9GB libcrypto.a in openssl-1.0.1c

After a build of openssl-1.0.1c on Solaris 10 with the Sun Studio 12 compilers I was very surprised to see this : # ls -l libcrypto.a -rw-r--r-- 1 root root 9908820968 Jul 17 19:47 libcrypto.a This is a small machine in any case and 9G vanishing into a single archive seems very

Re: 9GB libcrypto.a in openssl-1.0.1c

- Original Message - From: Zack Weinberg zack.weinb...@sv.cmu.edu Date: Sunday, July 29, 2012 4:05 pm Subject: Re: 9GB libcrypto.a in openssl-1.0.1c To: openssl-users@openssl.org On Sun, Jul 29, 2012 at 11:00 AM, Dennis Clarke dcla...@blastwave.org wrote: After a build

Solaris 10 config confused : Makefile:17: *** mixed implicit and normal rules. Stop.

I don't know what this is saying. I want to build openssl as 64-bit only on a Niagara T2 with fairly specific CFLAGS which specifiy memory cache options and other flags that work great for everything from autoconf to zlib .. but not openssl. What is my confusion here please ? $ ./Configure

openssl 1.0.1e throws SIGILL on Solaris 10 sparc64

] NULL 0 node002 $ There seems to be some history on this also : http://rt.openssl.org/Ticket/Display.html?id=2553user=guestpass=guest Would be nice to track this down as it is very consistent and stops any attempts to debug code. Dennis Clarke

new strange behavior in Apache with OpenSSL 1.0.1e

I upgraded my Apache and OpenSSL bits in /usr/local to 2.4.4 and 1.0.1e and then ran in test mode for about a week. All seems well enough. I then made a big tarball and moved the entire pile from /usr/local over to another Solaris server. In fact, a zone on the same server. It starts up

where does one file a bug report ?

Is there a bugzilla site or similar for openssl ? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager

Re: openssl with fips for Solaris 10 SPARC architecture

On 10/28/13, Abdul Anshad wrote: Hello all, Could anyone please explain me the whole process for building FIPS capable openssl on solaris 10 SPARC architecture ? Have you checked the user guide at http://www.openssl.org/docs/fips/ ? Dennis

[openssl-users] OpenSSL 1.0.2h reports speed test results as 0 secs and Infk ops/sec

/10/20 Is this a known bug on older slower hardware ? Dennis Clarke -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL 1.0.2h reports speed test results as 0 secs and Infk ops/sec

On 09/11/2016 03:44 PM, Jeff Wieland wrote: I see the same thing on Sun Blade 150 (650Mhz), with OpenSSL 1.0.2h compiled with Studio 12.2 -- and with a Sun Fire V100 (550Mhz). It works correctly on a Sun Fire V240 (1.5Ghz), a Sun Ultra 10 (440Mhz), a Sun Fire T1000, and Sun Enterprise M3000. I

Re: [openssl-users] OpenSSL 1.0.2h reports speed test results as 0 secs and Infk ops/sec

I do build with the no-asm option, and I'm seeing the problem. I'm suspicious that somehow the compiler optimization is generating code that doesn't work quite right on the UltraSPARC 2e. I have seen this a few times now so I also felt, hrmmm, something not quite right happening on these

Re: [openssl-users] OpenSSL 1.0.2h reports speed test results as 0 secs and Infk ops/sec

Have you tried running Oracle's builds of OpenSSL? They do the same thing on the UltraSPARC 2e: This is officially a bug. I'll file it and start looking into this one. Very odd. I will try this on a few other RISC architectures and see what I see. Starting with Power6. Dennis --

Re: [openssl-users] OpenSSL version 1.0.2l published

'config' recognise 64-bit mingw and choose 'mingw64' as the target platform rather than 'mingw'. [Richard Levitte] . . . Dennis Clarke -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL version 1.0.2l published

you are the first person to raise this issue that I can recall in over 20 years. I'll just go back to my server cave then. dc -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL version 1.0.2l published

d concepts because we have the internet at our fingertips and the real data is out there .. somewhere. Go find it. Dennis Clarke [1] out of the box? sorry, my age is showing. Perhaps "git pull" ? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL version 1.0.2l published

On 06/02/2017 10:36 AM, Salz, Rich via openssl-users wrote: Dennis, Feel free to not read any documentation you find superfluous :) I'll simply leave this here as an example of truely fine CHANGES docs : https://lists.freedesktop.org/archives/xorg/2017-June/058761.html Dennis Clarke ps

