Re: [openssl-users] RSA PSS Sigalgs for 1.1.0

2017-10-11 Thread Dr. Stephen Henson
On Wed, Oct 11, 2017, Wallboy wrote: > > Browsers in the last year or so have added support for the the new TLS 1.3 > RSA-PSS Signature Algorithms (0x0804, 0x0805,...). > > I see them added in 1.1.1 dev and they even work without TLS 1.3 enabled in > the build. Is there any plan to add support

Re: [openssl-users] Engine configuration

2017-10-02 Thread Dr. Stephen Henson
On Mon, Oct 02, 2017, Dmitry Belyavsky wrote: > Hello, > > I have a question regarding engine configuration. > > We need to implement such behaviour: > - on load the engine is configured with the commands from config file, but > the values can be overwritten via environment That part can be

Re: [openssl-users] Missing EVP_PKEY method to set engine?

2017-10-01 Thread Dr. Stephen Henson
On Fri, Sep 29, 2017, Blumenthal, Uri - 0553 - MITLL wrote: > Apologies in advance for cross-posting ??? but I???m not sure which of the > two mailing lists this belongs to. > > A key (say, private key) is loaded from the pkcs11 engine via privkey = > ENGINE_load_private_key(engine, ); and

Re: [openssl-users] Integrating New Cipher Suite

2017-10-01 Thread Dr. Stephen Henson
On Sun, Oct 01, 2017, Wallboy wrote: > Hi, > > I'm also interested in adding a few "pseudo" ciphersuites to OpenSSL. > Notably the 16 GREASE ones Chrome currently uses (0x0A0A, 0x1A1A...0xFAFA). > > I made similar changes to the files listed in this thread and compiled > successfully (based on

Re: [openssl-users] PKCS7 and RSA_verify

2017-09-27 Thread Dr. Stephen Henson
On Thu, Sep 28, 2017, ch wrote: > Hello! > > I am working on a tool for verifying SMIME-messages. > Because cms and smime is only able to verify base64 pkcs7-signatures > I try to do it "manually" and I now have a problem with the > signing-timestamp. > I'm not sure what you mean by "only able

Re: [openssl-users] Error in X509_check_private_key when using pkcs11 engine (OpenSSL 1.0.2j)

2017-09-15 Thread Dr. Stephen Henson
On Fri, Sep 15, 2017, Anton Gerasimov wrote: > So it turns out load_privkey() function of engine_pkcs11.so sets pub_key > in the returned 'struct ec_key_st' to NULL. Is it a failure inside > engine_pkcs11.so? > Well sort of. OpenSSL requires that public key components are set for private keys

Re: [openssl-users] Lost in STACK_OF again (porting M2Crypto to OpenSSL 1.1.* API)

2017-09-12 Thread Dr. Stephen Henson
On Tue, Sep 12, 2017, Mat??j Cepl wrote: > Hi, > > I am working on porting M2Crypto to OpenSSL 1.1.* API (in branch > https://gitlab.com/mcepl/m2crypto/commits/openssl-1.1.0 ) and I > got lost in STACK_OF structures. > > Simplified function I have troubles with is (the real stuff with > all

Re: [openssl-users] Why is this OCSP response reporting a hash using SHA1?

2017-09-12 Thread Dr. Stephen Henson
On Mon, Sep 11, 2017, Robert Moskowitz wrote: > > I would actually really like to have a SIMPLE OCSP responder. But > so far have not found one. freeIPA has one buried within it, but > that is too disruptive to install unless you buy into freeIPA. > Well the OpenSSL ocsp respoder isn't much

Re: [openssl-users] Why is this OCSP response reporting a hash using SHA1?

2017-09-08 Thread Dr. Stephen Henson
On Fri, Sep 08, 2017, Robert Moskowitz wrote: > I am using the test responder: > >openssl ocsp -port 2560 -text -rmd sha256\ > -index index.txt \ > -CA certs/ca-chain.cert.pem \ > -rkey private/$ocspurl.key.pem \ > -rsigner certs/$ocspurl.cert.pem \ >

Re: [openssl-users] Problems with server mode of openssl ocsp

2017-09-07 Thread Dr. Stephen Henson
On Thu, Sep 07, 2017, Robert Moskowitz wrote: > Good progress. A few questions: > > on > https://jamielinux.com/docs/openssl-certificate-authority/online-certificate-status-protocol.html > > The sample server test command is: > > openssl ocsp -port 127.0.0.1:2560 -text -sha256 \ >

Re: [openssl-users] ASN1_TIME to time_t

2017-09-06 Thread Dr. Stephen Henson
On Wed, Sep 06, 2017, Michael Wojcik wrote: > > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > > Of Dr. Stephen Henson > > Sent: Wednesday, September 06, 2017 10:26 > > > > No but there is a a round about way of achieving the same

Re: [openssl-users] ASN1_TIME to time_t

2017-09-06 Thread Dr. Stephen Henson
On Wed, Sep 06, 2017, Dmitry Belyavsky wrote: > Dear Matt, > > On Wed, Sep 6, 2017 at 11:16 AM, Matt Caswell wrote: > > > > > > > On 06/09/17 09:12, Dmitry Belyavsky wrote: > > > Hello, > > > > > > Is there a way to convert ASN1_TIME to time_t or smth compatible? Quick > > >

Re: [openssl-users] Testing OCSP with openssl

2017-09-05 Thread Dr. Stephen Henson
On Tue, Sep 05, 2017, Robert Moskowitz wrote: > Jamie Nugyen's guide uses openssl to test OCSP with 'openssl ocsp': > > https://jamielinux.com/docs/openssl-certificate-authority/online-certificate-status-protocol.html > > What is unclear here is: > > Does openssl read the index.txt file once

Re: [openssl-users] AES-CMAC digest with EVP

2017-08-31 Thread Dr. Stephen Henson
On Wed, Aug 30, 2017, Daniel Andrade wrote: > Hello, > > I have two buffers, one with a key and one with some data. The > objective is to calculate the AES-CMAC of the data with this key. I > managed to compute the AES-CMAC using type `EVP_aes_128_cbc()` with > the low-level interface: > > 1.

