Re: [openssl-users] Compile OpenSSL for Android

2016-12-21 Thread Jeffrey Walton 
On Wed, Dec 21, 2016 at 6:16 PM, Salz, Rich  wrote:
>> checking for library containing SSL_library_init... no
>> configure: error: libfko needs ssl
>
> The application is not prepared to build against 1.1.0  That function was 
> removed, and a #define for backward compatibility is used instead.
>

Also see 
https://wiki.openssl.org/index.php/Compilation_and_Installation#Autoconf
. Its another way to address the "SSL_library_init symbol or
OPENSSL_init_ssl symbol" issue.

The missing 1.1.0 code paths will need to be added. The compiler will
tell you where most of the problems are.

Jeff
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Compile OpenSSL for Android

2016-12-21 Thread Salz, Rich 
> checking for library containing SSL_library_init... no
> configure: error: libfko needs ssl

The application is not prepared to build against 1.1.0  That function was 
removed, and a #define for backward compatibility is used instead.


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Compile OpenSSL for Android

2016-12-21 Thread Leo Goldim 
Hey all,

I finally compiled the OpenSSL for Android, the problem was with the
Setenv-android.sh scritp. After fixed it I can compile using the following
command line:

./config shared no-ssl2 no-ssl3 no-comp no-hw no-engine
--openssldir=/home/ec2-user/android-openssl/android-12
--prefix=/home/ec2-user/android-openssl/android-12

With OpenSSL 1.1.0c, if I use only --openssldir the make install mess with
my system libs. I have to use --prefix together to install in a different
path.

But, now I'm trying to compile another program, using the OpenSSL compiled
lib, and I'm getting the following message:

checking openssl/ssl.h usability... yes
checking openssl/ssl.h presence... yes
checking for openssl/ssl.h... yes
checking for library containing SSL_library_init... no
configure: error: libfko needs ssl

Is it a problem with the compiled OpenSSL lib?

Thanks

On Tue, Dec 20, 2016 at 4:09 PM, Leo Goldim  wrote:

> Hi all,
>
> I'm trying to compile OpenSSL for Android, after looking at Google I found
> this page:
>
> https://wiki.openssl.org/index.php/Android
>
> I followed step by step but when I verified my lib (readelf -h
> ./libcrypto.a | grep -i 'class\|machine' | head -2) I realized that the lib
> was created for my machine (x86_64) not Android (arm).
>
> So, I changed the configure command to:
>
> ./Configure android --openssldir=/home/ec2-user/android-openssl/android-12
>
> And I got the following error:
>
> make[2]: Entering directory `/home/ec2-user/android-
> openssl/openssl-1.1.0c'
> LD_LIBRARY_PATH=: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG
> -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC
> -DOPENSSLDIR="/home/ec2-user/android-openssl/android-12"
> -DENGINESDIR="/usr/local/lib/engines-1.1" -Wall -O3 -pthread -mandroid
> -fPIC --sysroot= -Wa,--noexecstack -fPIC -DOPENSSL_USE_NODELETE
> -Wl,-znodelete -shared -Wl,-Bsymbolic -Wl,-soname=libcrypto.so.1.1 -o
> ./libcrypto.so.1.1 -Wl,--whole-archive,--version-script=crypto.map
> ./libcrypto.a -Wl,--no-whole-archive -ldl
> /usr/bin/ld: cannot find crtbegin_so.o: No such file or directory
> collect2: error: ld returned 1 exit status
> make[2]: *** [link_shlib.linux-shared] Error 1
> make[2]: Leaving directory `/home/ec2-user/android-openssl/openssl-1.1.0c'
> make[1]: *** [libcrypto.so] Error 2
> make[1]: Leaving directory `/home/ec2-user/android-openssl/openssl-1.1.0c'
> make: *** [all] Error 2
>
> Someone already compiled the OpenSSL version 1.1.0c for Android and can
> help me?
>
> Thanks
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] big endian vs little endian

2016-12-21 Thread Sam Horwitz 
Yes. Thanks you it works. My stupid.

-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Salz, Rich
Sent: Tuesday, December 20, 2016 12:16 PM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] big endian vs little endian

> I am obviosly a newbie and missing something. How then do I encrypt 
> the file on one machine (little endian), transmit it to another 
> machine (big endian) and decrypt it there?

Did you try it?
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] stronger Kex

2016-12-21 Thread mlrx 
Hello,

I have two servers for testing purpose :
- debian 6, apache 2.2,   openssl 1.0.1t  (mutu)
- centos 7, apache 2.4.6, openssl 1.0.1e-fips (dedicated)

Now, these 2 serveurs offers only those ciphers :
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)

I have two goals. First, I would like to use at least secp384r1
and second (no problem), use an ECC certificate.

Is it possible to do it with CHACHA20-POLY1305 ?
Is it possible to use this cipher on those servers ?

openssl ciphers -V CHACHA20 return an error on each server.
I understand it's because there is no chacha20 cipher (?).

Why can I connect a server by SSH with chacha20-poly1...@openssh.com
and not using it with Apache ?

All advices are welcome :-).

Best regards,
-- 
benoist
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users