The intent is that you replace the upper layer, CRYPTO_secure_x
What does your implementation do differently, and which platforms does it work
on?
Is anyone looking at the failing CI builds? It’s been a few days now.
* Sure, I want to publish the algorithm, but not yet... waiting for
establishing a company.
This is a bit off-topic, but trying to make money from a cryptographic
algorithm isn’t really done any more. RSA was locked up by patents, and there
were some elliptic curve patents that have since
>This software however is 7 years old, we’re not in a position to drop
> everything and rewrite it.
Then don't upgrade? If it's for a CA you don't need TLS 1.3 for example.
Or take the existing OpenSSL code that works and jam it into the current
release.
* checking for SPNEGO support in GSSAPI libraries... configure: error: in
configure: error: cannot run test program while cross compiling
See `config.log' for more details
That’s ot
Openssl library version : cyrus-sasl-2.1.27
Command used : configure --host=x86_64-unknown-freebsd9
>: configure --host=x86_64-unknown-freebsd9 --cache=config.cache --disable-ntlm
>--disable-otp --disable-sample --enable-gssapi --with-des=no
>--with-gss-impl=mit
That’s not an OpenSSL configuration, and the error you got is not from OpenSSL.
It would be really good if code being merged to master had --strict-warnings
and the mdebug backtrace stuff turned on. In the past few days there have been
a flurry of checkins that these flags would have caught.
Well, flurry is admittedly too strong. …
Can we take OpenBSD code and put it under the Apache license?
> There are two options. First, the application does the digest and
> sign as two separate things.
My memory is a foggy surrounding that scenario, so I might be wrong,
but I think it was argued that this was invalid use from a FIPS
perspective. Now, we can't actually
>Huh? From the design document, section "Example dynamic views of
algorithm selection", after the second diagram:
An EVP_DigestSign* operation is more complicated because it
involves two algorithms: a signing algorithm, and a digest
algorithm. In general those
>I always understood "FIPS-capable OpenSSL" to refer specifically to an
OpenSSL compiled with the options to incorporate the FIPS canister
module, not just any OpenSSL build that might be used in FIPS compliant
applications (as that would be any OpenSSL at all).
Yes, that is
If you change a single line of code or do not build it EXACTLY as documented,
you cannot claim to use the OpenSSL validation.
* Which means in fips mode ciphers never gets offloaded to engine?
* All other functions (digest, RSA etc) , it first updates to fips
function, and then engine function. Why only ciphers has this different
behaviour?
That seems like a bug. In FIPS mode you can only use the
>(as for "possibly not the FIPS provider", that's exactly right. That
one *will* be a loadable module and nothing else, and will only be
validated as such... meaning that noone can stop you from hacking
around and have it linked in statically, but that would make it
invalid
>Yes - I do expect you to be able to build just the validated source
independently of the rest of the tarball so that you could (for example)
run the
latest main OpenSSL version but with an older module.
Which means that this doesn't have to happen in the first release since
>Integrity of validated source code when other parts of the tarball
get regular changes?
The design doc, just recently published, talks about this a bit. Not all
details are known yet.
>Building the validated source code in a controlled environment
separate from the full
Look at the tricks openssl has to do in order to properly zeroized memory and
avoid having the compiler optimize it away.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> like a way to extract the signature date from a CMS structure. With all the
> opaque structs that have been introduced in the last few releases, it's not
> clear to me how to do that. Any examples or guidance (other than don't do
> that)?
Can you list which fields you need and open an
I would expect that smartphone clients might want to prioritize CHACHA over
AES, but I don't think Node cares about that environment.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Jakob - you’re a star! Thanks so much, your suggestion works. So I added
https://mta.openssl.org/mailman/listinfo/openssl-users
Two of the more common causes of cron failure are
- Environment variable missing or has different value (PATH etc)
- File permissions are different if running under root vs normal
interactive user.
Hope that helps.
--
openssl-users mailing list
To unsubscribe:
> I didn't bother looking up what freeing entails - it's obvious to
> anyone at this point that OpenSSL is a severe victim of feature creep,
> that its memory allocation scheme is a mess, and long story short: I
> will NOT free a perfectly fine object just because of incompetent
* But I only get early data for get method.
