594 in s3_srvr.c: if (!s-s3-handshake_buffer) { SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR); return -1; } /*

Re: [openssl-dev] OpenSSL for windows with /fixed flag

On Sun, May 24, 2015, Dixon Xavier wrote: Hi, Going by the description in links: http://openssl.6102.n7.nabble.com/FIPS-Module-1-2-build-with-Visual-Studio-2010-fails-self-tests-td36372.html

Re: [openssl-dev] Missing API features

On Tue, Apr 21, 2015, Richard Moore wrote: On 21 April 2015 at 12:50, Dr. Stephen Henson st...@openssl.org wrote: I think what would be useful here would be an API that can determine appropriate characterictics of an SSL_CIPHER. For example a NID corresponding to the key exchange

Re: [openssl-dev] Missing API features

On Mon, Apr 20, 2015, Richard Moore wrote: On 20 April 2015 at 21:25, Salz, Rich rs...@akamai.com wrote: What is the information you're looking for? kx=X25519 or kx=2KRSA or ... ? I picked those because sometimes there's a keysize, and other times it's implicit, for example. The

Re: [openssl-dev] CMS: is there a support for authenticated encryption (aes-gcm, aes-cbc-cmac etc.) in CMS?

On Mon, Apr 13, 2015, Pawe?? Ka??mierczak wrote: Hello, is there a support for aes-gcm in openSSL CMS implementaion? Following code works when EVP_aes_128_cbc is used as CMS_encrypt param but fails with EVP_aes_128_gcm. Am I missing something (like setting the gcm header/tag) or

Re: [openssl-dev] OID with length zero related bug

On Thu, Apr 09, 2015, Juan Antonio Osorio wrote: Hi, I've recently encountered that OpenSSL is sending some unexpected errors when reading X.509 certificate requests, if the key is not specified, or the CSR is not signed. Well if a key is not specified ot the CSR isn't signed then it

Re: [openssl-dev] EC based certificates not supported in CMS - why?

On Thu, Apr 09, 2015, Pawe?? Ka??mierczak wrote: I am affraid EC certs do not work in CMS openSSL 1.0.2. I just wrote a simple test procedure: void cmsTest() { //this RSA works //auto certFileBio = BIO_new_file(c:\\a\\simplersa_noPem.cer, rb); //auto prvKeyFileBio =

Re: [openssl-dev] EC based certificates not supported in CMS - why?

On Thu, Apr 09, 2015, Pawe?? Ka??mierczak wrote: Hi, currently openssl in CMS supports only RSA based certificates but EC based certificates are supported in openssl TLS... so I assume that there is already a code that can sing/verify and perform key agreement (ECKA-EG ECKA-DH) using

Re: [openssl-dev] Using TLSv1.2

On Tue, Mar 24, 2015, ?? wrote: I use the openssl library in the project and use client certificate verification. When using protocol TLSv1.2 I have a problem with data encryption, using the private key of the client certificate. This is due to the fact that the

Re: [openssl-dev] Heap corruption in asn1_item_ex_combine_new()

On Tue, Mar 31, 2015, Julien Kauffmann wrote: if (!combine) *pval = NULL; I'd suggest deleting the two lines above. The structure should be cleared without this and the above line is wrong for non pointer fields anyway. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer.

Re: [openssl-dev] Heap corruption in asn1_item_ex_combine_new()

On Tue, Mar 31, 2015, Julien Kauffmann wrote: Basically what happens is that, somewhere inside the call to PEM_write_bio_ECPrivateKey(), an ASN1 sequence of 3 elements is allocated. The corresponding code is as follow (in crypto/asn1/tasn_new.c:181): if (!combine) { *pval =

Re: [openssl-dev] ASN1_UTCTIME_cmp_time_t behavior changed from 0.9.8 to 1.0.2 ?

