Re: [openssl-dev] rejecting elliptic_curves/supported_groups in ServerHello (new behavior in master/1.1.1 vs 1.1.0)

On Wed, Oct 04, 2017, Mahesh Bhoothapuri wrote: > Thanks for the hint. The problem is fixed. > > Server was setting: > > if (SSL_CTX_set1_groups_list(ctx, "X25519:P-256") == 0) { > // > } > > The call succeeds. > > But the old TLS 1.2 code was setting: > > int nid = NID_X9_62_pri

Re: [openssl-dev] rejecting elliptic_curves/supported_groups in ServerHello (new behavior in master/1.1.1 vs 1.1.0)

On Wed, Oct 04, 2017, Mahesh Bhoothapuri wrote: > I am attaching a pcap where I set the supported list to contain X25519. > The client extension contains X25519. However, the server still responds > with keyshare extension secp256r1 in a hello retry request. > Are you calling SSL_CTX_set1_group

Re: [openssl-dev] rejecting elliptic_curves/supported_groups in ServerHello (new behavior in master/1.1.1 vs 1.1.0)

On Wed, Oct 04, 2017, Mahesh Bhoothapuri wrote: > if (SSL_CTX_set1_groups_list(ctx, "P-521:P-384:P-256") == 0) { >//error > } > If you have the above line you're telling the client to advertise support for P-521:P-384:P-256 in that order and the server to only use them. >

Re: [openssl-dev] [RFC] enc utility & under-documented behavior changes: improving backward compatibility

On Wed, Oct 04, 2017, Matt Caswell wrote: > > As Tomas said - that ship has sailed. In my mind that change was a > mistake. It could have been done in a non-breaking way by introducing a > new header format at that time. > As regards a new header format. In the case of some of the structures we

Re: [openssl-dev] Missing EVP_PKEY_meth_get_xxx methods?

On Mon, Oct 02, 2017, Matt Caswell wrote: > > > On 02/10/17 15:00, Blumenthal, Uri - 0553 - MITLL wrote: > > Moving to openssl-dev, because I think OpenSSL-1.0.2 needs a fix. > > > >   > > > > To be more specific, the following get methods are missing in 1.0.2: > > > >   > > > > - EVP_PKEY_me

Re: [openssl-dev] Bug in pkey_rsa_encrypt() and _decrypt()

On Wed, Sep 27, 2017, Blumenthal, Uri - 0553 - MITLL wrote: > > Working on pkcs11 engine, I discovered a bug in crypto/rsa/rsa_pmeth.c > in pkey_rsa_encrypt() and pkey_rsa_decrypt(). > > > > They cause a crash when called with out==NULL. Normally it should not > happen > > but

Re: [openssl-dev] Bug in pkey_rsa_encrypt() and _decrypt()

On Tue, Sep 26, 2017, Blumenthal, Uri - 0553 - MITLL wrote: > Working on pkcs11 engine, I discovered a bug in crypto/rsa/rsa_pmeth.c in > pkey_rsa_encrypt() and pkey_rsa_decrypt(). > > They cause a crash when called with out==NULL. Normally it should not happen > ??? but when an engine is calle

Re: [openssl-dev] New crypto algorithms in openSSL engine

On Wed, Sep 27, 2017, Byrne, Andrew wrote: > Hi all, > > I'm working on testing some lattice based algorithms in openSSL for the > establishment of a TLS channel. I've investigated the potential for > developing an engine to support this as it would mean I don't need to touch > the core openSS

Re: [openssl-dev] Plea for a new public OpenSSL RNG API

On Tue, Aug 29, 2017, Richard Levitte wrote: > I'm late in the game, having only followed the development very > superficially... > > If I understand correctly, the RAND_DRBG API is really a completely > separate API that has nothing to do with the RAND_METHOD API pers se, > i.e. any association

Re: [openssl-dev] confusion with rsa_meth_st in a custom RSA engine

On Mon, Aug 28, 2017, Brett R. Nicholas wrote: > > > One more follow up question: > > > > If possible you should set the public key components anyway: some operations > > > such as generating certificate requests require them to be present > > I'm confused what you mean here, since my engine

Re: [openssl-dev] Upgrading OpenSSL

On Mon, Aug 28, 2017, Leon Brits wrote: > The upgrade is now working fine in one of the applications which make TLS > connections. I can see the engine functions being called when some action > (sign/verify) which require the privatekey. > > However, this engine is also used in a patched versio

Re: [openssl-dev] confusion with rsa_meth_st in a custom RSA engine

On Mon, Aug 28, 2017, Brett R. Nicholas wrote: > > The rsa_mod_exp function is only called for private key operations. You > > can't > > tell if it is a private encrypt or a private decrypt though but that > > shouldn't matter because the operation performed at that level is the same > > for > >