* When using post method, the server terminate connection. Is it related
with openssl? If so, how can I do to allow post method?
Early data can be replayed. It is only safe to use early data when the request
is idempotent, like GET. You
Great idea; https://github.com/openssl/web/issues/101
On 12/28/18, 12:39 AM, "Jakob Bohm via openssl-users"
wrote:
Consider at least including the one-line manpage summaries on the index
pages (the ones displayed by the apropos command on POSIX systems).
--
openssl-users mailing
They are there, but the sidenav needs to be updated.
On 12/27/18, 11:31 AM, "Michael Richardson" wrote:
If manual pages for 1.1.1 aren't going to be posted/generated:
could https://www.openssl.org/docs/man1.1.1
redirect to https://www.openssl.org/docs/man1.1.0?
(I
* Please let me know if we have any update on this.
This is a volunteer effort. :)
My *GUESS* is that the CRL data isn’t sorted, and it’s doing a linear search.
You should profile the code to find out where, exactly, all the time is being
spent.
--
openssl-users mailing list
To
* Please find the above previous mail.
I am not sure what this means. I guess you are referring to earlier email in
the thread. I gave you my suggestion, good luck.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>While certificate-less TLS is in theory possible with RFC7250 bare public
> keys
Pre-shared keys (PSK) don't require certs, maybe that meets the need. A thing
to know about PSK is that each side is fully trusted, and if one side gets the
key stolen, then the thief can pretend to be
If all you need is RSA then you will probably find it easier to write a
makefile of your own. You will have to do multiple builds to get all the
missing pieces, such as the BN facility, the memory allocation, the error
stack, etc.
--
openssl-users mailing list
To unsubscribe:
> >. New certificates should only use the subjectAltName extension.
>Are any CAs actually doing that? I thought they all still included
> subject.CN.
Yes, I think commercial CA's still do it. But that doesn't make my statement
wrong :)
--
openssl-users mailing list
To
Putting the DNS name in the CN part of the subjectDN has been deprecated for a
very long time (more than 10 years), although it is still supported by many
existing browsers. New certificates should only use the subjectAltName
extension.
--
openssl-users mailing list
To unsubscribe:
* [root@puoasvorsr07 ~]# openssl version
* OpenSSL 1.1.1 FIPS 11 Sep 2018
Is that a version you built yourself, or from RedHat? I believe it is RedHat’s
version, which did their own FIPS work.
The OpenSSL FIPS module is starting development.
--
openssl-users mailing list
To
Perhaps you can build a trust store to handle your needs. I am not sure.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
The responder isn’t supposed to be self-signed. It’s supposed to be signed by
the CA issuing the certs. That way you know that the CA “trusts” the responder.
Now, having said that, what you want to do is reasonable – think of it as “out
of band” trust. You will probably have to modify the
If the first byte has the high-bit set, then you have to put a
leading-zero-byte so that it is not treated as a negative number.
public-key:
00:a0:0d:41:8a:27:55:07:2a:01:dd:a7:e2:86:bb:
...
prime:
00:a2:f4:9d:1c:3f:75:8f:3e:e3:c9:95:09:79:09:
...
--
This was discussed around when OpenSSL first talked about the project. You
might find it worth reading the various blog entries (and comment/responses)
https://www.openssl.org/blog/blog/categories/license/ One thing to note is that
cryptography can be a patent minefield, and the patent
* I am unable to get the API to access bn->top value or any bn members in
openssl 1.1.1 .
Can you help me with the pointers to those APIs ?
They do not exist. This is the first time someone has asked for them. You
will need to open an issue on GitHub, and explain *why* you need access.
* BIGNUM structure also has been made opaque. How to refer the members of
BIGNUM structure like bn->top ?
You cannot. That is the definition of “opaque structure.” :) Why do you need
to access “top” ?
* And I don't see this API implementation ""lh_OPENSSL_CSTRING_new" in
>For example, I want the string "SSL_R_TOO_MANY_WARN_ALERTS" for an
error with that value, not just the "too many alerts" description.