On Tue, Mar 24, 2015, Susumu Sai wrote:         time_t t;         time(t);         ASN1_TIME *tmptm = ASN1_TIME_new();         X509_gmtime_adj(tmptm, 0);         // ? With 0.9.8, the return value ret = 1         // ? With 1.0.2, the return value ret = -1         int ret =

Re: [openssl-dev] OpenSSL version 1.0.2a released

On Thu, Mar 19, 2015, Randall S. Becker wrote: On March 19, 2015 10:09 AM OpenSSL wrote: To: OpenSSL Developer ML; OpenSSL User Support ML; OpenSSL Announce ML Subject: [openssl-dev] OpenSSL version 1.0.2a released OpenSSL version 1.0.2a released ===

Re: [openssl-dev] s3_clnt.c changes regarding external pre-shared secret seem to break EAP-FAST

On Thu, Mar 19, 2015, Erik Tkal wrote: If I do not send a sessionID in the clientHello but do send a valid sessionTicket extension, the server goes straight to changeCipherSpec and the client generates an UnexpectedMessage alert. Does the server send back an empty session ticket

Re: [openssl-dev] Intent of the private_ wrappers

On Tue, Mar 10, 2015, Steve Schefter wrote: On 3/10/2015 8:03 PM, Dr. Stephen Henson wrote: On Fri, Mar 06, 2015, Steve Schefter wrote: Which OS and version of OpenSSL are you using? I am using 1.0.1j on Linux. I've not tried to build 1.0.2, but I see the same use of the private_

Re: [openssl-dev] Intent of the private_ wrappers

On Fri, Mar 06, 2015, Steve Schefter wrote: Hi. I am compiling OpenSSL with the FIPS options and seeing a build error. My question is more about the intent than the problem. One example: When apps/speed.c is compiled with FIPS enabled, OPENSSL_FIPS is defined and DES_set_key_unchecked

Re: [openssl-dev] [openssl.org #3734] question about 0.9.7 branch

On Sat, Mar 07, 2015, Allauddin Ahmad via RT wrote: Dear Concerned: Can you please confirm that OpenSSL branch 0.9.7 branch is not affected by: As Viktor mentioned 0.9.7 is no longer being maintained. However the following two issues will be present in 0.9.7: *RSA silently

Re: [openssl-dev] FIPS / RSA / ENGINE bug?

On Fri, Feb 27, 2015, Hong Cho wrote: Hi, I generated OpenSSL libcrypto (1.0.1l) with the OpenSSL FIPS crypto module (2.0.8) on FreeBSD 8.4 amd64. It seems to build fine, and with OPENSSL_FIPS, it seems to behave correctly (e.g., MD5 is refused, DH with 512-bit key is refused, etc.).

Re: [openssl-dev] Need Help with BIO callback and/or BIO filter chain

On Fri, Feb 20, 2015, W Smith wrote: Thanks, Rich. Does anyone know how to walk through a BIO stack that includes a BIO pair and get to the ultimate source/sink BIO? If I can get that, I'll be in good shape. Anybody? Not sure I follow you. A BIO pair is the ultimate source/sink BIO.

Re: [openssl-dev] Need Help with BIO callback and/or BIO filter chain

On Fri, Feb 20, 2015, W Smith wrote: Rich, Yeah, I have industrial strength Tylenol standing by. I'm expecting this to be painful, but not insurmountable for the handshake. If I'm unable to even get at the ultimate source/sink, I can't get anywhere. I can deal with the HTTP side and

Re: [openssl-dev] Proposed cipher changes for post-1.0.2

On Fri, Feb 13, 2015, Viktor Dukhovni wrote: On Fri, Feb 13, 2015 at 11:59:13AM +, Salz, Rich wrote: Some time ago, I had submitted a patch which allows administrators, but most importantly OS distributors to set their own strings in the configuration file, which software can

Re: [openssl-dev] Proposed cipher changes for post-1.0.2

On Tue, Feb 10, 2015, Viktor Dukhovni wrote: We should also recall that the master branch has introduced security levels, which may still need some work to become production-ready, but are likely a better mechanism for applications to move to more secure settings than incompatible changes

Re: [openssl-dev] FIPS compliant digital signature

On Wed, Feb 04, 2015, Rex Bloom wrote: Can someone help me understand what type of digital signature I can use for FIPS compliance. I used this command: openssl genrsa -aes128 -passout pass:mypassphrase -out privkey.pem 2048 to generate a pem file but when I tried to load this as

Re: [openssl-dev] Disabling SSLv3 in OpenSSL 0.9.8a

On Fri, Jan 23, 2015, Thirumal, Karthikeyan wrote: Team, In order to fix the Poodle vulnerability on SSLv3, I tried to disable my SSLv3 cipher using the below cipher set, but did not even initiate SSL in 0.9.8a.

