> Appending a note that, for a full change log, [DO THIS], would probably be
> well received.
https://github.com/openssl/openssl/pull/3606
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> with a host device which will be ported with FIPS compliant OpenSSL library.
> Our embedded device will be using ECDSA (FIPS 186-3) and ECDH (FIPS
> SP800-56A) by calling APIs of ATECC508A SDK. Is there any compatibility
> issue?
There shouldn't be. But interop is a hard thing, and a
> What I find surprising is the rate of these errors. For every 100 legitimate
> HTTP requests that make it to Nginx, I get 2.5 “inappropriate fallback” SSL
> errors. That's a lot of noise.
>
> I guess I'll have to adjust my expectations.
That's not out of line with other measurements I've been
> Would clients actually attempt to send TLS_FALLBACK_SCSV even if the
> previous connection attempt failed for reasons other than TLS? If, say, the
> initial connection attempt failed at the TCP level? That sounds a little
> strange
> to me.
Yes they do.
There are many badly written clients
By default, TLS only does server-side verification. If you are using client
certificates, you will have to write some code for your application.
--
Senior Architect, Akamai Technologies
Member, OpenSSL Dev Team
IM: richs...@jabber.at Twitter: RichSalz
--
openssl-users mailing list
To
> So the CHANGES file isn't really "changes".
The full list of everything that has changed can be found via git logs. As
Matt said, we only put particularly significant items in the CHANGES file.
--
openssl-users mailing list
To unsubscribe:
> Then I've misunderstood the presence of the "-DSHA256_ASM" flag.
>
> What's it specifically used for?
To remind me to double-check my answers? :(
Sorry, they are present. The difference is that the help message in 1.0.2
isn't complete. Did you try the commands directly?
--
openssl-users
> The results are both functional, but the v102l build is missing
> sha{224|256|384|512} digests
Right; those digests are not in 1.0.2
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> The openssl program will use the wrong libssl.so and libcrypto.so.
Yes, got it.
But that's small potatoes compared to everyone else finding the wrong shared
library, and just saying "use rpath" doesn't help all those others.
--
openssl-users mailing list
To unsubscribe:
> We still don't know what use case is being represented by omitting the
> RPATH in the OpenSSL build.
Because only one program, apps/openssl, presumably needs rpath. But that
doesn't solve the problem for *external applications* that need to find OpenSSL
in a different place, does it?
--
> I am trying to compile / install a utility from Source on CentOS that
> utilizes OpenSSL 1.1.0 (latest version) . However, I get the following error:
> configure: WARNING: Cannot find SSL_CTX_get0_param in libssl library. TLS
> hostname verification will not be available.
Most likely, the
> It uses SSL_CTX_use_certificate_chain_file in some places and in other places
> it uses PEM_read_bio_X509
>
> When these APIs are used, can the OpenSSL stack detect updated files on
> disk and reload them without any intervention from the application?
No, it's a load and use the current
> Alot of Online certificate providers have some kind of REST API.
>
> Is there such an API available as OSS or do i have to write one myself
You might want to look at the IETF ACME protocol.
There are many clients around. And the LetsEncrypt code is open source.
--
openssl-users mailing
> 2) Why isn't it listed in the manpages?
Many fucntions aren't documented. We're all working on it.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Doesn’t seem to be supported in openssl.
Whats the equivalant of
That attribute is not currently supported.
Someone would have to write ASN1 parsing code. There are examples all over the
place within OpenSSL; see the various d2i_XXX and i2d_XXX functions. There are
macro/define’s available to make the job easier. But, it is not really
documented.
Maybe
> Make that N processes, and understand why this should be a FAQ.
Have no problem with adding to the FAQ.
It's likely to be our next code-health target :)
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> Please excuse what is a simple question: what is the proper way to clean up
> in the parent and child when writing a forking server using OpenSSL?
It's not simple.
Can you have the parent just do socket stuff, and then accept/fork and have the
child do all the OpenSSL calls?
Having two
> While the process is still fresh in my head, I was wondering if the community
> would benefit in having some documentation on the process to follow and
> issues that may arise? Possibly add this into the OpenSSL wiki?
This would be a great idea.
