Re: Openssl s_client error ?

2020-04-27 Thread Matt Caswell 



On 27/04/2020 09:07, FooCrypt wrote:
> Hi
> 
> Im just testing openssl s_client against a server IP and it appears to be 
> failing with the following. :
> 
> openssl s_client -showcerts -servername ${Site} -connect ${Site}:443 -debug 
>  
> OpenSSL 1.0.2u  20 Dec 2019 : 140337275680448:error:140770FC:SSL 
> routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:827:
> OpenSSL 1.1.0l  10 Sep 2019 : 140642678284928:error:1408F10B:SSL 
> routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:251:
> OpenSSL 1.1.1a  20 Nov 2018 : 140267470374080:error:1408F10B:SSL 
> routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:331:
> OpenSSL 1.1.1b  26 Feb 2019 : 140658956276928:error:1408F10B:SSL 
> routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:331:
> OpenSSL 1.1.1c  28 May 2019 : 140313236694272:error:1408F10B:SSL 
> routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:331:
> OpenSSL 1.1.1d  10 Sep 2019 : 140526368781568:error:1408F10B:SSL 
> routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:331:
> OpenSSL 1.1.1e  17 Mar 2020 : 139985685132608:error:1408F10B:SSL 
> routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:331:
> OpenSSL 1.1.1f  31 Mar 2020 : 139973563405632:error:1408F10B:SSL 
> routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:331:
> OpenSSL 1.1.1g  21 Apr 2020 : 139893511771456:error:1408F10B:SSL 
> routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:331:
> OpenSSL 1.1.1  11 Sep 2018 : 140632691274944:error:1408F10B:SSL 
> routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:331:
> 
> 
> Is this a server side issue / firewall / load balancer / issue ???

Looks like the server is not responding with something that looks like
SSL/TLS. A wireshark trace might  tell you more.

Matt

Openssl s_client error ?

2020-04-27 Thread FooCrypt 
Hi

Im just testing openssl s_client against a server IP and it appears to be 
failing with the following. :

openssl s_client -showcerts -servername ${Site} -connect ${Site}:443 -debug

yy

2020-04-27 Thread test test 
­_Gesendet mit Firemail.de - Freemail

a
Description: Binary data

CONF_MODULE undefined?

2020-04-27 Thread Blumenthal, Uri - 0553 - MITLL 
I hit this problem recompiling libp11 with the current OpenSSL-3.0 master. It's 
on MacOS Catalina 10.15.4 with the latest Xcode-11.4.1, but I think that's 
irrelevant. I checked through all the .h files in the OpenSSL sources, and 
found no definition o CONF_MODULE. OpenSSL-3.0 is installed into 
/Users/ur20980/openssl-3 (as is obvious from the following).

Here are the errors:

/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk
 -g -I/Users/ur20980/openssl-3/include -Os -Ofast -std=gnu17 -march=native 
-msha -mavx512f -isysroot 
/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk
 -MT evp-sign.o -MD -MP -MF $depbase.Tpo -c -o evp-sign.o evp-sign.c &&\
mv -f $depbase.Tpo $depbase.Po
In file included from evp-sign.c:40:
/Users/ur20980/openssl-3/include/openssl/conf.h:37:28: error: unknown type name 
'CONF_MODULE'
DEFINE_OR_DECLARE_STACK_OF(CONF_MODULE)
   ^
/Users/ur20980/openssl-3/include/openssl/conf.h:37:28: error: unknown type name 
'CONF_MODULE'
/Users/ur20980/openssl-3/include/openssl/conf.h:37:28: error: unknown type name 
'CONF_MODULE'
/Users/ur20980/openssl-3/include/openssl/conf.h:37:28: error: unknown type name 
'CONF_MODULE'
/Users/ur20980/openssl-3/include/openssl/conf.h:37:28: error: unknown type name 
'CONF_MODULE'
/Users/ur20980/openssl-3/include/openssl/conf.h:37:28: error: unknown type name 
'CONF_MODULE'
/Users/ur20980/openssl-3/include/openssl/conf.h:37:1: error: expected expression
DEFINE_OR_DECLARE_STACK_OF(CONF_MODULE)
^
/Users/ur20980/openssl-3/include/openssl/safestack.h:175:40: note: expanded 
from macro 'DEFINE_OR_DECLARE_STACK_OF'
# define DEFINE_OR_DECLARE_STACK_OF(s) DEFINE_STACK_OF(s)
   ^
/Users/ur20980/openssl-3/include/openssl/safestack.h:135:29: note: expanded 
from macro 'DEFINE_STACK_OF'
# define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t)
^
/Users/ur20980/openssl-3/include/openssl/safestack.h:39:21: note: expanded from 
macro 'SKM_DEFINE_STACK_OF'
return (t2 *)OPENSSL_sk_value((const OPENSSL_STACK *)sk, idx); \
^
In file included from evp-sign.c:40:
/Users/ur20980/openssl-3/include/openssl/conf.h:37:28: error: use of undeclared 
identifier 'CONF_MODULE'
DEFINE_OR_DECLARE_STACK_OF(CONF_MODULE)
   ^
/Users/ur20980/openssl-3/include/openssl/conf.h:37:28: error: unknown type name 
'CONF_MODULE'
/Users/ur20980/openssl-3/include/openssl/conf.h:37:1: error: expected expression
DEFINE_OR_DECLARE_STACK_OF(CONF_MODULE)
^
/Users/ur20980/openssl-3/include/openssl/safestack.h:175:40: note: expanded 
from macro 'DEFINE_OR_DECLARE_STACK_OF'
# define DEFINE_OR_DECLARE_STACK_OF(s) DEFINE_STACK_OF(s)
   ^
/Users/ur20980/openssl-3/include/openssl/safestack.h:135:29: note: expanded 
from macro 'DEFINE_STACK_OF'
# define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t)
^
/Users/ur20980/openssl-3/include/openssl/safestack.h:67:21: note: expanded from 
macro 'SKM_DEFINE_STACK_OF'
return (t2 *)OPENSSL_sk_delete((OPENSSL_STACK *)sk, i); \
^
In file included from evp-sign.c:40:
/Users/ur20980/openssl-3/include/openssl/conf.h:37:28: error: use of undeclared 
identifier 'CONF_MODULE'
DEFINE_OR_DECLARE_STACK_OF(CONF_MODULE)
   ^
/Users/ur20980/openssl-3/include/openssl/conf.h:37:28: error: unknown type name 
'CONF_MODULE'
/Users/ur20980/openssl-3/include/openssl/conf.h:37:28: error: unknown type name 
'CONF_MODULE'
/Users/ur20980/openssl-3/include/openssl/conf.h:37:1: error: expected expression
DEFINE_OR_DECLARE_STACK_OF(CONF_MODULE)
^
/Users/ur20980/openssl-3/include/openssl/safestack.h:175:40: note: expanded 
from macro 'DEFINE_OR_DECLARE_STACK_OF'
# define DEFINE_OR_DECLARE_STACK_OF(s) DEFINE_STACK_OF(s)
   ^
/Users/ur20980/openssl-3/include/openssl/safestack.h:135:29: note: expanded 
from macro 'DEFINE_STACK_OF'
# define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t)
^
/Users/ur20980/openssl-3/include/openssl/safestack.h:71:21: note: expanded from 
macro 'SKM_DEFINE_STACK_OF'
return (t2 *)OPENSSL_sk_delete_ptr((OPENSSL_STACK *)sk, \
^
In file included from evp-sign.c:40:
/Users/ur20980/openssl-3/include/openssl/conf.h:37:28: error: use of undeclared 
identifier 'CONF_MODULE'
DEFINE_OR_DECLARE_STACK_OF(CONF_MODULE)
   ^
/Users/ur20980/openssl-3/include/openssl/conf.h:37:28: error: unknown type name 
'CONF_MODULE'
/Users/ur20980/openssl-3/include/openssl/conf.h:37:28: error: unknown type name 
'CONF_MODULE'
/Users/ur20980/openssl-3/include/openssl/conf.h:37:28: error: unknown type name 
'CONF_MODULE'
/Users/ur20980/openssl-3/include/openssl/conf.h:37:1: error: expected expression
DEFINE_OR_DECLARE_STACK_OF(CONF_MODULE)
^

