I'm trying to build a custom ENGINE, and the docs are fairly sketchy as to
how to do it.
It doesn't have to be dynamic -- my application will have the code to build
the ENGINE and register it.
Are there any good pointers on building an ENGINE?
Scott Neugroschl
XYPRO Technology
Am I correct in assuming that an RSA structure is contains the encryption
context for a particular instance of RSA, whereas RSA_METHOD contains the
functions that the RSA instance will use?
ScottN
Thank you very much!
In message 001101ca72e0$8a6fbd60$9f4f38...@com on Tue, 1 Dec 2009
15:46:43 -0800, Scott Neugroschl redfl...@gmail.com said:
redfloyd I'm trying to build a custom ENGINE, and the docs are fairly
sketchy as to
redfloyd how to do it.
redfloyd
redfloyd It doesn't have
As David said, yes.
On the other hand, you could re-implement malloc() and free() for your platform.
From: owner-openssl-us...@openssl.org on behalf of zhu qun-ying
Sent: Sun 9/26/2010 11:14 PM
To: openssl-users@openssl.org
Subject: Re: where is the memory
unsubscribe here: http://www.openssl.org/support/community.html
From: owner-openssl-us...@openssl.org on behalf of Anh Pham
Sent: Wed 9/7/2011 3:23 AM
To: openssl-users@openssl.org
Subject: REMOVE my address from your mailing list, please
Remove my address
Hi guys,
I know 0.9.7 is no longer under development, but for various reasons, I have an
app that is still using 0.9.7g.
Is 0.9.7g subject to the vulnerability from CVD-0214-0224?
Thanks,
ScottN
__
OpenSSL Project
From Victor:
On Wed, Jun 11, 2014 at 04:09:47PM +, Scott Neugroschl wrote:
I know 0.9.7 is no longer under development, but for various reasons,
I have an app that is still using 0.9.7g.
Is 0.9.7g subject to the vulnerability from CVD-0214-0224?
There are I expect many unresolved issues
CVE-2014-0198 is listed in the VULNERABILITIES page as fixed in 1.0.1h and
1.0.0m , but is not listed on the Release Notes for either of these releases.
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Geoffrey Thorpe
Sent: Monday, June 23, 2014 11:59
Try using BIO_new_mem_buf() instead.
https://www.openssl.org/docs/crypto/BIO_s_mem.html
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Ico
Sent: Monday, July 07, 2014 2:17 PM
To: openssl-users
Subject: Decrypting from
Wayne, there's a Tandem port on ITUGLIB.
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Johnson, Wayne
Sent: Monday, July 14, 2014 8:11 AM
To: 'openssl-users@openssl.org'
Subject: Compile error on Tandem
I'm trying to compile OpenSSL 1.0.1h on Tandem
passed, the for loop
in RECURSIVE_MAKE is generating a syntax error.
Has anyone else run into something like this?
---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805
583-2874|Fax 805 583-0124
It’s -lssl, not -lopenssl.
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Amir Reda
Sent: Thursday, September 18, 2014 1:33 PM
To: openssl-users@openssl.org
Subject: compilation error
/usr/bin/ld: cannot find -lopenssl
this is the error when i have
://stackoverflow.com/questions/7860657/undefined-reference-to-eclipse-c
but i failed please hellpp
On Thu, Sep 18, 2014 at 11:46 PM, Scott Neugroschl
scot...@xypro.commailto:scot...@xypro.com wrote:
It’s -lssl, not -lopenssl.
From: owner-openssl-us...@openssl.orgmailto:owner-openssl-us
VS6 essentially became obsolete in 2002, with the release of Visual Studio 7
.NET.
IIRC, IPv6 was still in its infancy.
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of neil carter
Sent: Wednesday, November 05, 2014 10:28 AM
To: Walter H.;
RFC 790 defines IPv4, not IPv6.
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Walter H.
Sent: Wednesday, November 05, 2014 10:49 AM
To: neil carter
Cc: openssl-users@openssl.org
Subject: Re: 1.0.1j on Windows32 shows error C2027: use of undefined
That looks like a debugger message, not an actual error from the code.