Re: [openssl-dev] confusion with rsa_meth_st in a custom RSA engine

On Sun, Aug 27, 2017, Brett R. Nicholas wrote: > > This makes sense to me, and it seems that is the desired behavior. However, > if I *only* reimplement the rsa_mod_exp() function, and leave the > encrypt/decrypt functions to the default openSSL implementations, how can my > engine know which of

Re: [openssl-dev] GCM tag in manual and examples

On Tue, Aug 22, 2017, Lukasz Kostyra wrote: > Hello, > > I've been trying recently to work with OpenSSL and use it to encrypt and > decrypt data with AES cipher in GCM mode. While reading the documentation, I > noticed an inconsistency between example code and manual. > > My concern is the funct

Re: [openssl-dev] Fwd: openssl-fips build on cygwin 64bit

On Thu, Jul 20, 2017, Cristi Fati wrote: > Apologies for spam, if this isn't the right place: > > > *Details*: > >- *cygwin* *64bit* running on *Win10* (*CYGWIN_NT-10.0 cfati-e5550-0 >2.8.0(0.309/5/3) 2017-04-01 20:47 x86_64 Cygwin*) >- *openssl-1.0.2l* - irrelevant >- *openssl

Re: [openssl-dev] Windows system cert store

On Thu, Jul 13, 2017, Matthew Stickney wrote: > > You may have been looking at a different version of IE than what I've > got on my Windows 7 VM, but at least here IE doesn't allow you to set > certificate purposes: it has a dialog that looks just like that (under > the "Advanced" button in the c

Re: [openssl-dev] Windows system cert store

On Sun, Jul 09, 2017, Matthew Stickney wrote: > The Certificate Manager in Windows does allow you to change the trust > settings for root certs (including the purposes reported by openssl > x509 -purpose), although those changes don't appear to be reflected in > the cert dumped from the store (so

Re: [openssl-dev] Dynamically adding a NID

On Sun, Jul 02, 2017, Salz, Rich via openssl-dev wrote: > > I tried using OBJ_create() with NULL or an empty string for the OID, but > > currently it checks that the given OID is actually a valid one. Is there > > any workaround to avoid this other than issuing my own OID? > > No. Just get an

Re: [openssl-dev] Dynamically adding a NID

On Mon, Jun 26, 2017, Nicola Tuveri wrote: > Hi, > > I'm working on ENGINE development, and I have the need to add an NID for a > custom message digest, and eventually for ciphers and PKEY methods. > Some of the associated object don't (and won't ever) have an associated > OID, but I need to add

Re: [openssl-dev] How to define EVP_EncryptUpdate and EVP_EncryptFinal functions for an AES engine? (and a separate question re: padding)

On Mon, Jun 26, 2017, Brett R. Nicholas wrote: > AFAIK (and please correct me if this is wrong) my init_key function is > invoked by the EVP interface when I call the EVP_[En/De]cryptInit_ex > function, and the do_cipher function is called upon EVP_[En/De]cryptUpdate. > But how should I handle

Re: [openssl-dev] Question about commit 222333cf01e2fec4a20c107ac9e820694611a4db

On Tue, Apr 11, 2017, Michael Reilly wrote: > Hi, > > commit 222333cf01e2fec4a20c107ac9e820694611a4db added a check that the size > returned by EVP_PKEY_size(ctx->pkey) in M_check_autoarg() in > crypto/evp/pmeth_fn.c is != 0. > > We are in the process of upgrading from 1.0.2j to 1.0.2k and disco

Re: [openssl-dev] Query about CRLDistributionPoints extension data

On Thu, Mar 30, 2017, Winter Mute wrote: > Hello, > All certificates I have encountered with this extension seem to have a > problem with the encoding of the distributionPoint. > According to the specs: > >DistributionPointName ::= CHOICE { > fullName[0] GeneralNam

Re: [openssl-dev] [RFC v2 0/2] Proposal for seamless handling of TPM based RSA keys in openssl

On Tue, Dec 13, 2016, David Woodhouse wrote: > On Tue, 2016-12-13 at 13:09 +0000, Dr. Stephen Henson wrote: > > The reason for that is that the PEM forms which contain > > the key algorithm in the PEM header were considered legacy types and new > > methods > > should u

Re: [openssl-dev] [RFC v2 0/2] Proposal for seamless handling of TPM based RSA keys in openssl

On Tue, Dec 13, 2016, Dr. Stephen Henson wrote: > > So if we wanted to go down this route all that is needed to get a form of this > functionality is a function to set the PEM decoder in EVP_PKEY_ASN1_METHOD. > Note however that this currently assumes the data between the PEM heade

Re: [openssl-dev] [RFC v2 0/2] Proposal for seamless handling of TPM based RSA keys in openssl

On Wed, Nov 30, 2016, James Bottomley wrote: > One of the principle problems of using TPM based keys is that there's > no easy way of integrating them with standard file based keys. This > proposal adds a generic method for handling file based engine keys that > can be loaded as PEM files. Integ

Re: [openssl-dev] [RFC 1/2] engine: add new flag based method for loading engine keys

