openssl-1.1.1l fails to build in macOS 10.13.6 with Xcode 10.1

[Scott Lasley via openssl-users]

Building openssl-1.1.1l with Xcode 10.1 under macOS 10.13.6 fails with this 
error 


In file included from crypto/rand/rand_unix.c:38:
/usr/include/CommonCrypto/CommonRandom.h:35:9: error: unknown type name 
'CCCryptorStatus'
typedef CCCryptorStatus CCRNGStatus;
   ^
crypto/rand/rand_unix.c:385:47: error: use of undeclared identifier 'kCCSuccess'
   if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess)
 ^
2 errors generated.
make[1]: *** [crypto/rand/rand_unix.o] Error 1




The build succeeds and all tests pass if CommonCryptoError.h is added to the 
__APPLE__ includes in crypto/rand/rand_unix.c

#if defined(__APPLE__)
# include 
# include 
#endif

Is this a safe change to make?

Best regards,
Scott

RE: Can't link a static library with custom OpenSSL rsa engine

[Scott Neugroschl]

You need to put the static library at the END of your link command.  A static 
library is searched when it is encountered in the link stream, and only the 
items needed will be used from it.

Because you have it first, there are no undefined symbols, and no items will be 
used from it.

From: openssl-users  On Behalf Of Shariful 
Alam
Sent: Tuesday, November 17, 2020 12:40 PM
To: openssl-users@openssl.org
Subject: Can't link a static library with custom OpenSSL rsa engine

Hello,
I have a custom rsa engine. It builds and works fine. Later, I have added a 
static library with my custom engine code. My code compiles. However, when I 
try to load the custom engine it shows invalid engine "rsa-engine-new".  The 
full error is given below,
x@x:~/Downloads/x/x/x/rsa_engine$ openssl rsautl -decrypt -inkey private.pem 
-in msg.enc -engine rsa-engine-new
invalid engine "rsa-engine-new"
140112744122112:error:25066067:DSO support routines:dlfcn_load:could not load 
the shared 
library:crypto/dso/dso_dlfcn.c:119:filename(/opt/openssl/lib/engines-1.1/rsa-engine-new.so):
 
/opt/openssl/lib/engines-1.1/rsa-engine-new.so:
 undefined symbol: dune_init
140112744122112:error:25070067:DSO support routines:DSO_load:could not load the 
shared library:crypto/dso/dso_lib.c:162:
140112744122112:error:260B6084:engine routines:dynamic_load:dso not 
found:crypto/engine/eng_dyn.c:414:
140112744122112:error:2606A074:engine routines:ENGINE_by_id:no such 
engine:crypto/engine/eng_list.c:334:id=rsa-engine-new
140112744122112:error:25066067:DSO support routines:dlfcn_load:could not load 
the shared 
library:crypto/dso/dso_dlfcn.c:119:filename(librsa-engine-new.so):
 
librsa-engine-new.so:
 cannot open shared object file: No such file or directory
140112744122112:error:25070067:DSO support routines:DSO_load:could not load the 
shared library:crypto/dso/dso_lib.c:162:
140112744122112:error:260B6084:engine routines:dynamic_load:dso not 
found:crypto/engine/eng_dyn.c:414:

Now the error doesn't say much about the cause of invalid engine. However my 
guess is it is from the  "undefined symbol: dune_init". "dune_init" is from the 
static library. Therefire I believe my linking is not working. I use the 
following Makefile to compile the engine,

  1.  rsa-engine: rsa/rsa.c rsa/bignum.c rsa/aes.c rsa/x509parse.c rsa/pem.c
  2.  gcc -fPIC -o rsa/rsa.o -c rsa/rsa.c
  3.  gcc -fPIC -o rsa/bignum.o -c rsa/bignum.c
  4.  gcc -fPIC -o rsa/aes.o -c rsa/aes.c
  5.  gcc -fPIC -o rsa/x509parse.o -c rsa/x509parse.c
  6.  gcc -fPIC -o rsa/pem.o -c rsa/pem.c
  7.  gcc -fPIC -c rsa-engine.c
  8.  gcc -shared -o 
librsa_engine.so
 libdune/libdune.a -lcrypto rsa-engine.o rsa/rsa.o rsa/bignum.o rsa/aes.o 
rsa/x509parse.o rsa/pem.o
  9.  mv 
librsa_engine.so
 
rsa-engine-new.so
  10. sudo cp 
rsa-engine-new.so
 /opt/openssl/lib/engines-1.1/
  11. clean:
  12. rm -f *.o rsa/*.o *.so rsa-engine
So, can anyone please if my guess is correct or not? If my guess is correct, 
how can I fix my Makefile?

N.B: Static library

  *   libdune/libdune.a is in the same directory with the main rsa-engine.c
  *   libdune/libdune.a is compiled with -fPIC flag

Thanks,
Shariful

Re: BIO_do_accept Issue

[Scott Morgan via openssl-users]

On 08/04/2020 18:06, Viktor Dukhovni wrote:
> On Wed, Apr 08, 2020 at 11:47:19AM +0100, Scott Morgan via openssl-users 
> wrote:
> 
>> Run into an odd issue.
>>
>> Consider the following program, based on the documentation[0], using
>> OpenSSL 1.1.1f
>>
>>  abio = BIO_new_accept("");
>>  res = BIO_do_accept(abio);
> 
> It seems to me that since commit 417be660e1c BIO_do_accept() has
> incomplete error handling, "ret" isn't assigned when bind() or listen()
> fail:
> 
..
> 
> So the function returns the wrong value of ret, in your case the the
> socket descriptor created in an earlier case in the loop.  The fix is
> presumably to set ret to either -1 or 0, whichever is appropriate here.
> 

That makes sense. Just checked github, and there is a ticket listing
that problem, #7717

Scott

BIO_do_accept Issue

[Scott Morgan via openssl-users]

Run into an odd issue.

Consider the following program, based on the documentation[0], using
OpenSSL 1.1.1f

==BEGIN==

#include 
#include 
#include 

int main(int argc, char** argv)
{
BIO *abio;
int res;

abio = BIO_new_accept("");
res = BIO_do_accept(abio);
printf("First BIO_do_accept returned : %d\n", res);
if(res <= 0) {
printf("Should have errored here!\n");
ERR_print_errors_fp(stderr);
return 1;
}
if(res != 1) {
printf("This is an error, just not correctly returned!\n");
ERR_print_errors_fp(stderr);
}

res = BIO_do_accept(abio);
printf("Second BIO_do_accept returned : %d\n", res);
if(res <= 0) {
printf("Now we get an error!\n");
ERR_print_errors_fp(stderr);
return 2;
}

return 0;
}

==END==

It compiles and runs fine, but if there is another app using the port,
the first call to BIO_do_accept returns odd values that don't match the
docs.

C:\openssl_test>main.exe
First BIO_do_accept returned : 356
This is an error, just not correctly returned!
OPENSSL_Uplink(78C93330,08): no OPENSSL_Applink

C:\openssl_test>main.exe
First BIO_do_accept returned : 356
This is an error, just not correctly returned!
OPENSSL_Uplink(79313330,08): no OPENSSL_Applink

C:\openssl_test>main.exe
First BIO_do_accept returned : 384
This is an error, just not correctly returned!
OPENSSL_Uplink(79313330,08): no OPENSSL_Applink

The docs say BIO_do_accept should return 0 or -1 on error. It seems a
simple fix is just to check the return == 1, but why the odd and
inconsistent return values?

Scott

[0] https://www.openssl.org/docs/man1.1.1/man3/BIO_do_accept.html

RE: Compiling for RISC-V

[Scott Neugroschl]

Is the “no-asm” configuration option still supported?

From: openssl-users  On Behalf Of Kristin 
Barber
Sent: Monday, March 9, 2020 12:03 PM
To: Richard Levitte 
Cc: openssl-users@openssl.org
Subject: Re: Compiling for RISC-V

Hi Richard, thanks for the reply. It was helpful.

You are correct, I was able to find a configuration that worked by passing the 
RISC-V compiler via "make variable" assignment, along with some relevant 
options.  Things start compiling, but the build fails on what seems to be 
architecture-specific assembly files which are selected based on which 
"platform" has been configured.  It did not seem to me that there were RISC-V 
assembly-specific files as an option here, and based on your reply, I think 
that is indeed the issue.  Am I understanding this correctly?

Thanks,

Kristin

On Mon, Mar 9, 2020 at 3:03 AM Richard Levitte 
mailto:levi...@openssl.org>> wrote:
On Mon, 09 Mar 2020 05:18:17 +0100,
Kristin Barber wrote:
> I've looked at the INSTALL docs, and it doesn't seem that RISC-V processors 
> are supported
> currently as a platform. Is this correct?

That is correct.  No one has implemented that support yet.

> Is there a branch which enables configuring for a RISC-V machine that hasn't 
> yet made it into a
> stable release?

Not that I know of.  Although, this same question has also been raised
on github (I forget the issue number).

> Any advice on where to look for information or changes to the build process 
> in order to compile
> for RISC-V?

The first thing to attempt is a generic build with no assembler.
There are some really simply config targets that could be a first
step, one of:

./Configure cc

./Configure gcc

A (pretty big) step up from that, at least if Linux is your target,
would be one of these:

./Configure linux-generic32

./Configure linux-generic64

Note that in either case, you may have to add C flags and ld flags,
which you can do in one of two ways:

1)  directly on the configuration command line, like this (Configure
makes an educated guess on what flags go where):

./Configure linux-generic64 -m64 -DWHATEVER=value -Wl,-something

2)  via "make variable" assignment:

./Configure linux-generic64 \
CPPFLAGS='-DWHATEVER=value' \
CFLAGS='-m64' \
LDFLAGS='-Wl,-something'

At some point, you might find a combination that works for you.  We
would definitely like to know what you figure out, and it may be that
the result makes it into our database of config targets (which, if
you're curious, are the files Configurations/*.conf).

Now, configuration is the easy bit when it comes to new CPUs,
relatively speaking.  I assume that part of your question is whether
there is assembler support.  This is the hard part in terms of
effort.  We currently have no such thing at all for RISC-V, and I
haven't seen any attempts to start such an effort...  PRs would
certainly be welcome, but anyone who tries this will have to be
prepared for it to take a while to get into the main source.

Cheers,
Richard

--
Richard Levitte levi...@openssl.org
OpenSSL Project 
http://www.openssl.org/~levitte/

RE: OpenSSL Security Advisory

[Scott Neugroschl]

Thanks.

-Original Message-
From: openssl-users  On Behalf Of Matt 
Caswell
Sent: Wednesday, February 27, 2019 11:18 AM
To: openssl-users@openssl.org
Subject: Re: OpenSSL Security Advisory



On 27/02/2019 18:43, Scott Neugroschl wrote:
> Is this a client-side or server-side vulnerability?  Or does it matter?

It can apply to either side.

Matt


> 
> Thanks,
> 
> ScottN
> 
> ---
> Scott Neugroschl | XYPRO Technology Corporation
> 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 
> 583-2874|Fax 805 583-0124 |
> 
> 
> 
> 
> -Original Message-
> From: openssl-users  On Behalf Of OpenSSL
> Sent: Tuesday, February 26, 2019 6:59 AM
> To: openssl-proj...@openssl.org; OpenSSL User Support ML 
> ; OpenSSL Announce ML 
> 
> Subject: OpenSSL Security Advisory
> 
> OpenSSL Security Advisory [26 February 2019] 
> 
> 
> 0-byte record padding oracle (CVE-2019-1559) 
> 
> 
> Severity: Moderate
> 
> If an application encounters a fatal protocol error and then calls
> SSL_shutdown() twice (once to send a close_notify, and once to receive one) 
> then OpenSSL can respond differently to the calling application if a 0 byte 
> record is received with invalid padding compared to if a 0 byte record is 
> received with an invalid MAC. If the application then behaves differently 
> based on that in a way that is detectable to the remote peer, then this 
> amounts to a padding oracle that could be used to decrypt data.
> 
> In order for this to be exploitable "non-stitched" ciphersuites must be in 
> use.
> Stitched ciphersuites are optimised implementations of certain commonly used 
> ciphersuites. Also the application must call SSL_shutdown() twice even if a 
> protocol error has occurred (applications should not do this but some do 
> anyway).
> 
> This issue does not impact OpenSSL 1.1.1 or 1.1.0.
> 
> OpenSSL 1.0.2 users should upgrade to 1.0.2r.
> 
> This issue was discovered by Juraj Somorovsky, Robert Merget and Nimrod 
> Aviram, with additional investigation by Steven Collison and Andrew Hourselt. 
> It was reported to OpenSSL on 10th December 2018.
> 
> Note
> 
> 
> OpenSSL 1.0.2 and 1.1.0 are currently only receiving security updates. 
> Support for 1.0.2 will end on 31st December 2019. Support for 1.1.0 will end 
> on 11th September 2019. Users of these versions should upgrade to OpenSSL 
> 1.1.1.
> 
> References
> ==
> 
> URL for this Security Advisory:
> https://www.openssl.org/news/secadv/20190226.txt
> 
> Note: the online version of the advisory may be updated with additional 
> details over time.
> 
> For details of OpenSSL severity classifications please see:
> https://www.openssl.org/policies/secpolicy.html
> 

RE: OpenSSL Security Advisory

[Scott Neugroschl]

Is this a client-side or server-side vulnerability?  Or does it matter?

Thanks,

ScottN

---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 
583-2874|Fax 805 583-0124 |




-Original Message-
From: openssl-users  On Behalf Of OpenSSL
Sent: Tuesday, February 26, 2019 6:59 AM
To: openssl-proj...@openssl.org; OpenSSL User Support ML 
; OpenSSL Announce ML 
Subject: OpenSSL Security Advisory

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

OpenSSL Security Advisory [26 February 2019] 


0-byte record padding oracle (CVE-2019-1559) 


Severity: Moderate

If an application encounters a fatal protocol error and then calls
SSL_shutdown() twice (once to send a close_notify, and once to receive one) 
then OpenSSL can respond differently to the calling application if a 0 byte 
record is received with invalid padding compared to if a 0 byte record is 
received with an invalid MAC. If the application then behaves differently based 
on that in a way that is detectable to the remote peer, then this amounts to a 
padding oracle that could be used to decrypt data.

In order for this to be exploitable "non-stitched" ciphersuites must be in use.
Stitched ciphersuites are optimised implementations of certain commonly used 
ciphersuites. Also the application must call SSL_shutdown() twice even if a 
protocol error has occurred (applications should not do this but some do 
anyway).

This issue does not impact OpenSSL 1.1.1 or 1.1.0.

OpenSSL 1.0.2 users should upgrade to 1.0.2r.

This issue was discovered by Juraj Somorovsky, Robert Merget and Nimrod Aviram, 
with additional investigation by Steven Collison and Andrew Hourselt. It was 
reported to OpenSSL on 10th December 2018.

Note


OpenSSL 1.0.2 and 1.1.0 are currently only receiving security updates. Support 
for 1.0.2 will end on 31st December 2019. Support for 1.1.0 will end on 11th 
September 2019. Users of these versions should upgrade to OpenSSL 1.1.1.

References
==

URL for this Security Advisory:
https://www.openssl.org/news/secadv/20190226.txt

Note: the online version of the advisory may be updated with additional details 
over time.

For details of OpenSSL severity classifications please see:
https://www.openssl.org/policies/secpolicy.html
-BEGIN PGP SIGNATURE-

iQEzBAEBCgAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAlx1U+gACgkQ2cTSbQ5g
RJFnlAf/U9yZtCz59BjgD0Kh7Eya5KxlmUWItdBu1r3DwbY4KDgL/Wwh4UxG3Qim
D7Ht5Xsta4iAywrMRI/iPEdEQct8pcpWjq4/65lEbTYjToEnNWhIeWHH/Lw3Jfza
gcVpIfbWoWc7OL7U4uPQuGWcb/PO8fJXF+HcCdZ+kIuut0peMSgN5sK/wBnmSdsM
+sJXCei+jwVy/9WvCBMOooX7D8oerJ6NX12n2cNAYH/K7e2deiPZ7D/HB7T9MSv/
BgOi1UqFzBxcsNhFpY5NMTHG8pl0bmS0OiZ9bThN0YHwxFVJz6ZsVX/L5cYOAbm/
mJAdDE24XMmUAOlVZrROzCZKXADx/A==
=8h8L
-END PGP SIGNATURE-

Re: [openssl-users] How to use a specific ip interface while testing TLS/SSL connectivity.

[Scott Neugroschl]

Hi Rajinder,

Have you tried the “socket_transport_name_set” call in your main program?

ScottN



From: openssl-users  On Behalf Of Rajinder 
Pal Singh
Sent: Friday, February 08, 2019 12:54 PM
To: m...@foocrypt.net
Cc: openssl-users 
Subject: Re: [openssl-users] How to use a specific ip interface while testing 
TLS/SSL connectivity.

Thanks Mark for the prompt reply. Absolutely makes sense. Actually, i am on 
Nonstop HPE servers. There are no internal routing tables or so to say static 
routes. Environment is different from unix/linux.

From Application perspective, we choose what ip interface to use.

Wondering if we can force the openssl to use specific interface?

Regards.


On Fri, Feb 8, 2019, 12:26 PM m...@foocrypt.net 
mailto:m...@foocrypt.net> wrote:
Hi Rajinder

There shouldn’t be any issues depending on how your host OS is performing the 
routing to the network the SSL/TLS endpoint is on.