You're correct, it's not done.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>My question: How can I make LibOpenSSL-1.0.2g to send a ServerHello to the
>Client on demand? The socket should not close, nor perform a renegotiation.
You have to shutdown and restart the TLS layer. You cannot send arbitrary
ServerHello messages, it’s a protocol violation.
--
You can do this by writing your own BIO (probably based on memory) that then
dribbles data out to its own internal socket.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
It was great to see you last week.
You and the entire “Russian crypto cohort” :)
From: Dmitry Belyavsky
Reply-To: openssl-users
Date: Sunday, November 11, 2018 at 6:34 AM
To: openssl-users
Subject: Re: [openssl-users] x509 manual
Hello,
>Yes the macro is there, its just not being expanded by the pre-
compiler.
That makes no sense.
Please look at your compiler manpages and figure out how to turn on verbose
compiler output. Something is strange in your environment.
--
openssl-users mailing list
To unsubscribe:
>DEPRECATEDIN_1_2_0(int EC_GROUP_get_curve_GF2m(const EC_GROUP *group,
That is "proof" that the pre-processor doesn’t have the right -I flags. Try
running with the -v option or something.
--
openssl-users mailing list
To unsubscribe:
>And I still have the problem with those macros.
The problem is almost definitely this: the files that you are compiling (not
openssl) are picking up the wrong header files from openssl.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
You probably do not have the headers installed into the right include path.
You should do "make install" and not cp things by hand, as you'll need the
headers and the libraries, etc.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
* I want to use fips certify crypto libs. Is it possible to use crypto lib
from Openssl-fips 2.0.16 and ssl lib from Openssl1.1.1?
No, it is not possible. The current FIPS code only works with 1.0.2. The
project is working on a new FIPS module. You can find some details at the
blog,
As with essentially all open source software, there is no warranty with OpenSSL.
Having said that, people use the OpenSSL applications for all sorts of things,
including what you are doing.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>This is not correct.
Thanks for the corrections, Matt.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
We disagree, and as I wrote the latest RNG code and docs, I'm biased (sic).
I'll leave on that weak pun.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>What's supposedly bad about the 1.0.x/1.1.0 OpenSSL RNG other
than not being an NSA/NIST design?
Poor locking; been known to crash.
Does not reseed.
Global across the process, rather than isolated for private-key generation or
per-connection.
Mixes in getpid and time to get
Which version of OpenSSL are you using?
1.0.2 and 1.1.0 have a bad random number generator and must be explicitly
seeded. 1.1.1 has a good random number generator and auto-seeds.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
* The debug logs display two "SSL-Session" blocks in a full handshake.
Only one "SSL-Session" block is displayed in a resumption.
Why does full handshake has two sessions?
This is part of the TLS 1.3 standard. A server can send back multiple
sessions, so that a client may resume with a
It's hard enough for the openssl team to document the basic config/build
things, let alone all the operating systems and vendor-supplied stuff.
Perhaps a wiki page, that the community could help maintain?
--
openssl-users mailing list
To unsubscribe:
>The users who delay or block automatic updates tend to greatly overlap
with the users who actively block remote telemetry of their update
habits, thus skewing such statistics of "get almost full coverage within
a month or two".
But not downloads. :)
Shrug.
--
openssl-users
>My point was about the likelihood of last-draft browsers lingering
on in the real world for some time (like 1 to 3 years) after the
TLS1.3-final browser versions ship.
I do not think this is a concern. Chrome and FF auto-update and get almost
full coverage within a month or two,
This is factually incorrect; the TLS values are lower than the FIPS values, for
example. And also, what “everyone in the know” has always stated isn’t really
true any more.
It would be nice to keep politics out of this list.
--
openssl-users mailing list
To unsubscribe:
Much work for little gain and purpose.
You can mix drafts, but mixing the draft and the official version is hard,
there's too many semantic changes (e.g., around fallback vs
no-fallback-protection).
