Re: [openssl-users] FW: problem with missing STDINT.H file

[Jeffrey Walton]

> The attached text file is a snippet from attempting to install
> openssl-1.1.0c on a Solaris 8 machine. As can be seen, failed when
>  could not be found. There is no such file anywhere on this
> machine. As root, searched from the root directory for the file. Do have
>  in more than one location, /usr/include
> /opt/SUNWSpro/prod/include/CC/std   /opt/SUNWSpro/prod/include/CC/stlport4

CC is the Sun C++ compiler. C99 offered  and its available
for C programs.  provides uint32_t, uintptr_t and friends.
Many C++ compilers offer them, but the  types it was not
required for C++ until recently (C++11?).

Until this email, I thought Microsoft was the only implementation
which did not offer it in most of its compilers. Microsoft users must
include  instead (I think it changed in VS2013 with better
C++11 support).

I know  is available on later Solaris, but I don't know what
you need for early Solaris. Or maybe more correctly, its available in
later versions of Sun Studio/Oracle Studio/Developer Studio (like
versions 12).

The real question is for you, do you have the data types like
uint32_t, uintptr_t, and friends.

Jeff
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] FW: problem with missing STDINT.H file

[Jakob Bohm]

On 30/01/2017 21:44, Carter, James M. (MSFC-ES34) wrote:


The attached text file is a snippet from attempting to install 
openssl-1.1.0c on a Solaris 8 machine. As can be seen, failed when 
 could not be found. There is no such file anywhere on this 
machine. As root, searched from the root directory for the file. Do 
have  in more than one location, /usr/include 
  /opt/SUNWSpro/prod/include/CC/std 
  /opt/SUNWSpro/prod/include/CC/stlport4


I found this file on GITHUB. Can it be downloaded and put in 
/usr/include or /opt/SUNWspro/prod/CC/std.




The correct contents of stdint.h depends on the compiler and
its options.  You can't just use a stdint.h written for a
different compiler/os/etc. combination.

At least with OpenSSL 1.0.2, OpenSSL can be compiled on systems
without stdint.h, maybe some of the logic in the new build
system mistakenly thinks Solaris/SunOS provides stdint.h even
when it doesn't.

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] FW: problem with missing STDINT.H file

[Carter, James M. (MSFC-ES34)]

The attached text file is a snippet from attempting to install openssl-1.1.0c 
on a Solaris 8 machine. As can be seen, failed when  could not be 
found. There is no such file anywhere on this machine. As root, searched from 
the root directory for the file. Do have  in more than one location, 
/usr/include   /opt/SUNWSpro/prod/include/CC/std   
/opt/SUNWSpro/prod/include/CC/stlport4

I found this file on GITHUB. Can it be downloaded and put in /usr/include or 
/opt/SUNWspro/prod/CC/std.

Thank you for your assistance

James

James Carter  PhD
ES34 Bldg 4487 Rm B117
Optics & Imaging Branch
Space Systems Department
Marshall Space Flight Center, AL 35812
P: 256-544-3469
C: 256-425-2068
F: 256-544-5629



script_tail
Description: script_tail
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] 'No client certificate CA names sent'

[Viktor Dukhovni]

> On Jan 30, 2017, at 11:44 AM, russellb...@gmail.com wrote:
> 
>> it is often wise to send an empty list when requesting client certificates.
> 
> How does one send an empty list?

https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_client_CA_list.html

Just pass a NULL stack.

-- 
Viktor.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] 'No client certificate CA names sent'

[Benjamin Kaduk via openssl-users]

On 01/30/2017 10:44 AM, russellb...@gmail.com wrote:
>   Quoth Mr Viktor Dukhovni, 'it is often wise to send an empty
> list when requesting client certificates.'
>   How does one send an empty list?
>

That's generally the default server behavior when no CAs are configured
for that purpose.  But, (1) I thought you were looking at the client
side, and (2) how to configure the server depends on what software is
used on the server, so there's not much more to say right now.

-Ben
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] 'No client certificate CA names sent'

[russellbell]

Quoth Mr Viktor Dukhovni, 'it is often wise to send an empty
list when requesting client certificates.'
How does one send an empty list?

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Leading Zeros in ASN1_INTEGER?

[Erwann Abalea]

Why not?

This serial number could also be displayed as 3203232750, or 000BEED73EE, or 
03203232750.