Try a tracerout to the IP to see where it goes, and a telnet IP 80 or 443 to 
make sure you can connect to the web server.

—

Regards,

Mark A. Lane




On 9 Feb 2019, at 04:20, Rajinder Pal Singh 
mailto:rajin6...@gmail.com>> wrote:

Hi,

I want to use a specific ip interface (out of several available ethernet 
interfaces available on my server) to test TLS/SSL connectivity to a remote 
server.


Wondering if its possible?


Regards,
Rajinder.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Certificate format question?

[Scott Neugroschl]

Steffen Nurpmeso, Tuesday, September 25, 2018 11:57 AM


> The RFC 7468 term "parsers SHOULD ignore whitespace and other non-
>base64 characters" makes me wonder.  

The relevant clause is a few sentences up: "Data before the encapsulation 
boundaries are
permitted, and parsers MUST NOT malfunction when processing such data.


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Certificate format question?

[Scott Neugroschl]

>On Sept 24, 2018, at 3:55 PM, Viktor Dukhovni wrote:
>> On Sep 24, 2018, at 6:25 PM, Scott Neugroschl > wrote:
>> 
>> I tried googling, but couldn’t find an answer to this…
>>  
>> I came across a certificate that had some text garbage before the  BEGIN 
>> CERTIFICATE  line.
>>  
>> I know that the cert is defined as the data between the delimiters.  Do the 
>> specs say anything about data before the BEGIN
>>delimiter?  Would a certificate with such data be valid?  I know OpenSSL 
>>accepts such a cert, but is this an extension, or is it 

>>explicitly permitted by the standards/specifications?

>https://tools.ietf.org/html/rfc7468#section-2

Thanks, Viktor, appreciated.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Certificate format question?

[Scott Neugroschl]

I tried googling, but couldn't find an answer to this...

I came across a certificate that had some text garbage before the  BEGIN 
CERTIFICATE  line.

I know that the cert is defined as the data between the delimiters.  Do the 
specs say anything about data before the BEGIN delimiter?  Would a certificate 
with such data be valid?  I know OpenSSL accepts such a cert, but is this an 
extension, or is it explicitly permitted by the standards/specifications?

Thanks

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] PRNG is not seeded

[Scott Neugroschl]

> Either way, trying to use OpenSSL's PRNGD to seed OpenSSL's PRNGD is an 
> exercise in futility.

Oh, I agree on that.  


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] PRNG is not seeded

[Scott Neugroschl]

>>> I’m using PRNGD to seed my random numbers (I’m on a system without
>>> /dev/random and /dev/urandom).   I occasionally get the dreaded “PRNG is
>>> not seeded” error.
>>
>> I don’t know your OS or environment, have you tried the ‘openssl rand’
>> functionality as a random source to seed your entropy issues ?
>
>Where would openssl rand be getting its entropy from, in this case? You have a 
>circular dependency: openssl needs entropy, so it tries to get it from PRNGD; 
>and you're asking openssl to put entropy into PRNGD.
>
>> perhaps rather than pseudo random, try a hardware device ?
>
>Now, this is a case where you might use openssl rand, in conjunction with 
>engine, to get entropy from another source. That could be a useful hack if you 
>can't easily change PRNGD or the application to read entropy from the device.
>
>For example, I think I successfully used openssl with the pkcs11 engine to get 
>entropy from a NitroKey device a couple of years back, when I was playing 
>around with cheap HSMs.
>
>Whether something like the NitroKey (which is an inexpensive USB-attached HSM 
>in a thumbdrive form factor) would be useful in this case is something Scott 
>would have to determine.
>
>If it is, it'd be cleaner if he could change the application to load the 
>pkcs11 engine and use its RNG directly, or at least get entropy from it to 
>seed OpenSSL's PRNG.
>
>>> I know this is caused by a lack of available entropy in the system; 
>>> but what can I do to address this?  Is it just a matter of waiting 
>>> until enough entropy has been collected?  Is there any kind of workaround?
>
>Depends on what sources PRNGD uses (I haven't looked), what the device is, 
>what the application is... If the device has sensors you can read, you might 
>be able to gather some entropy by reading noise from them (though this is 
>somewhat fraught - you don't want to overestimate the amount of entropy, and 
>both sensors and sensor APIs are often vulnerable to attack).
>
>Sometimes applications ask users to generate some entropy by asking them to  
>bang on the keyboard or wiggle the mouse, or that sort of thing. Again, it 
>really depends on what your device and application are.
>
>This topic is discussed at some length in the technical literature; see for 
>example section 3 of RFC 4086.
>

The platform in question is an HPE NonStop.


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] PRNG is not seeded

[Scott Neugroschl]

Hi,

I'm using PRNGD to seed my random numbers (I'm on a system without /dev/random 
and /dev/urandom).   I occasionally get the dreaded "PRNG is not seeded" error.

I know this is caused by a lack of available entropy in the system; but what 
can I do to address this?  Is it just a matter of waiting until enough entropy 
has been collected?  Is there any kind of workaround?

Thanks

ScottN

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] engine interface for genrsa

[Scott Wisniewski]

FYI:

If you provide an genrsa implementation in your engine that doesn't include
the private parameters, even if it's marked with RSA_FLAG_EXT_PKEY, the
openssl executable will not handle it correctly.

That's because genrsa_main assumes that the object that comes back is an
rsa private key. So it will attempt to save a PEM encoded RSA private key
even though it doesn't have the private key fields and openssl won't be
able to open the saved file.

So, if you want to enable use of the openssl executable with genrsa being
supported by your engine, you will actually need to modify apps/genrsa.c So
that genrsa_main does:

if (RSA_test_flags(rsa, RSA_FLAG_EXT_PKEY) == RSA_FLAG_EXT_PKEY) {

if (! PEM_write_bio_RSA_PUBKEY(out, rsa))

goto end;

}

else {

if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0,

 (pem_password_cb *)password_callback,

 &cb_data))

goto end;

}

instead of:

if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0,

(pem_password_cb *)password_callback,

&cb_data))

   goto end;

And then it will save the key you generated in public key pem format. which
will allow openssl to read it.

One thing to note:

None of the open source engines I checked (neither the PCKS11 engine, the
NCipher engine, nor the CAPI engine) implement the genrsa hook. If you are
looking for wide compatibility you may wish to ask your clients to do key
generation using an external utility (as that's how almost everyone else
does it).

On Fri, Apr 13, 2018 at 5:28 PM, William Roberts 
wrote:

> On Fri, Apr 13, 2018 at 2:55 PM, Richard Levitte 
> wrote:
> > In message  +y...@mail.gmail.com> on Fri, 13 Apr 2018 09:17:28 -0700, William Roberts <
> bill.c.robe...@gmail.com> said:
> >
> > bill.c.roberts> I am currently working on writing an openssl engine
> > bill.c.roberts> to interface with a piece of hardware.
> > bill.c.roberts>
> > bill.c.roberts> I am trying to understand how to implement
> > bill.c.roberts> rsa key generation, where the private key
> > bill.c.roberts> bytes would not be available.
> > bill.c.roberts>
> > bill.c.roberts> I am currently invoking the
> > bill.c.roberts> command:
> > bill.c.roberts>
> > bill.c.roberts> openssl genrsa -engine foo
> > bill.c.roberts>
> > bill.c.roberts> Which is calling my callback for RSA keygen, registered
> via ENGINE_set_RSA()
> > bill.c.roberts> and I set the flags: RSA_FLAG_EXT_PKEY.
> > bill.c.roberts>
> > bill.c.roberts> However, genrsa app seems to want rsa->e set here:
> > bill.c.roberts> https://github.com/openssl/openssl/blob/OpenSSL_1_0_2g/
> apps/genrsa.c#L291
> > bill.c.roberts>
> > bill.c.roberts> I can't find documentation on how to handle the keygen
> interface
> > bill.c.roberts> for RSA.
> > bill.c.roberts>
> > bill.c.roberts> Can someone point me in the right direction?
> >
> > e and n are public components of any RSA key pair (and RSA structure
> > in OpenSSL).  You *must* make them available.  The rest of the numbers
> > are private and do not need to be part of the RSA structure that
> > OpenSSL handles.
>
> Thanks. I went and read the RSA page on Wikipedia, and sure enough it
> has what common meanings of what all the single letter variables
> are in the RSA struct.
> https://en.wikipedia.org/wiki/RSA_(cryptosystem)
>
> >
> > Cheers,
> > Richard
> >
> > --
> > Richard Levitte levi...@openssl.org
> > OpenSSL Project http://www.openssl.org/~levitte/
> > --
> > openssl-users mailing list
> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CVE-201-0737

[Scott Neugroschl]

On 16/04/18 0935PDT, Matt Caswell wrote:
>On 16/04/18 16:59, Scott Neugroschl wrote:
>> Hi,
>> 
>> I'm trying to make sure I have grokked this advisory properly.
>> 
>> The advisory says this is a cache timing side channel attack on key 
>> generation.   So am I correct in assuming that a potential attacker must
>> 
>> 1) Already have access to the system
>> 2) Have sufficient privilege to be able to access cache info
>
>Correct.

Thanks, Matt!


---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 
583-2874|Fax 805 583-0124 |



-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] CVE-201-0737

[Scott Neugroschl]

Hi,

I'm trying to make sure I have grokked this advisory properly.

The advisory says this is a cache timing side channel attack on key generation. 
  So am I correct in assuming that a potential attacker must

1) Already have access to the system
2) Have sufficient privilege to be able to access cache info

Or am I completely mistaken here?

Thanks,

ScottN

---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 
583-2874|Fax 805 583-0124 |



-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Vanilla OpenSSL uses sytems libs

[Scott Neugroschl]

Set LD_LIBRARY_PATH to use your compiled versions.

-Original Message-
From: openssl-users  On Behalf Of 
e...@coderhacks.com
Sent: Tuesday, March 13, 2018 3:46 PM
To: openssl-users@openssl.org
Subject: [openssl-users] Vanilla OpenSSL uses sytems libs

Hi!

I put a vanilla OpenSSL in a local folder and compiled it.

./config no-shared
make

I will not do a "make install" because I will keep my distros installation.
But Iwill use the vanilla for tests. So I need the binary as well as the libs.

After a ldd  I see that the apps/openssl as well as the libssl and libcrypto 
use the systems OpenSSL-libs instead of the one I just compiled.

Is there an option so the makefile will produce binaries out of its own libs 
instead of the sytems?

Thanks!



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Certificate Comparison

[Scott Neugroschl]

How about saving the received cert as a PEM file and comparing the two?

-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Yan, Bob via openssl-users
Sent: Tuesday, September 19, 2017 10:53 AM
To: openssl-users@openssl.org
Subject: [openssl-users] Certificate Comparison

Hi All,

I need to compare a received certificate object with a PEM-formatted 
certificate stored at local file system. Is there any openssl library functions 
or an easy way to compare these two certificates?

Thank you very much!
Bob

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] SMIME -sign subcommand

[Scott Neugroschl]

Run it in a debugger?

From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Carlos Caraccia
Sent: Thursday, September 07, 2017 5:02 AM
To: openssl-users@openssl.org
Subject: [openssl-users] SMIME -sign subcommand

Hello, is there a way to debug or watch line by line which functions are 
executed when I run a this command:

openssl smime -sign -signer certificadoWSASS.cer -inkey MiClave 
-out ticket.xml.cms -in Ticket.xml -outform PEM -nodetach

I know there I can see the smile.c here

/apps

I want to know how to compile if it is possible to compile it and to run it in 
Xcode and watch step by step the functions involved.

Thanks

Carlos
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Dumb question about DES

[Scott Neugroschl]

So if I'm using 1.0.2, and want to deprecate 3DES, I need to do that as part of 
my build?

From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Scott Neugroschl
Sent: Thursday, May 11, 2017 11:13 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Dumb question about DES

OK.  Are the 3DES CBC ciphers still part of DEFAULT?

From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Benjamin Kaduk via openssl-users
Sent: Thursday, May 11, 2017 9:18 AM
To: openssl-users@openssl.org<mailto:openssl-users@openssl.org>
Subject: Re: [openssl-users] Dumb question about DES

Those ciphers are triple-DES, not single-DES.  (The "CBC3" gives it away ... 
well, not exactly.)
The single-DES ciphers were removed in release 1.1.0 (they are included in the 
"40 and 56 bit cipher support removed from libssl" item in the release notes), 
though the raw crypto primitives remain in libcrypto.

-Ben
On 05/11/2017 11:07 AM, Scott Neugroschl wrote:
Has DES been deprecated in OpenSSL?  If so, what release?  In particular the 
following ciphers


  0.19 EDH-DSS-DES-CBC3-SHA

  0.22 EDH-RSA-DES-CBC3-SHA

192.13 ECDH-RSA-DES-CBC3-SHA

192.3  ECDH-ECDSA-DES-CBC3-SHA

192.18 ECDHE-RSA-DES-CBC3-SHA

192.8  ECDHE-ECDSA-DES-CBC3-SHA



---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 
583-2874|Fax 805 583-0124 |




-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Dumb question about DES

[Scott Neugroschl]

OK.  Are the 3DES CBC ciphers still part of DEFAULT?

From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Benjamin Kaduk via openssl-users
Sent: Thursday, May 11, 2017 9:18 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Dumb question about DES

Those ciphers are triple-DES, not single-DES.  (The "CBC3" gives it away ... 
well, not exactly.)
The single-DES ciphers were removed in release 1.1.0 (they are included in the 
"40 and 56 bit cipher support removed from libssl" item in the release notes), 
though the raw crypto primitives remain in libcrypto.

-Ben
On 05/11/2017 11:07 AM, Scott Neugroschl wrote:
Has DES been deprecated in OpenSSL?  If so, what release?  In particular the 
following ciphers


  0.19 EDH-DSS-DES-CBC3-SHA

  0.22 EDH-RSA-DES-CBC3-SHA

192.13 ECDH-RSA-DES-CBC3-SHA

192.3  ECDH-ECDSA-DES-CBC3-SHA

192.18 ECDHE-RSA-DES-CBC3-SHA

192.8  ECDHE-ECDSA-DES-CBC3-SHA



---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 
583-2874|Fax 805 583-0124 |





-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Dumb question about DES

[Scott Neugroschl]

Has DES been deprecated in OpenSSL?  If so, what release?  In particular the 
following ciphers


  0.19 EDH-DSS-DES-CBC3-SHA

  0.22 EDH-RSA-DES-CBC3-SHA

192.13 ECDH-RSA-DES-CBC3-SHA

192.3  ECDH-ECDSA-DES-CBC3-SHA

192.18 ECDHE-RSA-DES-CBC3-SHA

192.8  ECDHE-ECDSA-DES-CBC3-SHA



---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 
583-2874|Fax 805 583-0124 |


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Should openssl publish the commit #'s that fixed each CVE?

[Scott Neugroschl]

The CVE itself contains the commit info.  Find it at cve.mitre.org

From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Ethan Rahn
Sent: Thursday, January 26, 2017 10:40 AM
To: openssl-users@openssl.org
Subject: [openssl-users] Should openssl publish the commit #'s that fixed each 
CVE?

Hello,

When looking a the latest security announcement, something that I notice is 
that it's hard to find the actual commits that fixed an issue. If you search 
git.openssl.org you can find some of them if they are 
mentioned in the change message, but it still requires some active effort.

Would it be a good idea for openssl to publish the commit(s) that fixed each 
CVE? It would make it easier to see what changed, which is great for
a.) backporting.
b.) satisfying curiosity of armchair cryptographers.
c.) better assessing an issue.

Cheers,

Ethan
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Enabling FIPS on an custom embedded system.

[Scott Neugroschl]

No.   You can check with the OpenSSH mailing list, but I’m pretty darned sure 
the answer is no.


---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 
583-2874|Fax 805 583-0124 |





From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Eric Tremblay
Sent: Wednesday, October 26, 2016 3:06 PM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Enabling FIPS on an custom embedded system.

Hi Steve,

Thanks for the quick reply.

That is what I had understand from my reading but wasn't sure.

My next question is about OpenSSH.  There is no official support in OpenSSH for 
FIPS at the moment right ?

Thanks

Eric



On Wed, Oct 26, 2016 at 5:04 PM, Steve Marquess 
mailto:marqu...@openssl.com>> wrote:
On 10/26/2016 04:37 PM, Eric Tremblay wrote:
> Hi all,
>
> __ __
>
> I have built the FIPS module into our Platform but I am stuck at the
> point to enable it.
>
> __ __
>
> We need FIPS to be enabled « Platform wide » not just for one
> application.
>
> __ __
>
> I have read the documentation and search on the web for answer but it
> seem that I would have 
>
> to modify a package or write a small application just to enable FIPS.
>
> __ __
>
> Is there another way to enable it on startup of Linux ?  or maybe
> something in OpenSSH ?
>
> __ __
>
> I also read about the OPENSSL_Config in the User Guide but I’m not sure
> if/who and how it is called.
>
> __ __
>
> I am working with OpenSSL 1.0.2j and FIPS 2.0.9.
>
> __ __
>
> Thanks
>
> __ __
>
> Eric
>
>
>


Hmmm ... where to start.