On Wed, Nov 16, 2016, James Bottomley wrote: > The assumption in all the current engine code is that key_id can be > passed as something like a file name. Well no it's a null terminated string whose meaning is engine specific. In some cases it is a key ID, in others it is a more complex string in

Re: [openssl-dev] [RFC 0/2] Proposal for seamless handling of TPM based RSA keys in openssl

On Wed, Nov 16, 2016, Richard Levitte wrote: > If I understand correctly, the intention is to avoid having to use > ENGINE_load_private_key() directly or having to say '-keyform ENGINE' > to the openssl commands, and to avoid having to remember some cryptic > key identity to give with '-key'. Ins

Re: [openssl-dev] custom X509_LOOKUP_METHOD in openssl 1.1.0 / load cert from memory

On Thu, Sep 15, 2016, Sebastian Andrzej Siewior wrote: > Hi, > > I've been looking at spice-gtk to get it compiled against openssl 1.1.0. > One problem I have is that they are using a custom X509_LOOKUP_METHOD > struct which is now not possible. > It seems that this requirement was introduced [1]

Re: [openssl-dev] [openssl-users] PKCS7_sign conflict with PKCS7_decrypt?

On Thu, Aug 04, 2016, Jim Carroll wrote: > I had heard a patch was being worked on, but I do not believe it has been > released (or if it is -- I can't find it). > > I can confirm that "OpenSSL 1.1.0-pre7-dev" still has the bug which > prevents PKCS7 sign-->encrypt->decrypt from working. > This

Re: [openssl-dev] Load secrets to context.

On Wed, Jul 27, 2016, john gloster wrote: > Hi, > > Can we use both the following APIs in the same application to load > certificate to the SSL context? > > *SSL_CTX_use_certificate_file()* > *SSL_CTX_use_certificate_chain_file()* > You should only use one. If you use SSL_CTX_use_certificate_c

Re: [openssl-dev] [TLS1 PRF]: unknown algorithm

On Wed, Jul 27, 2016, Catalin Vasile wrote: > Hi, > > I'm trying to use the EVP_PKEY_TLS1_PRF interface. > > The first thing I do inside my code is: > pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL); > But pctx is NULL after that call. > > I've watched test/evp_test.c and it does not se

Re: [openssl-dev] Discrepancy between docs and actual behavior: CMS in 1.0.2

On Mon, Jul 25, 2016, Blumenthal, Uri - 0553 - MITLL wrote: > I confess I did not test this with 1.1.x. But in 1.0.2h there???s a problem. > > CMS man page says: > > If the -decrypt option is used without a recipient certificate then an > attempt is made to locate the > recipient by trying each

Re: [openssl-dev] Clear X509 OBJECT cache

On Wed, Jul 20, 2016, Dr. Stephen Henson wrote: > On Wed, Jul 20, 2016, Patel, Anirudh (Anirudh) wrote: > > > "X509_LOOKUP_hash_dir is a more advanced method, which loads certificates > > and CRLs on demand, and caches them in memory once they are loaded. As of > >

Re: [openssl-dev] Clear X509 OBJECT cache

On Wed, Jul 20, 2016, Dr. Stephen Henson wrote: > On Wed, Jul 20, 2016, Dr. Stephen Henson wrote: > > > On Wed, Jul 20, 2016, Patel, Anirudh (Anirudh) wrote: > > > > > "X509_LOOKUP_hash_dir is a more advanced method, which loads certificates > > > and

Re: [openssl-dev] Clear X509 OBJECT cache

On Wed, Jul 20, 2016, Patel, Anirudh (Anirudh) wrote: > "X509_LOOKUP_hash_dir is a more advanced method, which loads certificates > and CRLs on demand, and caches them in memory once they are loaded. As of > OpenSSL 1.0.0, it also checks for newer CRLs upon each lookup, so that newer > CRLs are a

Re: [openssl-dev] pkcs12 settings, Was: Re: [openssl.org #4588] pkcs12 -info doesn't handle PKCS#12 files with PKCS#5 v2.0 PBE

On Tue, Jul 19, 2016, Hubert Kario wrote: > I have few questions now though: > > I've noticed that 1.0.2 uses sha1 hmac for the PRF while the master > uses sha256 > > is there a way to set this? > Not currently no (at least not from the command line, maybe by delving into the pkcs12 internals)

Re: [openssl-dev] MGF1-OAEP with SHA2

On Thu, Jul 07, 2016, c.hol...@ades.at wrote: > > I try to get RSA enryption/decryption (over the API) with MGF1 > OAEP-padding other then SHA1. > You need to use the EVP_PKEY API and pass the required algotithm to EVP_PKEY_CTX_set_rsa_oaep_md() which is currently undocumented (fix coming up).