--
openssl-users mailing list
To unsubscribe:
I can point you to https://github.com/richsalz/pki-webpage But it is *not
official* and may not work for what you want.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> I am looking for a CA makefile to use with a openvpn tutorial I am writing
> https://github.com/Oflameo/openvpn_ws. Is there one officially endorsed
> by the openssl project?
If there were, it would be in the source distribution.
--
openssl-users mailing list
To unsubscribe:
I unsubscribed Ryan; he’ll have to rejoin.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> For AES-256 encryption, should IV be random? I am already using a random
> salt, so I was wondering if IV should be random too.
It should be non-repeating. It can just be a counter.
(Yes, I know OP didn't ask about AESGCM. But if they're coming here for advice
... )
--
openssl-users
> Does openssl provide any way to set MSG_NOSIGNAL on sendmsg (Underlying
> TCP/IP socket layer) ?
No. You will have to modify the code yourself.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> A naïve question. A certificate that contains SAN attribute(s) – is there a
> limit on how many, say, RFC822 SAN attributes can a valid certificate have?
No.
> It’s been my understanding that a cert can contain as many SAN attributes as
> needed, but it appears that Apple believes it has to
> My client is a custom application and as such only needs to communicate with
> specific servers for specific purposes. I think it makes sense for my client
> to only support the specific protocol that my server will use,
> ECDHE-RSA-AES128-GCM-SHA256. Does this sound reasonable or should I
>#define OTEXT_AES_KEY_INIT(ctx, buf) { \
> EVP_CIPHER_CTX_init(ctx); \
> EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, buf, ZERO_IV); \
> }
Most of the datatypes are now opaque. This means you can't have an
EVP_CIPHER_CTX object, but instead a pointer to it. Don't call
We are still reviewing several PR's from the previous code health, which was
about converting tests to use the new test framework. With this extended time
period, we'll have ended up converting almost all the tests, which is great.
We'll announce the next project toward the end of the week.
You are asking two different questions.
The certificates that the *client* sends are specified by the various “use
certficiate” API’s. No chain is built. See
doc/man3/SSL_CTX_use_certificate.pod, especially the “use certificate chain
file” API.
As for what the *server* does, it tries to use
> https://username:passw...@server.com
> How do I specify this username and password when using SSL_connect()?
You don't. That stuff is at the protocol level about TLS/SSL.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
No, you must have a chain up to a local trust anchor.
You can install the intermediate in your trust store.
--
Senior Architect, Akamai Technologies
Member, OpenSSL Dev Team
IM: richs...@jabber.at Twitter: RichSalz
From: Lei Kong [mailto:leik...@msn.com]
Sent: Thursday, April 20, 2017 9:38 PM
> The OpenSSL documentation makes it clear
> that you must keep calling the same asynchronous function with the same
> parameters until the async job has completed.
Is there a way we can (relatively cheaply) check for that type of programming
error and return an "in progress on another op"
You need to learn what CBC mode is. Block ‘n’ feeds into block ‘n+1’ The
behavior you describe is not wrong.
Blocks are padded, so only read outlen bytes.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> I thought about escaping regarding DN itself (LDAP DN).
Look up the -nameopt flag in, say, x509.pod Then if you need C code, trace
through what apps/x509.c does.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>in my case, i need to initialize the SSL , and set parameters as same
as client and server (depending on direction ) and call OpenSSL to decrypt the
data.
>>before openSSL 1.1.0 as all member variables could be set, it was easy
task,
>> now i do face issues with ssl_session
No, the functions you want aren’t provided right now. What are you trying to
do? Why are you modifying the session, outside of the TLS protocol?
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Those are curl functions, not openssl
--
Senior Architect, Akamai Technologies
Member, OpenSSL Dev Team
IM: richs...@jabber.at Twitter: RichSalz
From: ghanashyam satpathy [mailto:ghanashyam.satpa...@gmail.com]
Sent: Saturday, March 25, 2017 10:05 AM
To: openssl-users@openssl.org
Subject:
> For encrypting user data such as user's password, could I use PKCS#1 or OAEP
> padding mode?
If you do not know what you are doing, use the defaults.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> After commented out the line "EVP_PKEY_CTX_set_rsa_padding(ctx,
> RSA_NO_PADDING)",? it worked well.
You need to do some reading about basic RSA cryptography. Signatures are
padded out to the keysize.
--
openssl-users mailing list
To unsubscribe:
> However, is crypto library thread-safe?