Cordialement,
Erwann Abalea

Le 30 janv. 2017 à 11:03, Matthias Ballreich 
> a écrit :

thanks for explanation.

But why did Windows Cert Manager and Firefox Cert Manager show 00BEED73EE as 
serial number instead of BEED73EE (which openssl shows)?


Von: openssl-users 
> 
im Auftrag von Viktor Dukhovni 
>
Gesendet: Samstag, 28. Januar 2017 17:00:53
An: openssl-users@openssl.org
Betreff: Re: [openssl-users] Leading Zeros in ASN1_INTEGER?


> On Jan 28, 2017, at 10:01 AM, Matthias Ballreich 
> > wrote:
>
> is it normal that OpenSSL removes the leading Zeros in an ASN1_INTEGER?
> I tried to read the Certificate Serial and the Certificate Serial in the
> AuthorityKeyID-Extension with C++, which works very well, but i noticed
> that OpenSSL removes the leading Zeros on it.
>
> The real ASN1-Value is: 00BEED73EE for example, but i got only BEED73EE.
> If i view the Certificate inside Microsoft Cert Tool (Certmgr.exe) the
> leading Zeros are listed there. Same on Firefox, if i Import and view
> the Certificate there. So is this the correct way of handling inside
> OpenSSL or is it a bug or?

Integers don't have leading zeros.  Octet strings representing integers
(in non-DER form) might have leading zeros, but you should not confuse
the data type with its representation.  OpenSSL outputs the correct DER
form of the serial *number* in certificates.

Leading zeros are needed in the DER representation of positive integers
whose most significant nibble is in the range from 8 to F.  Otherwise
the leading bit would cause the integer to be interpreted as negative.

--
Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Leading Zeros in ASN1_INTEGER?

[Jeffrey Walton]

On Mon, Jan 30, 2017 at 5:03 AM, Matthias Ballreich
 wrote:
> thanks for explanation.
>
> But why did Windows Cert Manager and Firefox Cert Manager show 00BEED73EE as
> serial number instead of BEED73EE (which openssl shows)?

Its just a presentation detail. It appears Microsoft and Mozilla take
the content octets of the ASN.1 integer and they hex encoded it.
OpenSSL appears to convert the it into a binary number/big endian
array and hex encodes it before presenting it to you.

Another tool could have turned it into a binary number and Base64
encoded it before presenting it to you.

The important detail is the underlying data. You can use tools like
OpenSSL's asn1parse or Gutmann's dumpasn1 to see the raw data, if
needed.

Jeff
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Leading Zeros in ASN1_INTEGER?

[Matthias Ballreich]

thanks for explanation.


But why did Windows Cert Manager and Firefox Cert Manager show 00BEED73EE as 
serial number instead of BEED73EE (which openssl shows)?



Von: openssl-users  im Auftrag von Viktor 
Dukhovni 
Gesendet: Samstag, 28. Januar 2017 17:00:53
An: openssl-users@openssl.org
Betreff: Re: [openssl-users] Leading Zeros in ASN1_INTEGER?


> On Jan 28, 2017, at 10:01 AM, Matthias Ballreich 
>  wrote:
>
> is it normal that OpenSSL removes the leading Zeros in an ASN1_INTEGER?
> I tried to read the Certificate Serial and the Certificate Serial in the
> AuthorityKeyID-Extension with C++, which works very well, but i noticed
> that OpenSSL removes the leading Zeros on it.
>
> The real ASN1-Value is: 00BEED73EE for example, but i got only BEED73EE.
> If i view the Certificate inside Microsoft Cert Tool (Certmgr.exe) the
> leading Zeros are listed there. Same on Firefox, if i Import and view
> the Certificate there. So is this the correct way of handling inside
> OpenSSL or is it a bug or?

Integers don't have leading zeros.  Octet strings representing integers
(in non-DER form) might have leading zeros, but you should not confuse
the data type with its representation.  OpenSSL outputs the correct DER
form of the serial *number* in certificates.

Leading zeros are needed in the DER representation of positive integers
whose most significant nibble is in the range from 8 to F.  Otherwise
the leading bit would cause the integer to be interpreted as negative.

--
Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Does CVE-2016-7055 only impact x86_64 platform ?

[Sandeep Umesh]

Hi

Can you please clarify if CVE-2016-7055 only impact x86_64 platform ? What
about other platforms listed in crypto/bn/asm/ folder which has Montgomery
multiplication procedure, is it impacted ?
Thanks


Regards
Sandeep
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users