How to set "e" in RSA structure ?
Recently i upgraded openssl from 1.0.2 to 1.1.0. As RSA structure is opaque in new opnessl i made some modifications in my code as follows : Old Code RSA* rsa = EVP_PKEY_get1_RSA(PKey); if(NULL != rsa) { if(!BN_set_word(rsa->e, 65537) || !EVP_PKEY_set1_RSA(PKey, rsa)) -- New Code RSA* rsa = EVP_PKEY_get1_RSA(PKey); BIGNUM *e_new = BN_new(); if(NULL != rsa) { if(!BN_set_word(e_new, 65537) || !EVP_PKEY_set1_RSA(PKey, rsa)) But Now "e" variable is not set in 'rsa', So how to set "e" inside rsa? Pls suggest me corresponding API Thanks and Regards, SWAMY J S
Issue with EVP_sha256 and Tspi_Context_CreateObject
Hi, Earlier with openssl 1.0.2n version, I was using EVP_sha256 for creating Certificate Signing Request and "TSS_HASH_OTHER" flag in Tspi_Context_CreateObject. Recently I upgraded openssl to 1.1.0g version and now am getting "Signature Verify Failure" in my CSR. I have attached the screenshot here If I use EVP_sha1 and TSS_HASH_SHA1, then I am able to generate certificate but if it fails in TLS Handshake with my HTTPS Server. Are there any changes in openssl engine structure with respect to Signing and private key encryption in openssl 1.1.0?
c2i_ASN1_INTEGER function in Openssl 1.1.0
Hi, I recently updated openssl from 1.0.2n to 1.1.0g in linux system. Earlier I was using "ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, long len) " function. As this function is removed in openssl 1.1.0, now i replaced this with "ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, long length)". Now when i build my application then i get warning as "Warning:0:-- SSL Error queue report -- Warning:0: - asn1 encoding routines|d2i_ASN1_UINTEGER|expecting an integer:218718323". What is the solution for this problem?
RE: Where to copy custom openssl engine library in openssl 1.1.0
Hi, Thanks for reply. I have a doubt here. Which config file you are referring too? Is there any file called “config” which is already existing somewhere or should I create a dummy file called config? Just now I created a dummy file “config” and added the details you sent in this file. Also added “export OPENSSL_CONF=path_to_config” in /etc/environment file. And ran the command “openssl engine store -t -c”. Still am getting same error as store not found when I run my application. Thanks and Regards, SWAMY J S From: Dmitry Belyavsky Sent: Thursday, April 25, 2019 1:44 PM To: Swamy J-S Cc: openssl-users@openssl.org Subject: Re: Where to copy custom openssl engine library in openssl 1.1.0 CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Hello, You should load your engine via config file. It may look like = openssl_conf = openssl_def [openssl_def] engines = engine_section [engine_section] storeengine = store_section [store_section] engine_id = store dynamic_path = /usr/local/lib/engines/storeengine.so Your application should load the config file, the way it works is different for different versions. On Thu, Apr 25, 2019 at 11:07 AM Swamy J-S mailto:swamy@in.abb.com>> wrote: Am working in Ubuntu 18.04 with openssl 1.1.0g version. I built a custom openssl engine and now i want to use this engine instead of default openssl engine. My engine library name is libstoreengine.so and i copied this to /usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/ path. When i run my application the it says Store Engine not found. There is path issue here, am i copying the library in right path? I copied my library in /lib/x86_64-linux-gnu still am getting same error. Please let me know the right path where i have to copy this engine? Thanks and Regards, SWAMY J S -- SY, Dmitry Belyavsky
Where to copy custom openssl engine library in openssl 1.1.0
Am working in Ubuntu 18.04 with openssl 1.1.0g version. I built a custom openssl engine and now i want to use this engine instead of default openssl engine. My engine library name is libstoreengine.so and i copied this to /usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/ path. When i run my application the it says Store Engine not found. There is path issue here, am i copying the library in right path? I copied my library in /lib/x86_64-linux-gnu still am getting same error. Please let me know the right path where i have to copy this engine? Thanks and Regards, SWAMY J S
Error in M_ASN1_New_of function in openssl 1.1.0g
I upgraded openssl from 1.0.2n to 1.1.0g in Linux recently and am getting some errors in code because many of the openssl functions are deprecated in new version. One such function is malloc function which is M_ASN1_New_Malloc(Poll, CertInfo) which was defined in asn1_mac.h After openssl upgradation, i searched alternate function to "M_ASN1_New_Malloc" and i changed my code as below DECLARE_ASN1_ALLOC_FUNCTIONS(CertInfo) CertInfo *Poll = NULL; Poll = M_ASN1_New_of(CertInfo) When i build my code am getting error as undefined reference to 'CertInfo_it'. I don't why its adding "_it" to CertInfo unnecessarily**. Thanks and Regards, SWAMY J S
CRYPTO_LOCK_X509_STORE in OpenSSL 1.1.0
Hi All, I updated openssl from 1.0.2n to 1.1.0g recently and facing some errors in building my application because many functions and structures are opaque now in 1.1.0g. Errors am getting are as below : error: ‘CRYPTO_LOCK_X509_STORE’ undeclared (first use in this function); did you mean ‘CRYPTO_EX_INDEX_X509_STORE’? CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); ^~ CRYPTO_EX_INDEX_X509_STORE warning: implicit declaration of function ‘CRYPTO_w_lock’; did you mean ‘CRYPTO_zalloc’? [-Wimplicit-function-declaration] CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); ^ CRYPTO_zalloc So what is the alternate option available for "CRYPTO_LOCK_X509_STORE" and "CRYPTO_w_lock" in openssl 1.1.0g ?
