[openssl-users] Certificate Revocation List and SSL
How does one specify the CRL to the SSL_CTX when setting up a connection? I would expect there to be something similar to SSL_CTX_use_certificate(), such as: int SSL_CTX_use_crl(SSL_CTX *ctx, X509_CRL *crl) but can nothing like that. Norm Green -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Windows shared libraries version information needs some fixes
After your forth commit, seems all is working fine. Exe and dlls with, and correct, version information now. Thanks. On 21/03/2018 02:08, Salz, Rich via openssl-users wrote: Please look athttps://github.com/openssl/openssl/pull/5704 and see if it fixes the issues. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Hashing public keys
Hi Jan, not sure if this might help you, I solved the problem by using X509_PUBKEY + i2d_X509_PUBKEY. Here's an example: https://github.com/openca/libpki/blob/b87b647170cb5f71e00baffe609f5a02edfa3845/src/openssl/pki_keypair.c#L307 I hope that helps, Cheers, Max On 3/21/18 1:42 PM, Jan Danielsson wrote: > Hello, > >Given an EVP_PKEY (can contain either RSA or EC key), is there a > function to generate a hash of the public key? (I have some vague > memory of having read a few years ago that there wasn't any standardized > way to hashing EC keys (+parameters) yet. If so; has this been remedied?). > >(Storing public keys in a DHT, users need to be able to - given a > public key - generate a hash to check if the hash exists in the DHT). > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Hashing public keys
Hello Jan, the canonical way to create the hash of the public key is to use d2i_PUBKEY() to save the public key in (binary) DER format and then calculate the hash of that using EVP_DigestInit()/EVP_DigestUpdate()/EVP_DigestFinal(). Hope that helps, Matthias Am 21.03.2018 um 14:42 schrieb Jan Danielsson: > Hello, > >Given an EVP_PKEY (can contain either RSA or EC key), is there a > function to generate a hash of the public key? (I have some vague > memory of having read a few years ago that there wasn't any standardized > way to hashing EC keys (+parameters) yet. If so; has this been remedied?). > >(Storing public keys in a DHT, users need to be able to - given a > public key - generate a hash to check if the hash exists in the DHT). > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Hashing public keys
Hello, Given an EVP_PKEY (can contain either RSA or EC key), is there a function to generate a hash of the public key? (I have some vague memory of having read a few years ago that there wasn't any standardized way to hashing EC keys (+parameters) yet. If so; has this been remedied?). (Storing public keys in a DHT, users need to be able to - given a public key - generate a hash to check if the hash exists in the DHT). -- Kind Regards, Jan Danielsson -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] OpenSSL version 1.1.1 pre release 3 published
On 20/03/18 08:03 PM, Viktor Dukhovni wrote: On Mar 20, 2018, at 5:55 PM, Dennis Clarkewrote: signverifysign/s verify/s rsa 4096 bits 0.082541s 0.001186s 12.1843.0 That seems remarkably slow, is that expected with this CPU? My laptop (PowerBook pro) is a 12 to 13 times faster: Doing 4096 bit private rsa's for 10s: 1566 4096 bit private RSA's in 9.99s Doing 4096 bit public rsa's for 10s: 102768 4096 bit public RSA's in 9.99s OpenSSL 1.1.1-pre4-dev xx XXX built on: Tue Mar 20 22:07:47 2018 UTC options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr) compiler: cc -fPIC -arch x86_64 -Qunused-arguments -O3 -Wall -DL_ENDIAN -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -D_REENTRANT -DNDEBUG signverifysign/s verify/s rsa 4096 bits 0.006379s 0.97s156.8 10287.1 You want to see slow ? Let me show you slow : root@phobos:~# uname -r 4.15.9-genunix root@phobos:~# cat /etc/debian_version buster/sid root@phobos:~# /usr/bin/openssl version OpenSSL 1.1.0g 2 Nov 2017 root@phobos:~# /usr/bin/openssl speed rsa4096 Doing 4096 bit private rsa's for 10s: 12 4096 bit private RSA's in 10.74s Doing 4096 bit public rsa's for 10s: 765 4096 bit public RSA's in 10.00s OpenSSL 1.1.0g 2 Nov 2017 built on: reproducible build, date unspecified options:bn(64,32) rc4(4x,int) des(long) aes(partial) blowfish(ptr) compiler: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/lib/ssl\"" -DENGINESDIR="\"/usr/lib/i386-linux-gnu/engines-1.1\"" signverifysign/s verify/s rsa 4096 bits 0.895000s 0.013072s 1.1 76.5 Now that is slow. However I have a sparc unit that reports "inf" or infinite speed so one never really knows what one will get. Dennis -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Windows shared libraries version information needs some fixes
On 21/03/18 09:36, Matt Caswell wrote: > > > On 21/03/18 00:45, RTT wrote: >> Hello, >> >> Building the shared libraries (version 1.1.1 pre 3) for Windows with >> Visual Studio, targets VC-WIN32 or VC-WIN64A, result in DLLs with >> version information with outdated copyright date, i.e. "Copyright >> 1998-2016 The OpenSSL Authors. All rights reserved", and the file >> description as "OpenSSL application" instead of "OpenSSL shared library". >> >> The version information resource file seems to be generated by the >> script "util\mkrc.pl", that indeed has this old copyright date >> hardcoded, and the logic that selects the file description that seems to >> expect a call with a file extension (i.e. mkrc.pl libcrypto.dll, mkrc.pl >> openssl.exe, ...), but the build.info file is not specifying any file >> extension to these calls. >> >> Also, why the openssl.exe doesn't include version information? >> > > Please could you raise this as an issue on github so that it gets > properly tracked? > > https://github.com/openssl/openssl/issues Ignore this. I see Rich has already created a PR to fix this. Matt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Windows shared libraries version information needs some fixes
On 21/03/18 00:45, RTT wrote: > Hello, > > Building the shared libraries (version 1.1.1 pre 3) for Windows with > Visual Studio, targets VC-WIN32 or VC-WIN64A, result in DLLs with > version information with outdated copyright date, i.e. "Copyright > 1998-2016 The OpenSSL Authors. All rights reserved", and the file > description as "OpenSSL application" instead of "OpenSSL shared library". > > The version information resource file seems to be generated by the > script "util\mkrc.pl", that indeed has this old copyright date > hardcoded, and the logic that selects the file description that seems to > expect a call with a file extension (i.e. mkrc.pl libcrypto.dll, mkrc.pl > openssl.exe, ...), but the build.info file is not specifying any file > extension to these calls. > > Also, why the openssl.exe doesn't include version information? > Please could you raise this as an issue on github so that it gets properly tracked? https://github.com/openssl/openssl/issues Thanks Matt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users