--
openssl-users mailing list
To unsubscribe:
>So Openssh, NTPd, MOd_pagespeed have to adopt OPEnssl 1.1X API
in order to use TLS 1.3 .
Yes.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
OpenSSL does not use *any* certificate store, on any platform, it is up to the
applications to do what they need.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>Gotcha. In that case why does it get built on Mac? I.e., why doesn’t the build
>process exclude it automatically?
Beats me. It ends up being a zero-length object file, more or less. Perhaps
Richard Levitte knows.
--
openssl-users mailing list
To unsubscribe:
* Gotcha. But why doesn't it work on Mac?
The CAPI engine uses Microsoft libraries that are part of windows.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>This begs the question: what does openssl_encrypt actually do with just a
> string
of random bytes passed as the "key". I can't find anything in the OpenSSL or
PHP/openssl source code that clearly identifies any particular action
There is no such name (git grep -I openssl_encrypt)
>The capi engine is still broken, however
That is windows-only, using the MSFT CryptoAPI.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
I find it interesting that openssl 1.1.1-pre7 can not connect to a
server which has openssl 1.1.1-pre9 in place. Nor can Firefox nightly.
This is to be expected. Pre-9 implements the official RFC version of TLS 1.3,
while the earlier beta releases implement drafts. One of the major
>I want to take backup of existing ssl connection. Use this backup connection
>in other slave board. This backup include keys and sequence no, ssl version
>etc.
>Is Openssl support any api to take backup of existing ssl connection?
No. This is not currently possible, and is unlikely to ever
When you create your pull request, use the pull-down to select the right
branch. By default it picks master, which is (as you’ve seen) not always
right. You can go to your PR, “re target it” and re-open it.
From: "kgold...@us.ibm.com"
Reply-To: openssl-users
Date: Wednesday, August 15, 2018
You probably know by now that TLS 1.3 was just released as RFC 8446;
> Do you see it being of enough value to consider bringing the feature
into your roadmap.
No. At least not in my opinion.
Migrating "live" TLS connections does not seem a common situation, and is bound
to be non-portable.
--
openssl-users mailing list
To unsubscribe:
* So why not just have a rule "don't litter"
Have you looked at, say, the memleak testing we do?
Thanks for the two cents.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> I never thought I'd see the day that someone would have to defend not leaking
> memory in pivotal security code like openssl however
To be accurate, it was a couple of people saying that memory leaks *on process
exit* aren’t be a big deal.
--
openssl-users mailing list
To unsubscribe:
>What's the reason for using malloc(3) in the first place? Is this a
> limitation
of the library or just openssl cms ?
It is a limitation of the CMS command. You might look at the -stream option.
If you need more then that, well, a PR is also welcomed.
--
openssl-users mailing
>1. Do we plan to support this in releases that are close (Say Sep, 2018) ?
No.
>2. There are also talks about RSA FIPS 186-4 being available with redhat,
> suse
Distributions. Since the FIPS build process, recommends the integrity checks
To be done at source code, object and
>It would appear that both commands fail due to them being unable to
allocate more memory to slurp the rest of the input file's contents into.
Is this intentional behaviour?
It is a known issue.
--
openssl-users mailing list
To unsubscribe:
No, you need a 1.1.1 tree.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
If RAND_MAX is a power of 2, then just ask RAND_bytes for the right number of
bytes (four for 32768) and use bit-shifting to pack the value.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
* I take back my "Captain Kidd"-remark.
* No offense.
Aargh, matey. None taken.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> The ciphers are available, but the code to use things like AES-GCM never
> actually worked. Or if it claimed to work, it was actually broken.
I take this to mean there has actually code been written already
to that effect.
Sorry I was not clear.
This has not been
The ciphers are available, but the code to use things like AES-GCM never
actually worked. Or if it claimed to work, it was actually broken.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>libcrypto.a and libcrypto.so are files which are built by
linux-compiler?
but somewhere has to be the source code for them ?
The files in the crypto directory are compiled to build the libraries.
I think you will find some intro material on building C software useful. This
is
>where is file "libcrypto" ? In which directory of OpenSSL-1.1.1pre8 ?