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Amir Reda
Sent: Tuesday, November 18, 2014 10:29 AM
To: openssl-users@openssl.org
Subject: sign problem
dear all i made an
Should probably be asked on the OpenSSH mailing lists. My guess is that you
will need to install a newer version of OpenSSL.
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of David Flatley
Sent: Wednesday, November 19, 2014
Even assuming he figures out how to tis his algorithm into Openssl, how would
he even being to specify his custom algorithm in the cert? Wouldn't he have to
define his own OID for the algorithm?
-Original Message-
From: owner-openssl-us...@openssl.org
Your problem is with signlen. You’re accessing a null pointer in
EVP_DigestSignFinal().
Declare signlen as size_t, not a size_t*, and pass the *ADDRESS* of signlen.
E.g.:
EVP_DigestSignFinal(mdctx, NULL, signlen);
From: owner-openssl-us...@openssl.org
Use getsockopt(SO_TYPE) on the underlying socket?
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of John Lane Schultz
Sent: Monday, November 24, 2014 1:05 PM
To: openssl-users@openssl.org
Subject: How to determine if a ssl
Reverse the order of the libraries. Use -lssl -lcrypto.
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Alexander Raiola
Sent: Tuesday, November 25, 2014 8:34 AM
To: openssl-users@openssl.org
Subject: undefined reference
Maybe he thinks that if he asks it often enough, the answer will magically
change?
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Salz, Rich
Sent: Tuesday, November 25, 2014 10:23 PM
To: openssl-users@openssl.org
Subject:
The C4047 is just a warning. The C2065 is a known issue, per Matt.
-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Kevin Layer
Sent: Thursday, January 08, 2015 1:13 PM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] OpenSSL
I believe the SSH pubkey is binary data, not ASCII, so strlen() will not work
on it if it has embedded NUL chars.
As Dave Thompson suggested, instead of strlen(), use the length returned from
BIO_read.
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Prashant Bapat
|
+- libcrypto.a
|
+- libssl.a
|
+- openssl
---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805
583-2874|Fax 805 583-0124 |
___
openssl-users
= BIO_new_socket(s, BIO_NOCLOSE);
+#else
+sbio = BIO_new_socket(s, BIO_NOCLOSE);
+#endif
if (s_nbio_test) {
BIO *test;
cut here
Does this fix make sense?
---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA
= BIO_new_socket(s, BIO_NOCLOSE);
+#endif
if (s_nbio_test) {
BIO *test;
cut here
Does this fix make sense?
---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805
583-2874|Fax 805 583-0124
Correction to subject, it's s_server.c My typo.
-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Scott Neugroschl
Sent: Monday, April 20, 2015 11:32 AM
To: openssl-us...@mta.opensslfoundation.net
Subject: [openssl-users] BIO_new_dgram
Is OpenSSL vulnerable to Logjam?
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On Wednesday, May 20, 2015 10:18 AM, Kurt Roeckx wrote:
On Wed, May 20, 2015 at 03:47:33PM +, Scott Neugroschl wrote:
Is OpenSSL vulnerable to Logjam?
See
http://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/
Thanks.
Scott
Ignore me. I completely misread your email.
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Scott Neugroschl
Sent: Friday, September 25, 2015 10:32 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] How can i verify a signature without knowing the
private
That's the whole point of private key encryption. You don't NEED to know the
private key.
What you do is write out the data (abcde1234). Then hash it (SHA-256), and
encrypt the *HASH* with the private key.
The recipient reads the data and encrypted hash. He then decrypts the hash
with the
Will you still support PRNGD? I need PRNGD, as I'm on a platform without a
built-in random device or cpu instructions.
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Salz, Rich
Sent: Monday, January 11, 2016 7:06 AM
To: openssl-...@openssl.org;
OpenSSH does not work with the FIPS mode of OpenSSL. This has been discussed
both here and on the OpenSSH list.
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
cloud force
Sent: Friday, February 12, 2016 11:44 AM
To: openssl-users@openssl.org
Subject: Re:
0.9.8h…. REALLY The latest is 0.9.8zh. And on top of that 0.9.8 got EOL’ed
as of the beginning of the year.