Check out this blog entry:
https://www.openssl.org/blog/blog/2017/02/21/threads/
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> Are you suggesting that I should modify openssl myself to expose that
> functionality or are suggesting that there is a way to do that given the
> already
> exposed functionality? If it is the latter could you point me in the right
> direction?
OpenSSL code does not do what you want. You'll
> It takes a long time. Is there some way to have it use all available cores
> instead of just the one?
You'll have to write the code to do that parallelism yourself.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> Say someone would be able to gather several clear text AES keys and their
> respective asymmetrically encrypted RSA blocks. Would it weakens the security
> of the RSA key pair ? I mean could it be easier for someone using that
> information to brute force an RSA key pair ?
No
--
> If so, would it be possible in principle to decrypt an encrypted PKCS#7
> envelope only knowing which AES key was used ?
Yes. But maybe not with the openssl api's :)
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> Is there a way in openssl we can extract the protocol(TLS/DTLS ) handshake
> information, like in clienthello, the protocol version, ciphersuites
> offered, Random, session id etc.
Look at the code in apps/s_client and apps/s_server and see what it prints in
various debug modes.
--
Yes there are easier ways to do this. Set up a conf file and use it (via the
-conf flag). You can use env vars, set default values, and so on. Look at the
config manpages, https://www.openssl.org/docs/manmaster/man5/
For a fuller example, see https://www.openssl.org/~rsalz/pki.tgz
PS --
Already fixed.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
No, it does not do this automatically.
if the nounce _explicit overflows or overlaps , then does openssl code
handles it (atleast by initiating renegotiation )?
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> > My source can be viewed at: mt-umunhum-wireless.net/Sources/rsa/rsa.c
Gives a 403.
> > My main guess is that your allocation for the PEM buffer is too small
> > -- is key/key_len pointing to a static buffer?
>
> It points to a char string
Not sure what that means. Please post your code
What version of openssl? I'm guessing 1.0.2.
Put this line inyour code
ERR_load_ERR_strings();
And youll get a more informative message.
My main guess is that your allocation for the PEM buffer is too small -- is
key/key_len pointing to a static buffer?
--
openssl-users
> So, whether application can perform manual TLS handshakes when SOCK_SEQPACKET
> is used ?
I said it is not supported by openssl.
I doubt it can be made to work, since TLS handshake wants one client and one
server.
--
openssl-users mailing list
To unsubscribe:
> But these calls don't work when SOCK_SEQPACKET (one-to-many connections) is
> used. Does openssl provide any alternatives for these calls ? Or an
> application need to perform the TLS handshakes manually ?
This is not supported, and there are no demo's available.
--
openssl-users mailing
Later versions ratched up the security. Try -ciphers DEFAULT@SECLEVEL=0
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> Can you please share if any thread, details on new build system, how to use
> that?
Look at the README file.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> It is a home grown HTTPS server.
Well, then what does your server do?
To be very very clear: TLS is a *send the bytes* protocol. It knows nothing
about EBCDIC, ASCII, text, etc.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
What’s the serer on the other side? If it’s a web server, then \0 characters
are generally illegal. If it’s s_server, then it, too, really wants ASCII
lines.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> Can someone explain why 'Makefile.org' is removed now and how to tackle it
> ?
The whole build system changed; there is no Makefile.org any more. What were
you trying to do?
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> Licensing issues are indeed thorny. Why can't openssl perform a dynamic link?
> The soversion should handle any ABI issues introduced in later versions of
> GMP.
Anything is possible; it is just code.
I don't think this is a priority for the team. A pull request ...
--
openssl-users
> Have you considered using GMP as a big integer backed for openssl? It has
> support for several arm variants using handwritten assembly code and the
> developers go to great lengths to find optimize runtime on all supported
> platforms.
It might be interesting if we could figure out how to
> It's cargo-cult programming, most often by people who can't be bothered to
> learn the language they're using.
There are also sometimes portability issues, vendors get things wrong.
But at any rate, for this project, OpenSSL style says parens after sizeof and
says nothing at all about
Michael was kind to post some replies.