First there is really no such thing as "enabling FIPS" for a platform.
The FIPS module is executable code that runs in the context of a
process, and to be righteous FIPS-wise each process (that uses
cryptography) must invoke the FIPS_mode_set() call that performs the
mandatory POST (Power Up Self Test). Note that is true even when the
FIPS module is embedded in a shared library (the "FIPS enabled"
OpenSSL), as each process using said shared library maps writable data
into its own private address space.

So to make the sweeping claim that a "platform" is FIPS enabled, you
must make sure that *every* process for that platform enables FIPS mode
via a FIPS_mode_set() call (whether directly or indirectly). Note that
for your typical general purpose (e.g. Windows or Linux-like) operating
system that is an essentially unachievable goal, as not all of the many
crypto-using applications are readily converted to use the FIPS enabled
OpenSSL (for instance OpenSSH needs non-trivial hacks). Likewise
kernel-mode crypto can't be addressed with the OpenSSL FIPS module.

For that reason the wise and prudent vendor does not attempt to "enable
FIPS" for an entire platform (for Level 1 validations), but rather only
makes claims about specific individual applications running on that
platform.

In the case where all processes of interest are compatible with the FIPS
capable OpenSSL (specifically, not referencing any other crypto
implementations, or non-approved cryptographic operations), then
OPENSSL_config() can in principle be used to indirectly call
FIPS_mode_set() for each such application. That is only *after* every
such application/process has *first* been modified for compatibility
with the FIPS capable OpenSSL. Very few applications not already
designed to support the OpenSSL FIPS module will be compatible without
some degree of modification.

-Steve M.

--
Steve Marquess
OpenSSL Validation Services, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@openssl.com<mailto:marqu...@openssl.com>
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Disable a cipher suite in openssl.cnf?

[Scott Neugroschl]

Hi,

I'm afraid the man page on the conf file is not particularly clear.   I'm 
looking at mitigating CVE-2016-2183 (SWEET32), and am not sure how to disable 
the DES and 3DES suites in the conf file.
Can someone give me a hand?


---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 
583-2874|Fax 805 583-0124 |



-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Unhandled exception at 0x005904dc (libeay32.dll) (Windows x86)

[Scott Ware]

On Fri, Aug 26, 2016 at 2:10 AM, Thomas J. Hruska
 wrote:
> Then push a request upstream to change the default build settings. Don't
> blame me.  The binaries that are built are built strictly with default
> settings with the only exception being the various funky runtime linker
> options (/MD, /MT, etc).  If you don't like the defaults, then get the
> upstream changed.
>

Hey Thomas!

Actually the people to blame is Microsoft. They changed the behavior
of Visual Studio. VS2008 was fine, but now  in VS2012 and above SSE is
enabled by default.
https://msdn.microsoft.com/en-us/library/7t5yh4fd(v=vs.110).aspx

I will work with the Configure scripts and see if I can find a
solution to detect the version of VS and add the flag for VS2012 and
above and then try to get it accepted.

-Scott Ware
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Unhandled exception at 0x005904dc (libeay32.dll) (Windows x86)

[Scott Ware]

On Mon, Aug 22, 2016 at 8:05 PM, Jakob Bohm  wrote:
> On 22/08/2016 22:33, Scott Ware wrote:
>>
>>
>> On Mon, Aug 22, 2016 at 3:04 PM, Jakob Bohm > <mailto:jb-open...@wisemo.com>>wrote:
>>
>> On 22/08/2016 20:09, Scott Ware wrote:
>>
>> We use libeay32.dll and ssleay32.dll from
>> https://slproweb.com/products/Win32OpenSSL.htmlin
>> <https://slproweb.com/products/Win32OpenSSL.htmlin>our
>> applications and we recently moved from version 1.0.2a to
>> 1.0.2g and now on a few machines running a AMD Geode processor
>> we are getting "Unhandled exception at 0x005904dc
>> (libeay32.dll) in Test.exe: 0xC01D: Illegal Instruction".
>> We ended up building OpennSSL so we could debug into it and
>> found it is failing on "movsd xmm0,mmword" (see below) which
>> the AMD Geode does not seem to support. I have tried "SET
>> OPENSSL_ia32cap=~0x100", "SET OPENSSL_ia32cap=~0x200",
>> and "SET OPENSSL_ia32cap=~0x700"; and nothing seems to
>> change. I may not be using OPENSSL_ia32cap correctly. This
>> happens when calling SSL_CTX_new which then calls RAND_add.
>>
>> Any ideas on the best thing to do? We don't want to have to
>> manage different compiled versions of libeay32.dll and
>> ssleay32.dll if we can help it.
>>
>> Your disassembly looks like the C compiler was invoked with
>> options that caused regular C floating point code (in this
>> case, the passing of 45.0 as an argument to RAND_add()) to
>> be compiled into MMX/SSE instructions instead of backwards
>> compatible 80x87 floating point instructions or (for simple
>> cases like this) regular integer unit data movement
>> instructions (such as two pushes of 32 bit constants that
>> contain the halves of the 64 bit double constant, which
>> would have been more efficient on every x86 CPU).
>>
>> Did the build scripts or other source code contain any
>> differences from the official source code that can be
>> downloaded from openssl.org <http://openssl.org>?
>>
>> How did you invoke the build scripts (command sequence,
>> special build environment, special environment variables
>> etc.)?
>>
>> Which compiler and compiler version/edition did you use?
>>
>> It would be interesting to know if one of the common Windows
>> compilers does this unconditionally, making it unsuitable
>> for use in programs that need to be backwards compatible.
>>
>>
>>
>> I compiled using this process and seem to be getting the same result as
>> the .dll I downloaded from slproweb.com <http://slproweb.com>
>> I downloaded the 1.0.2g source from openssl.com <http://openssl.com>and
>> didn't change anything.
>>
>> From the "Developer Command Promt for VS2013"
>> perl Configure debug-VC-WIN32 no-asm --prefix=C:\OpenSSL-VC-32-dbg
>> ms\do_ms
>> nmake -f ms\ntdll.mak
>> nmake -f ms\ntdll.mak install
>
> According to the following page
>
> https://msdn.microsoft.com/en-us/library/7t5yh4fd%28v=vs.120%29.aspx
>
> Visual Studio 2012 and later requires the following compiler
> option to generate code compatible with older CPUs (this is the
> default in Visual Studio 2010, and VS2010 does not support the
> option):
>
> /arch:IA32
>
>
> This compiler gotcha is specific to the 32 bit x86 architecture,
> the default looks like it is still sane for x86_64.
>
> Note to the FIPS team: Please check if this affects the FIPS
> module building procedure.


Well, I tried to get my normal distribution source to compile with /arch:IA32.
Didn't go well. :(

On Thu, Aug 25, 2016 at 10:12 PM, Thomas J. Hruska
 wrote:
> On 8/23/2016 7:19 AM, Scott Ware wrote:
>>
>> Shining Light Productions,
>>   Would you consider implementing this in your builds? VS2012 and
>> above require the /arch:IA32 flag to produce x86 code compatible with
>> older CPUs.
>>
>> https://mta.openssl.org/pipermail/openssl-users/2016-August/004260.html
>>
>> Thanks,
>> Scott Ware
>
>
> This is an upstream issue.  I only do default builds.  Contact the OpenSSL
> developers if you want that flag added to the default build process.
>
> SSE2 is the default target architecture for Visual Studio when /arch is not
> specified.  If you don't have a CPU with SSE2 instruction support, then it
> is long past due for a hardware upgrade.
>
> --
> Thomas Hruska
> Shining Light Productions
>
> Home of BMP2AVI and Win32 OpenSSL.
> http://www.slproweb.com/
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Unhandled exception at 0x005904dc (libeay32.dll) (Windows x86)

[Scott Ware]

On Mon, Aug 22, 2016 at 8:05 PM, Jakob Bohm  wrote:

> On 22/08/2016 22:33, Scott Ware wrote:
>
>>
>> On Mon, Aug 22, 2016 at 3:04 PM, Jakob Bohm > <mailto:jb-open...@wisemo.com>>wrote:
>>
>> On 22/08/2016 20:09, Scott Ware wrote:
>>
>> We use libeay32.dll and ssleay32.dll from
>> https://slproweb.com/products/Win32OpenSSL.htmlin
>> <https://slproweb.com/products/Win32OpenSSL.htmlin>our
>> applications and we recently moved from version 1.0.2a to
>> 1.0.2g and now on a few machines running a AMD Geode processor
>> we are getting "Unhandled exception at 0x005904dc
>> (libeay32.dll) in Test.exe: 0xC01D: Illegal Instruction".
>> We ended up building OpennSSL so we could debug into it and
>> found it is failing on "movsd xmm0,mmword" (see below) which
>> the AMD Geode does not seem to support. I have tried "SET
>> OPENSSL_ia32cap=~0x100", "SET OPENSSL_ia32cap=~0x200",
>> and "SET OPENSSL_ia32cap=~0x700"; and nothing seems to
>> change. I may not be using OPENSSL_ia32cap correctly. This
>> happens when calling SSL_CTX_new which then calls RAND_add.
>>
>> Any ideas on the best thing to do? We don't want to have to
>> manage different compiled versions of libeay32.dll and
>> ssleay32.dll if we can help it.
>>
>> Your disassembly looks like the C compiler was invoked with
>> options that caused regular C floating point code (in this
>> case, the passing of 45.0 as an argument to RAND_add()) to
>> be compiled into MMX/SSE instructions instead of backwards
>> compatible 80x87 floating point instructions or (for simple
>> cases like this) regular integer unit data movement
>> instructions (such as two pushes of 32 bit constants that
>> contain the halves of the 64 bit double constant, which
>> would have been more efficient on every x86 CPU).
>>
>> Did the build scripts or other source code contain any
>> differences from the official source code that can be
>> downloaded from openssl.org <http://openssl.org>?
>>
>> How did you invoke the build scripts (command sequence,
>> special build environment, special environment variables
>> etc.)?
>>
>> Which compiler and compiler version/edition did you use?
>>
>> It would be interesting to know if one of the common Windows
>> compilers does this unconditionally, making it unsuitable
>> for use in programs that need to be backwards compatible.
>>
>>
>>
>> I compiled using this process and seem to be getting the same result as
>> the .dll I downloaded from slproweb.com <http://slproweb.com>
>> I downloaded the 1.0.2g source from openssl.com <http://openssl.com>and
>> didn't change anything.
>>
>> From the "Developer Command Promt for VS2013"
>> perl Configure debug-VC-WIN32 no-asm --prefix=C:\OpenSSL-VC-32-dbg
>> ms\do_ms
>> nmake -f ms\ntdll.mak
>> nmake -f ms\ntdll.mak install
>>
> According to the following page
>
> https://msdn.microsoft.com/en-us/library/7t5yh4fd%28v=vs.120%29.aspx
>
> Visual Studio 2012 and later requires the following compiler
> option to generate code compatible with older CPUs (this is the
> default in Visual Studio 2010, and VS2010 does not support the
> option):
>
> /arch:IA32
>
>
> This compiler gotcha is specific to the 32 bit x86 architecture,
> the default looks like it is still sane for x86_64.
>
> Note to the FIPS team: Please check if this affects the FIPS
> module building procedure.


Jakob! Thank you so much! That was the issue.I added /arch:IA32 to the
APP_CFLAG and LIB_CFLAG in ms\ntdll.mak and I was able to compile a new
build that works on the problem machine. Is it worth doing a bug report on
so they might add that to the build scripts? Without it it seems like the
whole OPENSSL_ia32cap system is broken.

Before I had found this answer I had also installed nasm so I didn't have
to do the no-asm. So My current build process is:

>From the "Developer Command Promt for VS2013"
perl Configure VC-WIN32  --prefix=C:\OpenSSL-VC-32-DLL
ms\do_ms
ms\do_nasm.bat
(Edit ms\ntdll.mak to add /arch:IA32 to the APP_CFLAG and LIB_CFLAG)
nmake -f ms\ntdll.mak
nmake -f ms\ntdll.mak install

Thank you Jakob and the OpenSSL mailing list for the quick answers!
- Scott Ware
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Unhandled exception at 0x005904dc (libeay32.dll) (Windows x86)

[Scott Ware]

On Mon, Aug 22, 2016 at 3:04 PM, Jakob Bohm  wrote:

> On 22/08/2016 20:09, Scott Ware wrote:
>
>> We use libeay32.dll and ssleay32.dll from https://slproweb.com/products/
>> Win32OpenSSL.htmlin our applications and we recently moved from version
>> 1.0.2a to 1.0.2g and now on a few machines running a AMD Geode processor we
>> are getting "Unhandled exception at 0x005904dc (libeay32.dll) in Test.exe:
>> 0xC01D: Illegal Instruction". We ended up building OpennSSL so we could
>> debug into it and found it is failing on "movsd xmm0,mmword" (see below)
>> which the AMD Geode does not seem to support. I have tried "SET
>> OPENSSL_ia32cap=~0x100", "SET OPENSSL_ia32cap=~0x200", and "SET
>> OPENSSL_ia32cap=~0x700"; and nothing seems to change. I may not be
>> using OPENSSL_ia32cap correctly. This happens when calling SSL_CTX_new
>> which then calls RAND_add.
>>
>> Any ideas on the best thing to do? We don't want to have to manage
>> different compiled versions of libeay32.dll and ssleay32.dll if we can help
>> it.
>>
>> Your disassembly looks like the C compiler was invoked with
> options that caused regular C floating point code (in this
> case, the passing of 45.0 as an argument to RAND_add()) to
> be compiled into MMX/SSE instructions instead of backwards
> compatible 80x87 floating point instructions or (for simple
> cases like this) regular integer unit data movement
> instructions (such as two pushes of 32 bit constants that
> contain the halves of the 64 bit double constant, which
> would have been more efficient on every x86 CPU).
>
> Did the build scripts or other source code contain any
> differences from the official source code that can be
> downloaded from openssl.org?
>
> How did you invoke the build scripts (command sequence,
> special build environment, special environment variables
> etc.)?
>
> Which compiler and compiler version/edition did you use?
>
> It would be interesting to know if one of the common Windows
> compilers does this unconditionally, making it unsuitable
> for use in programs that need to be backwards compatible.
>
>
>
I compiled using this process and seem to be getting the same result as the
.dll I downloaded from slproweb.com
I downloaded the 1.0.2g source from openssl.com and didn't change anything.

>From the "Developer Command Promt for VS2013"
perl Configure debug-VC-WIN32 no-asm --prefix=C:\OpenSSL-VC-32-dbg
ms\do_ms
nmake -f ms\ntdll.mak
nmake -f ms\ntdll.mak install
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Building OpenSSL 1.0.1t without tls1.1 support?

[Scott Neugroschl]

I've done a custom build of OpenSSL where I ran Configure with "no-ssl2" and 
"no-ssl3".  I'd like to disable TLS1 and 1.1 if possible.  Will the no-tls1 
option disable just TLS1 or all TLS1.x protocols?

Thanks,

ScottN



-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Unhandled exception at 0x005904dc (libeay32.dll) (Windows x86)

[Scott Ware]

We use libeay32.dll and ssleay32.dll from
https://slproweb.com/products/Win32OpenSSL.html in our applications and we
recently moved from version 1.0.2a to 1.0.2g and now on a few machines
running a AMD Geode processor we are getting "Unhandled exception at
0x005904dc (libeay32.dll) in Test.exe: 0xC01D: Illegal Instruction". We
ended up building OpennSSL so we could debug into it and found it is
failing on "movsd xmm0,mmword" (see below) which the AMD Geode does not
seem to support. I have tried "SET OPENSSL_ia32cap=~0x100", "SET
OPENSSL_ia32cap=~0x200", and "SET OPENSSL_ia32cap=~0x700"; and
nothing seems to change. I may not be using OPENSSL_ia32cap correctly. This
happens when calling SSL_CTX_new which then calls RAND_add.

Any ideas on the best thing to do? We don't want to have to manage
different compiled versions of libeay32.dll and ssleay32.dll if we can help
it.

Thanks,
Scott Ware



Unhandled exception at 0x005904dc (libeay32.dll) in Test.exe: 0xC01D:
Illegal Instruction.

if (netstatget(NULL, L"LanmanWorkstation", 0, 0, &outbuf) == 0)
{
005904B6  lea edx,[outbuf]
005904BC  pushedx
005904BD  push0
005904BF  push0
005904C1  pushoffset string L"LanmanWorkstation" (629C8Ch)
005904C6  push0
005904C8  calldword ptr [netstatget]
005904CE  testeax,eax
005904D0  jne RAND_poll+16Ah (59050Ah)
RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 45);
005904D2  mov eax,8
005904D7  call_chkstk (611F20h)
=>005904DC  movsd   xmm0,mmword ptr [__real@40468000 (629E90h)]
005904E4  movsd   mmword ptr [esp],xmm0
005904E9  push0D8h
005904EE  mov eax,dword ptr [outbuf]
005904F4  pusheax
005904F5  callRAND_add (58FF10h)
005904FA  add esp,10h
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] CVE-2016-2177

[Scott Neugroschl]

CVE 2016-2177 notes that it applies to all versions up to 1.0.2h.   Does this 
mean that the fix is not applied to the 1.0.1 series (in particular 1.0.1t)?


---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 
583-2874|Fax 805 583-0124 |



-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Error building 1.0.1t with no-srp

[Scott Neugroschl]

I'm building 1.0.1t with the no-srp option.When I do, I get thefollowing 
error

making all in ssl...
make[1]: Entering directory `/users/scottn/openssl-1.0.1t/ssl'
make[1]: *** No rule to make target `../include/openssl/srp.h', needed by 
`tls_srp.o'.  Stop.