Re: [openssl-users] Not updating index.txt

2017-08-29 Thread Dr. Stephen Henson
On Tue, Aug 29, 2017, Robert Moskowitz wrote: > I started out making certs from csrs with: > > openssl ca -config $dir/openssl-intermediate.cnf -extensions > usr_cert -days 375 -notext -md sha256 \ > -in $dir/csr/$clientemail.csr.$format -out > $dir/certs/$clientemail.cert.$format > > And

Re: [openssl-users] Cant seem to get prompt no to work

2017-08-18 Thread Dr. Stephen Henson
On Thu, Aug 17, 2017, Robert Moskowitz wrote: > In the [ ca ] section I have: > > prompt = no > > If I leave the = out I get an error, so I am assuming I got the > format of this right. > > Then I have > > [ req ] > distinguished_name = req_distinguished_name > > [ req_distinguished_name

Re: [openssl-users] 802.1AR certificate generation and the config file

2017-08-11 Thread Dr. Stephen Henson
On Fri, Aug 11, 2017, Robert Moskowitz wrote: > > I would want the 'openssl req' command to prompt for hwType and > hsSerialNum. At least for now. > Note that you can't get the 'openssl req' command prompt for this but you can generate the extension in an appropriate syntax: see my other

Re: [openssl-users] 802.1AR certificate generation and the config file

2017-08-11 Thread Dr. Stephen Henson
On Fri, Aug 11, 2017, Robert Moskowitz wrote: > Frustrated... > > On 08/11/2017 11:14 AM, Salz, Rich via openssl-users wrote: > >>My challenge comes to subjectAltName and its subfield > >>hardwareModuleName > >>per RFC 4108. I guess I am not 'getting' the subjectAltName section of > >>'man

Re: [openssl-users] Fixed-size digest using EVP with algos ECDSA+SHA256

2017-08-09 Thread Dr. Stephen Henson
On Mon, Aug 07, 2017, Daniel Andrade wrote: > Hi all, > > I'm writing functions to create a digest of a data buffer using > ECDSA+SHA256. I've been trying to work with only the high-level EVP > interface, and not use the low-level interfaces. > > My understanding is that the resulting digest is

Re: [openssl-users] shouldn't fipslink.pl include the fipscanister.lib in the link line?

2017-07-20 Thread Dr. Stephen Henson
On Thu, Jul 20, 2017, Sam Roberts wrote: > > Most of the application is compiled with /MT, but openssl-fips-2.0.16 > is using /MD, could this be an issue? Can I/should I convince > ms\do_fips to build against the multi-threaded runtime? > Unfortunately you can't change that part of the build

Re: [openssl-users] Extract content of DER-encoded package by OID

2017-07-20 Thread Dr. Stephen Henson
On Thu, Jul 20, 2017, Justin Mogannam wrote: > Thanks for the tips thus far. One of the last issues I'm having is actually > declaring a CMS_ContentInfo structure. I just declare : > > CMS_ContentInfo cms; > > Amd gcc tells me "error: storage size of 'cms' isn't known". This goes back > to my

Re: [openssl-users] Extract content of DER-encoded package by OID

2017-07-19 Thread Dr. Stephen Henson
On Wed, Jul 19, 2017, Justin Mogannam wrote: > > 2) Once again, I'm looking in openssl/cms.h, and I could not find the > function prototype " d2i_CMS_ContentInfo". I even did a grep on the whole > directory. Is it located somewhere else? I have OpenSSL 1.0.1, which is > after 0.9.8 when the

Re: [openssl-users] shouldn't fipslink.pl include the fipscanister.lib in the link line?

2017-07-19 Thread Dr. Stephen Henson
On Wed, Jul 19, 2017, Sam Roberts wrote: > > Note that the lib names used in the node gyp build of openssl vary a > bit from the perl/ms makefile build. > > Anyhow, still the same link errors. My eventual goal is to build a > fips node on Windows (Linux works already), but one of its build >

Re: [openssl-users] Extract content of DER-encoded package by OID

2017-07-19 Thread Dr. Stephen Henson
On Tue, Jul 18, 2017, Justin Mogannam wrote: > Hello, > I have a signedData package that contains an encryptedKeyPackage > (specifically OID 2.16.840.1.101.2.1.2.78.2, aka id-ct-KP-encryptedKeyPkg) > that I want to extract from it. I am somewhat able to extract the sequence > that contains this

Re: [openssl-users] shouldn't fipslink.pl include the fipscanister.lib in the link line?

2017-07-13 Thread Dr. Stephen Henson
On Thu, Jul 13, 2017, Sam Roberts wrote: > On Thu, Jul 13, 2017 at 1:41 PM, Dr. Stephen Henson <st...@openssl.org> wrote: > >> > >> Where is nt.mak? Its mentioned in the User Guide but I didn't find it > >> in the github repo, or tarballs for openssl 1.0.2j or

Re: [openssl-users] shouldn't fipslink.pl include the fipscanister.lib in the link line?