Re: [openssl-dev] Null Ciphers in FIPS mode

On Wed, Jun 01, 2016, Mody, Darshan (Darshan) wrote: > > Does Openssl allows NULL ciphers when we put openssl in FIPS mode? > If you mean NULL ciphersuites then yes though they're not enabled by default just like non-FIPS mode. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Co

Re: [openssl-dev] Does OpenSSL support ECC-based S/MIME as defined in RFC 5753?

On Tue, May 31, 2016, Blumenthal, Uri - 0553 - MITLL wrote: > Does OpenSSL support ECC-based S/MIME as defined in RFC 5753? > > I was trying to create an encrypted S/MIME message using OpenSSL-1.0.2h, > and got the following: > > $ openssl smime -encrypt -aes128 -inform SMIME -in Cyph_Bot_test.e

Re: [openssl-dev] Signing Internet-Drafts and RFCs

On Thu, May 12, 2016, Matt Caswell wrote: > > > On 11/05/16 22:03, Russ Housley wrote: > > Today, the IETF uses OpenSSL to digitally sign Internet-Drafts. If > > you care about the details, please see RFC 5485. > > > > We are looking to expand Internet-Draft signing, and start signing > > RFCs

Re: [openssl-dev] Getting raw ASN1 data from X509 certificate

On Tue, Apr 26, 2016, Kurt Roeckx wrote: > Hi, > > I'm working on a tool that checks various things related to X509 > certificates. I want to check that the encoding is actually > correct DER. With things like ASN1_TIME is seems easy to get to > the raw data, it just seems to contain it. But w

Re: [openssl-dev] [openssl.org #4429] Cannot decrypt RC4-encrypted CMS object

On Mon, Mar 14, 2016, Blumenthal, Uri - 0553 - MITLL wrote: > On 3/14/16, 14:45, "openssl-dev on behalf of Viktor Dukhovni" > > wrote: > > >On Mon, Mar 14, 2016 at 05:45:34PM +, Stephan Mühlstrasser via RT > >wrote: > >> I had written a message about this issue to openssl-users, but received

Re: [openssl-dev] links to KDF functions from pkeyutl man are broken

On Fri, Mar 04, 2016, Dmitry Belyavsky wrote: > Dear Rich, > > Is it possible to add a command line option to select hash algorithm used > in the PRF calculations? > GOST ciphersuites, for example, use TLS1 PRF based on the GOST digest > algorithms. > I think it's already there -pkeyopt md: St

Re: [openssl-dev] PHP openssl ext port for 1.1 - cert->name

On Tue, Mar 01, 2016, Jakub Zelenka wrote: > Hello, > > I'm just slowly porting PHP core openssl ext to work with OpenSSL 1.1 and > just came across one thing that I can't find a function for. > > We have got a part in openssl_x509_parse where we display cert->name (cert > is X509 struct) if it

Re: [openssl-dev] OpenSSL 1.1.0 and FIPS

On Mon, Feb 22, 2016, Wall, Stephen wrote: > I wonder if I could get the thoughts of some of you developers on how > difficult it would be to build an engine for OpenSSL 1.1.0 that makes use of > the current (2.0.11?) fipscanister.o. Also, opinions on if this would be a > legitimate way to get FI

Re: [openssl-dev] Call for testing: OpenSSH 7.2

On Mon, Feb 15, 2016, The Doctor wrote: > Just tested this on the old BSD/OS machine > > works with openssl 1.0.2X > > Openssl 1.1.X issues > > cipher.h in openssl 1.1 needs to read > > struct sshcipher; > struct sshcipher_ctx { > int plaintext; > int encrypt; >

Re: [openssl-dev] PKCS12_Parse() no longer extract certificate

On Thu, Feb 11, 2016, Michel wrote: > Hi, > > > > I have a test program which is failing using version 1.1 because > PKCS12_Parse() doesn't return the certificate, just the key. No error is > signaled. > > I supposed it is not intended. Is it work in progress ? > That's a bug which should

Re: [openssl-dev] [openssl.org #4301] [BUG] OpenSSL 1.1.0-pre2 fails to parse x509 certificate in DER format

On Thu, Feb 11, 2016, Blumenthal, Uri - 0553 - MITLL wrote: > ^ > Probably correct IN THIS ONE CASE, because Most Significant Bit is zero > even without the leading zero byte. See below. > > >>The problem is that is an invalid encoding. An ASN.1 INTEGER cannot > >>contai

Re: [openssl-dev] [openssl-users] pkeyutl does not invoke hash?

On Wed, Jan 20, 2016, Blumenthal, Uri - 0553 - MITLL wrote: > On 1/20/16, 5:10 , "Hubert Kario" wrote: > > It appears to me that pkeyutl is more an instrument to access those > primitive operations, unlike dgst that provides access to the ???true??? > (complete) signature function that includes

Re: [openssl-dev] Keyed hashing APIs for EVP?