Can you update to 1.0.1? (Latest is 1.0.1q).
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Luiz Laranjeira
Sent: Sunday, December 27, 2015 7:02 AM
To:
I suspect the use of std::string and c_str(). Use a std::vector instead.
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Jason Qian
Sent: Friday, March 18, 2016 1:19 PM
To: openssl-users@openssl.org
Subject: [openssl-users] help on des_cblock
I am new on openSSl and
] help on des_cblock
Thanks,
Jason
On Fri, Mar 18, 2016 at 4:23 PM, Scott Neugroschl
<scot...@xypro.com<mailto:scot...@xypro.com>> wrote:
I suspect the use of std::string and c_str(). Use a std::vector instead.
From: openssl-users
[mailto:openssl-users-boun...@openssl.org<mailt
>From the linked document:
"All client sessions are vulnerable if the target server still supports SSLv2
today, irrespective of whether the client ever supported it"
I'm trying to understand this. I am using a custom build of OpenSSL as a
client, which was configured no-ssl2 and no-ssl3. My
Hi,
I've got a question about DROWN. Is the vulnerability due to a specific
coding error in OpenSSL,
or is it something that other SSL implementations may be vulnerable to? Which
commit fixed this,
so that I can see the changes?
Thanks,
ScottN
--
openssl-users mailing list
To
Thank you Michael and Victor for your explanation.
It's much appreciated.
ScottN
---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805
583-2874|Fax 805 583-0124 |
--
openssl-users mailing list
To unsubscribe: https
I believe that's specific to the servers in question. Often you can "restart"
a server by giving it a SIGHUP. I don't know if slapd and slurpd will respond
in the way you want.
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Jordan Brown
Sent: Wednesday, May 18,
Can the spam filters on the listserv be updated? Got two today in Spanish and
Portuguese for monetary scams. Anyone else getting these?
---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805
583-2874|Fax 805 583-0124
CVE 2016-2177 notes that it applies to all versions up to 1.0.2h. Does this
mean that the fix is not applied to the 1.0.1 series (in particular 1.0.1t)?
---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805
583-2874|Fax 805
? Anyone have suggestions?
---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805
583-2874|Fax 805 583-0124 |
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
The CVE itself contains the commit info. Find it at cve.mitre.org
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Ethan Rahn
Sent: Thursday, January 26, 2017 10:40 AM
To: openssl-users@openssl.org
Subject: [openssl-users] Should openssl publish the commit #'s that
I've done a custom build of OpenSSL where I ran Configure with "no-ssl2" and
"no-ssl3". I'd like to disable TLS1 and 1.1 if possible. Will the no-tls1
option disable just TLS1 or all TLS1.x protocols?
Thanks,
ScottN
--
openssl-users mailing list
To unsubscribe:
Hi,
I'm afraid the man page on the conf file is not particularly clear. I'm
looking at mitigating CVE-2016-2183 (SWEET32), and am not sure how to disable
the DES and 3DES suites in the conf file.
Can someone give me a hand?
---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian
No. You can check with the OpenSSH mailing list, but I’m pretty darned sure
the answer is no.
---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805
583-2874|Fax 805 583-0124 |
From: openssl-users [mailto:openssl-users
-CBC3-SHA
---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805
583-2874|Fax 805 583-0124 |
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
remain in libcrypto.
-Ben
On 05/11/2017 11:07 AM, Scott Neugroschl wrote:
Has DES been deprecated in OpenSSL? If so, what release? In particular the
following ciphers
0.19 EDH-DSS-DES-CBC3-SHA
0.22 EDH-RSA-DES-CBC3-SHA
192.13 ECDH-RSA-DES-CBC3-SHA
192.3 ECDH-ECDSA-DES-
So if I'm using 1.0.2, and want to deprecate 3DES, I need to do that as part of
my build?
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Scott Neugroschl
Sent: Thursday, May 11, 2017 11:13 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Dumb question
How about saving the received cert as a PEM file and comparing the two?
-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Yan, Bob via openssl-users
Sent: Tuesday, September 19, 2017 10:53 AM
To: openssl-users@openssl.org
Subject:
Run it in a debugger?