ASN1_CTX usage in openssl 1.1.0
I have upgraded openssl from 1.0.2n to 1.1.0g on Ubuntu 18.04 recently. My application uses openssl. Now during build am facing some issues. i used "EVP_MD_CTX ctx" earlier and now i modified it has "EVP_MD_CTX *ctx ctx=EVP_MD_CTX_new()" and this is working fine. And i used "ASN1_CTX ctx" but this is not working if modify like above. And during build its suggesting to use "ASN1_SCTX ctx" but if I use this then I get error in "M_ASN1_New_Malloc" So how to modify "ASN1_CTX ctx" in openssl 1.1.0g. Also am getting error as /usr/include/openssl/asn1_mac.h:10:2: error: #error "This file is obsolete; please update your software." Thanks and Regards, SWAMY J S
How to disable TLS 1.3 in OpenSSL 1.1.1
I have updated my openssl from 1.1.0 to 1.1.1 recently. Openssl 1.1.1 version supports TLS1.3 feature. But I want to use TLS 1.2 only for my application with curl 7.58 in Ubuntu 18.04. So while using openssl 1.1.1 how to disable default TLS 1.3 and how to enable TLS 1.2? Can I set any flags while building openssl 1.1.1 to disable TLS 1.3 or can i get any package from ubuntu to disable TLS 1.3 ? Thanks and Regards, SWAMY J S
RE: cURL with openSSL 1.1.1 version
Ubuntu released any libssl development package already for openssl 1.1.1? I want to download package internally, I don’t want to download openssl and build it externally. Right now “sudo apt install libssl-dev” installs openssl1.1.0g version, like this any command to install openssl 1.1.1?? Thanks and Regards, SWAMY J S From: Nicola Sent: Tuesday, March 19, 2019 2:22 PM To: Swamy J-S Cc: openssl-users@openssl.org Subject: Re: cURL with openSSL 1.1.1 version CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Currently Ubuntu 18.04 ships with OpenSSL 1.1.0 (https://packages.ubuntu.com/bionic/openssl<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpackages.ubuntu.com%2Fbionic%2Fopenssl&data=02%7C01%7Cswamy.j-s%40in.abb.com%7Ca64a60a8f0064a43ce5708d6ac48387f%7C372ee9e09ce04033a64ac07073a91ecd%7C0%7C0%7C636885823518561215&sdata=0nV1nWV7fC5GIwUDLLgidRS7u4LOSA%2Fiijni43%2F8beM%3D&reserved=0>) and official Ubuntu packages depending on OpenSSL link against this version. 1.1.0 will be EOL in September, and after that the decision on which level of support to provide depends on the Ubuntu project and their development strategies. 1.1.1 was designed to minimize breaking changes coming from 1.1.0, so existing applications shouldn't require major changes for the existing functionality, but ultimately it will be Ubuntu decision if they are going to maintain their fork of 1.1.0 after upstream EOL or to upgrade to 1.1.1 If you are compiling your own application disregarding the distribution maintainers decisions, you are free to compile and link against your own version of openssl and to the best of my knowledge recent versions of curl will not create any issue when compiling against 1.1.1 If you have your own code using the OpenSSL API directly and have not updated since 1.0.2, some changes will most likely be required as since 1.1.0 most structs are opaque and you need to use accessors to get and set their members. Best regards, Nicola Tuveri On Tue, Mar 19, 2019, 09:56 Swamy J-S mailto:swamy@in.abb.com>> wrote: Hi, Currently am working with curl 7.58 and openssl 1.0.2 in ubuntu 18.04. As openssl 1.0.2 support will end this year, I want to upgrade my openssl to 1.1.1 branch. Right now my code uses curl library with libcurl4 and gnuTLS as SSL backend. Am using many curl options such as CURLOPT_SSL_VERIFYPEER , CURLOPT_SSL_VERIFYHOST, CURLOPT_SSL_CTX_FUNCTION, CURLOPT_SSL_CTX_DATA etc. If I upgrade openssl to 1.1.1 then all these curl options will be working fine? Or should I upgrade curl and other things also?? If you have any document or release notes regarding this the please let me know. Regards, SWAMY J S
cURL with openSSL 1.1.1 version
