[openssl-users] building OpenSSL 1.1.0 pre release 3 in debug mode

2016-02-18 Thread Cosimo Commisso 
I'm trying to build OpenSSL 1.1.0 pre 3 release in debug mode. According to the 
INSTALL.WIN file:

"If you add --debug to the Configure lines above then debugging symbols will be 
compiled in."

perl Configure VC-WIN64A --debug no-rc4 no-idea
results in:
Configured for VC-WIN64A.

Using the 1.0.1/1.0.2 approach results in the same:

perl Configure debug-VC-WIN64A no-rc4 no-idea
Configured for VC-WIN64A.

I would expect to see:
perl Configure debug-VC-WIN64A no-rc4 no-idea
Configured for debug-VC-WIN64A.

Is building in debug mode not supported in this alpha release yet or is there 
something I'm missing?

Environment:
ActiveState Perl 5.20.1

Thanks
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] SMIME: 1.0.0e vs. 1.0.1e

2016-02-18 Thread Dr. Stephen Henson 
On Thu, Feb 18, 2016, c.hol...@ades.at wrote:

> I'd like to add the following to my thread.
> 
> - If I use option -nosigs then it is working.
> But sure its not verifying. If I change the content it is still ok
> with this option in place.
> 
> - I tried also the current 1.0.1r and get the same behaviour with 1.0.1e.
> 
> - Option -binary does not help.
> 

I'd suggest you output the content to a file in each case and compare the
two.

This really needs a complete example to debug properly.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] SMIME: 1.0.0e vs. 1.0.1e

2016-02-18 Thread c.hol...@ades.at 

I'd like to add the following to my thread.

- If I use option -nosigs then it is working.
But sure its not verifying. If I change the content it is still ok with 
this option in place.


- I tried also the current 1.0.1r and get the same behaviour with 1.0.1e.

- Option -binary does not help.

Thank!
Cheers,
chris
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Getting a compilation error on openssl 1.0.1 branch

2016-02-18 Thread Bobby Philip 
Hi,
 I am trying to compile openssl 1.0.1r for android and statically link to
my application.
I am getting a  compile error in the file
https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/crypto/evp/e_aes.c
at line 61  # include "modes_lcl.h"

This modes_lcl.h is present at
https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/crypto/modes/modes_lcl.h,
which is "parallel" to the evp folder which is trying to access this.

I would like to know what I am doing wrong, since obviously this code
should compile without any issue. I am curious to know if the use of #
include "" instead of # include <> or some other way of giving the path is
appropriate in this scenario.

Regards
B
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Valid strings to be passed to EVP_get_digestbyname()

2016-02-18 Thread Michael Wojcik 
[Top-posting because Outlook can't handle HTML email properly.]

Always state what version of OpenSSL you're using.

"sha256" is correct, if that algorithm has been added. Have you called 
OpenSSL_add_all_algorithms()?

There is no universal "list of valid strings", because OpenSSL can be built 
with various algorithms enabled or disabled, and which algorithms are available 
at runtime depends on which of those included at compilation have been added 
when initializing OpenSSL. So the most likely issue is that you haven't called 
OpenSSL_add_all_algorithms.

Michael Wojcik
Technology Specialist, Micro Focus


From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Nayna Jain
Sent: Thursday, February 18, 2016 06:41
To: openssl-users@openssl.org
Subject: [openssl-users] Valid strings to be passed to EVP_get_digestbyname()


Hi,

I am trying to use EVP APIs for generating sha256 hashes.

I think of the step is to pass the digest name to EVP_get_digestbyname() and 
get the EVP_MD* structure

However, I am not able to find the valid string to be passed for SHA256 hash 
algorithm.. I tried passing "sha256", "SHA256", it shows "unknown message 
digest"

Tried to do doc and google search, couldn't find the list of valid strings.

Can someone please help me with this ?


Thanks & Regards,
Nayna Jain


Click 
here
 to report this email as spam.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] SMIME: 1.0.0e vs. 1.0.1e

2016-02-18 Thread c.hol...@ades.at 

Hello!

I have a little problem with an update from an old 1.0.0e (vanilla 
compiled) vs.

debians (7.9, stable) 1.0.1e.

I try to verify an smime-signature
Tried with the same smime-file and with the same certificates on the 
same machine.

The certificates are fine and are ok if I verify them.


openssl smime -verify -purpose any -in "myfile.txt" -out "myfile.out"  
-CApath /etc/ssl/certs -CAfile "cert.cer"


It works fine with 1.0.0e.
Text: Verification successful
Return: 0


But I get the following with 1.0.1e.
Text: Verification failure
139728980395688:error:21071065:PKCS7 
routines:PKCS7_signatureVerify:digest failure:pk7_doit.c:1169:
139728980395688:error:21075069:PKCS7 routines:PKCS7_verify:signature 
failure:pk7_smime.c:410:

Return: 4



The myfile.txt (shortened):
--
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; 
micalg="sha1"; boundary="EEFE59145E95831000EE06DE4309E3A9"


This is an S/MIME signed message

--EEFE59145E95831000EE06DE4309E3A9
Content-Transfer-Encoding: binary
Content-Type: application/edi-consent
Content-Disposition: attachment; name="abc.xml"; filename="abc.xml"


..
..
--EEFE59145E95831000EE06DE4309E3A9
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"

MIIIawYJKoZIhvcN7nTRPWZsxevEqzakh6vKxTTE8sn5mzeU4QoEqAP1EOuATPan0VpAXtfJfBQfq/I=
...
EEFE59145E95831000EE06DE4309E3A9
-


Can anyone please help, thanks!

Best regards,
christoph




--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Valid strings to be passed to EVP_get_digestbyname()

2016-02-18 Thread Nayna Jain 

Hi,

I am trying to use EVP APIs for generating sha256 hashes.

I think of the step is to pass the digest name to EVP_get_digestbyname()
and get the EVP_MD* structure

However, I am not able to find the valid string to be passed for SHA256
hash algorithm..  I tried passing "sha256", "SHA256", it shows "unknown
message digest"

Tried to do doc and google search, couldn't find the list of valid strings.

Can someone please help me with this ?


Thanks & Regards,
Nayna Jain
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Supported cipher suites

2016-02-18 Thread krzysztof w 
Hi,

I'm looking for a DTLS solution that supports a specific set of cipher
suites. There is a listing (link below, not sure for which openssl
version?) where I found some of them, but still I did not find the
following ones:

TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256
TLS_ECDH_ANON_WITH_AES_256_CBC_SHA256
TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_SHA256
TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA256

Actually, they are on the list but without the "_SHA256" or the "256" at
the end. Any ideas?

Mentioned listing:
https://testssl.sh/openssl-rfc.mappping.html


Regards,
Krzysztof
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users