I think a better forum to discuss this is one of the following, which has more
focus on cryptographic science and less on “how do I use the CLI”
http://www.metzdowd.com/mailman/listinfo/cryptography
https://www.irtf.org/mailman/listinfo/cfrg
--
> My application links to OpenSSL 1.1.0 dynamically, and I would like to be able
> to determine if the CPU supports the AES-NI instruction set.
> Is there an OpenSSL API that can do this?
Look at man3/OPENSSL_ia32cap.pod ?
--
openssl-users mailing list
To unsubscribe:
Just to let you know, we found a tool to migrate RT to GitHub issues and will
be doing that shortly. This will just about double the number of open issues
we have and, unfortunately, push the existing (active ones) down a few pages.
--
openssl-users mailing list
To unsubscribe:
>Am trying to upgrade openssl 1.0.1p to 1.0.2k and the compilation breaks with
>the below error and am using Ubuntu 10.04.1
>In file included from req.c:84:
>comp.h:28: error: redefinition of typedef 'COMP_METHOD'
>../../Build/target/usr/include/openssl/ossl_typ.h:181: error: previous
The text says Broadwell-specific
So it only affects *some* x86_64 platforms.
--
Senior Architect, Akamai Technologies
Member, OpenSSL Dev Team
IM: richs...@jabber.at Twitter: RichSalz
From: Sandeep Umesh [mailto:sanum...@in.ibm.com]
Sent: Monday, January 30, 2017 2:14 AM
To:
Look at the PSK ciphers; the callbacks should be able to call your generator...
--
Senior Architect, Akamai Technologies
Member, OpenSSL Dev Team
IM: richs...@jabber.at Twitter: RichSalz
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> Once I compile, and I run "openssl cipher -v" it does not show any RC4
> ciphers.
> Is there another parameter needed?
In addition to what Viktor said, you need to say "ALL" because RC4 is still not
part of DEFAULT.
--
openssl-users mailing list
To unsubscribe:
> My question was meant to ask why the pointers are initialized with
> memset() instead of initializing them by an assignment with NULL or 0.
> Was this a deliberate decision for some reason, or did it just creep in and no
> one cares now to fix it? Would the OpenSSL team accept pull requests that
> During first ssl_read we received eight bytes, and after that ssl_pending
> returns 0. If we continue reading despite having no pending data, ssl_read
> returns the rest of the data.
> Could you please suggest what is wrong here.
Pending is an indication that there is unread data *on the local
> The representation in memory of a null pointer need not be all-bits-zero.
> (The representation in memory of an integer constant with the value zero
> can either be all-bits-zero or, in the unlikely case of sign-magnitude
> integers,
> a sign bit of 1 followed by all-other-bits-zero.)
And,
> I suspect that it was a shortcut, where they used memset() on an entire
> structure, and it hopefully set pointers to NULL.
>
> What I pointed out is that if NULL is not all zeros, this breaks.
And OpenSSL does not work on those platforms. It is part of the test suite to
check for this. See
> > OpenSSL does not support platforms where the memory representation of
> > the NULL pointer contains non-zero bytes. IIRC there are even tests for
> this.
>
> Could someone from the OpenSSL team please explain the rationale for this
> decision? What is the problem with using assignments with 0
> OpenSSL does not support platforms where the memory representation of
> the NULL pointer contains non-zero bytes. IIRC there are even tests for this.
Yes, the basic platform sanity tests, test/sanitytest.c
--
openssl-users mailing list
To unsubscribe:
> Well, the fact that it fails is confirmation :)
>
> > But behind that specific network, if I run the same command, all I get is :
> >
> > CONNECTED(0003)
> > write:errno=104
>
> Most likely there is a middlebox filtering traffic and closing the connection.
> Try an older protocol
Well, the fact that it fails is confirmation :)
> But behind that specific network, if I run the same command, all I get is :
>
> CONNECTED(0003)
> write:errno=104
Most likely there is a middlebox filtering traffic and closing the connection.
Try an older protocol version, like
> checking for library containing SSL_library_init... no
> configure: error: libfko needs ssl
The application is not prepared to build against 1.1.0 That function was
removed, and a #define for backward compatibility is used instead.
--
openssl-users mailing list
To unsubscribe:
> I am obviosly a newbie and missing something. How then do I encrypt the file
> on one machine (little endian), transmit it to another machine (big endian)
> and decrypt it there?
Did you try it?
