RE: No OPENSSL_Applink
From: owner-openssl-us...@openssl.org On Behalf Of open...@comaxis.com Sent: Saturday, June 07, 2014 09:35 I am attempting to use the d2i_PKCS12_fp() API call in a Windows DLL compiled with the multi-threaded (/MT) runtime library. On this call I get the runtime error OPENSSL_Uplink(03CE1000,08): no OPENSSL_Applink. From discussions I have seen about this error, I thought I could fix it by adding applink.c to my project, and calling CRYPTO_malloc_init(). However this has no effect. Is use of /MT causing this? It will be difficult to change that, due to other components of the project. I have applink.c (and OpenSSL_Applink) only works in an EXE, not a DLL. used the HMAC and SHA256 APIs in this project with no problem. If it is just file I/O causing the problem, is there a way that I can read in the .p12 file myself, and just pass a buffer to OpenSSL in order to initialize the PKCS12 structure? Yes, uplink is for file access (and malloc_init is for memory allocation). You can: - read the file contents into memory and call d2i_PKCS12 to parse from memory (pass a temporary *copy* pointer because it gets changed, which isn't possible for an array and is wrong for a malloc/etc pointer that you need to free later) - call BIO_new_file to open the file *in OpenSSL NOT your code* and use d2i_PKCS12_bio. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Query reg multiple CA-Cert in list with same subject
Hi, I have a query for Ca-Cert list. If at gateway we have configured two CA-certs A1 and A2 both having same subject and content except time-stamp of generation. If peer sends Cert matching to A2, gateway tries to validate it with A1(subject being same and configured first in list) and validation fails. 1. is there a way to avoid addition of cert in store if subject and all contents are same except timestamp generation. 2. Or if not 1st, is there way to validate incoming cert with both cert configured in store. Thanks
Re: Query reg multiple CA-Cert in list with same subject
Bonjour, No need to include openssl-dev here. If A1 and A2 have the same subject, then they are 2 certificates for the same CA. Therefore, your gateway is right in testing A1 first. However, if your software is correctly configured, it should also test A2. That's what OpenSSL does when given a set of CA certificates. If your gateway software is a commercial software, please report this misbehaviour to the vendor. -- Erwann ABALEA Le 10/06/2014 09:08, Mukesh Yadav a écrit : Hi, I have a query for Ca-Cert list. If at gateway we have configured two CA-certs A1 and A2 both having same subject and content except time-stamp of generation. If peer sends Cert matching to A2, gateway tries to validate it with A1(subject being same and configured first in list) and validation fails. 1. is there a way to avoid addition of cert in store if subject and all contents are same except timestamp generation. 2. Or if not 1st, is there way to validate incoming cert with both cert configured in store. Thanks
Re: SSL Renogotation failure
Thanks Raheeda, So you say this is a bug in PostgeSQL and from version 9.3 and above works fine? Do you any links which speaks on this? On Wed, Jun 4, 2014 at 3:34 PM, Rahila Syed rahilasye...@gmail.com wrote: Hello, SSL renegotiation is error prone in PostgreSQL version 9.3 and below. You can either upgrade your PostgreSQL server or as a work around ,if network security is not your major concern SSL renegotiation parameter can be switched off to avoid connection lost errors due to SSL renegotiation. On Tue, Jun 3, 2014 at 5:16 PM, Mithun Kumar mithunsi...@gmail.com wrote: Hi, Currently i working on a scenario where client uses openssl for connecting to PostgreSQL server. There is a flag in Server which invokes SSL renegotiation after certain amount of data is transferred. Connection terminates as part of SSL_read() with Errno = 10054 ( (An existing connection was forcibly closed by the remote host.) Server logs shows following:- 2014-06-03 06:31:41 EDT FATAL: connection to client lost 2014-06-03 07:12:05 EDT LOG: SSL renegotiation failure 2014-06-03 07:12:05 EDT LOG: SSL failed to send renegotiation request 2014-06-03 07:12:05 EDT LOG: SSL error: unsafe legacy renegotiation disabled Any pointers? :)