On Sat, Jan 16, 2016, Bill Cox wrote: > > I feel keyed hashing is here to stay. Keccak also has this feature. > Assuming I'm reading the EVP API correctly, should add support for keyed > digests to EVP. What do you folks think? > Support for MAC already exists in EVP. It's possible to access

Re: [openssl-dev] [openssl-users] pkeyutl does not invoke hash?

On Thu, Jan 14, 2016, Blumenthal, Uri - 0553 - MITLL wrote: > On 1/14/16, 16:51 , "openssl-dev on behalf of Dr. Stephen Henson" > wrote: > > >On Thu, Jan 14, 2016, Salz, Rich wrote: > > > >> Okay, how about this. First, remove the NOTES subhead. Add th

Re: [openssl-dev] [openssl-users] pkeyutl does not invoke hash?

On Thu, Jan 14, 2016, Salz, Rich wrote: > Okay, how about this. First, remove the NOTES subhead. Add this to the end > of the first paragraph: > > This program does not hash the input data and requires the input data > to be of the proper size, and must not be greater than the size

Re: [openssl-dev] [openssl-users] pkeyutl does not invoke hash?

On Wed, Jan 13, 2016, Blumenthal, Uri - 0553 - MITLL wrote: > > > If the input to "pkeyutl ???sign??? is supposed to be digest output only ??? > then > what???s the point of having command line arguments specifying the digest to > use? And if the input can be an arbitrary file (like for ???dgst

Re: [openssl-dev] [PATCH] Declare/Implement ASN1_FUNCTIONS for NAME_CONSTRAINTS

On Sat, Jan 09, 2016, Paul Kehrer wrote: > The ASN1 functions for NAME_CONSTRAINTS are not declared or implemented in > the current OpenSSL releases. This is inconsistent with other extension > structs and (I believe) means you either need to declare them yourself or > attempt to build NAME_CON

Re: [openssl-dev] Variable length of digest

On Thu, Dec 24, 2015, Dmitry Belyavsky wrote: > > If you try to change the output length via the -macopt option of the dgst > command, you'll see that the text output will be 4 bytes. > It seems to happen because of the internal call to the EVP_MD_size() > function. > > If we change the EVP_MD_C

Re: [openssl-dev] Variable length of digest

On Wed, Dec 23, 2015, Dmitry Belyavsky wrote: > Hello OpenSSL Team, > > I have a question. > > I need to implement a digest with variable length of output. The length of > output can be easily specified by the control function, but EVP functions > expect the constant length of the digest result.

Re: [openssl-dev] ECDH engine

On Fri, Dec 18, 2015, Alexander Gostrer wrote: > Hi Steve, > > John and I completed writing an ECDH engine based on the > OpenSSL_1_0_2-stable branch. We were planning to expand it to the master > but found some major changes made by you recently. What is the status of > this task? Is it stable e

Re: [openssl-dev] openssl pkeyutl unable to use keys on a PKCS11 token?

On Thu, Dec 10, 2015, Blumenthal, Uri - 0553 - MITLL wrote: > On 12/10/15, 16:56 , "openssl-dev on behalf of Dr. Stephen Henson" > wrote: > > > > >As I indicated the fix I suggested it temporary. Sometimes a user will > >want > >that behaviour so we&

Re: [openssl-dev] openssl pkeyutl unable to use keys on a PKCS11 token?

On Thu, Dec 10, 2015, Blumenthal, Uri - 0553 - MITLL wrote: > On 12/10/15, 12:32 , "openssl-dev on behalf of Dr. Stephen Henson" > wrote: > > >The reason for that is because the -engine option sets the ENGINE to use > >for > >everything and the PKCS#11 E

Re: [openssl-dev] openssl pkeyutl unable to use keys on a PKCS11 token?

On Thu, Dec 10, 2015, Blumenthal, Uri - 0553 - MITLL wrote: > Much better now - but at this time I hit ???unsupported algorithm???. The key > in question is RSA-2048, with SHA256. > > $ LOAD_CERT_CTRL=true VERBOSE=7 openssl pkeyutl -engine pkcs11 -sign > -keyform engine -inkey > "pkcs11:object=SI

Re: [openssl-dev] Windows x86_64 build broken -- RE: [openssl-users] OpenSSL version 1.0.1q released (corrected download)

On Fri, Dec 04, 2015, Carl Tietjen wrote: > Folks, > > It looks like the Windows x86_64 build for OpenSSL version 1.0.1q is broken. > > > I am building a FIPS capable version, and have verified that I have the > corrected download build: SHA1 checksum: > c65a7bec49b72092d7ebb97a263c496cc

Re: [openssl-dev] Windows x86_64 build broken -- RE: [openssl-users] OpenSSL version 1.0.1q released (corrected download)

On Fri, Dec 04, 2015, Carl Tietjen wrote: > Folks, > > It looks like the Windows x86_64 build for OpenSSL version 1.0.1q is broken. > > > I am building a FIPS capable version, and have verified that I have the > corrected download build: SHA1 checksum: > c65a7bec49b72092d7ebb97a263c496cc