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Carlos Caraccia
Sent: Thursday, September 07, 2017 5:02 AM
To: openssl-users@openssl.org
Subject: [openssl-users] SMIME -sign subcommand
Hello, is there a way to debug or watch line by line which
> Either way, trying to use OpenSSL's PRNGD to seed OpenSSL's PRNGD is an
> exercise in futility.
Oh, I agree on that.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>> I’m using PRNGD to seed my random numbers (I’m on a system without
>>> /dev/random and /dev/urandom). I occasionally get the dreaded “PRNG is
>>> not seeded” error.
>>
>> I don’t know your OS or environment, have you tried the ‘openssl rand’
>> functionality as a random source to seed your
Hi,
I'm using PRNGD to seed my random numbers (I'm on a system without /dev/random
and /dev/urandom). I occasionally get the dreaded "PRNG is not seeded" error.
I know this is caused by a lack of available entropy in the system; but what
can I do to address this? Is it just a matter of
Set LD_LIBRARY_PATH to use your compiled versions.
-Original Message-
From: openssl-users On Behalf Of
e...@coderhacks.com
Sent: Tuesday, March 13, 2018 3:46 PM
To: openssl-users@openssl.org
Subject: [openssl-users] Vanilla OpenSSL uses sytems libs
On 16/04/18 0935PDT, Matt Caswell wrote:
>On 16/04/18 16:59, Scott Neugroschl wrote:
>> Hi,
>>
>> I'm trying to make sure I have grokked this advisory properly.
>>
>> The advisory says this is a cache timing side channel attack on key
>> ge
cache info
Or am I completely mistaken here?
Thanks,
ScottN
---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805
583-2874|Fax 805 583-0124 |
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman
I tried googling, but couldn't find an answer to this...
I came across a certificate that had some text garbage before the BEGIN
CERTIFICATE line.
I know that the cert is defined as the data between the delimiters. Do the
specs say anything about data before the BEGIN delimiter?
Steffen Nurpmeso, Tuesday, September 25, 2018 11:57 AM
> The RFC 7468 term "parsers SHOULD ignore whitespace and other non-
>base64 characters" makes me wonder.
The relevant clause is a few sentences up: "Data before the encapsulation
boundaries are
permitted, and parsers MUST NOT
>On Sept 24, 2018, at 3:55 PM, Viktor Dukhovni wrote:
>> On Sep 24, 2018, at 6:25 PM, Scott Neugroschl > wrote:
>>
>> I tried googling, but couldn’t find an answer to this…
>>
>> I came across a certificate that had some text garbage before the BEGIN
Is this a client-side or server-side vulnerability? Or does it matter?
Thanks,
ScottN
---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805
583-2874|Fax 805 583-0124 |
-Original Message-
From: openssl-users
Thanks.
-Original Message-
From: openssl-users On Behalf Of Matt
Caswell
Sent: Wednesday, February 27, 2019 11:18 AM
To: openssl-users@openssl.org
Subject: Re: OpenSSL Security Advisory
On 27/02/2019 18:43, Scott Neugroschl wrote:
> Is this a client-side or server-side vulnerabil
Hi Rajinder,
Have you tried the “socket_transport_name_set” call in your main program?
ScottN
From: openssl-users On Behalf Of Rajinder
Pal Singh
Sent: Friday, February 08, 2019 12:54 PM
To: m...@foocrypt.net
Cc: openssl-users
Subject: Re: [openssl-users] How to use a specific ip interface
Is the “no-asm” configuration option still supported?
From: openssl-users On Behalf Of Kristin
Barber
Sent: Monday, March 9, 2020 12:03 PM
To: Richard Levitte
Cc: openssl-users@openssl.org
Subject: Re: Compiling for RISC-V
Hi Richard, thanks for the reply. It was helpful.
You are correct, I
You need to put the static library at the END of your link command. A static
library is searched when it is encountered in the link stream, and only the
items needed will be used from it.
Because you have it first, there are no undefined symbols, and no items will be
used from it.
From:
67 matches
Mail list logo