Anyone else build without SRP?  Anyone have suggestions?
---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 
583-2874|Fax 805 583-0124 |



-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Creating an X25519-based Certificate

[Michael Scott]

On Thu, Jun 30, 2016 at 5:11 PM, Matt Caswell  wrote:

>
>
> On 30/06/16 16:54, Salz, Rich wrote:
> >> Since X25519 is not the first "encrypt-only" algorithm in the
> >> OpenSSL universe, how was requesting certificates handled for
> >> such algorithms in the past?
> >
> > It wasn't.
> >
> >> For example how would one request a DH certificate?
> >
> > You couldn't.
> >
> > I don't recall anyone ever asking for such a thing on the public lists.
> >
>
> There is no standardised way of requesting a DH certificate that I know of.
>
> Nonetheless OpenSSL does support the generation of DH certificates, but
> it's a bit nasty:
>
>
> https://security.stackexchange.com/questions/44251/openssl-generate-different-types-of-self-signed-certificate/82868#82868
>
>

That seems to be exactly what I was looking for! So create a bogus RSA cert
and create its self-signed certificate request. But then use the
-force_pubkey flag to substitute my own X25519 public key for the RSA
public key, just prior to getting it signed by the CA.

Reminds me of the cuckoo..

I would worry about the damage that could be done if -force_pubkey fell
into the wrong hands :)

Thanks!


Mike


> Matt
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Creating an X25519-based Certificate

[Michael Scott]

Yes, I can certainly program my way out of the problem, but it would be
nice if the command line tool allowed me a way to do it.

Thanks!

Mike

On Thu, Jun 30, 2016 at 9:37 AM, Erwann Abalea 
wrote:

> Ok, you’re talking about OpenSSL command line tool only, I missed that
> part.
>
> The solution should then be to modify apps/ca.c:certify() function to add
> an arg, and avoid the call to X509_REQ_verify when desired.
>
> Cordialement,
> Erwann Abalea
>
> Le 29 juin 2016 à 19:17, Michael Scott  a écrit :
>
> Thanks Erwann, but that's not an answer to my question.
>
> To get the CA to sign (using RSA or anything) a certificate that contains
> an X25519 public key, that certificate must first submit to the CA
> something called a "Certificate request". This takes the form of the
> supplicant certificate, which is self-signed. However you cannot self-sign
> with an X25519 key (using the openssl command line tool), as it objects
> that X25519 does not support signature.
>
> So the issue arises around the "certificate request" process. There is I
> agree no problem in creating the certificate itself.
>
>
> Mike
>
>
>
> On Wed, Jun 29, 2016 at 4:27 PM, Erwann Abalea  > wrote:
>
>> Bonjour,
>>
>> You may have a classic certificate containing your
>> {X,Ed}{25519,448,whatever} public key once:
>>
>>- an OID is allocated to identify this type of public key (it will go
>>into tbs.subjectPublicKeyInfo.algorithm.algorithm)
>>- a set of associated optional parameters are defined for this OID
>>(to go into tbs.subjectPublicKeyInfo.algorithm.parameters)
>>- a canonical encoding for this type of public key is defined, so the
>>key material can be enclosed into 
>> tbs.subjectPublicKeyInfo.subjectPublicKey
>>
>>
>> This certificate may be RSA-signed or ECDSA-signed (or whatever-signed,
>> in fact).
>>
>> For a CA to be able to Ed{25519,448,whatever}-sign something, the
>> previous steps must have been done, plus:
>>
>>- an OID is allocated to identify the signature algorithm to apply
>>(it will not be ECDSA) -> cert.signatureAlgorithm.algorithm
>>- a set of associated optional parameters are defined for this OID ->
>>cert.signatureAlgorithm.parameters
>>- a canonical encoding for the signature value is defined, so it can
>>be enclosed into cert.signatureValue
>>
>>
>> All this is being discussed at CFRG.
>>
>> Cordialement,
>> Erwann Abalea
>>
>> Le 29 juin 2016 à 16:46, Michael Scott  a écrit :
>>
>> Hello,
>>
>>
>> How do I do this? Using the OpenSSL command line tool, a certificate
>> request must be self-signed, but the X25519 elliptic curve (newly supported
>> in version 1.1.0), doesn't do signature, it can only be used for key
>> exchange.
>>
>> (Of course the X25519 Montgomery curve is birationally equivalent to an
>> Edwards curve which can do signature. And indeed it is our intention to use
>> the Edwards curve. But first I need a CA-signed X25519 cert. But because of
>> the above catch-22 problem, I cannot create one.)
>>
>>
>> Mike
>>
>>
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
>>
>>
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
>>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Creating an X25519-based Certificate

[Michael Scott]

On Wed, Jun 29, 2016 at 6:21 PM, Salz, Rich  wrote:

>
> > To repeat: X25519 only supports key exchange.  The 25519 signing
> > mechanism is not yet defined.
>

Which I don't have a problem with.

But surely the openssl command line tool should provide a mechanism for
allowing an X25519-based certificate to be signed by a CA.

Its seems that the "certificate request" protocol, which requires
self-signing, prevents this in this case.


Mike


>
> And see also: https://datatracker.ietf.org/doc/draft-ietf-curdle-pkix/
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Creating an X25519-based Certificate

[Michael Scott]

Thanks Erwann, but that's not an answer to my question.

To get the CA to sign (using RSA or anything) a certificate that contains
an X25519 public key, that certificate must first submit to the CA
something called a "Certificate request". This takes the form of the
supplicant certificate, which is self-signed. However you cannot self-sign
with an X25519 key (using the openssl command line tool), as it objects
that X25519 does not support signature.

So the issue arises around the "certificate request" process. There is I
agree no problem in creating the certificate itself.


Mike



On Wed, Jun 29, 2016 at 4:27 PM, Erwann Abalea 
wrote:

> Bonjour,
>
> You may have a classic certificate containing your
> {X,Ed}{25519,448,whatever} public key once:
>
>- an OID is allocated to identify this type of public key (it will go
>into tbs.subjectPublicKeyInfo.algorithm.algorithm)
>- a set of associated optional parameters are defined for this OID (to
>go into tbs.subjectPublicKeyInfo.algorithm.parameters)
>- a canonical encoding for this type of public key is defined, so the
>key material can be enclosed into tbs.subjectPublicKeyInfo.subjectPublicKey
>
>
> This certificate may be RSA-signed or ECDSA-signed (or whatever-signed, in
> fact).
>
> For a CA to be able to Ed{25519,448,whatever}-sign something, the previous
> steps must have been done, plus:
>
>- an OID is allocated to identify the signature algorithm to apply (it
>will not be ECDSA) -> cert.signatureAlgorithm.algorithm
>- a set of associated optional parameters are defined for this OID ->
>cert.signatureAlgorithm.parameters
>- a canonical encoding for the signature value is defined, so it can
>be enclosed into cert.signatureValue
>
>
> All this is being discussed at CFRG.
>
> Cordialement,
> Erwann Abalea
>
> Le 29 juin 2016 à 16:46, Michael Scott  a écrit :
>
> Hello,
>
>
> How do I do this? Using the OpenSSL command line tool, a certificate
> request must be self-signed, but the X25519 elliptic curve (newly supported
> in version 1.1.0), doesn't do signature, it can only be used for key
> exchange.
>
> (Of course the X25519 Montgomery curve is birationally equivalent to an
> Edwards curve which can do signature. And indeed it is our intention to use
> the Edwards curve. But first I need a CA-signed X25519 cert. But because of
> the above catch-22 problem, I cannot create one.)
>
>
> Mike
>
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Creating an X25519-based Certificate

[Michael Scott]

WellI can help with CFRG - its Crypto Forum Research Group.

Mike


On Wed, Jun 29, 2016 at 4:10 PM, Jakob Bohm  wrote:

> On 29/06/2016 16:53, Salz, Rich wrote:
>
>> How do I do this? Using the OpenSSL command line tool, a certificate
>>> request must be self-signed, but the X25519 elliptic curve (newly supported
>>> in version 1.1.0), doesn't do signature, it can only be used for key
>>> exchange.
>>>
>> You cannot do it.
>>
>> You should look at the CFRG documents on Ed25519.
>>
>> This raises two general questions:
>
> 1. What is CFRG, I don't remember that acronym.
>
> 2. What is the general procedure for generating a CSR for
>   an encryption-only algorithm, such as DH, ECDH etc.?
>
> Enjoy
>
> Jakob
> --
> Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
> Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
> This public discussion message is non-binding and may contain errors.
> WiseMo - Remote Service Management for PCs, Phones and Embedded
>
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Creating an X25519-based Certificate

[Michael Scott]

Hello,


How do I do this? Using the OpenSSL command line tool, a certificate
request must be self-signed, but the X25519 elliptic curve (newly supported
in version 1.1.0), doesn't do signature, it can only be used for key
exchange.

(Of course the X25519 Montgomery curve is birationally equivalent to an
Edwards curve which can do signature. And indeed it is our intention to use
the Edwards curve. But first I need a CA-signed X25519 cert. But because of
the above catch-22 problem, I cannot create one.)


Mike
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Reload certificates?

[Scott Neugroschl]

I believe that's specific to the servers in question.  Often you can "restart" 
a server by giving it a SIGHUP.  I don't know if slapd and slurpd will respond 
in the way you want.


From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Jordan Brown
Sent: Wednesday, May 18, 2016 10:44 AM
To: openssl-users@openssl.org
Subject: [openssl-users] Reload certificates?


We have OpenSSL consumers (primarily but not exclusively OpenLDAP).  Some of 
them are long-running processes.

We'd like to be able to update the list of trusted certificates and have the 
changes take effect, without needing to restart those long-running processes 
and preferably without needing to interact with them in any way.

It *looks* like the "file" style of certificate store is loaded once only, at 
the time it's specified, and never reloaded again for the life of a particular 
SSL context.  Similarly, it looks like in the "directory" style of certificate 
store once a particular certificate has been loaded, it's never unloaded, even 
if the underlying file is deleted.  It looks like the only way to see changes 
(and especially deletions) is to create a new SSL context.  In addition to the 
difficulty of getting middleware to do that, it seems like the middleware would 
need to either watch the files and directories on its own, or always create new 
SSL contexts for new connections, or something else similarly intrusive.

Is there something I'm missing?

Would it be reasonable to have OpenSSL watch the metadata on the file or 
directory and, on change, discard cached certificates and, for a file, reload 
the file?

--

Jordan Brown, Oracle Solaris


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Spam

[Scott Neugroschl]

Can the spam filters on the listserv be updated?   Got two today in Spanish and 
Portuguese for monetary scams.  Anyone else getting these?

---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 
583-2874|Fax 805 583-0124 |



-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] help on des_cblock

[Scott Neugroschl]

I suspect the use of std::string and c_str().  Use a std::vector instead.

From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Jason Qian
Sent: Friday, March 18, 2016 1:19 PM
To: openssl-users@openssl.org
Subject: [openssl-users] help on des_cblock

I am new on openSSl and run  into a issue need some help.


In our application, the client and server perform a Diffie Hellman Key exchange 
and then encrypt the data  The client is written in C++(using openSSL), and 
server is in java.

 Most of time, it is running correctly, but occasionally the server(java) throw 
a  "Given final block not properly padded" exception.

I added more log on the both side. When the exception happen,  the keys are 
offset by one(for the working case, they are the same)


Server -- java  get from getEncoded()

DES Key  size (8)(1,-83,-113,-74,-77,109,84,88)

Client -- openSSL  get from des_cblock struct

DES Key  size (8)   (-83,-113,-74,-77,109,84,88,8)

Thanks
Jason

Here is the C++ code

void DiffieHellmanCipher::init(const std::string &Y){
if (Y.length() == 0) {
return;
}
if (m_DH == NULL) {
return;
}

// convert the Y to BIGNUM
BIGNUM *bnY = NULL;
// Memory for bnY is allocated in BN_dec2bn call.
if (!BN_dec2bn(&bnY, Y.c_str())) {
if (bnY)
BN_free(bnY);
printf("Could not convert Diffie-Hellman Y value to BIGNUM");
}

// compute the secret key
int dhSize = DH_size(m_DH);
unsigned char *secretKey = (unsigned char*) new char[dhSize + 1];
int secretKeyLen = DH_compute_key(secretKey, bnY, m_DH);
BN_free(bnY);

if (secretKeyLen < 8) {
delete [] secretKey;
printf("Error computing secret key: key length is too short");
}

// convert from raw form to odd parity DES key
des_cblock desKey;
memcpy(desKey, secretKey, 8);
delete [] secretKey;
DES_set_odd_parity(&desKey);

  //just print out des_cblock
secretKeyString="(";
char ch[10]="\0";
for(int i=0;i<8;i++){
sprintf(ch,"%d",(char)desKey[i]);
  secretKeyString+=ch;
  if(i != 7){
secretKeyString+=",";
  }
}
secretKeyString+=")";


int skRet;
if ((skRet = DES_set_key(&desKey, &m_DESKey)) != 0) {
delete [] secretKey;
printf("Error computing secret key: generated key is weak");
}

m_bInited = true;
}
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] help on des_cblock

[Scott Neugroschl]

My mistake.  I was reading the calls backwards.  The use of c_str() there is 
fine.  Ignore my previous comment.

From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Jason Qian
Sent: Friday, March 18, 2016 2:34 PM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] help on des_cblock

Thanks,
Jason

On Fri, Mar 18, 2016 at 4:23 PM, Scott Neugroschl 
mailto:scot...@xypro.com>> wrote:
I suspect the use of std::string and c_str().  Use a std::vector instead.

From: openssl-users 
[mailto:openssl-users-boun...@openssl.org<mailto:openssl-users-boun...@openssl.org>]
 On Behalf Of Jason Qian
Sent: Friday, March 18, 2016 1:19 PM
To: openssl-users@openssl.org<mailto:openssl-users@openssl.org>
Subject: [openssl-users] help on des_cblock

I am new on openSSl and run  into a issue need some help.


In our application, the client and server perform a Diffie Hellman Key exchange 
and then encrypt the data  The client is written in C++(using openSSL), and 
server is in java.

 Most of time, it is running correctly, but occasionally the server(java) throw 
a  "Given final block not properly padded" exception.

I added more log on the both side. When the exception happen,  the keys are 
offset by one(for the working case, they are the same)


Server -- java  get from getEncoded()

DES Key  size (8)(1,-83,-113,-74,-77,109,84,88)

Client -- openSSL  get from des_cblock struct

DES Key  size (8)   (-83,-113,-74,-77,109,84,88,8)
Thanks
Jason

Here is the C++ code

void DiffieHellmanCipher::init(const std::string &Y){
if (Y.length() == 0) {
return;
}
if (m_DH == NULL) {
return;
}

// convert the Y to BIGNUM
BIGNUM *bnY = NULL;
// Memory for bnY is allocated in BN_dec2bn call.
if (!BN_dec2bn(&bnY, Y.c_str())) {
if (bnY)
BN_free(bnY);
printf("Could not convert Diffie-Hellman Y value to BIGNUM");
}

// compute the secret key
int dhSize = DH_size(m_DH);
unsigned char *secretKey = (unsigned char*) new char[dhSize + 1];
int secretKeyLen = DH_compute_key(secretKey, bnY, m_DH);
BN_free(bnY);

if (secretKeyLen < 8) {
delete [] secretKey;
printf("Error computing secret key: key length is too short");
}

// convert from raw form to odd parity DES key
des_cblock desKey;
memcpy(desKey, secretKey, 8);
delete [] secretKey;
DES_set_odd_parity(&desKey);

  //just print out des_cblock
secretKeyString="(";
char ch[10]="\0";
for(int i=0;i<8;i++){
sprintf(ch,"%d",(char)desKey[i]);
  secretKeyString+=ch;
  if(i != 7){
secretKeyString+=",";
  }
}
secretKeyString+=")";


int skRet;
if ((skRet = DES_set_key(&desKey, &m_DESKey)) != 0) {
delete [] secretKey;
printf("Error computing secret key: generated key is weak");
}

m_bInited = true;
}

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Trouble compiling in version 0.9.8h

[Scott Neugroschl]

0.9.8h…. REALLY The latest is 0.9.8zh.  And on top of that 0.9.8 got EOL’ed 
as of the beginning of the year.
Can you update to 1.0.1?  (Latest is 1.0.1q).

From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Luiz Laranjeira
Sent: Sunday, December 27, 2015 7:02 AM
To: openssl-users@openssl.org
Subject: [openssl-users] Trouble compiling in version 0.9.8h

I am getting the errors below. Anyone can help?