Re: [openssl-users] OpenSSL version 1.0.2l published

They are easily obtainable even if you do not have git. The list for 1.0.2l is here: https://github.com/openssl/openssl/commits/OpenSSL_1_0_2l ( point missed ) The issue is that the CHANGES file simply isn't. The most recent for 1.0.2l being truely spartan. If this were vim or perhaps nano

Re: [openssl-users] OpenSSL version 1.0.2l published

On 06/01/2017 06:42 AM, Matt Caswell wrote: On 25/05/17 15:29, Dennis Clarke wrote: So this is exclusively a change to support mingw64 ? Sorry, I missed this email somehow. This release rolls up numerous bug fixes that have been implemented since the last release. We only put particularly

Re: [openssl-users] OpenSSL version 1.0.2l published

On 06/01/2017 09:53 AM, Salz, Rich via openssl-users wrote: So the CHANGES file isn't really "changes". The full list of everything that has changed can be found via git logs. As Matt said, we only put particularly significant items in the CHANGES file. Why? Why isn't the

[openssl-users] openssl-1.1.1-pre6 requires -lrt for final link on Solaris 10 for clock_gettime

Minor issue with link here on Solaris 10 sparc : . . . ld: warning: relocation warning: R_SPARC_COPY: file ./libcrypto.so: symbol PBE2PARAM_it: relocation bound to a symbol with STV_PROTECTED visibility ld: warning: relocation warning: R_SPARC_COPY: file ./libcrypto.so: symbol

[openssl-users] openssl-1.1.1-pre6 throws plenty of "Warning: -xarch=v9 is deprecated, use -m64 -xarch=sparc instead"

On Solaris 10 sparc with Oracle Studio 12.6 this is perhaps merely an annoyance. If I entirely leave Configurations/10-main.conf untouched and go with the cflags suggested then I get warnings on every compile : . . . cc -I. -Icrypto/include -Iinclude -KPIC -xarch=v9 -xstrconst -Xa -xO5

Re: [openssl-users] Double TLS 1.3 session ticket?

On 06/20/2018 08:46 PM, Salz, Rich via openssl-users wrote: Thanks, it does not happen with mozzilla implementation (tls13.crypto.mozilla.org), is this openssl specific or part of the specification? The specification allows a server to send one or more tickets, at its

Re: [openssl-users] Call for testing TLS 1.3

On 30/04/18 03:48 PM, Salz, Rich via openssl-users wrote: I think that makes a very strong argument that TLS 1.3 should be enabled by default if it all possible. Question would be "why would it not be?" dc -- openssl-users mailing list To unsubscribe:

Re: [openssl-users] Call for testing TLS 1.3

On 30/04/18 05:41 PM, Matt Caswell wrote: On 30/04/18 21:55, Dennis Clarke wrote: On 30/04/18 03:48 PM, Salz, Rich via openssl-users wrote:   I think that makes a very strong argument that TLS 1.3 should be enabled by default if it all possible. Question would be "why

Re: [openssl-users] Call for testing TLS 1.3

Yes, by default only 3 are anbled, but there are also 2 other supported included in ALL. I must have done something wrong here as I see these 3 only : n0$ LD_LIBRARY_PATH=`pwd`/openssl-1.1.1-pre5_SunOS5.10_sparc64vii+.001 \ > openssl-1.1.1-pre5_SunOS5.10_sparc64vii+.001/apps/openssl \ >

Re: [openssl-users] Call for testing TLS 1.3

On 29/04/18 06:43 AM, Kurt Roeckx wrote: The upcomming OpenSSL 1.1.1 release will have TLS 1.3 support. TLS 1.3 brings a lot of changes that might cause incompatibility. For an overview see https://wiki.openssl.org/index.php/TLS1.3 Looking at

Re: [openssl-users] Call for testing TLS 1.3

On 30/04/18 03:01 PM, Salz, Rich via openssl-users wrote: Sorry, typo. We've had hundreds of millions of connections, with megabytes of data exchanged." The issue is most likely that no one "in the wild" has done any testing of significance. I can certainly see tls1.2 exchange but there

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

On 20/02/18 01:36 PM, Norm Green wrote: Hi Dennis, You're right, I did modify the config file... I have managed to get to the link stage here and ran into some odd syntax issue. Have to dig around and see what LDCMD was intended to be. ${LDCMD:-/opt/developerstudio12.6/bin/cc}