OpenSSL windows build fails when no-engine no-hw options
Hi, When configure'd with no-engine and no-hw options, build of OpenSSL 1.0.1h on Windows 7 failed. Although it might not be the best solution, the attached patch solved this (for static linking) by adding or moving up some related preprocessor directives. But still leaves a problem when dynamic linking : LIBEAY32.def : error LNK2001: unresolved external symbol TS_CONF_set_crypto_device LIBEAY32.def : error LNK2001: unresolved external symbol TS_CONF_set_default_engine I tried to modify the libeay.num file for these two symbols (I added 'ENGINE' at the end of the lines 3873 and 4098), but this didn't solved this issue, proving that I still do not understand the whole build process :-( Does anyone know about this matter ? --- ccgost/gost2001.c Thu Jun 05 11:41:31 2014 +++ ccgost/gost2001.c Sun Jun 08 00:09:58 2014 @@ -6,6 +6,9 @@ * Implementation of GOST R 34.10-2001 * * Requires OpenSSL 0.9.9 for compilation* **/ + +#ifndef OPENSSL_NO_ENGINE + #include gost_lcl.h #include gost_params.h #include string.h @@ -341,3 +344,4 @@ return gost2001_compute_public(ec); } +#endif /* !OPENSSL_NO_ENGINE */ \ No newline at end of file --- ccgost/gost2001_keyx.c Thu Jun 05 11:41:31 2014 +++ ccgost/gost2001_keyx.c Sun Jun 08 00:07:01 2014 @@ -7,6 +7,9 @@ * based PKCS7/SMIME support* * Requires OpenSSL 0.9.9 for compilation* **/ + +#ifndef OPENSSL_NO_ENGINE + #include openssl/evp.h #include openssl/rand.h #include string.h @@ -18,8 +21,6 @@ #include gost_lcl.h #include gost2001_keyx.h - - /* Implementation of CryptoPro VKO 34.10-2001 algorithm */ static int VKO_compute_key(unsigned char *shared_key,size_t shared_key_size,const EC_POINT *pub_key,EC_KEY *priv_key,const unsigned char *ukm) { @@ -306,3 +307,5 @@ if (gkt) GOST_KEY_TRANSPORT_free(gkt); return ret; } + +#endif /* !OPENSSL_NO_ENGINE */ --- ccgost/gost94_keyx.c Thu Jun 05 11:41:31 2014 +++ ccgost/gost94_keyx.c Sun Jun 08 00:10:11 2014 @@ -8,6 +8,9 @@ * * * Requires OpenSSL 0.9.9 for compilation* **/ + +#ifndef OPENSSL_NO_ENGINE + #include string.h #include openssl/dh.h #include openssl/rand.h @@ -289,3 +292,4 @@ return -1; } +#endif /* !OPENSSL_NO_ENGINE */ \ No newline at end of file --- ccgost/gost_ameth.c Thu Jun 05 11:44:33 2014 +++ ccgost/gost_ameth.c Sun Jun 08 00:07:55 2014 @@ -7,6 +7,9 @@ * for OpenSSL * * Requires OpenSSL 0.9.9 for compilation* **/ + +#ifndef OPENSSL_NO_ENGINE + #include string.h #include openssl/crypto.h #include openssl/err.h @@ -943,3 +946,5 @@ } return 1; } + +#endif /* !OPENSSL_NO_ENGINE */ \ No newline at end of file --- ccgost/gost_asn1.c Thu Jun 05 11:41:31 2014 +++ ccgost/gost_asn1.c Sun Jun 08 00:08:07 2014 @@ -6,6 +6,9 @@ * ASN1 structure definition for GOST key transport * * Requires OpenSSL 0.9.9 for compilation* **/ + +#ifndef OPENSSL_NO_ENGINE + #include stdio.h #include openssl/asn1t.h #include openssl/x509.h @@ -53,3 +56,5 @@ } ASN1_NDEF_SEQUENCE_END(GOST_CLIENT_KEY_EXCHANGE_PARAMS) IMPLEMENT_ASN1_FUNCTIONS(GOST_CLIENT_KEY_EXCHANGE_PARAMS) + +#endif /* !OPENSSL_NO_ENGINE */ \ No newline at end of file --- ccgost/gost_crypt.c Thu Jun 05 11:41:31 2014 +++ ccgost/gost_crypt.c Sun Jun 08 00:08:18 2014 @@ -6,6 +6,9 @@ * OpenSSL interface to GOST 28147-89 cipher functions * * Requires OpenSSL 0.9.9 for compilation* **/ + +#ifndef OPENSSL_NO_ENGINE + #include string.h #include gost89.h #include openssl/rand.h @@ -632,3 +635,4 @@ return 1; } +#endif /* !OPENSSL_NO_ENGINE */ \ No newline at end of file --- ccgost/gost_ctl.c Thu Jun 05 11:41:31 2014 +++ ccgost/gost_ctl.c Sun Jun 08 00:08:42 2014 @@ -6,6 +6,9 @@ *Implementation of control commands for GOST engine * *OpenSSL 0.9.9 libraries required* **/ + +#ifndef OPENSSL_NO_ENGINE + #include stdlib.h #include string.h #include openssl/crypto.h @@ -87,3 +90,5 @@ return 1; } + +#endif /* !OPENSSL_NO_ENGINE */ --- ccgost/gost_eng.c Thu Jun 05 11:44:33 2014 +++ ccgost/gost_eng.c Sun Jun 08 00:08:57 2014 @@ -7,6 +7,9 @@ * for OpenSSL *
ECDSA - Signature verify