Line 282 of file pkcs7.h = DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)

1>-- Build started: Project: OpenSSL, Configuration: Debug Win32 --
1>  tls_srp.c
1>c:\users\luiz\dropbox\luiz\profissional\...\include\openssl\pkcs7.h(282): 
error C2055: expected formal parameter list, not a type list
1>c:\users\luiz\dropbox\luiz\profissional\...\include\openssl\pkcs7.h(282): 
error C2085: 'PKCS7_ISSUER_AND_SERIAL_new' : not in formal parameter list
1>c:\users\luiz\dropbox\luiz\profissional\...\include\openssl\pkcs7.h(282): 
error C2085: 'PKCS7_ISSUER_AND_SERIAL_free' : not in formal parameter list
1>c:\users\luiz\dropbox\luiz\profissional\...\include\openssl\pkcs7.h(282): 
error C2085: 'd2i_PKCS7_ISSUER_AND_SERIAL' : not in formal parameter list
1>c:\users\luiz\dropbox\luiz\profissional\...\include\openssl\pkcs7.h(282): 
error C2085: 'i2d_PKCS7_ISSUER_AND_SERIAL' : not in formal parameter list
1>c:\users\luiz\dropbox\luiz\profissional\...\include\openssl\pkcs7.h(282): 
error C2085: 'PKCS7_ISSUER_AND_SERIAL_it' : not in formal parameter list
1>c:\users\luiz\dropbox\luiz\profissional\...\include\openssl\pkcs7.h(286): 
error C2085: 'PKCS7_ISSUER_AND_SERIAL_digest' : not in formal parameter list
1>c:\users\luiz\dropbox\luiz\profissional\...\include\openssl\pkcs7.h(288): 
error C2085: 'd2i_PKCS7_fp' : not in formal parameter list
1>c:\users\luiz\dropbox\luiz\profissional\...\include\openssl\pkcs7.h(289): 
error C2085: 'i2d_PKCS7_fp' : not in formal parameter list

..

1>c:\users\luiz\dropbox\luiz\profissional\projetos\sadap3-assinaturadigital-iti\development\pdfsignature\openssl\include\openssl\pkcs7.h(291):
 error C2085: 'PKCS7_dup' : not in formal parameter list
1>c:\users\luiz\dropbox\luiz\profissional\projetos\sadap3-assinaturadigital-iti\development\pdfsignature\openssl\include\openssl\pkcs7.h(292):
 error C2085: 'd2i_PKCS7_bio' : not in formal parameter list
1>c:\users\luiz\dropbox\luiz\profissional\projetos\sadap3-assinaturadigital-iti\development\pdfsignature\openssl\include\openssl\pkcs7.h(293):
 error C2085: 'i2d_PKCS7_bio' : not in formal parameter list
1>c:\users\luiz\dropbox\luiz\profissional\projetos\sadap3-assinaturadigital-iti\development\pdfsignature\openssl\include\openssl\pkcs7.h(296):
 error C2085: 'PKCS7_SIGNER_INFO_new' : not in formal parameter list
1>c:\users\luiz\dropbox\luiz\profissional\projetos\sadap3-assinaturadigital-iti\development\pdfsignature\openssl\include\openssl\pkcs7.h(296):
 error C2085: 'PKCS7_SIGNER_INFO_free' : not in formal parameter list
1>c:\users\luiz\dropbox\luiz\profissional\projetos\sadap3-assinaturadigital-iti\development\pdfsignature\openssl\include\openssl\pkcs7.h(296):
 error C2085: 'd2i_PKCS7_SIGNER_INFO' : not in formal parameter list
1>c:\users\luiz\dropbox\luiz\profissional\projetos\sadap3-assinaturadigital-iti\development\pdfsignature\openssl\include\openssl\pkcs7.h(296):
 error C2085: 'i2d_PKCS7_SIGNER_INFO' : not in formal parameter list
1>c:\users\luiz\dropbox\luiz\profissional\projetos\sadap3-assinaturadigital-iti\development\pdfsignature\openssl\include\openssl\pkcs7.h(296):
 error C2085: 'PKCS7_SIGNER_INFO_it' : not in formal parameter list
1>c:\users\luiz\dropbox\luiz\profissional\projetos\sadap3-assinaturadigital-iti\development\pdfsignature\openssl\include\openssl\pkcs7.h(297):
 error C2085: 'PKCS7_RECIP_INFO_new' : not in formal parameter list
1>c:\users\luiz\dropbox\luiz\profissional\projetos\sadap3-assinaturadigital-iti\development\pdfsignature\openssl\include\openssl\pkcs7.h(297):
 error C2085: 'PKCS7_RECIP_INFO_free' : not in formal parameter list
1>c:\users\luiz\dropbox\luiz\profissional\projetos\sadap3-assinaturadigital-iti\development\pdfsignature\openssl\include\openssl\pkcs7.h(297):
 error C2085: 'd2i_PKCS7_RECIP_INFO' : not in formal parameter list
1>c:\users\luiz\dropbox\luiz\profissional\projetos\sadap3-assinaturadigital-iti\development\pdfsignature\openssl\include\openssl\pkcs7.h(297):
 error C2085: 'i2d_PKCS7_RECIP_INFO' : not in formal parameter list
1>c:\users\luiz\dropbox\luiz\profissional\projetos\sadap3-assinaturadigital-iti\development\pdfsignature\openssl\include\openssl\pkcs7.h(297):
 error C2085: 'PKCS7_RECIP_INFO_it' : not in formal parameter list
1>c:\users\luiz\dropbox\luiz\profissional\projetos\sadap3-assinaturadigital-iti\development\pdfsignature\openssl\include\openssl\pkcs7.h(298):
 error C2085: 'PKCS7_SIGNED_new' : not in formal parameter list
1>c:\users\luiz\dropbox\luiz\profissional\projetos\sadap3-assinaturadigital-iti\development\pdfsignature\openssl\include\openssl\pkcs7.h(298

Re: [openssl-users] DROWN (CVE-2016-0800)

[Scott Neugroschl]

Thank you Michael and Victor for your explanation.

It's much appreciated.

ScottN

---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 
583-2874|Fax 805 583-0124 |




-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] DROWN (CVE-2016-0800)

[Scott Neugroschl]

>From the linked document:

"All client sessions are vulnerable if the target server still supports SSLv2 
today, irrespective of whether the client ever supported it"

I'm trying to understand this.  I am using a custom build of OpenSSL as a 
client, which was configured no-ssl2 and no-ssl3.  My code is
client-only.  So I am still vulnerable to this if my customer's server is not 
up to date?



-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Salz, Rich
Sent: Wednesday, March 02, 2016 10:22 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] DROWN (CVE-2016-0800)

Other implementations MAY be susceptible.  It's a protocol flaw.

The fix is to completely remove SSLv2.  See the blog post:  
https://www.openssl.org/blog/blog/2016/03/01/an-openssl-users-guide-to-drown/

--  
Senior Architect, Akamai Technologies
IM: richs...@jabber.at Twitter: RichSalz


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] DROWN (CVE-2016-0800)

[Scott Neugroschl]

Hi,

I've got a question about DROWN.   Is the vulnerability due to a specific 
coding error in OpenSSL,
or is it something that other SSL implementations may be vulnerable to?  Which 
commit fixed this,
so that I can see the changes?

Thanks,

ScottN

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] no version information available error

[Scott Neugroschl]

OpenSSH does not work with the FIPS mode of OpenSSL.  This has been discussed 
both here and on the OpenSSH list.

From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
cloud force
Sent: Friday, February 12, 2016 11:44 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] no version information available error

Thanks Jakob for the detailed info.

On Thu, Feb 11, 2016 at 7:50 AM, Jakob Bohm 
mailto:jb-open...@wisemo.com>> wrote:
On 10/02/2016 22:46, cloud force wrote:
Hi Everyone,

I installed the FIPS capable openssl library (which was built by myself) on my 
Ubuntu linux box.

For some reason, I keep running into the following errors whenever I run ssh 
related command:


ssh: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version
information available (required by ssh)


The same error happens when I ran openssl command such as the following:

linux-fips@ubuntu:/usr/local/ssl/lib$ openssl ciphers -v | wc -l
openssl: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version information 
available (required by openssl)
openssl: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version information 
available (required by openssl)
openssl: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version information 
available (required by /lib/x86_64-linux-gnu/libssl.so.1.0.0)
openssl: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version information 
available (required by /lib/x86_64-linux-gnu/libssl.so.1.0.0)
The Debian-family (includes Ubuntu) standard OpenSSL shared
libraries is built in a special way to include "version tags"
in the resulting .so files, and all the openssl-needing
binaries in Debian/Ubuntu/etc. produce the error message
above if you install copies of those libraries without those
extra "version tags".

There are two alternative ways to solve this:

A) Build your FIPS-cabable OpenSSL (not the FIPScanister)
  with all the extra steps and patches in the Ubuntu OpenSSL
  source package (.dsc etc.), just adding the FIPS canister.
   Note that some of the patches in the source package are
  backports of the security fixes included in the latest
  OpenSSL versions, you'll probably have to figure out the
  details yourself (unless Kurt Roeckz posts a recipe
  somewhere).

B) Patch your FIPS-capable OpenSSL makefile (not the
  FIPScanister makefile) to use a different .so-version, such
  as .so.1.0.2 .  Then your private openssl build will not be
  used by the prepackaged software while software explicitly
  compiled against your locally build OpenSSL will not
  accidentally pick up the standard non-FIPS OpenSSL.



Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 
10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



--
Thanks,
Rich

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Do you need EGD support?

[Scott Neugroschl]

Will you still support PRNGD?  I need PRNGD, as I'm on a platform without a 
built-in random device or cpu instructions.

From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Salz, Rich
Sent: Monday, January 11, 2016 7:06 AM
To: openssl-...@openssl.org; openssl-users@openssl.org
Subject: [openssl-users] Do you need EGD support?

We are considering removing EGD support in 1.1  If your platform still needs 
it, please reply soon.

--
Senior Architect, Akamai Technologies
IM: richs...@jabber.at Twitter: RichSalz

___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How can i verify a signature without knowing the private key? not by openssl command but openssl function.

[Scott Neugroschl]

Ignore me.  I completely misread your email.

From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Scott Neugroschl
Sent: Friday, September 25, 2015 10:32 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] How can i verify a signature without knowing the 
private key? not by openssl command but openssl function.

That's the whole point of private key encryption.  You don't NEED to know the 
private key.

What you do is write out the data (abcde1234).  Then hash it (SHA-256), and 
encrypt the *HASH* with the private key.
The recipient reads the data and encrypted hash.  He then decrypts the hash 
with the public key, compares it to the hash of the data.  If the two hashes 
match, the data is authentic.

From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Sent: Friday, September 25, 2015 3:52 AM
To: openssl-users
Subject: [openssl-users] How can i verify a signature without knowing the 
private key? not by openssl command but openssl function.

Hi guys
i want to write two programd to learn the details of ecdsa signature.
program A read the private key from private.pem, sign a string, like 
"abcde1234", save the signature as sig.pem.
program B read the public key from pub.pem, read the sig.pem, and verify 
the signature.
can anybody provide me a example code?

my implementation is as follow:
1, generate the ecc keys by "openssl ecparam -genkey -name secp256r1 -out 
private.pem" and extract the public key by "openssl ec -in private.pem -out 
public.pem -pubout"
2, read the private key by "PEM_read_PrivateKey()", and sign with 
"ECDSA_do_sign", there is no problem. program A works well.
3, the problem is how to read the public key from public.pem ? i find 
PEM_read_bio_PUBKEY from app/apps.c, but i can't find the source code.  how can 
i verify the signature without knowing the private key?


___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How can i verify a signature without knowing the private key? not by openssl command but openssl function.

[Scott Neugroschl]

That's the whole point of private key encryption.  You don't NEED to know the 
private key.

What you do is write out the data (abcde1234).  Then hash it (SHA-256), and 
encrypt the *HASH* with the private key.
The recipient reads the data and encrypted hash.  He then decrypts the hash 
with the public key, compares it to the hash of the data.  If the two hashes 
match, the data is authentic.

From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Sent: Friday, September 25, 2015 3:52 AM
To: openssl-users
Subject: [openssl-users] How can i verify a signature without knowing the 
private key? not by openssl command but openssl function.

Hi guys
i want to write two programd to learn the details of ecdsa signature.
program A read the private key from private.pem, sign a string, like 
"abcde1234", save the signature as sig.pem.
program B read the public key from pub.pem, read the sig.pem, and verify 
the signature.
can anybody provide me a example code?

my implementation is as follow:
1, generate the ecc keys by "openssl ecparam -genkey -name secp256r1 -out 
private.pem" and extract the public key by "openssl ec -in private.pem -out 
public.pem -pubout"
2, read the private key by "PEM_read_PrivateKey()", and sign with 
"ECDSA_do_sign", there is no problem. program A works well.
3, the problem is how to read the public key from public.pem ? i find 
PEM_read_bio_PUBKEY from app/apps.c, but i can't find the source code.  how can 
i verify the signature without knowing the private key?


___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Vulnerability >> logjam << downgrades TLS connections to 512 Bit

[Scott Neugroschl]

On Wednesday, May 20, 2015 10:18 AM, Kurt Roeckx wrote:
> On Wed, May 20, 2015 at 03:47:33PM +0000, Scott Neugroschl wrote:
>> Is OpenSSL vulnerable to Logjam?

> See
> http://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/

Thanks.

Scott

___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Vulnerability >> logjam << downgrades TLS connections to 512 Bit

[Scott Neugroschl]

Is OpenSSL vulnerable to Logjam?


___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] BIO_new_dgram() called in apps/s_server.c

[Scott Neugroschl]

Reposting because I sent it to the "mta" address:



I am building OpenSSL 1.0.2a with no-dgram and no-dtls1.  When I do so, I get a 
linker error that BIO_new_dgram() is undefined.



The following appears to fix the issue:



cut here

--- s_server.c.orig 2015-03-19 17:17:53 -0700

+++ s_server.c  2015-04-20 11:27:30 -0700

@@ -2183,6 +2183,7 @@

# endif

#endif



+#ifndef OPENSSL_NO_DGRAM

 if (stype == SOCK_DGRAM) {



 sbio = BIO_new_dgram(s, BIO_NOCLOSE); @@ -2220,6 +2221,9 @@

 SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE);

 } else

 sbio = BIO_new_socket(s, BIO_NOCLOSE);

+#else

+sbio = BIO_new_socket(s, BIO_NOCLOSE);

+#endif



 if (s_nbio_test) {

 BIO *test;

cut here



Does this fix make sense?




---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 
583-2874|Fax 805 583-0124 |

___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Compiling for multiple platforms?

[Scott Neugroschl]

I'm cross-compiling for multiple platforms.   Any changes I make to platform A 
have to be reflected in platform B.

Currently, I have to have two full source trees, and ensure that they're in 
sync.

Is there a way to specify where objects and binaries go?  Or, alternatively, 
where the source lives (rather like OpenSSH's --srcdir option)?

I.e, what I'd like to see is

openssl
   |
   +- src
   |   |
   |   +- apps
   |   |
   |   +- cryto
   |   |
   |   ...
   |
   +- platformA
   |   |
   |   +- libcrypto.a
   |   |
   |   +- libssl.a
   |   |
   |   +- openssl
   |
   +- platformA
   |
   +- libcrypto.a
   |
   +- libssl.a
   |
   +- openssl


---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 
583-2874|Fax 805 583-0124 |

___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] BIO_new_dgram() called in apps/s_server.c

[Scott Neugroschl]

Correction to subject, it's s_server.c  My typo.

-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Scott Neugroschl
Sent: Monday, April 20, 2015 11:32 AM
To: openssl-us...@mta.opensslfoundation.net
Subject: [openssl-users] BIO_new_dgram() called in apps/s_server.h


I am building OpenSSL 1.0.2a with no-dgram and no-dtls1.  When I do so, I get a 
linker error that BIO_new_dgram() is undefined.

The following appears to fix the issue:

cut here
--- s_server.c.orig 2015-03-19 17:17:53 -0700
+++ s_server.c  2015-04-20 11:27:30 -0700
@@ -2183,6 +2183,7 @@
 # endif
 #endif

+#ifndef OPENSSL_NO_DGRAM
 if (stype == SOCK_DGRAM) {

 sbio = BIO_new_dgram(s, BIO_NOCLOSE); @@ -2220,6 +2221,9 @@
 SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE);
 } else
 sbio = BIO_new_socket(s, BIO_NOCLOSE);
+#else
+sbio = BIO_new_socket(s, BIO_NOCLOSE); #endif

 if (s_nbio_test) {
 BIO *test;
cut here

Does this fix make sense?

---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 
583-2874|Fax 805 583-0124 |

___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] BIO_new_dgram() called in apps/s_server.h

[Scott Neugroschl]

I am building OpenSSL 1.0.2a with no-dgram and no-dtls1.  When I do so, I get a 
linker error that BIO_new_dgram() is undefined.

The following appears to fix the issue:

cut here
--- s_server.c.orig 2015-03-19 17:17:53 -0700
+++ s_server.c  2015-04-20 11:27:30 -0700
@@ -2183,6 +2183,7 @@
 # endif
 #endif

+#ifndef OPENSSL_NO_DGRAM
 if (stype == SOCK_DGRAM) {

 sbio = BIO_new_dgram(s, BIO_NOCLOSE);
@@ -2220,6 +2221,9 @@
 SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE);
 } else
 sbio = BIO_new_socket(s, BIO_NOCLOSE);
+#else
+sbio = BIO_new_socket(s, BIO_NOCLOSE);
+#endif

 if (s_nbio_test) {
 BIO *test;
cut here

Does this fix make sense?

---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 
583-2874|Fax 805 583-0124 |

___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] base64 decode in C

[Scott Neugroschl]

I believe the SSH pubkey is binary data, not ASCII, so strlen() will not work 
on it if it has embedded NUL chars.
As Dave Thompson suggested, instead of strlen(), use the length returned from 
BIO_read.


From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Prashant Bapat
Sent: Wednesday, March 18, 2015 8:08 AM
To: openssl-users
Subject: Re: [openssl-users] base64 decode in C

Hi Dave and Walter,

Thanks for our reply.