2017-07-13 Thread Dr. Stephen Henson
On Thu, Jul 13, 2017, Sam Roberts wrote: > On Thu, Jul 13, 2017 at 12:34 PM, Dr. Stephen Henson <st...@openssl.org> > wrote: > > > If you do want to link against the static libraries then the easiest way to > > do > > that is to examine the contents of nt

Re: [openssl-users] shouldn't fipslink.pl include the fipscanister.lib in the link line?

2017-07-13 Thread Dr. Stephen Henson
On Thu, Jul 13, 2017, Sam Roberts wrote: > I'm having trouble linking on Windows with fipslink.pl, lots of FIPS_ > symbols are unresolved. > > AFAICT, they are defined by the canister, and fipslink.pl is supposed > to know this, and add them to the link libraries by itself, but it > doesn't seem

Re: [openssl-users] Loading multiple private keys a certificates on server program

2017-07-06 Thread Dr. Stephen Henson
On Tue, Jun 27, 2017, Neetish Pathak wrote: > > SSL_CTX_use_certificate_file to load the certificate but the server always > picks just the first certificate mentioned in the file and fails for one of > the cases with no cipher shared message > > What should we do to store multiple certificates

Re: [openssl-users] RSA_PKCS1_OAEP_PADDING

2017-05-15 Thread Dr. Stephen Henson
On Mon, May 15, 2017, RudyAC wrote: > Hello Steve, > > first of all thanks for helpful advice. When printing out all the fields of > the message with the openssl command > I got for every recipient two blocks. One block includes the OAEP padding > and the other block (same recipient) includes

Re: [openssl-users] RSA_PKCS1_OAEP_PADDING

2017-05-11 Thread Dr. Stephen Henson
On Thu, May 11, 2017, RudyAC wrote: > Hello, > > I have the requirement to encrypt e-mails using RSA-OAEP padding. I use the > library openssl-1.0.2k and encrypt with CMS container. The following > function describes my method. My problem is that I'm not sure if this method > really uses the

Re: [openssl-users] C++ How to parse Subject Directory Attributes Extension?

2017-05-09 Thread Dr. Stephen Henson
On Tue, May 09, 2017, Matthias Ballreich wrote: > Here are nor some more details, which may help you to better understand. > > > My Certificate contains the SubjectDirectoryAttributes-Extension with the > following Attributes: > > OID : Value >

Re: [openssl-users] Some S/MIME CMS encrypted messages produce invalid key length when using the debug_decrypt option

2017-05-08 Thread Dr. Stephen Henson
On Mon, May 08, 2017, Harakiri via openssl-users wrote: > Im using the cmd client openssl cms -decrypt with the "debug_decrypt" option > to have the same behaviour as before the bleichenbach security patch to use > decryption without recipient public keys. > For some reason, some messages will

Re: [openssl-users] Problem building Linux shared library with static FIPS capable OpenSSL

2017-05-01 Thread Dr. Stephen Henson
On Mon, May 01, 2017, Nathan Glasser wrote: > Hello, > > We are using openssl-fips 2.0.14 with OpenSSL 1.0.2j. > > We have a shared library on both Linux and Windows which uses static OpenSSL > libraries. We'd like it to use static FIPS-capable OpenSSL libraries. > > On Windows, everything is

Re: [openssl-users] EVP_MD_CTX and EVP_PKEY_CTX? How to init? How to free?

2017-04-30 Thread Dr. Stephen Henson
On Sun, Apr 30, 2017, Blumenthal, Uri - 0553 - MITLL wrote: > > Semi-related question. Is RSA_NO_PADDING allowed for EVP signature? When I > tried that (without using DigestSign of course), signing succeeded but > verification always failed. Was that expected? Are there some special >

Re: [openssl-users] Integrating New Cipher Suite

2017-04-18 Thread Dr. Stephen Henson
On Fri, Apr 14, 2017, Schmicker, Robert wrote: > > > After some debugging (exactly as mentioned above) it appears that the cipher > suite does not show up in the ClientHello using the s_client/s_server. I > modified the cipher for testing to use 512 bits instead of 64 so that it is > ranked

Re: [openssl-users] RSA PKCS1 v2.1 - Multi-primes and RSASSA-PSS

2017-04-14 Thread Dr. Stephen Henson
On Tue, Apr 11, 2017, Davy Souza wrote: > > In what context do you want to use it? For example CMS, certificates, TLS, > general application code or via the command line? > > > It's a C++ embedded application for a POS. One requirement is to use PKCS#1 > v2.1 for RSA functions. > Then

Re: [openssl-users] Integrating New Cipher Suite

2017-04-11 Thread Dr. Stephen Henson
On Tue, Apr 11, 2017, Schmicker, Robert wrote: > Added a define in include/openssl/ssl.h: ># define SSL_TXT_MYCIPHER "MYCIPHER" > > Integrated into ssl/s3_lib.c: >static SSL_CIPHER ssl3_ciphers[] = { > >{ > 1, > TLS1_TXT_ECDHE_ECDSA_WITH_MYCIPHER_SHA384, >

Re: [openssl-users] Integrating New Cipher Suite

2017-04-10 Thread Dr. Stephen Henson
On Sat, Apr 08, 2017, Schmicker, Robert wrote: > Hello, > > I'm attempting to integrate a customized cipher suite for TLS 1.2, > however no matter what I try I always seem to end up with this error > (client side): > > SSL routines:ssl_cipher_list_to_bytes:no ciphers >

Re: [openssl-users] RSA PKCS1 v2.1 - Multi-primes and RSASSA-PSS

2017-04-10 Thread Dr. Stephen Henson
On Wed, Apr 05, 2017, Davy Souza wrote: > Hi, > > > I'm using RSA, but I need to know if OpenSSL RSA implements PKCS#1 v2.1. I > have the following questions: > >1) Does OpenSSL support multi-prime? > No. >2) Does OpenSSL support RSASSA-PSS? > Yes. >3) If so, how can I use

Re: [openssl-users] how to implement functions for STACK OF custom type?