Hi, Objective in one-line: = Verify a signature, given an ECDSA public key in X509 format. Details: == I read an X509 cert stored on disk. The following are some of its contents: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) ... ASN1 OID: prime256v1 Signature Algorithm: ecdsa-with-SHA1 ... Now, I get some data that is signed by the private key corresponding to the above public key/cert and I need to verify it. Here're some pieces of my code: ... EVP_PKEY *pub_key = X509_get_pubkey(cert); //this is OK ... EVP_VerifyFinal(c, signature, signature_len, pub_key); //this fails; Why does it fail? The following are the errors from the above VerifyFinal: 140310811899840:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:150: 140310811899840:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1306: 140310811899840:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=ECDSA_SIG So, after reading this page ( http://wiki.openssl.org/index.php/Elliptic_Curve_Cryptography), I realized I need to extract the EC_POINT out of the above public key. But, I'm not sure how to do it. Assuming that that's the right approach, I want to do the following: EC_POINT *pub; if(1 != EC_KEY_set_public_key(key, pub)) handleErrors(); Can you help how I can retrieve the EC_POINT out of the public key? If this is not the correct approach at all, could you point what I need to do? Thanks a lot in advance!
[no subject]
link error building openssl 0.9.8za with FIPS module 1.2.4
In process upgrade openssl to 0.9.8za. When building with fips module 1.2.4 lib, failed with link error. The same process and fips 1.2.4 lib works with 0.9.8y. Compared the code difference with 0.9.8za and 0.9.8y, noticed BN_consttime_swap() is used in 0.9.8za crypto/ec/ec2_mult.c. perl Configure VC-WIN32 no-asm fips --with-fipslibdir=C:\openssl_build\openssl-fips-1.2.4\out32dll ms\do_ms nmake -f ms\ntdll.mak clean nmake -f ms\ntdll.mak The error I got cl /Fotmp32dll\fips_premain_dso.obj -DFINGERPRINT_PREMAIN_DSO_LOAD -Iinc32 -Itmp32dll /MD /Ox /O2 /Ob2 /W3 /WX /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_USE_APPLINK -I. /Fdout32dll -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL_NO_DYNAMIC_ENGINE -D_WINDLL -c .\fips\fips_premain.c fips_premain.c link /nologo /subsystem:console /opt:ref /out:out32dll\fips_premain_dso.exe @C:\DOCUME~1\zhangp\LOCALS~1\Temp\1\nm419.tmp Creating library out32dll\fips_premain_dso.lib and object out32dll\fips_premain_dso.exp ec2_mult.obj : error LNK2019: unresolved external symbol _BN_consttime_swap referenced in function _ec_GF2m_montgomery_point_multiply out32dll\fips_premain_dso.exe : fatal error LNK1120: 1 unresolved externals Any recommendation on solutions? Thanks, -Ping
Re: link error building openssl 0.9.8za with FIPS module 1.2.4
On Tue, Jun 10, 2014, Zhang, Ping (Unisphere) wrote: In process upgrade openssl to 0.9.8za. When building with fips module 1.2.4 lib, failed with link error. The same process and fips 1.2.4 lib works with 0.9.8y. Compared the code difference with 0.9.8za and 0.9.8y, noticed BN_consttime_swap() is used in 0.9.8za crypto/ec/ec2_mult.c. perl Configure VC-WIN32 no-asm fips --with-fipslibdir=C:\openssl_build\openssl-fips-1.2.4\out32dll ms\do_ms nmake -f ms\ntdll.mak clean nmake -f ms\ntdll.mak The error I got cl /Fotmp32dll\fips_premain_dso.obj -DFINGERPRINT_PREMAIN_DSO_LOAD -Iinc32 -Itmp32dll /MD /Ox /O2 /Ob2 /W3 /WX /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_USE_APPLINK -I. /Fdout32dll -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL_NO_DYNAMIC_ENGINE -D_WINDLL -c .\fips\fips_premain.c fips_premain.c link /nologo /subsystem:console /opt:ref /out:out32dll\fips_premain_dso.exe @C:\DOCUME~1\zhangp\LOCALS~1\Temp\1\nm419.tmp Creating library out32dll\fips_premain_dso.lib and object out32dll\fips_premain_dso.exp ec2_mult.obj : error LNK2019: unresolved external symbol _BN_consttime_swap referenced in function _ec_GF2m_montgomery_point_multiply out32dll\fips_premain_dso.exe : fatal error LNK1120: 1 unresolved externals Any recommendation on solutions? Fixed in the latest snapshots. This problem is mentioned in the release notes: https://www.openssl.org/news/openssl-0.9.8-notes.html Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: link error building openssl 0.9.8za with FIPS module 1.2.4