I'm not doing anything different for the ssh pubkey. I'm able to decode it 
using the "openssl enc -base64 -d -A" command. But not using the C program.

Attaching my entire code here. After getting the base64 decoded I'm calculating 
the MD5 sum and printing it. This works for a regular string but not for SSH 
pubkey.

Thanks again.

--Prashant

On 18 March 2015 at 18:04, Walter H. 
mailto:walte...@mathemainzel.info>> wrote:
Hi,

before calling this function,
remove any whitespace;

Walter



___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL version 1.0.1k released

[Scott Neugroschl]

The C4047 is just a warning.  The C2065 is a known issue, per Matt.

-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Kevin Layer
Sent: Thursday, January 08, 2015 1:13 PM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] OpenSSL version 1.0.1k released

With a more modern 64-bit MS compiler, I still get a failure.
I see that Cygwin released theirs, so I'm guessing this is a MS compiler issue.

cl /Fotmp32dll\cversion.obj  -Iinc32 -Itmp32dll /MD /Ox 
-DOPENSSL_THREADS  -DDSO_WIN32 -W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 
-DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE 
-D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT 
-DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM 
-DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM 
-DGHASH_ASM -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 
-DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_STATIC_ENGINE /Zi 
/Fdtmp32dll/lib -D_WINDLL  -DOPENSSL_BUILD_SHLIBCRYPTO -DMK1MF_BUILD 
-DMK1MF_PLATFORM_VC_WIN64A -c .\crypto\cversion.c cversion.c
crypto\cversion.c(80) : error C2065: 'cflags' : undeclared identifier
crypto\cversion.c(80) : warning C4047: 'return' : 'const char *' differs in 
levels of indirection from 'int'
NMAKE : fatal error U1077: 'cl' : return code '0x2'
Stop.


Microsoft (R) C/C++ Optimizing Compiler Version 14.00.40310.41 for AMD64 and 
the same Microsoft Platform SDK for Windows Server 2003 R2.

Help?
Thanks.
___
openssl-users mailing list
openssl-users@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-users
___
openssl-users mailing list
openssl-users@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-users

RE: Adding new cipher to openssl.

[Scott Neugroschl]

Maybe he thinks that  if he asks it often enough, the answer will magically 
change?

-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Salz, Rich
Sent: Tuesday, November 25, 2014 10:23 PM
To: openssl-users@openssl.org
Subject: RE: Adding new cipher to openssl.

> I was trying to add a new cipher to  openssl so as to  use it  with  the 
> digital certificate, is it possible ?  

You asked this a week ago.  You also asked this three weeks ago.

The answer is yes it is possible but there is NO TOOL OR DOCUMENTATION.

Stephen Henson suggested looking at the gost engine.

Please stop.

RE: undefined reference errors, e.g. to `ERR_load_crypto_strings'

[Scott Neugroschl]

Reverse the order of the libraries.  Use -lssl -lcrypto.


-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Alexander Raiola
Sent: Tuesday, November 25, 2014 8:34 AM
To: openssl-users@openssl.org
Subject: undefined reference errors, e.g. to `ERR_load_crypto_strings'

Dear Sirs or Madams,

I have the problem that I keep getting undefined reference errors whenever I 
try to access pretty much any OpenSSL-related command. I elaborated on my 
problem in the following thread:
http://stackoverflow.com/questions/27106580/undefined-reference-to-err-load-crypto-strings

Can anyone please help me?

Cheers
Alex
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: How to determine if a ssl object is using a DTLS method?

[Scott Neugroschl]

Use getsockopt(SO_TYPE) on the underlying socket?



-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of John Lane Schultz
Sent: Monday, November 24, 2014 1:05 PM
To: openssl-users@openssl.org
Subject: How to determine if a ssl object is using a DTLS method?

Hi all,

I wrote generic wrappers for handling both TLS + DTLS accept and connect logic 
in a non-blocking manner.

My problem is that with DTLS (but not TLS) ssl objects I need to set my own 
timers for implementing reliability of msgs by calling, for example, 
DTLSv1_get_timeout and DTLSv1_handle_timeout.  (TCP handles this for TLS 
automatically)

Therefore, I need to check if the ssl on which I’m operating is a DTLS or a TLS 
ssl object.  Is there an easy and good way to do this?

I can do a brute force method of calling SSL_get_ssl_method and then checking 
it against all the methods I know (e.g. - DTLSv1_method(), 
DTLSv1_client_method(), DTLSv1_server_method, etc.) but that seems ugly and 
fragile, especially as more methods are added in the future.

Can anyone suggest a better way to figure out if I need to do special DTLS 
handling on a ssl object or not?

Cheers!

-
John Lane Schultz
Spread Concepts LLC
Cell: 443 838 2200

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: sign problem

[Scott Neugroschl]

Your problem is with signlen.   You’re accessing a null pointer in 
EVP_DigestSignFinal().

Declare signlen as  size_t, not a size_t*, and pass the *ADDRESS* of signlen.  
E.g.:

  EVP_DigestSignFinal(mdctx, NULL, &signlen);



From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Amir Reda
Sent: Monday, November 24, 2014 10:10 AM
To: openssl-users@openssl.org
Subject: sign problem

dear all 
i have a problem with c++ code for sign some data here is the code

 BIO *sgerr = NULL;
      const char szPath[MAX_FILE_NAME_SIZE] = "sgerr.pem";
      sgerr = BIO_new_file(szPath,"wb");

      cout<<"i'm in sign digest"<

RE: Digital Certificates

[Scott Neugroschl]

Even assuming he figures out how to tis his algorithm into Openssl, how would 
he even being to specify his custom algorithm in the cert?  Wouldn't he have to 
define his own OID for the algorithm?

-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Salz, Rich
Sent: Thursday, November 20, 2014 7:32 AM
To: openssl-users@openssl.org
Subject: RE: Digital Certificates

> If, I want to use my own  algorithm instead of rsa or sha1 in the  
> digital certificates,  is it possible ? if yes then how ?

I thought I answered this.  It is hard work, it is not documented, you're on 
your own.

   H  7  m
)z{,   RǫJ i  Lj)b   )z{,    )z{,    h  ^t   Ƨj  &  ^  %  

RE: version question

[Scott Neugroschl]

Should probably be asked on the OpenSSH mailing lists.  My guess is that you 
will need to install a newer version of OpenSSL.

-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of David Flatley
Sent: Wednesday, November 19, 2014 12:35 PM
To: openssl-users@openssl.org
Subject: version question


  I am trying to build Openssh 6.7p1 on a Red Hat 5.6 x86_64 system with 
Red Hat openssl-0.9.8e-31, which is the latest Red Hat openssl version. The 
Openssh build checks openssl versions and requires 0.9.8f.
Is there a work around for this?
Thanks.

David Flatley

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: sign problem

[Scott Neugroschl]

That looks like a debugger message, not an actual error from the code.

From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Amir Reda
Sent: Tuesday, November 18, 2014 10:29 AM
To: openssl-users@openssl.org
Subject: sign problem

dear all i made an application a client server the client send a certificate 
request and server reply with the certificate and it creates a encrypted shared 
key and some data and sign the digest of the shared key and data
my problem is
1- in SignDigest() in  EVP_DigestSignFinal(mdctx, NULL, signlen); function 
return an error No source available for "EVP_PKEY_sign() at 0xb7ede098"
i don't know the reason for this error it should return the length of the sign 
only
then i reserve a location in memory with this size
please help me


--
Warmest regards and best wishes for a good health,urs sincerely
mero

RE: 1.0.1j on Windows32 shows "error C2027: use of undefined type 'in6_addr'"

[Scott Neugroschl]

RFC 790 defines IPv4, not IPv6.

From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Walter H.
Sent: Wednesday, November 05, 2014 10:49 AM
To: neil carter
Cc: openssl-users@openssl.org
Subject: Re: 1.0.1j on Windows32 shows "error C2027: use of undefined type 
'in6_addr'"

On 05.11.2014 19:27, neil carter wrote:
Sorry, typo - s/b 'VCVARS32.bat'

So are you implying that MS Visual Studio 6.0 might be the issue in that it 
might not have built-in code with IPv6 headers?
yes, definitly

WINSOCK2.H contains this:

/*
 * Constants and structures defined by the internet system,
 * Per RFC 790, September 1981, taken from the BSD file netinet/in.h.
 */

by the way: Visual C++ is from 1998, also an old ancient compiler
we have 2014 ;-)

RE: 1.0.1j on Windows32 shows "error C2027: use of undefined type 'in6_addr'"

[Scott Neugroschl]

VS6 essentially became obsolete in 2002, with the release of Visual Studio 7 
.NET.
IIRC, IPv6 was still in its infancy.

From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of neil carter
Sent: Wednesday, November 05, 2014 10:28 AM
To: Walter H.; openssl-users@openssl.org
Subject: Re: 1.0.1j on Windows32 shows "error C2027: use of undefined type 
'in6_addr'"

Sorry, typo - s/b 'VCVARS32.bat'

So are you implying that MS Visual Studio 6.0 might be the issue in that it 
might not have built-in code with IPv6 headers?  Haven't the IPv6 pieces of the 
OpenSSL code been around for a while?  I know I saw posts regarding it from 
several years back in the list archive.

Thanks!



On 11/5/2014 12:13 PM, Walter H. wrote:
On 05.11.2014 18:47, neil carter wrote:
I'm trying to install the 1.0.1j version on a Windows 2003 server (32-bit), 
with MS Visual Studio 6.0, nasm 2.11.05, and ActiveState perl v5.16.3.
Steps involved include running the VCVARS21.BAT script, ' perl Configure 
VC-WIN32 --prefix=c:\openssl-1.0.1j', 'ms\do_nasm.bat', and finally 'nmake -f 
ms\ntdll.mak'.  Everything looks normal/good until the last step, which ends in 
the following:

VCVARS21.BAT = Visual C++ 2.1?
if yes, you should throw away the old ancient compiler of the early beginning 
of WinNT ... as of 1994;
and get the new actual Platform SDK from Microsoft ...

 .\apps\s_cb.c(803) : error C2027: use of undefined type 'in6_addr'
 .\apps\s_cb.c(803) : see declaration of 'in6_addr'
 .\apps\s_cb.c(836) : error C2027: use of undefined type 'in6_addr'
 .\apps\s_cb.c(836) : see declaration of 'in6_addr'
 .\apps\s_cb.c(884) : error C2027: use of undefined type 'in6_addr'
 .\apps\s_cb.c(884) : see declaration of 'in6_addr'
 .\apps\s_cb.c(917) : error C2027: use of undefined type 'in6_addr'
 .\apps\s_cb.c(917) : see declaration of 'in6_addr'
 NMAKE : fatal error U1077: 'cl' : return code '0x2'
 Stop.
this seems that you include ancient SDK headers not capable of IPv6 at all ...

RE: compilation error

[Scott Neugroschl]

to `EVP_PKEY_assign'
/home/amirale32/workspace/certificate/Debug/../src/server.cc:43: undefined 
reference to `X509_get_serialNumber'
/home/amirale32/workspace/certificate/Debug/../src/server.cc:43: undefined 
reference to `ASN1_INTEGER_set'
/home/amirale32/workspace/certificate/Debug/../src/server.cc:44: undefined 
reference to `X509_gmtime_adj'
/home/amirale32/workspace/certificate/Debug/../src/server.cc:45: undefined 
reference to `X509_gmtime_adj'
/home/amirale32/workspace/certificate/Debug/../src/server.cc:46: undefined 
reference to `X509_set_pubkey'
/home/amirale32/workspace/certificate/Debug/../src/server.cc:48: undefined 
reference to `X509_get_subject_name'
/home/amirale32/workspace/certificate/Debug/../src/server.cc:49: undefined 
reference to `X509_set_issuer_name'
/home/amirale32/workspace/certificate/Debug/../src/server.cc:50: undefined 
reference to `EVP_md5'
/home/amirale32/workspace/certificate/Debug/../src/server.cc:50: undefined 
reference to `X509_sign'
./src/server.o: In function `Server::GenerateMyKeyPairs()':
/home/amirale32/workspace/certificate/Debug/../src/server.cc:56: undefined 
reference to `RSA_generate_key'
./src/server.o: In function `Server::SetPublicKey()':
/home/amirale32/workspace/certificate/Debug/../src/server.cc:62: undefined 
reference to `EVP_PKEY_assign'
collect2: error: ld returned 1 exit status
make: *** [certificate] Error 1
Note
i have followed the steps for that links

http://amgadmadkour.blogspot.com/2011/09/compiling-open-ssl-programs-in-eclipse.html
http://askubuntu.com/questions/211038/cant-find-openssl
http://stackoverflow.com/questions/7860657/undefined-reference-to-eclipse-c
but i failed  please hellpp

On Thu, Sep 18, 2014 at 11:46 PM, Scott Neugroschl 
mailto:scot...@xypro.com>> wrote:
It’s -lssl, not -lopenssl.


From: owner-openssl-us...@openssl.org<mailto:owner-openssl-us...@openssl.org> 
[mailto:owner-openssl-us...@openssl.org<mailto:owner-openssl-us...@openssl.org>]
 On Behalf Of Amir Reda
Sent: Thursday, September 18, 2014 1:33 PM
To: openssl-users@openssl.org<mailto:openssl-users@openssl.org>
Subject: compilation error

/usr/bin/ld: cannot find -lopenssl
this is the error when i have tried to compile the code i attached below i 
install the openssl lib in ubuntu 12.10 i use eclipse and add at the linker 
setting openssl usr/include/openssl
i don't know how to solve this problem please help

--
Warmest regards and best wishes for a good health,urs sincerely
mero



--
Warmest regards and best wishes for a good health,urs sincerely
mero

RE: compilation error

[Scott Neugroschl]

It’s -lssl, not -lopenssl.


From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Amir Reda
Sent: Thursday, September 18, 2014 1:33 PM
To: openssl-users@openssl.org
Subject: compilation error

/usr/bin/ld: cannot find -lopenssl
this is the error when i have tried to compile the code i attached below i 
install the openssl lib in ubuntu 12.10 i use eclipse and add at the linker 
setting openssl usr/include/openssl
i don't know how to solve this problem please help

--
Warmest regards and best wishes for a good health,urs sincerely
mero

Configure Error with no-ec?

[Scott Neugroschl]

When trying to configure 1.0.1h with no-ec, I am getting an error out of 
Configure.  When it's configuring the engines subdirectory:

make[1]: Leaving directory `/users/scottn/testssl/openssl-1.0.1h/ssl'
making links in engines...
make[1]: Entering directory `/users/scottn/testssl/openssl-1.0.1h/engines'
/bin/sh: syntax error at line 1 : `;' unexpected
make[1]: *** [links] Error 2
make[1]: Leaving directory `/users/scottn/testssl/openssl-1.0.1h/engines'
make: *** [links] Error 1

It looks like for some reason ENGDIRS is not set or passed properly.  Even 
though the test for -z is being passed, the for loop
in RECURSIVE_MAKE is generating a syntax error.

Has anyone else run into something like this?


---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 
583-2874|Fax 805 583-0124 |

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: Compile error on Tandem

[Scott Neugroschl]

Wayne, there's a Tandem port on ITUGLIB.

From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Johnson, Wayne
Sent: Monday, July 14, 2014 8:11 AM
To: 'openssl-users@openssl.org'
Subject: Compile error on Tandem

I'm trying to compile OpenSSL 1.0.1h on Tandem (aka NonStop).

I'm getting the following errors:
c89 -I.. -I../include  -Ww -D__TANDEM -D_XOPEN_SOURCE 
-D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN   -c -o heartbeat_test.o 
heartbeat_test.c
SETUP_HEARTBEAT_TEST_FIXTURE(dtls);
^
"/home/devbuild/openssl-1.0.1h/test/heartbeat_test.c", line 276: error(114):
  identifier "__func__" is undefined


SETUP_HEARTBEAT_TEST_FIXTURE(dtls);
^
"/home/devbuild/openssl-1.0.1h/test/heartbeat_test.c", line 294: error(114):
 identifier "__func__" is undefined


SETUP_HEARTBEAT_TEST_FIXTURE(dtls);
^
"/home/devbuild/openssl-1.0.1h/test/heartbeat_test.c", line 312: error(114):
  identifier "__func__" is undefined


SETUP_HEARTBEAT_TEST_FIXTURE(dtls);
^
"/home/devbuild/openssl-1.0.1h/test/heartbeat_test.c", line 326: error(114):
  identifier "__func__" is undefined


SETUP_HEARTBEAT_TEST_FIXTURE(dtls);
^
"/home/devbuild/openssl-1.0.1h/test/heartbeat_test.c", line 343: error(114):
  identifier "__func__" is undefined


SETUP_HEARTBEAT_TEST_FIXTURE(tls);
^
"/home/devbuild/openssl-1.0.1h/test/heartbeat_test.c", line 360: error(114):
  identifier "__func__" is undefined


SETUP_HEARTBEAT_TEST_FIXTURE(tls);
^
"/home/devbuild/openssl-1.0.1h/test/heartbeat_test.c", line 378: error(114):
  identifier "__func__" is undefined


SETUP_HEARTBEAT_TEST_FIXTURE(tls);
^
"/home/devbuild/openssl-1.0.1h/test/heartbeat_test.c", line 396: error(114):
  identifier "__func__" is undefined


SETUP_HEARTBEAT_TEST_FIXTURE(tls);
^
"/home/devbuild/openssl-1.0.1h/test/heartbeat_test.c", line 410: error(114):
  identifier "__func__" is undefined


9 errors detected in the compilation of "heartbeat_test.c".
c89: /usr/lib/cfe exited, returning 2.
make[1]: *** [heartbeat_test.o] Error 1

Any suggestions on where this is going wrong?  Looks like the macro is 
referencing the parameter __func__, but I don't see that being defined.