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

On 20/02/18 12:47 PM, Norm Green wrote: On 2/20/2018 5:43 AM, Michael Wojcik wrote: Not by default. The comments in /usr/include/sys/feature_tests.h (on a Solaris system) explain this in excruciating detail, but in short you need either -DPOSIX_C_SOURCE=200112L or -D_XOPEN_SOURCE=600 (or the

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

On 20/02/18 01:50 PM, Dennis Clarke wrote: On 20/02/18 01:36 PM, Norm Green wrote: Making progress here ... /opt/developerstudio12.6/bin/c99 -I. -Icrypto/include -Iinclude -errfmt=error -erroff=%none -errshort=full -xstrconst -xildoff -m64 -xmemalign=8s -xnolibmil -Xc -xcode=pic32 -xregs

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

On 20/02/18 02:06 PM, Erik Forsberg wrote: -- Original Message -- On 20/02/18 12:47 PM, Norm Green wrote: On 2/20/2018 5:43 AM, Michael Wojcik wrote: <... snippage ...> I also tried building with c99 instead of cc, without success. I build my Solaris OpenSSL binaries using studo

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

On 20/02/18 01:11 PM, Norm Green wrote: Just download and build v1.1.1 pre alpha 1 on Solaris.  It's on ftp.openssl.org.  That's all I did.  Configure using solaris64-sparcv9-cc .  I'm using Solaris studio 12.3. Did you modify the Configure file ? Last time I looked the CFLAGS as well as

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

On 20/02/18 01:11 PM, Norm Green wrote: Just download and build v1.1.1 pre alpha 1 on Solaris.  It's on ftp.openssl.org.  That's all I did.  Configure using solaris64-sparcv9-cc .  I'm using Solaris studio 12.3. Let's have a look. corv $ uname -a SunOS corv 5.10 Generic_150400-59 sun4u

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

On 20/02/18 01:36 PM, Norm Green wrote: Hi Dennis, You're right, I did modify the config file, sorry.  I did it so long ago I had forgotten.  I will email it to you shortly. Not a problem .. everyone does. I mean look at this mess if you don't : corv $ ./Configure shared zlib threads

Re: [openssl-users] OpenSSL 1.1.1pre1 fails to build on AIX 7.1

On 23/02/18 05:31 PM, Norm Green wrote: Looks like no target .a file is passed to ar ? Note: OpenSSL 1.1.0 succeeds on this platform. /export/localnew/RISC6000.AIX/perl-5.24.0/bin/perl -i -pe 's/^.*\|//; s/ \/(\\.|[^ ])*//; $_ = undef if (/: *$/ || /^(#.*| *)$/); $_.="\n" unless

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

On 21/02/18 04:53 PM, Norm Green wrote: On 2/21/2018 12:46 PM, Andy Polyakov wrote: And "the default for all v9 architectures is -xmemalign=8s". I'm getting confused.  Since I did not specify -xmemalign at all.. Without getting into some needed CFLAGS let me just say that the build ran fine

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

I have run into a bit of a snag here. Firstly everything compiles just fine with zero code changes. Zero. All we need are some careful CFLAGS and the compile moves along swimmingly. However the test stage gets terribly wedged just after test 70-test_clienthello.t completes. Not sure why but the

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

On 24/02/18 07:51 AM, Andy Polyakov wrote: As for -lm, which symbol was undefined? Undefined   first referenced  symbol in file fabs    test/ct_test.o ??? One can only wonder where does it come from. I see no fabs

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

On 24/02/18 05:13 AM, Richard Levitte wrote: In message <607c8d70-4283-1b55-2eac-c9f30a3a3...@blastwave.org> on Sat, 24 Feb 2018 00:24:34 -0500, Dennis Clarke <dcla...@blastwave.org> said: dclarke> Not sure why but the various scripts and test files are hell dclarke> bent

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

On 24/02/18 04:47 AM, Andy Polyakov wrote: So testsuite is running but this is a non-optimal debug build and only on the Fujitsu sparc and not on a baseline v9 yet. See "e_flags" in the ELF header below which is somewhat restrictive.   e_flags:    [ EF_SPARCV9_TSO EF_SPARC_SUN_US1

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

On 24/02/18 05:13 AM, Richard Levitte wrote: In message <607c8d70-4283-1b55-2eac-c9f30a3a3...@blastwave.org> on Sat, 24 Feb 2018 00:24:34 -0500, Dennis Clarke <dcla...@blastwave.org> said: dclarke> Not sure why but the various scripts and test files are hell dclarke> bent