Re: [openssl-dev] [openssl-users] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback

On Fri, Nov 13, 2015, Benjamin Kaduk wrote: > > As another thread calls to mind, PKCS#12 could potentially just use > triple-DES. (BTW, the CMS tests fail when openssl is configured with > no-rc2, due to this; I have a WIP patch sitting around.) > The issue is that some cuurent software (inclu

Re: [openssl-dev] OCSP issues in master 2015-10-17

On Sat, Oct 17, 2015, Roumen Petrov wrote: > Hello, > > After embed some attributes OCSP in master stop to work. > > The current status is the client comment report "Cert Status: > unknown" and "Nonce Verify error" for X.509 certificates used in my > ssh regression tests. > > The last known ve

Re: [openssl-dev] OCSP issues in master 2015-10-17

On Sat, Oct 17, 2015, Roumen Petrov wrote: > Hello, > > After embed some attributes OCSP in master stop to work. > > The current status is the client comment report "Cert Status: > unknown" and "Nonce Verify error" for X.509 certificates used in my > ssh regression tests. > Try this patch: d

Re: [openssl-dev] Strange problem with cms_cd.o?

On Fri, Sep 11, 2015, Blumenthal, Uri - 0553 - MITLL wrote: > I am trying to build the current Github version of openssl on Ubuntu-14.04 > LTS. Must add that this system has openssl-1.0.1f already installed (relict > of Ubuntu software update process). > > Everything seems to compile fine, but li

Re: [openssl-dev] [openssl.org #3978] RE: Openssl 1.0.2c include the FIPS 140-2 Object Module

On Mon, Aug 17, 2015, Patil, Ashwini IN BLR STS wrote: > > > Please let me know if I need to make changes in ntdll.mak file to generate > the corresponding fipslibeay32.dll . > > As I need to include this dll in my test application to turn on the fips > module. > There is no fipsleay32.dll

Re: [openssl-dev] [openssl.org #3978] RE: Openssl 1.0.2c include the FIPS 140-2 Object Module

On Mon, Aug 17, 2015, Patil, Ashwini IN BLR STS via RT wrote: > Hi Mr. Stephen N. Henson, > > > > Thankyou so much for the reply. > > > > We would like to use the option1 mentioned by you. But unfortunately the > dll's were not generated, only static lib's were generated. > > Please guide

Re: [openssl-dev] Localised Error

On Sun, Jul 19, 2015, The Doctor wrote: > On Sun, Jul 19, 2015 at 06:05:26AM -0600, The Doctor wrote: > > What should I be looking at when > > > > signed content test streaming S/MIME format, 2 DSA and 2 RSA keys: verify > > error > > > > occurs? > > > > Further from the code > >

Re: [openssl-dev] RSA SigVer (FIPS 186-4) Issue

On Mon, Jun 29, 2015, rst...@symsysresearch.com wrote: > I am getting incorrect False-Negative results when performing tests > with 186-4 vectors (generated by CAVS 17.6). > > This vector is being reported false while CAVS says they should pass. > > [mod = 1024] > n = > d915e54ecbf96e1daadb5faa

Re: [openssl-dev] RSA SigVer (FIPS 186-4) Issue

On Mon, Jun 29, 2015, rst...@symsysresearch.com wrote: > I am getting incorrect False-Negative results when performing tests > with 186-4 vectors (generated by CAVS 17.6). > > This vector is being reported false while CAVS says they should pass. > > [mod = 1024] > n = > d915e54ecbf96e1daadb5faa

Re: [openssl-dev] Extended master secret goober in s3_srvr.c

On Fri, Jun 12, 2015, Bill Cox wrote: > Here's some code in master starting at line 594 in s3_srvr.c: > > if (!s->s3->handshake_buffer) { > SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR); > return -1; > } > /

Re: [openssl-dev] OpenSSL for windows with /fixed flag

On Sun, May 24, 2015, Dixon Xavier wrote: > Hi, > > Going by the description in links: > http://openssl.6102.n7.nabble.com/FIPS-Module-1-2-build-with-Visual-Studio-2010-fails-self-tests-td36372.html > http://mailing.openssl.dev.narkive.com/HfYeReuA/fips-module-1-2-build-with-visual-studio-2010-fa

Re: [openssl-dev] Missing API features

On Tue, Apr 21, 2015, Richard Moore wrote: > On 21 April 2015 at 12:50, Dr. Stephen Henson wrote: > > > I think what would be useful here would be an API that can determine > > appropriate characterictics of an SSL_CIPHER. For example a NID > > corresponding to th

Re: [openssl-dev] Missing API features

On Mon, Apr 20, 2015, Richard Moore wrote: > On 20 April 2015 at 21:25, Salz, Rich wrote: > > > What is the information you're looking for? "kx=X25519" or kx="2KRSA" > > or ... ? I picked those because sometimes there's a keysize, and other > > times it's implicit, for example. The internal

Re: [openssl-dev] CMS: is there a support for authenticated encryption (aes-gcm, aes-cbc-cmac etc.) in CMS?