Thanks! Got a build with 0610's snapshot. However rebuilt openssl0.9.8za with no-ec (not rebuild fips libs), still see the same error. -DOPENSSL_NO_EC -DOPENSSL_NO_ECDSA -DOPENSSL_NO_ECDH -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Tuesday, June 10, 2014 10:54 AM To: openssl-users@openssl.org Subject: Re: link error building openssl 0.9.8za with FIPS module 1.2.4 On Tue, Jun 10, 2014, Zhang, Ping (Unisphere) wrote: In process upgrade openssl to 0.9.8za. When building with fips module 1.2.4 lib, failed with link error. The same process and fips 1.2.4 lib works with 0.9.8y. Compared the code difference with 0.9.8za and 0.9.8y, noticed BN_consttime_swap() is used in 0.9.8za crypto/ec/ec2_mult.c. perl Configure VC-WIN32 no-asm fips --with-fipslibdir=C:\openssl_build\openssl-fips-1.2.4\out32dll ms\do_ms nmake -f ms\ntdll.mak clean nmake -f ms\ntdll.mak The error I got cl /Fotmp32dll\fips_premain_dso.obj -DFINGERPRINT_PREMAIN_DSO_LOAD -Iinc32 -Itmp32dll /MD /Ox /O2 /Ob2 /W3 /WX /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_USE_APPLINK -I. /Fdout32dll -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL_NO_DYNAMIC_ENGINE -D_WINDLL -c .\fips\fips_premain.c fips_premain.c link /nologo /subsystem:console /opt:ref /out:out32dll\fips_premain_dso.exe @C:\DOCUME~1\zhangp\LOCALS~1\Temp\1\nm419.tmp Creating library out32dll\fips_premain_dso.lib and object out32dll\fips_premain_dso.exp ec2_mult.obj : error LNK2019: unresolved external symbol _BN_consttime_swap referenced in function _ec_GF2m_montgomery_point_multiply out32dll\fips_premain_dso.exe : fatal error LNK1120: 1 unresolved externals Any recommendation on solutions? Fixed in the latest snapshots. This problem is mentioned in the release notes: https://www.openssl.org/news/openssl-0.9.8-notes.html Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: ECDSA - Signature verify
remember doing something along the lines of : ecPublicKey = X509_get_pubkey(readCertificate); EC_KEY *ecKey; ecKey = EVP_PKEY_get1_EC_KEY(ecPublicKey); EC_KEY_set_asn1_flag(ecKey, Put in the curve name); ecGroup = EC_GROUP_new_by_curve_name(Put in the curve name); EC_KEY_set_group(ecKey, ecGroup); int status = ECDSA_verify(ecPublicKey-type, digest, SHA256_DIGEST_LENGTH, signatureBytes, Signaturelength, ecKey); if(status==1) //signature is valid I will let someone with more experience comment on whether it is right or wrong. On Tue, Jun 10, 2014 at 7:24 AM, Anant Rao a...@noknok.com wrote: Hi, Objective in one-line: = Verify a signature, given an ECDSA public key in X509 format. Details: == I read an X509 cert stored on disk. The following are some of its contents: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) ... ASN1 OID: prime256v1 Signature Algorithm: ecdsa-with-SHA1 ... Now, I get some data that is signed by the private key corresponding to the above public key/cert and I need to verify it. Here're some pieces of my code: ... EVP_PKEY *pub_key = X509_get_pubkey(cert); //this is OK ... EVP_VerifyFinal(c, signature, signature_len, pub_key); //this fails; Why does it fail? The following are the errors from the above VerifyFinal: 140310811899840:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:150: 140310811899840:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1306: 140310811899840:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=ECDSA_SIG So, after reading this page ( http://wiki.openssl.org/index.php/Elliptic_Curve_Cryptography), I realized I need to extract the EC_POINT out of the above public key. But, I'm not sure how to do it. Assuming that that's the right approach, I want to do the following: EC_POINT *pub; if(1 != EC_KEY_set_public_key(key, pub)) handleErrors(); Can you help how I can retrieve the EC_POINT out of the public key? If this is not the correct approach at all, could you point what I need to do? Thanks a lot in advance! -- Swair Mehta
Re: ECDSA - Signature verify