2017-03-24 Thread Dr. Stephen Henson
On Tue, Mar 21, 2017, lists wrote: > Sorry, I first posted this on the -dev list, likely inappropriate... now with > an update: > > I am exploring my options with OpenSSL and specifically I am trying to manage > the stacks for some custom objects. > Currently, I have this code (sort of) in the

Re: [openssl-users] Cannot read exported PKCS12 cert and private key

2017-03-14 Thread Dr. Stephen Henson
On Mon, Mar 13, 2017, Michael Wojcik wrote: > I'll assume you mean you exported it "from a mainframe system" using RACF. > RACF has half a dozen export formats for certificates and keys; they're not > all supported by OpenSSL. > > In particular (and despite the PEM delimiters), I suspect what

Re: [openssl-users] X25519: how to generate public key?

2017-03-14 Thread Dr. Stephen Henson
On Tue, Mar 14, 2017, Olivier Meunier wrote: > Hi, > > using openSSL 1.1.0e, I generate my private key using: > openssl genpkey -algorithm x25519 -out x25519.key.pem > > But I cannot find how to generate the public key. I tried: > openssl ec -in x25519.key.pem -pubout -out x25519.key.pub.pem >

Re: [openssl-users] Extracting Handshake Information

2017-03-13 Thread Dr. Stephen Henson
On Tue, Mar 14, 2017, Vijayakumar Kaliaperumal wrote: > Hello, > > Is there a way in openssl we can extract the protocol(TLS/DTLS ) handshake > information, like in clienthello, the protocol version, ciphersuites > offered, Random, session id etc. > You can get some useful information with

Re: [openssl-users] Migrating from EVP_Verify*/EVP_Sign* to EVP_Digest*

2017-02-28 Thread Dr. Stephen Henson
On Tue, Feb 28, 2017, Tobias Nie?en wrote: > Hello, > > we are currently discussing support for RSASSA-PSS padding in the > node.js built-in crypto module: > https://github.com/nodejs/node/issues/1127 > > So far, the crypto module uses the older EVP_Sign/EVP_Verify APIs, > which do not support

Re: [openssl-users] How to override methods in EVP_PKEY_METHOD structure that is attached to a EVP_PKEY_CTX?

2017-02-27 Thread Dr. Stephen Henson
On Mon, Feb 27, 2017, Stephan M?hlstrasser wrote: > Am 27.02.17 um 15:34 schrieb Dr. Stephen Henson: > > >There shouldn't be any need to add the method to the list: it should be > >possible to associate an EVP_PKEY with a non-default method (e.g. explicitly > >or implemen

Re: [openssl-users] How to override methods in EVP_PKEY_METHOD structure that is attached to a EVP_PKEY_CTX?

2017-02-27 Thread Dr. Stephen Henson
On Mon, Feb 27, 2017, Stephan M?hlstrasser wrote: > Steve, > > Am 25.02.17 um 05:53 schrieb Dr. Stephen Henson: > >On Fri, Feb 17, 2017, Stephan M?hlstrasser wrote: > >... > >>Is it possible to override methods in an EVP_PKEY_METHOD structure, > >>or wou

Re: [openssl-users] RSA_method_set_sign

2017-02-25 Thread Dr. Stephen Henson
On Sat, Feb 25, 2017, Melvyn Sopacua wrote: > Hi Stephen, > > thank you for taking the time to answer. > > On Saturday 25 February 2017 04:18:01 Dr. Stephen Henson wrote: > > On Sat, Jan 14, 2017, Melvyn Sopacua wrote: > > > This is caused by the code in [

Re: [openssl-users] How to override methods in EVP_PKEY_METHOD structure that is attached to a EVP_PKEY_CTX?

2017-02-24 Thread Dr. Stephen Henson
On Fri, Feb 17, 2017, Stephan M?hlstrasser wrote: > Hi, > > we use OpenSSL 1.0.2 together with PKCS#11 tokens by plugging > methods into the RSA_METHOD structure that interface with the > PKCS#11 token, and this works fine so far. However, for creating RSA > signatures with PSS padding this

Re: [openssl-users] RSA_method_set_sign

2017-02-24 Thread Dr. Stephen Henson
On Sat, Jan 14, 2017, Melvyn Sopacua wrote: > Hello all, > > Some background: I'd like to have a workstation that uses OpenSSL 1.1 > instead of a lower version. For that I'm porting various pieces of > software and quickly discovered that I was repeating myself. In addition > this teaches me

Re: [openssl-users] Using RSASSA-PSS in command line smime / cms utility

2017-02-24 Thread Dr. Stephen Henson
On Mon, Feb 13, 2017, Harakiri via openssl-users wrote: > Can i set the padding RSASSA-PSS or alg ECDSA via command line when using > openssl smime or openssl cms command? > I can't find an option for it. You have to use the cms command and -keyopt rsa_padding_mode:pss check out the