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

On 24/02/18 02:18 PM, Erik Forsberg wrote: -- Original Message -- As for -lm, which symbol was undefined? Undefined   first referenced   symbol in file fabs    test/ct_test.o ??? One can only wonder where does

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

On 21/02/18 09:14 AM, Viktor Dukhovni wrote: On Feb 21, 2018, at 5:06 AM, Andy Polyakov wrote: I wonder how come the problem with asn1_encode_test.c went unnoticed so far. Objects on stack are customarily aligned at pointer size, even if their declaration doesn't imply

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

On 21/02/18 12:11 PM, Norm Green wrote: > On 2/21/2018 8:42 AM, Dennis Clarke wrote: >> Pretty sure I have done builds and tests. In fact I am certain of it. > > If you added -xmemalign=8s to the SPARC compiler flags (as shown in one > of your emails from yesterday) then

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

On 21/02/18 12:57 PM, Norm Green wrote: On 2/21/2018 9:42 AM, Dennis Clarke wrote: Which is correct way to do this on sparc systems. Why do you say that?  We've been building OpenSSL on SPARC for the past 7 years without that flag and it's worked just fine with only a few minor changes

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

On 21/02/18 12:57 PM, Norm Green wrote: On 2/21/2018 9:42 AM, Dennis Clarke wrote: Which is correct way to do this on sparc systems. Why do you say that?  We've been building OpenSSL on SPARC for the past 7 years without that flag and it's worked just fine with only a few minor changes

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

On 20/02/18 01:52 PM, Salz, Rich via openssl-users wrote: So ... this will be fun. :) Thanks for poking at this, folks. Please take a look at the INSTALL and README files which do cover some of this prerequisites. And then once you've "fixed" it, let us know what we need to

Re: [openssl-users] OpenSSL SHA algorithm

On 25/12/17 10:44 PM, Swapnil Deshpande wrote: Hi all, Noob here. I recently discovered that the "-sha1" and "-sha" flags in the "openssl dgst" command produce different outputs. I thought those were the same algorithms but turns out they are not: $ echo -n "password" | openssl dgst -sha

Re: [openssl-users] About 1.0.2p version release !!

On 08/10/2018 08:27 PM, Short, Todd via openssl-users wrote: RFC 8446 (TLS 1.3) was just published about ~30 minutes ago. Wonderful ! Todd are you okay[1] with your name being here : https://www.tls13.net/ Given that your name is in the maillist I figured .. sure, most

[openssl-users] the whole internet gets real small real fast on TLS 1.3

Seems google.com supports TLS 1.3 as well as very very few others. There is also https://beta.tls13.net/ running apache-trunk where that site is based on OpenSSL 1.1.1-pre8 and supports TLS 1.3 and a fallback to TLS 1.2 however I think browsers will *not* perform tls version fallback from TLS

Re: [openssl-users] About 1.0.2p version release !!

On 08/14/2018 04:06 AM, Wouter Verhelst wrote: It does (and that's the whole point of it) On 13-08-18 05:31, Short, Todd via openssl-users wrote: That site can’t be reached… (at least by me, unless it requires TLSv1.3…) -- -Todd Short // tsh...@akamai.com // "One if by land, two if by

Re: [openssl-users] OpenSSL 1.1.1 pre-7 or pre-8 connect to 1.1.1 pre-9 oddity?

On 08/23/2018 10:12 PM, Salz, Rich via openssl-users wrote: I find it interesting that openssl 1.1.1-pre7 can not connect to a server which has openssl 1.1.1-pre9 in place. Nor can Firefox nightly. This is to be expected. Pre-9 implements the official RFC version of TLS 1.3, while

[openssl-users] OpenSSL 1.1.1 pre-7 or pre-8 connect to 1.1.1 pre-9 oddity?

I find it interesting that openssl 1.1.1-pre7 can not connect to a server which has openssl 1.1.1-pre9 in place. Nor can Firefox nightly. $ /usr/local/bin/openssl version OpenSSL 1.1.1-pre7 (beta) 29 May 2018 $ /usr/local/bin/openssl s_client -connect 68.179.116.201:443 -tls1_3

Re: [openssl-users] OpenSSL 1.1.1 pre-7 or pre-8 connect to 1.1.1 pre-9 oddity?