Wayne D. T. Johnson
Staff Specialist Product Developer
BMC Software

phone: 952.345.8628
BMC 5 digit: 58628
fax: 952.345.8721

1600 Tower, Suite 450
1600 Utica Av. So.
St. Louis Park, MN 55416


[BMC Software]

RE: Decrypting from memory bio vs file bio

[Scott Neugroschl]

Try using BIO_new_mem_buf() instead.

https://www.openssl.org/docs/crypto/BIO_s_mem.html



-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Ico
Sent: Monday, July 07, 2014 2:17 PM
To: openssl-users
Subject: Decrypting from memory bio vs file bio


Hi all,

I've got a small snippet of code to decode some aes-128-cbc data. 
The encrypted data 16 bytes long, decoding to 7 bytes "\x02\x00hallo".

Decoding using BIO's, works ok when the input BIO is a file BIO but fails when 
the input is a memory buffer BIO. In the latter case the BIO_read from the 
cipher bio returns -1.

See the snippet below or at http://pastebin.com/raw.php?i=1fxLQkFa

Change the 'if(1)' in 'if(0)' to switch between the two input bios.

I noticed that the decrypting works ok if I write some additional data in the 
input memory buffer using BIO_write(), but I believe this should not be 
necessary.

The data decodes properly using the openssl command line:

openssl aes-128-cbc -d \
-K 2b7e151628aed2a6abf7158809cf4f3c \
-iv a76d933653cb191de0b5ef789727fc64

Any insight in my problem much appreciated.

Ico



#include 
#include 
#include 
#include 

char data[] = { 0xd7, 0x40, 0x9c, 0xe9, 0x81, 0xff, 0x41, 0xf1, 0xf8, 0x61, 
0xf5, 0xa9, 0x36, 0x99, 0x5b, 0x07 }; char key[]  = { 0x2b, 0x7e, 0x15, 0x16, 
0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c };
char iv[]   = { 0xa7, 0x6d, 0x93, 0x36, 0x53, 0xcb, 0x19, 0x1d, 0xe0, 0xb5, 
0xef, 0x78, 0x97, 0x27, 0xfc, 0x64 };


int main(int argc, char **argv)
{
int r;

OpenSSL_add_all_digests();
OpenSSL_add_all_ciphers();

BIO *bio;

if(1) {
bio = BIO_new(BIO_s_mem());
r = BIO_write(bio, data, sizeof(data));
assert(r == sizeof(data));
} else {
FILE *f = fopen("/tmp/flop", "w");
fwrite(data, 1, sizeof(data), f);
fclose(f);
bio = BIO_new_file("/tmp/flop", "r");
}

BIO *bio_dec = BIO_new(BIO_f_cipher());
BIO_set_cipher(bio_dec, EVP_aes_128_cbc(), key, iv, 0);
BIO_push(bio_dec, bio);

char flop[2048];

r = BIO_read(bio_dec, flop, sizeof flop-1);
assert(r != -1);
flop[r] = '\0';

printf("r=%d '%s'\n", r, flop+2);

return 0;
}

--
:wq
^X^Cy^K^X^C^C^C^C
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: Advisory on CVE 2014-0195 not listed on main vulnerabilities page

[Scott Neugroschl]

CVE-2014-0198 is listed in the VULNERABILITIES page as fixed in 1.0.1h and 
1.0.0m , but is not listed on the Release Notes for either of these releases.

From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Geoffrey Thorpe
Sent: Monday, June 23, 2014 11:59 AM
To: jb-open...@wisemo.com
Cc: openssl-users@openssl.org
Subject: Re: Advisory on CVE 2014-0195 not listed on main vulnerabilities page

Hi Jakob,

Thanks - I think this has now been corrected, the website should sync within an 
hour or so. Please let me know if you see anything amiss.

Cheers,
Geoff


On Mon, Jun 23, 2014 at 8:15 AM, Jakob Bohm 
mailto:jb-open...@wisemo.com>> wrote:
Dear OpenSSL web page subteam,

CVE 2014-0195 is listed in

  https://www.openssl.org/news/secadv_20140605.txt

as fixed by the latest round of security fixes, however it is
missing from the primary cross reference at

  https://www.openssl.org/news/vulnerabilities.html

You may wish to update the page to reflect this part of the
advisory.

This was also mentioned by Mr. Nageswar in an unanswered message
14 days ago.

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark.  Direct +45 31 13 16 
10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
openssl-users@openssl.org
Automated List Manager   
majord...@openssl.org

RE: CVE-2014-0224

[Scott Neugroschl]

>From Victor:
>On Wed, Jun 11, 2014 at 04:09:47PM +, Scott Neugroschl wrote:

>> I know 0.9.7 is no longer under development, but for various reasons, 
>> I have an app that is still using 0.9.7g.
>> Is 0.9.7g subject to the vulnerability from CVD-0214-0224?

>There are I expect many unresolved issues (even if not the particular one in 
>question) in the long ago un-maintained 0.9.7 release.  So my advice is that 
>if this application is communicating over the public Internet, it needs to be 
>upgraded or retired.

We are aware of this, and are looking to upgrade.  Does anyone have a 
recommendation as to 0.9.8 vs 1.0.0 (1.0.1 is too bleeding edge)?  If you have 
a recommendation, may I ask what led you to choose that path?

Thanks,

ScottN

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

CVE-2014-0224

[Scott Neugroschl]

Hi guys,

I know 0.9.7 is no longer under development, but for various reasons, I have an 
app that is still using 0.9.7g.
Is 0.9.7g subject to the vulnerability from CVD-0214-0224?

Thanks,

ScottN


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: CVE 2014-0160 and FIPS 140-2 module

[Scott Ruffner]

From heartbleed.com:


Does OpenSSL's FIPS mode mitigate this?

No, OpenSSL Federal Information Processing Standard (FIPS) mode has no 
effect on the vulnerable heartbeat functionality.



==
Scott Ruffner
Computer Systems Senior Engineer   Computer Science Department
ruff...@cs.virginia.spam.eduUniversity of Virginia
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

missing fips_premain.c when building solaris64-sparcv9-gcc with shared libs

[Scott Ruffner]

I've configured for solaris64-sparcv9-gcc and shared libs; the build 
chokes looking for something called fips_premain.c; I feel like I'm not 
passing it some LIBDIR it needs (from the Makefile):


: hera:/usr/cs/src/openssl-1.0.1f ; find ./ -name Makefile -a -exec grep 
fips_premain.c {} \;

$(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fipscanister.o \
: hera:/usr/cs/src/openssl-1.0.1f ; grep FIPSLIBDIR Makefile
FIPSLIBDIR=
FIPSLIBDIR='${FIPSLIBDIR}'  \
$(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fipscanister.o \

There is also no such file in the distro:

: hera:/usr/cs/src/openssl-1.0.1f ; find ./ -name fips_premain.c
: hera:/usr/cs/src/openssl-1.0.1f ; gzcat ../openssl-1.0.1f.tar.gz | gtar -tvf 
- | grep fips_premain.c
: hera:/usr/cs/src/openssl-1.0.1f ;

Am I supposed to be unpacking the fips source first?

I couldn't find anything in my (admittedly quick) search of the openssl 
docs.


Best,

Scott

======
Scott Ruffner
Computer Systems Senior Engineer   Computer Science Department
ruff...@cs.virginia.spam.eduUniversity of Virginia
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Error Using FIPS compliant OpenSSL Library Files in VC++ in Visual Studio 2005

[Scott Thomas]

Bonjour All, 

I had successfully compiled FIPS complaint OpenSSL and got 
libeayfips32.lib & ssleay32.lib with the complete module on the path
 C:\usr\local\ssl\fips2.0\. I followed these steps: 

== 
1. Compile openssl-fips2.0 
== 
Open Visual Studio 2008 Command Prompt. 
cd openssl-fips2.0\ 
ms\do_fips [no-asm] 
        
Compiled FIPS module is located at C:\usr\local\ssl\fips-2.0 
        
=== 
2. Integrate compiled openssl-fips2.0 in openssl-1.0.1e 
=== 
Open Visual Studio 2008 Command Prompt. 
cd openssl-1.0.1e\ 
perl Configure VC-WIN32 fips --with-fipslibdir=C:\usr\local\ssl\fips-2.0 
ms\do_nasm 
nmake -f ms\nt.mak 
nmake -f ms\nt.mak install 
        
Compiled FIPS compliant OpenSSL exe is located at 
C:\usr\local\ssl\bin\openssl.exe 
Compiled FIPS compliant OpenSSL libeay32.lib & ssleay32.lib are located at 
C:\usr\local\ssl\lib\ 
Compiled FIPS compliant OpenSSL libeay32.dll & ssleay32.dll are located at 
C:\usr\local\ssl\bin\ 


but i am facing issues in using them with VisualC++ in 
Visual Studio 2005. Normal versions of libeay32.lib & ssleay32.lib 
work 100% fine with me. I want to simulate the tests and want to compile
 the source (C:\openssl-fips-2.0\fips\sha\fips_shatest.C) in my VC++ 
VC2005 console application. 

Create a new VC++ win32 console application project. In the 
resource files, add the compiled fips module files libeayfips32.lib 
& ssleay32.lib from C:\usr\local\ssl\fips2.0\lib\. 
In the Source files, add the code file from the source code of 
C:\openssl-fips-2.0\fips\sha\fips_shatest.C. Right click on the source 
file and click properties. In the General section add the include files 
path and set them to C:\usr\local\ss\include\ and 
C:\usr\local\ssl\fips2.0\include\ and i am not using the precompiled 
headers option. 

When i compile the application i get the following lost list of errors: 

error LNK2001: unresolved external symbol _FIPS_digestfinal     
libeayfips32.lib 
error LNK2001: unresolved external symbol _FIPS_drbg_set_callbacks  
libeayfips32.lib 
error LNK2001: unresolved external symbol _FIPS_md_ctx_cleanup      
libeayfips32.lib 

 

 

 

 
error LNK2001: unresolved external symbol _EC_KEY_generate_key          
libeayfips32.lib


Microsoft
 states that error LNK2001 occurs when Code references something (such 
as a function, variable, or label) that the linker can't find in the 
libraries and object files. 

It means there is certainly some issue in FIPS complied 
libeayfips32.lib & ssleay32.lib files. Kindly help me in this 
regard.

Regards 
Scott Thomas 

Help regarding Compile FIPS compliant OpenSSL on Windows platform

[Scott Thomas]

ime.h" "tmp32\o_time.h"
Copying: ./crypto/o_time.h to tmp32/o_time.h
perl util/copy.pl ".\crypto\o_str.h" "tmp32\o_str.h"
Copying: ./crypto/o_str.h to tmp32/o_str.h
perl util/copy.pl ".\crypto\o_dir.h" "tmp32\o_dir.h"
Copying: ./crypto/o_dir.h to tmp32/o_dir.h
...
...
...
... long output
...
...
...
cl : Command line warning D9035 : option 'O' has been deprecated and will be 
removed in a future release
ebcdic.c
cl /Fotmp32\uid.obj  -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -O /Fdout32 
-DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO
_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl -c .\crypto\uid.c
Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 15.00.30729.01 for 80x86
Copyright (C) Microsoft Corporation.  All rights reserved.

cl : Command line warning D9035 : option 'O' has been deprecated and will be 
removed in a future release
uid.c
cl /Fotmp32\o_time.obj  -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -O /Fdout32 
-DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL
_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl -c .\crypto\o_time.c
Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 15.00.30729.01 for 80x86
Copyright (C) Microsoft Corporation.  All rights reserved.

cl : Command line warning D9035 : option 'O' has been deprecated and will be 
removed in a future release
o_time.c
cl /Fotmp32\o_str.obj  -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 -O /Fdout32 
-DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_
NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl -c .\crypto\o_str.c
Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 15.00.30729.01 for 80x86
Copyright (C) Microsoft Corporation.  All rights reserved.

cl : Command line warning D9035 : option 'O' has been deprecated and will be 
removed in a future release
o_str.c
.\crypto\o_str.c(66) : fatal error C1083: Cannot open include file: 
'strings.h': No such file or directory
NMAKE : fatal error U1077: '"C:\Program Files\Microsoft Visual Studio 
9.0\VC\BIN\cl.EXE"' : return code '0x2'
Stop.
Please help me to get fips enabled libeay32.dll


Scott Thomas

Re: Encumbered EC crypto algorithms in openssl?

[Scott Doty]

On 08/16/2013 08:02 PM, Michael Sierchio wrote:
>
> On Fri, Aug 16, 2013 at 10:40 PM, Nico Williams  <mailto:n...@cryptonector.com>> wrote:
>
> If only we could agree to use DJB's Curve25519...
>
>
> +1 
>

That's actually a handy reference, for in looking at Curve25519, I came
across...

http://cr.yp.to/ecdh/patents.html

It helps. :)

Should I have brought this up with the developers, instead?

-- 
 -Scott Doty
 Co-founder, Co-owner, CTO: Sonic.net, Inc.
 

Encumbered EC crypto algorithms in openssl?

[Scott Doty]

Hello,

As you may or may not know, Red Hat has vetoed use of ECC in openssl in
their stock Fedora.  The bug regarding this is here:

   https://bugzilla.redhat.com/show_bug.cgi?id=319901
<https://bugzilla.redhat.com/show_bug.cgi?id=319901>

In a nutshell:  Red Hat is so afraid of patent trolls, they don't want
to enable ECC -- or even discuss the IP issues publically.  (And who can
blame them?  Legislative relief is definitely needed here -- so far, it
hasn't been enough.  But I digress...)

I see some references to standards in the sources for crypto/ec*, such
as ANSI X9.62 and IEEE 1363.  However, I'm not sure that that list is
inclusive -- and I certainly wouldn't be able to recognize whose
algorithm was being used by inspecting C code.  So I'm hoping for some
help with this, to allay Red Hat's fears of patent trolls.

Toward this goal, there is an informational RFC 6090 that outlines how
to implement ECC without patent encumbrance.  I'm wondering if we can
safely say that openssl's ECC is implemented in a way compatible with
RFC 6090 -- or at least, in a way that enabling it on Red Hat software
wouldn't open them up to a patent troll flawsuit?

   http://www.rfc-editor.org/rfc/rfc6090.txt

I checked the FAQ, and it does reference the README regarding patents. 
However, it doesn't specifically mention ECC, and that would seem to be
the sticking point with Red Hat.

With more and more software systems requiring ECC to operate, "I See A
Great Need" in getting this resolved.  Thank you for any information you
can provide.  Also, if this belongs on the dev list, my apologies for
coming here first.

-- 
 -Scott Doty
 Co-founder, Co-owner, CTO: Sonic.net, Inc.
 

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: RFC in OpenSSL

[Scott Deboy]

There is currently support for generic TLS extensions, and I am working on a 
contribution which would add support for generic Supplemental Data.  The two 
combined would allow an application to support RFC 5878.

Scott

On Jul 24, 2013, at 12:57 AM, Lionel Estrade  
wrote:

> Hello,
>  
>   I am looking for a SSL/TLS stack for a project based on CVP2 and I need to 
> know if the following RFCs (which are required by CVP2) are fully/partially 
> implemented in OpenSSL.
> RFC 4680 - TLS Handshake Messages for Supplemental Data
> RFC 5878 - TLS Authorization Extensions
> RFC  - Authentication Credential Exchange Using TLS Supplemental Data
> 
> The last one is still a draft, but perhaps have you foreseen to implement it 
> in a near future.
> 
>   Regards,
> 
> Lionel
> 
>  
> *** DISCLAIMER ***
> This message, including attachments, is intended solely for the addressee 
> indicated in this message and is strictly confidential or otherwise 
> privileged. If you are not the intended recipient (or responsible for 
> delivery of the message to such person) : - (1) please immediately (i) notify 
> the sender by reply email and (ii) delete this message and attachments, - (2) 
> any use, copy or dissemination of this transmission is strictly prohibited. 
> If you or your employer does not consent to Internet email messages of this 
> kind, please advise Myriad Group AG by reply e-mail immediately. Opinions, 
> conclusions and other information expressed in this message are not given or 
> endorsed by Myriad Group AG unless otherwise indicated by an authorized 
> representative independent of this message.
> 

getting SSL_R_NO_SHARED_CIPHER error...

[Scott Herscher]

Hello all.  I'm very confused by the following problem.

I have some server code that used blocking sockets and OpenSSL.  All worked 
well.  Then I converted the server code to use non blocking sockets.  I then 
reimplemented the OpenSSL layer to use the non blocking sockets and memory bio. 
 It uses the transparent handshaking that OpenSSL can do, so in the 
non-blocking case I never call SSL_connect or SSL_accept.  I just set things up 
by calling either SSL_set_connect_state() or SSL_set_accept_state().

The non blocking client side seems to work fine.  But the server side code will 
not get beyond the initial handshake from a client.