Re: [openssl-users] Specify padding scheme with EVP_VerifyFinal

2017-02-24 Thread Dr. Stephen Henson
On Thu, Feb 23, 2017, open...@tuta.io wrote: > Hi Michel, > > it looks like what I am looking for, but the software uses EVP_VerifyInit_ex > which is a typedef for EVP_DigestInit_ex. How are those functions related to > EVP_DigestVerifyInit? Can I use EVP_DigestVerify* functions along with >

Re: [openssl-users] Signing an XML file

2016-12-14 Thread Dr. Stephen Henson
On Wed, Dec 14, 2016, Salz, Rich wrote: > > Is there some equivalent to PHP's openssl_sign_pkcs7 function for C/C++ > > users? > > Look at the apps/pkcs7.c file as a starting point. Get the command line > doing what you want, and then work through the code to pull out only the bits > you

Re: [openssl-users] How to produce a nested CMS / PKCS#7 structure?

2016-11-29 Thread Dr. Stephen Henson
On Mon, Nov 28, 2016, Wim Lewis wrote: > > However, I think the other half of my problem remains: if I'm putting > another CMS object into a SignedData, AuthEnvelopedData, or other kind of > wrapper, the OCTET STRING should contain the encoding of that object's > structure (e.g. a BER-encoded

Re: [openssl-users] How to produce a nested CMS / PKCS#7 structure?

2016-11-25 Thread Dr. Stephen Henson
On Tue, Nov 22, 2016, Wim Lewis wrote: > I'm trying to produce nested structures, like signed-enveloped-signed data. > This is explicitly described in the various RFCs, but I can't figure out how > to get OpenSSL to produce valid output, and I can't find any code examples of > doing this. > >

Re: [openssl-users] SMIME signing with SHA1

2016-11-22 Thread Dr. Stephen Henson
On Tue, Nov 22, 2016, Harald Koch wrote: > Hello, > > I???m facing a critical situation in my application when creating a signed > SMIME message using SHA1 as message digest algorithm. In openSSL 1.0.2 (i.e. > 1.0.2h), the following command worked as expected: > >

Re: [openssl-users] X25519 not listed in ecparam -list_curves

2016-11-14 Thread Dr. Stephen Henson
On Mon, Nov 14, 2016, Blumenthal, Uri - 0553 - MITLL wrote: > As "-list-curves" is not supposed to work here, what would be a good way to > tell if a given installation supports X25519? > Well only OpenSSL 1.1.0 currently supports X25519. One way is to look at the output of: openssl

Re: [openssl-users] C++ : Extracting CRL from a PKCS12

2016-11-14 Thread Dr. Stephen Henson
On Wed, Nov 02, 2016, Richard Stanek wrote: > My original requirements were to extract the user certificate, the > private key, and the CAs. For that I was using the call to > PKCS12_parse(...). This satisfied the original requirements. Very > easy to find, understand, and use. > > The new

Re: [openssl-users] X25519 not listed in ecparam -list_curves

2016-11-14 Thread Dr. Stephen Henson
On Fri, Nov 04, 2016, Viktor J?gersk?pper wrote: > Hi, > > OpenSSL 1.1.0 implemented X25519. "openssl s_client -cipher kEECDH > -curves X25519 -connect google.com:443" works as expected, and I get > "Server Temp Key: X25519, 253 bits". But X25519 is not listed in the > output of "openssl ecparam

Re: [openssl-users] Building an application with OpenSSL and FIPS support.

2016-10-11 Thread Dr. Stephen Henson
On Mon, Oct 10, 2016, Matthew Heimlich wrote: > $openssl version > > returns: > > OpenSSL 1.0.2j-fips > > My FIPS module version is openssl-fips-2.0.13 > > $OPENSSL_FIPS=1 openssl md5 /dev/null > > returns: > > Error setting digest md5 > 140066569107136:error:060A80A3:digital envelope >

Re: [openssl-users] Porting to OpenSSL 1.1

2016-10-11 Thread Dr. Stephen Henson
On Tue, Oct 11, 2016, Bernhard Rosenkraenzer wrote: > > > Also from Qt 5.7: > rsa = RSA_new(); > memcpy(rsa, EVP_PKEY_get1_RSA(pkey), sizeof(RSA)); > [breaks because sizeof(RSA) is no longer known] > for EC, there's EC_KEY_dup -- for RSA and DSA, not so much. > That wouldn't work because the

Re: [openssl-users] Building an application with OpenSSL and FIPS support.

2016-10-10 Thread Dr. Stephen Henson
On Fri, Oct 07, 2016, Matthew Heimlich wrote: > Which returns > > > Attempting to set FIPS mode to 1... > Last error was: 2d06b06f > FIPS_mode_set failed: 2d06b06f > FIPS mode is: 0??? > > So it would appear that my FIPS mode is never even being set, and walking > through the code would seem

Re: [openssl-users] Linking FIPS 2.0.12 and OpenSSL 1.0.2f - "multiple definition of `bn_div_3_words"

2016-10-10 Thread Dr. Stephen Henson
On Fri, Oct 07, 2016, craig_we...@trendmicro.com wrote: > I am trying to build a library of FIPS 2.0.12 and OpenSSL 1.0.2f for MIPS > architecture on vxWorks. I am getting this error during the link step: > > ../libcrypto.a(bn-mips.o)(.text+0x700): In function `bn_div_3_words': > : multiple