On 08/23/2018 10:12 PM, Salz, Rich via openssl-users wrote: I find it interesting that openssl 1.1.1-pre7 can not connect to a server which has openssl 1.1.1-pre9 in place. Nor can Firefox nightly. This is to be expected. Pre-9 implements the official RFC version of TLS 1.3, while

Re: [openssl-users] Applying security patches to 0.9.8a

On 17/04/18 05:34 PM, Rob Marshall wrote: Hi, I have an application that runs on an old OS ... I hate to be "that guy" and ask the dumb question but what OS is this and are you able to re-compile and re-link the application? Dennis -- openssl-users mailing list To unsubscribe:

Re: [openssl-users] Applying security patches to 0.9.8a

On 17/04/18 06:36 PM, Rob Marshall wrote: Hi, The OS is SLES 10 SP3 and there are currently close to 80 binaries that appear to use libssl.so.0.9.8. They are from a bunch of different packages, so I would imagine that updating to anything more recent than 0.9.8 would be a major hassle and

Re: [openssl-users] Request for help in research

me reasonable architecture? Dennis Clarke number cruncher math geek -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL version 1.1.1 pre release 3 published

On 20/03/18 08:03 PM, Viktor Dukhovni wrote: On Mar 20, 2018, at 5:55 PM, Dennis Clarke <dcla...@blastwave.org> wrote: signverifysign/s verify/s rsa 4096 bits 0.082541s 0.001186s 12.1843.0 That seems remarkably slow, is that expected with this CP

[openssl-users] 1.1.1 pre3 on ppc64 with linux 4.15.12 and glibc 2.27-2 --> All tests successful.

. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Written by Roland McGrath and Ulrich Drepper. nix ppc64$ nix ppc64$ uname -r 4.15.12-genunix nix ppc64$ While sparc is still a bit of a mess I am chaseing down the corner issues. Dennis Clarke -- openssl-users

Re: [openssl-users] OpenSSL version 1.1.1 pre release 3 published

On 20/03/18 10:09 AM, OpenSSL wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL version 1.1.1 pre release 3 (beta) === OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ OpenSSL 1.1.1 is currently in

Re: [openssl-users] OpenSSL version 1.1.1 pre release 3 published

On 20/03/18 08:03 PM, Viktor Dukhovni wrote: On Mar 20, 2018, at 5:55 PM, Dennis Clarke <dcla...@blastwave.org> wrote: signverifysign/s verify/s rsa 4096 bits 0.082541s 0.001186s 12.1843.0 That seems remarkably slow, is that expected with this C

[openssl-users] testing OpenSSL version 1.1.1 pre release 3 on Sol10 sparc

I'll jump on that. Managed to get past the perl requirements and am now using Oracle Studio 12.6 on Solaris 10 sparc ( for some recent sparc incantation ) wherein I usually see : cc: Warning: -xarch=v9 is deprecated, use -m64 -xarch=sparc instead So the conf files need a small tweak.

Re: [openssl-users] Openssl 1.1. compliant apps

On 10/11/2018 06:51 PM, The Doctor wrote: Looks like apache There is still considerable discussion in the httpd mailists on the topic. Don't be so certain. Dennis -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Manpages still say "pre-release"

Pretty sure this could be cleaned up : https://www.openssl.org/docs/manpages.html Then again the tar balls create all the manpages locally but the install process wants some perl pod2html thing laying about and some systems don't have that. Dennis -- openssl-users mailing list To

Re: [openssl-users] openssl 1.1.1 manuals

On 12/27/18 11:48 AM, Salz, Rich via openssl-users wrote: They are there, but the sidenav needs to be updated. Generally I find everything I need in the source tarball and after the install is done everything anyone could want is installed on the system. As for 'sidenav' that sounds like

[openssl-users] crypto/objects/o_names.c problem with Solaris 10 and strict Oracle Studio 12.6 c99

Fairly sure I did not run into all these issues with 1.1.1 on the exact same systems but regardless here we are. I *know* that I tested every one of the 'pre' testing versions and have 1.1.1 running fine just about everywhere. So here goes the long story with ye strict C99 compiler : $ env |

Re: [openssl-users] The less than perfect way to compile a debug library

On 1/18/19 3:32 AM, Dennis Clarke wrote: This is based on the sickly things that happen on Solaris as documented by various people at : fixed .. done https://github.com/openssl/openssl/pull/7721/commits/23dcef5ad68efe6f6882328de5948ae682fb https://github.com/openssl/openssl/issues