--
openssl-users mailing list
To unsubscribe:
> Basically, the SSL structure used to contain tlsext_hb_pending variable. After
> looking up, I found out there is now a function to get the value of 'pending'.
> What I need is to set the value. How can I do that now with 1.1.x?
It seems that when the structures were made opaque, we didn't
It’s not endianness, it’s random data in the encrypted stream. Try encrypting
the same file (and password) twice on the same host. Try decrypting it.
Everything will work right.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Does the -V flag not do what you want?
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> Is there some equivalent to PHP's openssl_sign_pkcs7 function for C/C++ users?
Look at the apps/pkcs7.c file as a starting point. Get the command line doing
what you want, and then work through the code to pull out only the bits you
need.
--
openssl-users mailing list
To unsubscribe:
Seed the RNG, via RAND_poll. When or if you need random bytes, call
RAND_bytes. If you just need crypto keys, call the appropriate keygen API.
Done.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> > You fed RAND_bytes output back into RAND_add? That's silly.
> Yes. Is it unnecessary? My steps are:
It is a bad idea. It is pointless. Don't do it.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> "In short, I just replaced the RAND_screen() call to the RAND_poll(),
> generated a random buffer using RAND_bytes() (based on
> https://wiki.openssl.org/index.php/Random_Numbers#Software) seeding it via
> RAND_add()"
You fed RAND_bytes output back into RAND_add? That's silly.
--
> Yes. We're thinking of using TLS Heartbeats as cheaper KeepAlive option in
> idle connections.
Use TCP keepalive if really needed. That keeps your application level free to
reap truly idle connections if/when it wants to.
--
openssl-users mailing list
To unsubscribe:
Heartbeats? Yuk, why.
Most likely, TCP is buffering things until you get a big enough data packet.
I don’t know how to address that.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
What version of openssl are you using? Current versions do not call
RAND_screen or other long-term heap-walking on Windows.
You absolutely *must* properly initialize the random number generator. If you
fail to do that, attackers can guess the keys that you use. You will be
providing only
> I see that it was discussed many years ago about getting a French Declaration
> for openssl. Was this ever successful? If so is there a place I can download
> the declaration as it seems to be required when submitting to the iOS
> appstore.
The OpenSSL project has never pursued or obtained
> (Does OpenSSL support any platform in which type int is 16 bits?)
No.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> We're moving up to OpenSSL 1.0.2j from OpenSSL 0.9.8, and
> noticed that the SSL functions based on SSL_ctrl() changed from returning
> type int to returning type long.
The when and the why is probably lost to history. Doing 'git log' and looking
for SSL_ctrl doesn't show anything.
Oh well.
Perhaps I didn't understand the original question. If all you want to do is
compare 1.0.2 and 1.1.0, then look at OPENSSL_VERSION_NUMBER; if defined at
it's 0x10101000L or greater, then you;'re on the 1.1.x branch, otherwise you
are not and therefore on 1.0.2 or earlier.
--
Senior
> Can you get his fixed?
>
> ../util/shlib_wrap.sh ./heartbeat_test
> test_dtls1_not_bleeding failed: expected return value -1, received 0
> ** test_dtls1_not_bleeding failed **
Again: How are you configuring ?
It does not fail for me.
--
openssl-users mailing list
To unsubscribe:
> How long for this to get fixed?
>
> ../util/shlib_wrap.sh ./heartbeat_test
I posted yesterday, what's your config. I standard config/make does not do
this for me.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
How do you configure?
> test_dtls1_not_bleeding failed: expected return value -1, received 0
> ** test_dtls1_not_bleeding failed **
...
> 4 tests failed
> *** Error code 1
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Look at the OPENSSL version define.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> Ping !!!
You didn't get a reply in 24 hours from an open source mailing list? A little
patience.
> Upon code-browsing, I am beginning to feel that OpenSSL uses program-buffer,
> which is used for malloc/free.
OpenSSL uses malloc, etc. Look at crypto/mem.c and (in 1.1.0 and master) the
Shouldn't you check for VS 2008 as well as MSC_VER ?
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
If you add your own function, you need to run ‘make update’ which calls mkdef.
It is needed for the build procedure.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
I sent them a warning yesterday and today dropped/banned them.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Yes, just put the entire chain in the server’s PEM file.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
401 - 500 of 1110 matches
Mail list logo