Re: [openssl-users] BN_mod_inverse:no inverse when calling OCSP_basic_sign

2016-10-05 Thread Dr. Stephen Henson
On Wed, Oct 05, 2016, Eric To wrote: > > Any hint on troubleshooting this would be great. Here is how I call the > OCSP_basic_sign: > > OCSP_BASICRESP *bresp; > X509 *signer; > EVP_PKEY *key; > ... > OCSP_basic_sign(bresp, > signer, key, > EVP_sha1(), >

Re: [openssl-users] M_ASN1_D2I_* replacement in OpenSSL 1.1.0

2016-09-20 Thread Dr. Stephen Henson
On Tue, Sep 20, 2016, Aleksandr Konstantinov wrote: > Hello, > > Thanks a lot. One more question if possible. Is there any way to express > single element of the ASN1 sequence which can be any > of ASN1_OCTET_STRING or ASN1_UTF8STRING and potentially other types? That depends what you mean. If

Re: [openssl-users] M_ASN1_D2I_* replacement in OpenSSL 1.1.0

2016-09-19 Thread Dr. Stephen Henson
On Mon, Sep 19, 2016, Aleksandr Konstantinov wrote: > > Thanks. Your answer helped a lot and I'm progressing now. Could You please > also give me a hint what M_ASN1_BIT_STRING_dup/ASN1_BIT_STRING_dup could be > replaced with? > ASN1_STRING_dup should work fine: ASN1_BIT_STRING is actually

Re: [openssl-users] SKM_ASN1_SET_OF_i2d

2016-09-13 Thread Dr. Stephen Henson
On Tue, Sep 13, 2016, Thomas Francis, Jr. wrote: > What???s the replacement for code that used SKM_ASN1_SET_OF_i2d in OpenSSL > 1.1? The code I???ve got that calls this function is getting the DER > encoding of a STACK_OF() as a sorted SET. This STACK_OF() is of a custom > ASN1 type; and is

Re: [openssl-users] Verifying RSA-SHA1 signature?

2016-09-12 Thread Dr. Stephen Henson
On Mon, Sep 12, 2016, Nikolay Kudryavtsev wrote: > > Whenever I try to verify data signed with my own key, everything > works. But for that data that I got from a third party nothing > works. That third party is adamant that the signature is correct and > it's RSA_SHA1, but they've been

Re: [openssl-users] openssl asn1parse using both -genstr and -genconf options

2016-09-10 Thread Dr. Stephen Henson
On Sat, Sep 10, 2016, shanthi thomas wrote: > Hi,    I'm trying to use openssl asn1parse subprogram to encode an ASN1 > structure. Some of the data in the ASN1 structure is static and I was > planning to use a CONF file as shown in the examples for this via the > -genconf option. However some of

Re: [openssl-users] M_ASN1_D2I_* replacement in OpenSSL 1.1.0

2016-09-09 Thread Dr. Stephen Henson
On Fri, Sep 09, 2016, Aleksandr Konstantinov wrote: > Hello, > > Thanks for your answer. Here is one of d2i functions simplified: > > MYEXT * d2i_MYEXT(MYEXT ** myext, unsigned char ** pp, long length) { > M_ASN1_D2I_vars(myext, MYEXT *, MYEXT_new); > M_ASN1_D2I_Init(); >

Re: [openssl-users] M_ASN1_D2I_* replacement in OpenSSL 1.1.0

2016-09-08 Thread Dr. Stephen Henson
On Thu, Sep 08, 2016, Aleksandr Konstantinov wrote: > Hello all, > > I'm in process of porting our project to OpenSSL 1.1.0. We have part of > code which heavily uses M_ASN1_D2I_* and M_ASN1_I2D_* for defining d2i_* > and i2d_* methods for new extension. For example code uses M_ASN1_D2I_vars, >

Re: [openssl-users] Using RSA_PKCS1_OAEP_PADDING with high level EVP_Seal functions

2016-09-08 Thread Dr. Stephen Henson
On Wed, Sep 07, 2016, Daniel Knoppel wrote: > Dear all, > > I was wondering about two things: > > 1. Can the EVP_Seal*() functions be told to use RSA_PKCS1_OAEP_PADDING, > or do I need to stick with the lower level RSA_public_encrypt()? > > >From the source code it seems to me that

Re: [openssl-users] Obtaining PKCS7 data length

2016-09-02 Thread Dr. Stephen Henson
On Tue, Aug 30, 2016, David wrote: > Hi, > > I have some PKCS7 data which I can read like this with OpenSSL: > > $ openssl asn1parse -i -inform der -in data.dat > 0:d=0 hl=4 l=16208 cons: SEQUENCE > 4:d=1 hl=2 l=9 prim: OBJECT:pkcs7-signedData > .. more .. > > I can load it

Re: [openssl-users] RSA sign using SHA256 with mgf1 padding

2016-09-02 Thread Dr. Stephen Henson
On Mon, Aug 29, 2016, Moshe Wiener (mowiener) wrote: > Hello, > I'm running an application which runs an authentication session with a > server. The server provides some random data, and my application needs to > sign it with its private key, and send back the signature. The server which >

Re: [openssl-users] EVP_SealInit question

2016-08-15 Thread Dr. Stephen Henson
On Mon, Aug 15, 2016, Norm Green wrote: > Ok, thanks. > > What I don't understand is what key transport has to do with > EV_SealInit() ? Why is key transport important here ? > Because EVP_SealInit() generates a random symmetric key and encrypts it using one or more public keys. For this to

Re: [openssl-users] EVP_SealInit question

2016-08-15 Thread Dr. Stephen Henson
On Mon, Aug 15, 2016, Norm Green wrote: > The man page for EVP_SealInit says: > > "The public key must be RSA because it is the only OpenSSL public > key algorithm that supports key transport." > > 1 ) Is this still true? Yes: the only algorithm we currently support which handles key transport

Re: [openssl-users] additional data (MAC'ed only) over TLS connection?