website changelog didn't get updated for 1.1.1 f and g

2020-04-27 Thread Sam Roberts 
https://www.openssl.org/news/changelog.html#openssl-111

^--- missing the last two patch releases.

Cheers,
Sam

EVP Signing and Verifying

2020-04-27 Thread Thomas Dwyer III 
The first signing example at
https://wiki.openssl.org/index.php/EVP_Signing_and_Verifying explicitly
calls both EVP_DigestInit_ex() and EVP_DigestSignInit(). Is the former
really necessary? It appears that the implementation of EVP_DigestSignInit()
in all versions of OpenSSL internally invokes EVP_DigestInit_ex() so I'm
confused by this example. Did I miss something?


Thanks,
Tom.III

OpenSSL v3 alpha 1: include file problem

2020-04-27 Thread Norm Green 

I don't know if this change was intentional or not.
With 3.0 alpha, compiling this simple program on Linux fails but 
succeeds on 1.1:


-
#include 


gcc -c -I \
/home/normg/local/gs360_opensslv3/slow50/openssl/install50/include test.c


In file included from 
/home/normg/local/gs360_opensslv3/slow50/openssl/install50/include/openssl/types.h:20:0,
 from 
/home/normg/local/gs360_opensslv3/slow50/openssl/install50/include/openssl/err.h:26,

 from test.c:1:
/home/normg/local/gs360_opensslv3/slow50/openssl/install50/include/openssl/ssl.h:235:28: 
error: 'SRTP_PROTECTION_PROFILE' does not name a type

 DEFINE_OR_DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE)
    ^
/home/normg/local/gs360_opensslv3/slow50/openssl/install50/include/openssl/safestack.h:30:45: 
note: in definition of macro 'SKM_DEFINE_STACK_OF'
 typedef int (*sk_##t1##_compfunc)(const t3 * const *a, const t3 
*const *b); \

...



To fix it, all we need is to include err.h first, as follows:

-
#include 
#include 


I scanned the wiki and readme and did not see a requirement to include 
err.h before ssl.h.  Is this intentional or a bug?


It's easy enough for me to fix this in my source code, but other 
packages that rely upon openssl break with "ssl.h is unusable" errors 
due of this change (OpenLDAP is one such example).


Norm Green

FFT algorithm for BIGNUM multiplication

2020-04-27 Thread Jaskamal Kainth 
Hi all,

Can someone help me with my query for the additional feature request?
https://github.com/openssl/openssl/issues/11658

Also, I want to know why we haven't implemented and integrated FFT for
bignum multiplication
till now?

Thanks and regards,

Jaskamal Kainth
Software Engineer
Samsung R Bangalore
[image: phone-icon]  +917017684388
[image: email-icon]  kainthjaska...@gmail.com
[image: website-icon]  jaskamalkainth.github.io/
[image: facebook icon]  [image: linkedin
icon]  [image: twitter icon]
 [image: instagram icon]