Re: [openssl-dev] Pausing TLS negotiation after client hello

On Fri, Jan 23, 2015, Susan Hinrichs wrote: Hello All, I work with Apache Traffic Server. Many of our users use the SNI callback to select the certificate that the proxy will present to the client. This selection can take some time. Rather than blocking the callback thread, we would

Re: [openssl-dev] unloading certificates

On Tue, Dec 30, 2014, satish.kumarya...@cognizant.com wrote: Hi Is there any way to unload client certificate and private key from SSL context? I could not find any openss api to unload client cert from SSL object. There is a function SSL_certs_clear() but it is only in OpenSSL 1.0.2+

Re: [openssl-dev] [openssl.org #3625] Enhancement request: user convenience for SSL_CONF_CTX with SSLv2

On Thu, Dec 11, 2014, Steffen Nurpmeso via RT wrote: are hard (not only to parse) for users but there is a lot of information for good in very few bytes; sad is Received SIGPIPE during IMAP operation IMAP write error: error::lib(0):func(0):reason(0) OpenSSL itself should

Re: [openssl-dev] Openssl Shared library mode compilation

On Thu, Dec 11, 2014, Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco) wrote: Hi Team, For Vulnerability issue, we are indeed to upgrade the openssl version to 0.9.8zc version. We have downloaded the source from www.openssl.orghttp://www.openssl.org site. While

Re: [PATCH] Add API to set minimum and maximum protocol version.

On Thu, Dec 04, 2014, Tomas Hoger wrote: On Wed, 3 Dec 2014 22:55:06 +0100 Kurt Roeckx wrote: Maybe applications may benefit from an API where they can pass string set by the end user and let OpenSSL parse version number from that. If mod_ssl had configuration directives as SSLProtocolMin

Re: [openssl.org #3606] Need RSA_pubkey_digest()

On Tue, Nov 25, 2014, Philip Prindeville via RT wrote: On 11/25/2014 07:48 AM, Matt Caswell via RT wrote: On Thu Nov 20 21:35:45 2014, phil...@redfish-solutions.com wrote: Can the following function please be added: int RSA_public_digest(const RSA* key, const EVP_MD *type, unsigned

Re: Low Level Digest if Fips mode

On Mon, Nov 24, 2014, Philip Bellino wrote: Hello, I am looking for some help and I do not profess to be an expert in this area, so forgive me for asking the following. I am running openssl-fips-2.0.7 with openssl-1.0.1j in my application(in FIPs mode) and am trying to figure out how to

Re: Openssl 1.0.1h | RHEL-6 | x86_64 | Crash in lh_retrieve

On Wed, Aug 06, 2014, arun11299 wrote: Hello Folks, I am experiencing a hard to debug crash in openssl crypto library within our process. We have a client and server which communicates using SSL with NULL encryption. The client when it connects to the server sends a Certificate signing

Re: Openssl 1.0.1h | RHEL-6 | x86_64 | Crash in lh_retrieve

On Thu, Aug 07, 2014, Arun Muralidharan wrote: Thanks Stephen for your reply. I am doing OpenSSL_add_all_digests in one of my class initialization routine, so it gets called whenever an instance of this class gets created (I am now building my code with this removed). But I am not removing

Re: Should this got a CVE number assignment or is it not a real security issue?

On Thu, Aug 07, 2014, Tomas Mraz wrote: Hi, during the review of OpenSSL commits I found this one: https://github.com/openssl/openssl/commit/22a10c89d7c3f951339c385d57cc8fd23c0a800b There is unfortunately not much detail in the commit message. Could this be a possible security issue? Can

Re: Need guidance to replace HMAC-SHA1 implementation via engine

On Tue, Jul 29, 2014, Jitendra Lulla wrote: Hi Steve, Please refer the following mail from you: http://www.mail-archive.com/openssl-dev%40openssl.org/msg32918.html ... The high level MAC (including HMAC) interfaces go through EVP_PKEY treating it as a signing operation. It *is*

  1   2   3   4   5   6   7   8   9   10   >