On 10 June 2014 15:24, Anant Rao a...@noknok.com wrote: Hi, Objective in one-line: = Verify a signature, given an ECDSA public key in X509 format. Details: == I read an X509 cert stored on disk. The following are some of its contents: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) ... ASN1 OID: prime256v1 Signature Algorithm: ecdsa-with-SHA1 ... Now, I get some data that is signed by the private key corresponding to the above public key/cert and I need to verify it. Here're some pieces of my code: ... EVP_PKEY *pub_key = X509_get_pubkey(cert); //this is OK ... EVP_VerifyFinal(c, signature, signature_len, pub_key); //this fails; Why does it fail? The following are the errors from the above VerifyFinal: 140310811899840:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:150: 140310811899840:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1306: 140310811899840:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=ECDSA_SIG Looks to me like the signature you are passing it is in the wrong format. Where did you get it from? So, after reading this page (http://wiki.openssl.org/index.php/Elliptic_Curve_Cryptography), I realized I need to extract the EC_POINT out of the above public key. No. There is no need to do this. You only need to worry about the low level EC stuff if you are not using the EVP interface - which you are. Matt __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Dynamically User Selection of signing algorithm.
Hi All, I am creating an android app which can perform basic email security operations like encryption, decryption, signing and verification. So far I am able to perform all 4 operations successfully. But one thing I still haven't figured out is how to specify Signing Algorithm at runtime. I mean I want to have a drop downlist from which the user can select the signing algorithm algorithm. I know how to do this in case of encryption. But for signing we are not specifying any algorithm in the PKCS7_Sign function call. So how do I mention which signing algorithm I should use while signing the mail. Thanks in advance!
Don't build apps?
I'm working with OpenSSL 1.0.1h. I'm configuring for android-x86. setenv-android.sh worked fine, and exported the following: export MACHINE=i686 export RELEASE=2.6.37 export SYSTEM=android export ARCH=x86 export CROSS_COMPILE=i686-linux-android- export ANDROID_DEV=$ANDROID_NDK_ROOT/platforms/$_ANDROID_API/$_ANDROID_ARCH/usr export HOSTCC=gcc $ echo $ANDROID_DEV /opt/android-ndk-r9/platforms/android-14/arch-x86/usr The configure looks like so: $ ./config shared -no-ssl2 -no-ssl3 -no-comp -no-hw -no-engine --openssldir=/usr/local/ssl/android-14/ However, compilation is failing because the programs are being compiled (more correctly, the missing comp.h): $ make i686-linux-android-gcc -DMONOLITH -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -mandroid -I/opt/android-ndk-r9/platforms/android-14/arch-x86/usr/include -B/opt/android-ndk-r9/platforms/android-14/arch-x86/usr/lib -O3 -fomit-frame-pointer -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c -o dhparam.o dhparam.c i686-linux-android-gcc -DMONOLITH -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -mandroid -I/opt/android-ndk-r9/platforms/android-14/arch-x86/usr/include -B/opt/android-ndk-r9/platforms/android-14/arch-x86/usr/lib -O3 -fomit-frame-pointer -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c -o enc.o enc.c enc.c:70:26: fatal error: openssl/comp.h: No such file or directory compilation terminated. make[1]: *** [enc.o] Error 1 make: *** [build_apps] Error 1 How do I stop the attempt to compile the programs? What change is made to stop building of programs during a cross-compile of, for example, Android (arm) and iOS (arm)? Thanks in advance. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Dynamically User Selection of signing algorithm.
On Wed, Jun 11, 2014 at 11:13:55AM +0530, Yash Dosi wrote: I am creating an android app which can perform basic email security operations like encryption, decryption, signing and verification. So far I am able to perform all 4 operations successfully. But one thing I still haven't figured out is how to specify Signing Algorithm at runtime. I mean I want to have a drop downlist from which the user can select the signing algorithm algorithm. I know how to do this in case of encryption. But for signing we are not specifying any algorithm in the PKCS7_Sign function call. So how do I mention which signing algorithm I should use while signing the mail. With S/MIME or CMS you specify a signing key and certificate. The algorithm is implied by the choice of key material. For example, RSA keys can't generate DSA signatures. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org