Hi, Currently am working with curl 7.58 and openssl 1.0.2 in ubuntu 18.04. As openssl 1.0.2 support will end this year, I want to upgrade my openssl to 1.1.1 branch. Right now my code uses curl library with libcurl4 and gnuTLS as SSL backend. Am using many curl options such as CURLOPT_SSL_VERIFYPEER , CURLOPT_SSL_VERIFYHOST, CURLOPT_SSL_CTX_FUNCTION, CURLOPT_SSL_CTX_DATA etc. If I upgrade openssl to 1.1.1 then all these curl options will be working fine? Or should I upgrade curl and other things also?? If you have any document or release notes regarding this the please let me know. Regards, SWAMY J S
[openssl-users] Problem in Building openssl_1.0.2p in Visual Studio 2015
Am building new release of openssl_1.0.2p using Visual Studio 2015 Command Prompts. I have installed perl and sed. I have written some batch files to build x86 and x64 libraries. When I built same openssl version in VS 2013 and VS 2017 am not facing any issue. But while building in VS 2015 am unable to build. When I build x86 library in "VS2015 x86 Native Tools Command Prompt" then its building fine and resulting in generating include and lib folder. But when I try to build DLL library then am getting fatal error which says rc /fo"tmp32dll\libeay32.res" /d CRYPTO ms\version32.rc 'rc' is not recognized as an internal or external command, operable program or batch file. NMAKE : fatal error V1077: 'rc' : return code '0x1' Stop. 1 dir(s) moved. 1 dir(s) moved." I have attached screenshot too. Thanks and Regards, SWAMY J S -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: Problem getting OpenSSL to build on AIX4.3.3
As far as I can see there aren't any patches. I've also seen this problem reported a couple of times before but no one seems to have got the answer yet. This is the compiler version I have on my box: vac.C 5.0.0.0 C for AIX compiler >From: Lutz Jaenicke <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: [EMAIL PROTECTED] >Subject: Re: Problem getting OpenSSL to build on AIX4.3.3 >Date: Mon, 17 Dec 2001 10:57:14 +0100 > >On Mon, Dec 17, 2001 at 09:38:36AM +, J S wrote: > > Can anyone help me with this one please? I don't seem to be able to get > > OpenSSL0.9.6b to build on AIX4.3.3. Configure runs OK, but the make > > fails. (I have tried the CVS as well but got the same error.). > > > > I tried Configure aix43-cc and Configure aix-cc. I also tried > > -D_REENTRANT and ./config no-threads during the configure but they ALL > > fail when they get to b_print.c : > > > > > > > > maxmem=16384 -c bss_file.c > >cc -I.. -I../.. -I../../include -DOPENSSL_NO_KRB5 -O -DAIX > > -DB_ENDIAN -qmaxmem=16384 -c bss_sock.c > >cc -I.. -I../.. -I../../include -DOPENSSL_NO_KRB5 -O -DAIX > > -DB_ENDIAN -qmaxmem=16384 -c bss_conn.c > >cc -I.. -I../.. -I../../include -DOPENSSL_NO_KRB5 -O -DAIX > > -DB_ENDIAN -qmaxmem=16384 -c bf_null.c > >cc -I.. -I../.. -I../../include -DOPENSSL_NO_KRB5 -O -DAIX > > -DB_ENDIAN -qmaxmem=16384 -c bf_buff.c > >cc -I.. -I../.. -I../../include -DOPENSSL_NO_KRB5 -O -DAIX > > -DB_ENDIAN -qmaxmem=16384 -c b_print.c > > cc: 1501-230 Internal compiler error; please contact your Service > > Representative > >Evaluating the compiler's output it seems that your compiler is buggy >and there is probably not very much that can be done from OpenSSL's >side. I don't know about AIX, but for HP-UX one can retrieve patches >free of charge from HP's electronic support center on the WWW. >You should check out, whether such service also exists from IBM. > >Best regards, > Lutz >-- >Lutz Jaenicke [EMAIL PROTECTED] >BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ >Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 >Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 >__ >OpenSSL Project http://www.openssl.org >User Support Mailing List[EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] _ Chat with friends online, try MSN Messenger: http://messenger.msn.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]