On Mon, Apr 13, 2015, Pawe?? Ka??mierczak wrote: > Hello, > > is there a support for aes-gcm in openSSL CMS implementaion? > Following code works when EVP_aes_128_cbc is used as CMS_encrypt param but > fails with EVP_aes_128_gcm. Am I missing something (like setting the gcm > header/tag) or authe

Re: [openssl-dev] EC based certificates not supported in CMS - why?

On Thu, Apr 09, 2015, Pawe?? Ka??mierczak wrote: > I am affraid EC certs do not work in CMS openSSL 1.0.2. I just wrote a > simple test procedure: > > void cmsTest() > { > //this RSA works > //auto certFileBio = BIO_new_file("c:\\a\\simplersa_noPem.cer", "rb"); > //auto prvKeyFileBio = BIO_

Re: [openssl-dev] EC based certificates not supported in CMS - why?

On Thu, Apr 09, 2015, Pawe?? Ka??mierczak wrote: > Hi, > > currently openssl in CMS supports only RSA based certificates but EC based > certificates are supported in openssl TLS... so I assume that there is > already a code that can sing/verify and perform key agreement (ECKA-EG > ECKA-DH) using

Re: [openssl-dev] OID with length zero related bug

On Thu, Apr 09, 2015, Juan Antonio Osorio wrote: > Hi, > > I've recently encountered that OpenSSL is sending some unexpected errors > when reading X.509 certificate requests, if the key is not specified, or > the CSR is not signed. > Well if a key is not specified ot the CSR isn't signed then i

Re: [openssl-dev] Using TLSv1.2

On Tue, Mar 24, 2015, ?? wrote: > I use the openssl library in the project and use client certificate > verification. When using protocol TLSv1.2 I have a problem with data > encryption, using the private key of the client certificate. This is due to > the fact that th

Re: [openssl-dev] Heap corruption in asn1_item_ex_combine_new()

On Tue, Mar 31, 2015, Julien Kauffmann wrote: > > if (!combine) > *pval = NULL; > I'd suggest deleting the two lines above. The structure should be cleared without this and the above line is wrong for non pointer fields anyway. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer

Re: [openssl-dev] Heap corruption in asn1_item_ex_combine_new()

On Tue, Mar 31, 2015, Julien Kauffmann wrote: > > Basically what happens is that, somewhere inside the call to > PEM_write_bio_ECPrivateKey(), an ASN1 sequence of 3 elements is > allocated. The corresponding code is as follow (in > crypto/asn1/tasn_new.c:181): > > if (!combine) { > *pval = O

Re: [openssl-dev] ASN1_UTCTIME_cmp_time_t behavior changed from 0.9.8 to 1.0.2 ?

On Tue, Mar 24, 2015, Susumu Sai wrote: >         time_t t; >         time(&t); > >         ASN1_TIME *tmptm = ASN1_TIME_new(); >         X509_gmtime_adj(tmptm, 0); > >         // ? With 0.9.8, the return value ret = 1 >         // ? With 1.0.2, the return value ret = -1 >         int ret = ASN

Re: [openssl-dev] OpenSSL version 1.0.2a released

On Thu, Mar 19, 2015, Randall S. Becker wrote: > On March 19, 2015 10:09 AM OpenSSL wrote: > > To: OpenSSL Developer ML; OpenSSL User Support ML; OpenSSL Announce ML > > Subject: [openssl-dev] OpenSSL version 1.0.2a released > >OpenSSL version 1.0.2a released > >===

Re: [openssl-dev] s3_clnt.c changes regarding external pre-shared secret seem to break EAP-FAST

On Thu, Mar 19, 2015, Erik Tkal wrote: > > If I do not send a sessionID in the clientHello but do send a valid > sessionTicket extension, the server goes straight to changeCipherSpec and > the client generates an UnexpectedMessage alert. > Does the server send back an empty session ticket exten

Re: [openssl-dev] Intent of the private_ wrappers

On Tue, Mar 10, 2015, Steve Schefter wrote: > On 3/10/2015 8:03 PM, Dr. Stephen Henson wrote: > >On Fri, Mar 06, 2015, Steve Schefter wrote: > > > > > >Which OS and version of OpenSSL are you using? > > I am using 1.0.1j on Linux. I've not tried to build

Re: [openssl-dev] Intent of the private_ wrappers

On Fri, Mar 06, 2015, Steve Schefter wrote: > Hi. > > I am compiling OpenSSL with the FIPS options and seeing a build > error. My question is more about the intent than the problem. > > One example: When apps/speed.c is compiled with FIPS enabled, > OPENSSL_FIPS is defined and DES_set_key_unche

Re: [openssl-dev] [openssl.org #3734] question about 0.9.7 branch

On Sat, Mar 07, 2015, Allauddin Ahmad via RT wrote: > Dear Concerned: > > Can you please confirm that OpenSSL branch 0.9.7 branch is not affected by: > As Viktor mentioned 0.9.7 is no longer being maintained. However the following two issues will be present in 0.9.7: > > *RSA silent

Re: [openssl-dev] FIPS / RSA / ENGINE bug?