2016-08-15 Thread Dr. Stephen Henson
On Mon, Aug 15, 2016, Thomas Knauth wrote: > Hi list, > > the EVP_EncryptUpdate function has the option to pass data that is > only MAC'ed but not encrypted. Is there some similar provision in the > BIO interface? I have a use case, where I'd like to "inject" > pre-encrypted/pre-mac'ed data into

Re: [openssl-users] BIO_seek() on bio_f_cipher with EVP_aes_256_ctr

2016-08-11 Thread Dr. Stephen Henson
On Thu, Aug 11, 2016, William King wrote: > > > Does the BIO_seek() not handle incrementing or decrementing the IV > counter? is there a callback that needs to be set to calculate what the > IV counter value should be for a given file position for the cipher? > Calling BIO_seek() on a chain

Re: [openssl-users] Migration from AES_ctr128_encrypt to EVP

2016-08-08 Thread Dr. Stephen Henson
On Mon, Aug 08, 2016, Vladimir A. Petrov wrote: > Hello, > > I need to migrate some code from the old style software implemented > AES_ctr128_encrypt to the EVP interface. I spent pretty much time reading > OpenSSL manual pages and Wiki as well as googling. Unfortunately, I still > can't get an

Re: [openssl-users] FIPS mode: Need to use FIPS versions of (EVP) methods ?

2016-08-02 Thread Dr. Stephen Henson
On Tue, Aug 02, 2016, jonetsu wrote: > FIPS: Need to use FIPS versions of (EVP) methods ? > > In FIPS mode, is there a need to use the FIPS_* methods instead of the > regular ones once FIPS_mode_set(1) was successfully executed ? For > instance, is there a need to use FIPS_evp_sha1() instead of

Re: [openssl-users] overload engine for openssl dgst -sign

2016-08-01 Thread Dr. Stephen Henson
On Mon, Aug 01, 2016, Syed Elec wrote: > Hi everyone, > > I'm currently working on an engine and I have a question about 'overload' > the openssl dgst -sign ... command line using this engine. > > I can overload the openssl dgst only (for digests) using ENGINE_set_digests > but how overload the

Re: [openssl-users] different encrypted text for the same plain text message

2016-07-30 Thread Dr. Stephen Henson
On Sat, Jul 30, 2016, R-D intern wrote: > Thank you, Stephen. > You answered regarding randomness in different sessions if session > resumption is on. But my question revolves around the same messages within > the same Session. How different encrypted texts are formed of the same > plaintext

Re: [openssl-users] different encrypted text for the same plain text message

2016-07-29 Thread Dr. Stephen Henson
On Fri, Jul 29, 2016, R-D intern wrote: > Hello Benjamin, > Thanks for the reply. > I know the purpose and benefit of creating different cipher texts of the > same corresponding plain text.But I would like to know about the places > where this randomness gets introduced to create different

Re: [openssl-users] Load secrets to context.

2016-07-27 Thread Dr. Stephen Henson
On Wed, Jul 27, 2016, john gloster wrote: > Thanks Victor. > > Could you explain the reason in below cases? These are in cases when we use > both the APIs as mentioned above. > > cert_file : Server's certifcate > chain_file: Complete certificate chain; starting with Server's certifcate, >

Re: [openssl-users] PKCS7_sign conflict with PKCS7_decrypt?

2016-07-26 Thread Dr. Stephen Henson
On Tue, Jul 26, 2016, Jim Carroll wrote: > After experimenting, I can confirm this is the same issue we're seeing, > although experiencing it very differently from the MIT/Kerberos team. I can > confirm that right now PKCS7 sign/encrypt/decrypt is broken. I'd love to > help fix it, but I'm not

Re: [openssl-users] PKCS7_sign conflict with PKCS7_decrypt?

2016-07-26 Thread Dr. Stephen Henson
On Tue, Jul 26, 2016, Jim Carroll wrote: > Steve -- thanks, but I don't think I was clear enough. > > I am trying to get back the signed content, but when I call PKCS7_decrpyt() > I get back an empty buffer. Is this my flawed understanding of > PKCS7_sign(). Is there some other way to get

Re: [openssl-users] X509 Version changes?

2016-07-26 Thread Dr. Stephen Henson
On Thu, Jul 21, 2016, Jim Carroll wrote: > I've run into what appears to be a change to defaults between 0.9.8 and > 1.1.0, and I wanted to make sure it's not a bug we've introduced. > > While reviewing unittests, we see that calls to X509_REQ_new() generate an > X509 object with the version

Re: [openssl-users] PKCS7_sign conflict with PKCS7_decrypt?