[openssl-users] Dealing with RFC2553 and RFC3493 where NI_MAXHOST and NI_MAXSERV no longer exist

Going in circles trying to compile 1.1.1a with strict C99 and no optimizations and with a ready to debug and single step resultant library. Ran headlong into crypto/bio/b_addr.c where we see : 176 /*- 177 * addr_strings - helper function to get host and service names 178 * @ap:

Re: [openssl-users] Dealing with RFC2553 and RFC3493 where NI_MAXHOST and NI_MAXSERV no longer exist

On 1/18/19 1:53 AM, Dennis Clarke wrote: Going in circles trying to compile 1.1.1a with strict C99 and no optimizations and with a ready to debug and single step resultant library. Ignore all this. Thou shalt not C99 here. Dennis -- openssl-users mailing list To unsubscribe: https

[openssl-users] compile hell : fatal: symbol referencing errors. OPENSSL_sk_pop_free etc etc etc

So it seems to no longer matter if I try strict C99 or just cc with or without strict CFLAGS. I always arrive at the same place : ${LDCMD:-/opt/developerstudio12.6/bin/cc} -m64 -xarch=sparc -g -Xa -errfmt=error -erroff=%none -errshort=full -xstrconst -xildoff -xmemalign=8s -xnolibmil

Re: [openssl-users] compile hell : fatal: symbol referencing errors. OPENSSL_sk_pop_free etc etc etc

On 1/18/19 1:05 AM, Dennis Clarke wrote: So it seems to no longer matter if I try strict C99 or just cc with or without strict CFLAGS. I always arrive at the same place : Ignore this .. fixed .. done .. closed ... not even a correct issue. Thou shalt not pass C99 here. Thus sayeth the Salz

[openssl-users] The less than perfect way to compile a debug library

This is based on the sickly things that happen on Solaris as documented by various people at : https://github.com/openssl/openssl/issues/6912 One must do : /* * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You

Re: [openssl-users] Dealing with RFC2553 and RFC3493 where NI_MAXHOST and NI_MAXSERV no longer exist

On 1/22/19 2:58 PM, Kurt Roeckx wrote: On Fri, Jan 18, 2019 at 06:40:05PM -0500, Dennis Clarke wrote: On 1/18/19 1:53 AM, Dennis Clarke wrote: Going in circles trying to compile 1.1.1a with strict C99 and no optimizations and with a ready to debug and single step resultant library. Ignore

Re: [openssl-users] crypto/objects/o_names.c problem with Solaris 10 and strict Oracle Studio 12.6 c99

On 1/17/19 8:25 PM, Michael Wojcik wrote: From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Dennis Clarke Sent: Thursday, January 17, 2019 18:23 "crypto/objects/o_names.c", line 114: error: undefined symbol: strcasecmp "crypto/objects/o_names.c"

Re: [openssl-users] tls1_change_cipher_state

On 1/2/19 5:14 AM, Jakob Bohm via openssl-users wrote: On 02/01/2019 10:41, Matt Caswell wrote: On 27/12/2018 08:37, Dmitry Belyavsky wrote: Hello, Am I right supposing that local variables tmp1, tmp2, iv1, and iv2 are unused in this function? Looks that way. They should be removed. By

Re: [openssl-users] s_server -www -tls1_3: Firefox/Chrome not working

On 09/12/2018 10:44 AM, Viktor Dukhovni wrote: On Sep 12, 2018, at 10:41 AM, Viktor Dukhovni wrote: IIUC, only Firefox nightly as of approximately today will support the final RFC 8446 version; I haven't looked into Chrome yet. From the Firefox TLS 1.3 blog entry:

Re: [openssl-users] s_server -www -tls1_3: Firefox/Chrome not working

On 09/12/2018 09:50 AM, Klaus Keppler wrote: Hi, when I create a TLS-1.3-only "web" server with s_server (from OpenSSL 1.1.1-release), Firefox/Chrome can't access it. Be sure to use Firefox nightly version 64.0a1 and upwards. Anything less and you may be getting draft 28 support and NOT

Re: [openssl-users] s_server -www -tls1_3: Firefox/Chrome not working

On 09/12/2018 12:06 PM, Angus Robertson - Magenta Systems Ltd wrote: IIUC, only Firefox nightly as of approximately today will support the final RFC 8446 version; Firefox 63.0b5 works OK with OpenSSL 1.1.1, think it came Tuesday. Even Firefox/60.0 works.