It is not distributed. It is a library built as part of the compile process.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
* Up to recent time it was that Command passwd involved mcrypt. Right?
What is mcrypt? Do you mean MD5? (Probably not, but I wanted to ask.)
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
As in sending a non-fatal alert? There's no API to do that. And it probably
wouldn't work anyway, as most runtimes treat any alert as fatal.
Your best bet is to implement the right callback (depends on which version of
openssl you are using) and return an error if the SNI isn't one of your
* Do you still plan to switch to Apache license for the final 1.1.1 release?
That is still our goal, as stated.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>Thanks, it does not happen with mozzilla implementation
(tls13.crypto.mozilla.org), is this openssl specific or part of the
specification?
The specification allows a server to send one or more tickets, at its
discretion.
--
openssl-users mailing list
To unsubscribe:
>connecting s_client to s_server with TLS 1.3 seems to cause two
successive session tickets to be sent by the server (see below).
>Is this expected?
Yes.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>Should I file an issue on GitHub about the missing setters?
That would be great, thanks. Glad you got something to work.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
It looks like in OpenSSL 1.1.0 I can no longer do that. There are only
functions available that return various function pointers from a
X509_STORE_CTX structure (like X509_STORE_CTX_get_cert_crl), but there
are no corresponding counterparts to set the function pointers.
This
>Just curious, is there a possibility to patch CHACHA cipher specific
> changes to OpenSSL 1.0.2 version still and get SSL handshake succeed?
It can be done; CloudFlare posted some patches at
https://github.com/cloudflare/sslconfig/tree/master/patches but I think they
used the pre-IETF
>This is one of several reasons why FIPS 140-2 is a problem. Unfortunately
> the FIPS 140-3 effort seems to be moribund, and I haven't heard anything
> about "ISO FIPS" in some time.
If I understood what was said at the ICMC conference last month, the FIPS 140-3
plan is to just point to
* So is there is any other way we can still make it work without disabling
FIPS mode ?
No. The version of openssh you are using makes API calls that are not allowed
in FIPS mode. I suspect later versions of OpenSSH also do this, and therefore
“FIPS mode openssh” will require some coding
Without commenting on whether or not your understanding is correct (the client
gets the params and can see how big the key is, no?), I will point out that the
way DHE works is defined by the IETF RFC’s, and they have not changed.
--
openssl-users mailing list
To unsubscribe:
>The code above does what I want - except for renegotiations!
Do you absolutely, positively, HAVE TO support renegotiation?
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
is there.
But it is getting called only for server certificate.
Thanks
Sandeep
On Thu, May 31, 2018, 11:39 PM Salz, Rich via openssl-users
mailto:openssl-users@openssl.org>> wrote:
* We generated intermediate02 such that it has "basicConstraints" extension
and "keyUsage&
* We generated intermediate02 such that it has "basicConstraints" extension
and "keyUsage" missing. Now we used this intermediate 02 CA to sign server
certificate.
If those extensions, which are *optional,* are not present, then there is no
limit on how the keys may be used, or how long
>I know this is caused by a lack of available entropy in the system; but what
>can I do to address this? Is it just a matter of waiting until enough entropy
>has been collected? Is there any kind of workaround?
Assuming you don’t have another source of randomness that you can add in, then
>This didn't show up in my RSS client. Is the RSS feed not working, or is
> it just my client?
It probably sat in draft form for too long, and went out with the old date.
Oops.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
We just posted a new blog entry on long-term support, the different phases, and
so on. It’s here:
https://www.openssl.org/blog/blog/2018/05/18/new-lts/
TL;DR is that the upcoming 1.1.1 will be our next LTS release.
--
openssl-users mailing list
To unsubscribe:
>In 1.1.0 and later it is documented:
And in 1.0.2 it was documented in January, 2017.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
In 1.1.0 and later, the flag takes a single parameter in name=value. Yes
that’s strange, but it means that in the common case you don’t need to do any
quoting:
-header Host=ocsp.example.com
In 1.0.2 it takes two parameters
-header Host ocsp.example.com
--
101 - 200 of 453 matches
Mail list logo