On Fri, Feb 27, 2015, Hong Cho wrote: > Hi, > > I generated OpenSSL libcrypto (1.0.1l) with the OpenSSL FIPS crypto module > (2.0.8) on FreeBSD 8.4 amd64. > > It seems to build fine, and with OPENSSL_FIPS, it seems to behave correctly > (e.g., MD5 is refused, DH with 512-bit key is refused, etc.

Re: [openssl-dev] Need Help with BIO callback and/or BIO filter chain

On Fri, Feb 20, 2015, W Smith wrote: > Thanks, Rich. > > Does anyone know how to walk through a BIO stack that includes a "BIO pair" > and get to the ultimate source/sink BIO? If I can get that, I'll be in good > shape. Anybody? > Not sure I follow you. A BIO pair is the ultimate source/sink

Re: [openssl-dev] Need Help with BIO callback and/or BIO filter chain

On Fri, Feb 20, 2015, W Smith wrote: > Rich, > > Yeah, I have industrial strength Tylenol standing by. I'm expecting this to > be painful, but not insurmountable for the handshake. If I'm unable to even > get at the ultimate source/sink, I can't get anywhere. > > I can deal with the HTTP side

Re: [openssl-dev] Proposed cipher changes for post-1.0.2

On Fri, Feb 13, 2015, Viktor Dukhovni wrote: > On Fri, Feb 13, 2015 at 11:59:13AM +, Salz, Rich wrote: > > > > Some time ago, I had submitted a patch which allows administrators, but > > > most importantly OS distributors to set their own strings in the > > > configuration > > > file, which

Re: [openssl-dev] Proposed cipher changes for post-1.0.2

On Tue, Feb 10, 2015, Viktor Dukhovni wrote: > > We should also recall that the master branch has introduced "security > levels", which may still need some work to become production-ready, > but are likely a better mechanism for applications to move to more > secure settings than incompatible cha

Re: [openssl-dev] FIPS compliant digital signature

On Wed, Feb 04, 2015, Rex Bloom wrote: > Can someone help me understand what type of digital signature I can use for > FIPS compliance. > > I used this command: > > openssl genrsa -aes128 -passout pass:mypassphrase -out privkey.pem 2048 > > to generate a pem file but when I tried to load this

Re: [openssl-dev] Pausing TLS negotiation after client hello

On Fri, Jan 23, 2015, Susan Hinrichs wrote: > Hello All, > > I work with Apache Traffic Server. Many of our users use the SNI > callback to select the certificate that the proxy will present to > the client. This selection can take some time. Rather than > blocking the callback thread, we woul

Re: [openssl-dev] Disabling SSLv3 in OpenSSL 0.9.8a

On Fri, Jan 23, 2015, Thirumal, Karthikeyan wrote: > Team, > In order to fix the Poodle vulnerability on SSLv3, I tried to disable my > SSLv3 cipher using the below cipher set, but did not even initiate SSL in > 0.9.8a. > > SSL_CTX_set_cipher_list(ssl_ctx,"SHA1+HIGH:!SSLv2:!SSLv3:!aNULL:!eNULL:

Re: [openssl-dev] unloading certificates

On Tue, Dec 30, 2014, satish.kumarya...@cognizant.com wrote: > Hi > Is there any way to unload client certificate and private key from SSL > context? > I could not find any openss api to unload client cert from SSL object. > There is a function SSL_certs_clear() but it is only in OpenSSL 1.0.2+

Re: [openssl-dev] OpenSSL and certain PEM formats

On Fri, Dec 19, 2014, Sean Leonard wrote: > > On Dec 19, 2014, at 11:35 AM, Kurt Roeckx wrote: > > > On Fri, Dec 19, 2014 at 03:05:32PM +, Viktor Dukhovni wrote: > >> On Fri, Dec 19, 2014 at 08:47:55AM -0500, Daniel Kahn Gillmor wrote: > >> > >>> Does OpenSSL have documented someplace exac

Re: [openssl-dev] OpenSSL and certain PEM formats

On Wed, Dec 17, 2014, Sean Leonard wrote: > #define PEM_STRING_PARAMETERS"PARAMETERS" > (note, this label does not have any algorithms in it, so I presume > it refers to some kind of generic parameter structure) > It's used internally to indicate to the PEM routines that it should accept a

Re: [openssl-dev] Openssl Shared library mode compilation

On Thu, Dec 11, 2014, Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco) wrote: > > Hi Team, > > For Vulnerability issue, we are indeed to upgrade the openssl version to > 0.9.8zc version. We have downloaded the source from > www.openssl.org site. Wh

  1   2   3   4   5   6   7   8   9   10   >