Re: [openssl-users] s_server -www -tls1_3: Firefox/Chrome not working

On 09/12/2018 04:46 PM, Juan Isoza wrote: As I understand and check: https://www.tls13.net accept connexion from final openssl-1.1.1 (RFC8446) but not from openssl-1.1.1 pre8 (draft 28) At this point the protocol is published and the OpenSSL 1.1.1 release is done. You should not be

Re: [openssl-users] openssl 1.1.1 and FreeBSD 11.2

On 09/11/2018 12:23 PM, Viktor Dukhovni wrote: On Sep 11, 2018, at 11:33 AM, The Doctor wrote: Looks likes I found a first bug This did not happen on my machine, the build succeeded, and all tests passed: $ uname -srp FreeBSD 11.1-RELEASE-p10 amd64 You have 11.1 there whereas

Re: [openssl-users] openssl 1.1.1 and FreeBSD 11.2

On 09/11/2018 01:30 PM, The Doctor wrote: On Tue, Sep 11, 2018 at 12:48:53PM -0400, Dennis Clarke wrote: On 09/11/2018 12:23 PM, Viktor Dukhovni wrote: On Sep 11, 2018, at 11:33 AM, The Doctor wrote: Looks likes I found a first bug Let's just slow down here a sec. LEt's get

Re: [openssl-users] Migrating to openssl 1.1.1 in real life linux server

On 09/11/2018 01:09 PM, Viktor Dukhovni wrote: On Sep 11, 2018, at 10:59 AM, Juan Isoza wrote: What is the better way, for anyone running, by example, Apache or nginx on a popular Linux districution (Ubuntu, Debian, Suse) and want support TLS 1.3 ? Waiting package update to have openssl

Re: [openssl-users] Migrating to openssl 1.1.1 in real life linux server

On 09/11/2018 02:35 PM, Viktor Dukhovni wrote: On Tue, Sep 11, 2018 at 02:28:12PM -0400, Dennis Clarke wrote: It sounds like a downstream ELF header nightmare. Actually, it works just fine. You link with the variant library, and it happily coexists with any dependencies you may have

Re: [openssl-users] Migrating to openssl 1.1.1 in real life linux server

It sounds like a downstream ELF header nightmare. Actually, it works just fine. You link with the variant library, and it happily coexists with any dependencies you may have that in turn depend on the system TLS library. The variant SONAME and symbol versions provide all the requisite

Re: [openssl-users] s_server -www -tls1_3: Firefox/Chrome not working

On 09/13/2018 02:13 PM, Jakob Bohm wrote: On 13/09/2018 09:57, Klaus Keppler wrote: Hi, thank you for all your responses. I've just tested with Firefox Nightly 64.0a1, and both s_server and our own app (using OpenSSL 1.1.1-release) are working fine. The Firefox website is quite confusing:

Re: Reg solaris support for openssl 1.1.1b

t; version"  seeing the mentioned error. i.e  > "ld.so.1: openssl: fatal: relocation error: file openssl: symbol > OPENSSL_sk_new_null: referenced symbol not found Did you modify Configurations/10-main.conf ? -- Dennis Clarke RISC-V/SPARC/PPC/ARM/CISC UNIX and Linux spoken GreyBeard and suspenders optional

Re: Reg Speed test and Assembly code usage

On 4/4/19 3:32 AM, ramakrushna mishra wrote: > Hi, > > Could anyone please help me get the following information.  > > -- How to verify that the openssl  is using the assembly code ( when asm > is enabled) instead of the c code for the algorithms ?  > -- I m observing a small degradation (2 %

Re: new algorithms

On 4/8/19 11:48 AM, Giovanni Fontana wrote: > Hello everybody, > > my name is Giovanni Fontana. I made a new symmetric crypto algorithm > (let’s call it *algo1*) and a new asymmetric crypto algorithm (let’s > call it *algo2*). > > I use algo2 for key exchange and with that I can create a session

Re: Reg solaris support for openssl 1.1.1b

On 3/19/19 4:38 AM, ramakrushna mishra wrote: > Hi All, > > Thanks for all your response. > I have tried to set LD_LIBRARY_PATH to the lib path of newly installed > openssl and still "./openssl version" fails with the same reason. > right out of the ld man page we see the option -R passed to