OpenSSL always returns SSL_R_NO_SHARED_CIPHER from SSL_read.  I turned on 
CIPHER_DEBUG in the OpenSSL source and what I found was the following:

Blocking Socket Code output (works )

...
rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0
1:[0001:0001:0101:0085]0x1003a9698:AES256-SHA
...

( This is where the server successfully picks a cipher)

Non Blocking Socket Code 


rt=0 rte=0 dht=0 ecdht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0
0:[0001:0001:0100:0084]0x1003cacb8:AES256-SHA



I built the self signed certificate in exactly the same way in both cases, so 
I'm not sure at all why it's failing and what the difference is in these 
debugging statements.

I'm no OpenSSL expert, so if anyone has any idea what I'm doing wrong in the 
non-blocking case, I'd be very happy to hear about it.

Thanks,

Scott__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: Help with openssl FIPS on AIX

[Brewster, Scott]

The results from the openssl-fips step:

[root@pdclab01] /usr/local/ssl/fips-1.0/bin # ./openssl version
OpenSSL FIPS Object Module v1.2

Good so far.  The results from

Config fips
Make
Make install 

On openssl 0.9.8w:

[root@pdclab01] /usr/local/ssl/fips/bin # ./openssl version
exec(): 0509-036 Cannot load program ./openssl because of the following
errors:
0509-022 Cannot load module
/usr/local/ssl/fips/lib/libcrypto.so.
0509-150   Dependent module libgcc_s.a(shr.o) could not be
loaded.
0509-022 Cannot load module libgcc_s.a(shr.o).
0509-026 System error: A file or directory in the path name does
not exist.
0509-022 Cannot load module openssl.
0509-150   Dependent module /usr/local/ssl/fips/lib/libcrypto.so
could not be loaded.
0509-022 Cannot load module .


The system is AIX 6.1.5 SP1 using gcc 4.4.5. 

-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson
Sent: Wednesday, May 30, 2012 8:13 AM
To: openssl-users@openssl.org
Subject: Re: Help with openssl FIPS on AIX

On Wed, May 30, 2012, Brewster, Scott wrote:

> 
> I am not sure how I should interpret this - do I expand the 0.9.8w tar

> file into the same directory as were I did the openssl-fips?  Do I 
> just expand 0.9.8w.tar into its own directory and proceed with the 
> config fips, make and make install steps (this is  what I have tried 
> previously.  It results in errors when attempting to run openssl to 
> get its version)?
> 

The latter: you extract 0.9.8w into a separate directory and do:

./config fips

instead of:

./config 

OpenSSL should then pick up and use the validated module you installed
before to generate a so called "FIPS capable OpenSSL" that is a version
of OpenSSL that makes use of the validated module.

If you get errors please give details of what they are.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: Help with openssl FIPS on AIX

[Brewster, Scott]

I have compiled the openssl-fips module, all is good so far.  I am
getting ready to attempt the openssl 0.9.8w portion again.  With that in
mind, what is your take on the below:

At this point a full OpenSSL library has been installed. However, the
special distribution required
to generate the validated FIPS Object Module does not correspond exactly
to any official OpenSSL
releases. Once the validated FIPS Object Module has been generated the
other OpenSSL
components can be replaced with components from a different OpenSSL
distributions. Any 0.9.8
releases from j onwards (i.e. 0.9.8j or above) can be used for this
purpose. OpenSSL 1.0 is not
compatible.


I am not sure how I should interpret this - do I expand the 0.9.8w tar
file into the same directory as were I did the openssl-fips?  Do I just
expand 0.9.8w.tar into its own directory and proceed with the config
fips, make and make install steps (this is  what I have tried
previously.  It results in errors when attempting to run openssl to get
its version)?

-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson
Sent: Friday, May 25, 2012 3:53 PM
To: openssl-users@openssl.org
Subject: Re: Help with openssl FIPS on AIX

On Fri, May 25, 2012, Brewster, Scott wrote:

> We have openssl-fips installed on 1 system.  I have been asked to 
> update it to openssl 0.9.8w.  The person who did this previously is no

> longer available, so I cant ask him what he did...
> 
>  
> 
> I have downloaded, compiled and installed openssl-fips withtout issue:
> 
>  
> 
> [root@pdclab-aix-01] /usr/local/ssl/fips-1.0/bin # ./openssl version
> 
> OpenSSL FIPS Object Module v1.2
> 
>  
> 
> So far so good.
> 
>  
> 
> When I attempt to compile openssl 0.9.8w, it appears to go without 
> issue and installs.
> 
>  
> 
> ./config
> 

Use:

./config fips

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Help with openssl FIPS on AIX

[Brewster, Scott]

We have openssl-fips installed on 1 system.  I have been asked to update
it to openssl 0.9.8w.  The person who did this previously is no longer
available, so I cant ask him what he did...

 

I have downloaded, compiled and installed openssl-fips withtout issue:

 

[root@pdclab-aix-01] /usr/local/ssl/fips-1.0/bin # ./openssl version

OpenSSL FIPS Object Module v1.2

 

So far so good.

 

When I attempt to compile openssl 0.9.8w, it appears to go without issue
and installs.

 

./config

make

make install

 

A version check shows:

 

[root@pdclab-aix-01] /usr/local/ssl/bin # ./openssl version

OpenSSL 0.9.8w 23 Apr 2012

 

 

When I look at the existing production box, however, it shows this:

 

--> openssl version

OpenSSL 0.9.8k-fips 25 Mar 2009

 

Specifically it has the "-fips" mentioned along with the version.  I
don't see the same for the 0.9.8w version.  I am obviously missing
something or doing something wrong, but not sure what.

I have looked at the openssl fips user guide as well as searched via
google, but haven't had much luck in getting this figured out.  If
someone could point me in the right direction or point to a pre-compiled
package for AIX (either rpm or install format) that is version
0.9.8w-fips, it would be greatly appreciated.

 

The AIX version is 6100-05-01 on both my test box and production box.

RE: openssl and SHA256

[Scott Wilson]

Excellent, thanks.  Do you know how many versions back SHA256 is supported?  
The reason I ask is that I've got an older version running on a Ubuntu VM 
(OpenSSL 0.9.8o 01 Jun 2010), and I tried to generate a CA cert using SHA256 
but it signed with SHA1.  Here's the command I used in the script: default_md = 
sha256.  Anyway, I'm just wondering which version began supporting SHA256 or 
what's wrong with my command such that it signs with SHA1?  Thanks again!
 

> Subject: Re: openssl and SHA256
> From: w...@omnigroup.com
> Date: Wed, 18 Jan 2012 12:03:38 -0800
> To: openssl-users@openssl.org
> 
> 
> On Jan 18, 2012, at 11:47 AM, Scott Wilson wrote:
> > Does openssl support SHA256?
> 
> Yes, it does. I'm not sure why it doesn't show up in the output of 
> "list-message-digest-commands" or the usage message, but "openssl sha256" 
> will compute a SHA256 digest, and "openssl dgst --help" lists it.
> 
> 
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majord...@openssl.org
  

openssl and SHA256

[Scott Wilson]

Does openssl support SHA256?
 
Current version: OpenSSL 1.0.0e 6 Sep 2011
 
This would indicate that it does not:
root@ubuntu:/# openssl list-message-digest-commands
md4
md5
rmd160
sha
sha1

This document (http://www.openssl.org/docs/apps/openssl.html) however lists it 
as a 
MESSAGE DIGEST COMMAND
sha256 

SHA-256 Digest 
 
If SHA256 is supported, how do I get it to work?  Thanks!!
  

Cross-process session cache

[Scott Gifford]

Hello,

I'm working with a fairly straightforward SSL server, which forks to run
every connection in its own process.  I'm looking to add session caching to
help with performance.  Because each connection is in its own process, I
can't use OpenSSL's builtin session caching.

I don't really see a standard library in wide use for cross-process session
caching.  The advice I have come across is to take a look at the code from
Apache, and see what can be used from that.

Is there some fairly easy-to-adapt library code that anybody has used?
 Or is looking around at other implementations of a session cache still the
best route?

Any advice is appreciated,

Scott.

Re: starting point for learning to use OpenSSL

[Scott Gifford]

You can find Eric Rescorla's SSL examples here:

http://www.rtfm.com/openssl-examples/


He mentions his book on that page as well, which I found very useful for
understanding how SSL works.

-Scott.

On Mon, Oct 10, 2011 at 12:48 AM, Mithun Kumar wrote:

> thanks John,
>
> can you please send me the link?
>
> -mithun
>
>
>
>
>
> On Sun, Oct 9, 2011 at 9:23 AM, John Zavgren  wrote:
>
>> I found that the examples that Eric rescorla wrote to be very helpful.
>>
>>
>> Sent from my iPad
>>
>> On Oct 8, 2011, at 9:58 PM, Jeremy Farrell 
>> wrote:
>>
>>  *From:* Mithun Kumar
>> *Sent:* Friday, October 07, 2011 5:54 PM
>>
>>  Hello All,
>>
>> I want to use OpenSSL for the application that i am writing. Could someone
>> direct me what is the best starting point. I tried Google but failed to find
>> any examples.
>>
>> PS: I hope i am posting on the right forum.
>>
>> -Thanks
>>  mithun
>>
>>
>>  <http://shop.oreilly.com/product/9780596002701.do>
>> http://shop.oreilly.com/product/9780596002701.do
>>
>>
>

Interoperability testing and debugging

[Scott Gifford]

Hello,

I've been troubleshooting a few problems with
ucspi-ssl<http://www.superscript.com/ucspi-ssl/index.html>
interoperating
with particular SSL implementations.  I am not encountering bugs in openssl
itself, but rather bugs in the implementation of the client or server.

I was wondering if there is any standard way to do interoperability testing
with SSL clients and servers, to be as confident as possible that it will
work with as many other systems as possible?  For example, is there a widely
used test suite or "torture-test" program that will flush out most common
bugs?  Or do people mostly rely on manual testing and beta testers to help
identify interoperability problems?

Also, is there any sort of standard debugging/logging facility when testing
a program that uses openssl, that would log calls into and returns from the
OpenSSL library?  Something like the "-debug" flag to "openssl s_client"
does?  I am finding myself putting tons of little logging messages into the
client while investigating these problems, and am wondering if I am missing
an easier way.  In particular, it would be nice to have a trace that would
be well-understood on the mailing list, and would make it clear what the
program was doing without having to get into the source code.

Thanks for any tips!

-Scott.

Remote server doesn't seem to respond to SSL_shutdown

[Scott Gifford]

Hello,

I'm debugging a problem with
ucspi-ssl<http://www.superscript.com/ucspi-ssl/index.html>,
an open-source SSL client and server wrapper.  For the most part everything
works great, but I am seeing strange shutdown behavior when using the client
wrapper to connect to one particular server.

The client wrapper uses blocking socket BIOs in a select(2) loop.

When it is time to cleanly close the connection, it calls SSL_shutdown(),
then returns to its select loop to wait for a response indicating that the
server has completed its end of the shutdown.  When the server has completed
the shutdown, it expects select to return with a readable socket, then calls
SSL_read expecting it to return with SSL_ERROR_ZERO_RETURN.  Next it calls
SSL_shutdown() again to get the final status, then considers the connection
closed and exits.

That works nearly all the time.  However, with this one particular server,
after calling SSL_shutdown() the call to select(2) never returns.  When I
watch the program under strace(1), I can see the client sending some
encrypted traffic to the server, and the server never sends a response.

openssl s_client doesn't seem to exhibit this behavior; it looks like it
calls SSL_shutdown() once, then closes the socket.  Eric Rescorla's sclient
OpenSSL example exhibits the same problem shutting down this SSL connection
however.

At the risk of annoying a mail server admin somewhere in the UK, I'll
mention that the server in question is an SMTPS server at
fl2494.globix.forlinux.co.uk, and appears to be running EXIM.  Some quick
tests indicate it might actually be all EXIM SMTPS servers.

Given all this, I have two questions.  First, is there something different I
should be doing here to shut down the SSL connection? Second, is this pretty
normal behavior in the wild, and do most SSL clients simply call
SSL_shutdown() once and then close the socket to avoid hanging when this
happens?

Thanks for any advice!

-Scott.

SSL_ERROR_SSL

[Scott Gifford]

Hello,

I'm debugging a problem with
ucspi-ssl<http://www.superscript.com/ucspi-ssl/index.html>,
an open-source SSL client and server wrapper.  The client wrapper seems to
run into an infinite loop sometimes when the server abruptly closes the
socket without shutting down SSL properly.

The problem seems to be the handling of SSL_ERROR_SSL.  The code currently
handles SSL_ERROR_SSL by checking the system errno, and returning to its I/O
loop (select(2)/SSL_read/SSL_write) if it is EAGAIN, EINTR, or 0.  In this
case, errno is 0, so it keeps trying again indefinitely.

Ending the program immediately without returning to the I/O loop seems to
fix this problem.  However, I am not sure if this could cause problems in
other cases.

What I am wondering is: Does the system errno necessarily have any meaning
after SSL_ERROR_SSL?  And does it ever make sense to return to the I/O loop
after this error?  Or does it always indicate that things are too far gone
to recover from?

Thanks!

-Scott.

RE: REMOVE my address from your mailing list, please

[Scott Neugroschl]

unsubscribe here:  http://www.openssl.org/support/community.html
 



From: owner-openssl-us...@openssl.org on behalf of Anh Pham
Sent: Wed 9/7/2011 3:23 AM
To: openssl-users@openssl.org
Subject: REMOVE my address from your mailing list, please


Remove my address from the mailing list, please 

RSA-OAEP with SHA-2?

[Cantor, Scott E.]

It appears that the padding functions for RSA PKCS1v2 assume SHA-1 as the
digest algorithm. Are there any plans to extend that, or is it the case
that the use of SHA-1 in this context doesn't cause concerns that other
usage does?

-- Scott

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Extended\Enhanced Key usage in Sub CA Certificates

[Scott Thomas]

Bonjour,  
I had made a test 5 level CA and  doing Microsoft smart card logon from the end 
tier CA, i had a BIG BIG  problem that my Sub CAs did not have smart card logon 
extension in EKU,  so my end entity certificates were unable to  do SC logon. 
The error was that the client certificate & chain  certificates are not valid 
for intended usage. Actually the SC logon  extension was missing in all upper 
layer Sub ca certs. I diagnosed it  after a long time and included the desired 
extension  in all my subCA certs. Actually microsoft deals it like a constraint 
if  an extension is not present. 

As there are a lot of  extensions and thinking about the evolution, many 
extensions will be  created n used in future, so if i add a particular set of 
extension in  my sub ca certs then in future then i would set a constraint  on 
my PKI solution and i would not be able to use these new extensions  in end 
entity.


Is it the best solution to remove EKU in all my sub ca certs to avoid 
constraints ?


Waiting for Reply
Regards
Scott


  

Custom Attributes in the Subject of X.509 Certificate

[Scott Thomas]

Bonjour All, 

First i explain the scenarion. My domain name is lets say idtech.com. Under it 
i 
have created an ou=certificate users. Users are created under this OU.
So my FQDN of a user is CN=scott,OU=Certificate Users,DC=idtech,DC=com. Same 
FQDN is in the subject of the user certificate & SC logon is working fine.

If i want to add some custom attributes in the Subject of X.509 certificate , 
lets say NIC=148795-89759 & EmpNo=AQ5116494.
then my Subject can become :
CN=scott,NIC=148795-89759,EmpNo=AQ5116494,OU=Certificate Users,DC=idtech,DC=com

Is it possible in OpenSSL ?

Regards
Scott Thomas


  

Source level debug config for 1.0.0a?

[Scott Cherf]

Hello -

I'm trying to compile with source level debugging enabled using the 1.0.0a 
distribution and I'm not having any luck at all.  I would appreciate a clue if 
there is one.
Note that I'm attempting to build a fat binary for the i386 and x86_64 
architectures under Xcode control using the following commands:

x86_64 build:

./Configure debug-darwin-x86_64-cc --prefix=/opt/local
make clean
make build_libs
mv *.a build-x86_64

i386 build:

./Configure debug-darwin-i386-cc --prefix=/opt/local
make clean
make build_libs
mv *.a build-i386

Link fat binaries:

#!/usr/bin/perl

use Cwd;

{

@parts = split ('/', $ENV{'SRCROOT'});
pop (@parts);

$srcDir = join ('/', @parts);

chdir ($srcDir);

# merge the architecture libraries and create a fat binary.

foreach my $lib ('libssl.a', 'libcrypto.a') {
  `lipo -create -output \"$srcDir/$lib\" \"$srcDir/build-x86_64/$lib\" 
\"$srcDir/build-i386/$lib\"`;
  `ranlib \"$srcDir/$lib\"`;
}
}

I have modified the debug-darwin-x86_64-cc target as follows:

"debug-darwin-x86_64-cc","cc:-arch x86_64 -O0 -g3 -DL_ENDIAN -DMD32_REG_T=int 
-Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG 
RC4_CHAR RC4_CHUNK DES_INT 
DES_UNROLL:${x86_64_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch 
x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",

The debug-darwin-i386-cc target is (as I recall) unchanged and looks like this:

"debug-darwin-i386-cc","cc:-arch i386 -O0 -g3 
-DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT 
RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC 
-fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",

Using the above, I'm unable to build a version that gives me source level debug 
using gdb and I can't figure out why. Anyone?

Thanks,
Scott.

smime.p7s
Description: S/MIME cryptographic signature