2016-07-26 Thread Dr. Stephen Henson
On Tue, Jul 26, 2016, Jim Carroll wrote: > Running into trouble -- any attempt to PKCS7_decrypt() S/MIME content that > was created with PKCS7_sign()+PKCS7_encrypt() yields an empty result set. I > have the distinct impression I'm doing something dumb -- but several days of > debugging I'm

Re: [openssl-users] Help finding replacement for ASN1_seq_unpack_X509

2016-07-21 Thread Dr. Stephen Henson
On Thu, Jul 21, 2016, Jim Carroll wrote: > Steve, > > I ran into problems with swig when I tried to deploy you suggestion. Your > solution was slick pre-processor magic's and I was having difficulty > reversing the magic to troubleshoot swig (and I was a little shy about > admitting I didn't

Re: [openssl-users] Help finding replacement for ASN1_seq_unpack_X509

2016-07-21 Thread Dr. Stephen Henson
On Thu, Jul 21, 2016, Jim Carroll wrote: > > I ran into problems with swig when I tried to deploy you suggestion. Your > solution was slick pre-processor magic's and I was having difficulty > reversing the magic to troubleshoot swig (and I was a little shy about > admitting I didn't understand

Re: [openssl-users] Same openssl app behaves differently depending on platform

2016-07-21 Thread Dr. Stephen Henson
On Thu, Jul 21, 2016, Carl Heyendal wrote: > I have an app that uses openssl to connect to a server on a different > machine. In one case on my Ubuntu machine the app has no problem getting a > secure connection. But when I recompile the same app for an embedded target > board and run it I get

Re: [openssl-users] Help finding replacement for ASN1_seq_unpack_X509

2016-07-21 Thread Dr. Stephen Henson
On Thu, Jul 21, 2016, Salz, Rich wrote: > > > STACK_OF(X509)* stack = sk_x509_new_null(); > > sk_x509_push(stack, cert); > > sk_x509_push(stack, ca); > > > > return ASN1_seq_pack_X509(stack, i2d_X509, NULL, len_out); > > Okay, so your just pushing two DER-format

Re: [openssl-users] Help finding replacement for ASN1_seq_unpack_X509

2016-07-21 Thread Dr. Stephen Henson
On Wed, Jul 20, 2016, Jim Carroll wrote: > Thanks muchI have a corollary question if you don't mind. In OpenSSL > 1.1.0, what is the accepted procedure to convert a STACK_OF(X509) to DER? > It depends on what you mean by "to DER" and what the other ends is expecting. The code snipped I

Re: [openssl-users] Help finding replacement for ASN1_seq_unpack_X509

2016-07-19 Thread Dr. Stephen Henson
On Tue, Jul 19, 2016, Jim Carroll wrote: > OpenSSL 1.1.0 has upgraded the safestack.h macro system, but I'm having > difficulty understanding the changes. I'm porting a piece of code from > OpenSSL 0.9.8 that uses ASN1_seq_unpack_X509. In 0.9.8, safestack.h had this > definition. > > #define

Re: [openssl-users] RSA sign message

2016-07-19 Thread Dr. Stephen Henson
On Tue, Jul 19, 2016, Gabriel Iva??cu wrote: > Hi, > > I need to RSA sign a message using SHA256 as hash and PKCS1 v1.5 as padding. > > I am however confused about the *type* parameter of RSA_sign function [0] > > What is the value that I should use for *type* in my particular case? > If you

Re: [openssl-users] Regarding Signature Algorithm: ecdsa-with-SHA512

2016-07-17 Thread Dr. Stephen Henson
On Sun, Jul 17, 2016, Abhilash K.V wrote: > I am trying to generate a CSR using EC and wanted to have signature > algorithm as ???ecdsa-with-SHA512???. > > But in the generated csr I am getting signature algorithms as ???Signature > Algorithm: ecdsa-with-SHA1??? always. > > > if

Re: [openssl-users] EVP_get_digestbyobj fails for ecdsa-with-SHA256

2016-07-08 Thread Dr. Stephen Henson
On Thu, Jul 07, 2016, Chris Bare wrote: > Ok, that makes sense with what I'm seeing. I just tried changing this: > const EVP_MD* md = EVP_get_digestbyobj(sig_alg_oid); > to this: > const EVP_MD* md = EVP_get_digestbyname("SHA256"); > > and it all worked correctly. > so given that I have

Re: [openssl-users] Unable to decrypt CMS object encrypted with EC prime256v1 certificate

2016-07-06 Thread Dr. Stephen Henson
On Wed, Jul 06, 2016, Stephan M?hlstrasser wrote: > > While doing research on this, we found one thing that looks > suspicious in the CMS objects generated by OpenSSL 1.0.2. When > dumping the CMS object with dumpasn1, the key wrap algorithm is > encoded as follows: > > SEQUENCE { > OBJECT

Re: [openssl-users] Unable to decrypt CMS object encrypted with EC prime256v1 certificate

2016-07-06 Thread Dr. Stephen Henson
On Wed, Jul 06, 2016, Stephan M?hlstrasser wrote: > Am 06.07.16 um 05:15 schrieb Dr. Stephen Henson: > >... > >>Is the CMS object broken, or is this a problem in OpenSSL? > >> > > > >Well the OpenSSL version does interop OK with the Bouncy Castle version o

Re: [openssl-users] How to turn on certain elements in CMS objects

2016-07-06 Thread Dr. Stephen Henson
On Wed, Jul 06, 2016, Stephan M?hlstrasser wrote: > So do I understand it correctly that OpenSSL currentls only supports > RFC3278? Does that mean that it can't process CMS enveloped data > objects that are created according to RFC5753? > OpenSSL should be able to decrypt either RFC3278 or

Re: [openssl-users] How to turn on certain elements in CMS objects

2016-07-06 Thread Dr. Stephen Henson
On Wed, Jul 06, 2016, Dr. Stephen Henson wrote: > On Fri, Jul 01, 2016, Stephan M?hlstrasser wrote: > > > > > First the AlgorithmIdentifier includes the EC curve name: > > > > 40 19: SEQUENCE { > > 427: OBJECT IDENTIF

  1   2   3   4   5   6   7   8   9   10   >