Re: Reg solaris support for openssl 1.1.1b

On 3/15/19 1:19 PM, Jakob Bohm via openssl-users wrote: > On 15/03/2019 14:33, Dennis Clarke wrote: >> On 3/15/19 5:38 AM, Matthias St. Pierre wrote: >>> My guess is that your binary is loading the system's shared libraries. >>> To find out whether this is the cas

Re: Openssl Version 1.1.1b fails to compile on Solaris platform(Intel & Sparc)

https://mta.openssl.org/pipermail/openssl-users/2018-February/thread.html -- Dennis Clarke RISC-V/SPARC/PPC/ARM/CISC UNIX and Linux spoken GreyBeard and suspenders optional

Re: Reg solaris support for openssl 1.1.1b

On 3/15/19 5:38 AM, Matthias St. Pierre wrote: > My guess is that your binary is loading the system's shared libraries. > To find out whether this is the case, try > >     ldd bin/openssl > > If my assumption is correct, you might have to set the LD_LIBRARY_PATH > explicitely. Actually

Re: AW: Slightly funny tar ball for openssl 1.1.1c ?

beta $ gzip -dc ../src/openssl-1.1.1c.tar.gz | tar -xf - tar: pax_global_header: typeflag 'g' not recognized, converting to regular file beta $ Must be a gnu tar thing? Hi Dennis, it's not a bug, it's a feature. ;-) No seriously: it's the `git archive` command which is used to export the

Re: Performance Issue With OpenSSL 1.1.1c

0.061220s 0.000701s 16.3 1427.0 rsa 4096 bits 0.125750s 0.001208s 8.0827.8 rsa 7680 bits 0.646250s 0.004099s 1.5243.9 rsa 15360 bits 4.39s 0.016119s 0.2 62.0 beta # The fact that it all works is good enough. -- Dennis Clarke RISC-V/SPARC/PPC/ARM/CISC UNIX and Linux

Slightly funny tar ball for openssl 1.1.1c ?

I don't thing I have seen this before : beta $ gzip -dc ../src/openssl-1.1.1c.tar.gz | tar -xf - tar: pax_global_header: typeflag 'g' not recognized, converting to regular file beta $ Must be a gnu tar thing? -- Dennis Clarke RISC-V/SPARC/PPC/ARM/CISC UNIX and Linux spoken GreyBeard

Re: OpenSSL 1.1.1b tests fail on Solaris

impl 0x7 ver 0xa1 clock 2860 MHz) jupiter # /usr/local/bin/openssl version OpenSSL 1.1.1b 26 Feb 2019 jupiter # The sources compile clean with Oracle Studio and test perfect. -- Dennis Clarke RISC-V/SPARC/PPC/ARM/CISC UNIX and Linux spoken GreyBeard and suspenders optional

Re: OpenSSL 1.1.1b tests fail on Solaris - solution

On 5/10/19 11:23 AM, John Unsworth wrote: This seems to be caused by the ongoing saga documented I have this working flawlessly on S10 ... what is the issue : jupiter # /usr/local/bin/openssl version OpenSSL 1.1.1b 26 Feb 2019 dc

Re: why does RAND_add() take "randomness" as a "double"?

ly* real rng that we know of. Or that I know of. http://www.fourmilab.ch/hotbits/hardware.html -- Dennis Clarke RISC-V/SPARC/PPC/ARM/CISC UNIX and Linux spoken GreyBeard and suspenders optional ps: see "futility of foresight"

Re: why does RAND_add() take "randomness" as a "double"?

., an external source (that, for whatever reasons, is trusted more than what's provided by the system). Then just set it to 1.0 and be done with it. External 300 baud serial attached coin flipper also works well. -- Dennis Clarke RISC-V/SPARC/PPC/ARM/CISC UNIX and Linux spoken

Re: OpenSSL 1.1.1b tests fail on Solaris - solution and possible fix

familiar to me. I know that I have hit this sort of thing before and did not need to hack source files. Fairly certain of it but memory being what it is who knows. Is this on sparc? With the Oracle Studio compilers? -- Dennis Clarke RISC-V/SPARC/PPC/ARM/CISC UNIX and Linux spoken GreyBeard

Re: OpenSSL 1.1.1b tests fail on Solaris - solution and possible fix

On 5/16/19 10:55 AM, John Unsworth wrote: This is sparc 10, building no-shared, oracle studio 12.4. Building shared works fine. The change was introduced in 1.1.1b. OKay, Solaris 10 and for some reason you are using Studio 12.4? Fair enough. I will take a glance. -- Dennis Clarke RISC-V

  1   2   >