Building a custom ENGINE?

I'm trying to build a custom ENGINE, and the docs are fairly sketchy as to how to do it. It doesn't have to be dynamic -- my application will have the code to build the ENGINE and register it. Are there any good pointers on building an ENGINE? Scott Neugroschl XYPRO Technology

RSA vs. RSA_METHOD

Am I correct in assuming that an RSA structure is contains the encryption context for a particular instance of RSA, whereas RSA_METHOD contains the functions that the RSA instance will use? ScottN

RE: Building a custom ENGINE?

Thank you very much! In message 001101ca72e0$8a6fbd60$9f4f38...@com on Tue, 1 Dec 2009 15:46:43 -0800, Scott Neugroschl redfl...@gmail.com said: redfloyd I'm trying to build a custom ENGINE, and the docs are fairly sketchy as to redfloyd how to do it. redfloyd redfloyd It doesn't have

RE: where is the memory being held

As David said, yes. On the other hand, you could re-implement malloc() and free() for your platform. From: owner-openssl-us...@openssl.org on behalf of zhu qun-ying Sent: Sun 9/26/2010 11:14 PM To: openssl-users@openssl.org Subject: Re: where is the memory

RE: REMOVE my address from your mailing list, please

unsubscribe here: http://www.openssl.org/support/community.html From: owner-openssl-us...@openssl.org on behalf of Anh Pham Sent: Wed 9/7/2011 3:23 AM To: openssl-users@openssl.org Subject: REMOVE my address from your mailing list, please Remove my address

CVE-2014-0224

Hi guys, I know 0.9.7 is no longer under development, but for various reasons, I have an app that is still using 0.9.7g. Is 0.9.7g subject to the vulnerability from CVD-0214-0224? Thanks, ScottN __ OpenSSL Project

RE: CVE-2014-0224

From Victor: On Wed, Jun 11, 2014 at 04:09:47PM +, Scott Neugroschl wrote: I know 0.9.7 is no longer under development, but for various reasons, I have an app that is still using 0.9.7g. Is 0.9.7g subject to the vulnerability from CVD-0214-0224? There are I expect many unresolved issues

RE: Advisory on CVE 2014-0195 not listed on main vulnerabilities page

CVE-2014-0198 is listed in the VULNERABILITIES page as fixed in 1.0.1h and 1.0.0m , but is not listed on the Release Notes for either of these releases. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Geoffrey Thorpe Sent: Monday, June 23, 2014 11:59

RE: Decrypting from memory bio vs file bio

Try using BIO_new_mem_buf() instead. https://www.openssl.org/docs/crypto/BIO_s_mem.html -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Ico Sent: Monday, July 07, 2014 2:17 PM To: openssl-users Subject: Decrypting from

RE: Compile error on Tandem

Wayne, there's a Tandem port on ITUGLIB. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Johnson, Wayne Sent: Monday, July 14, 2014 8:11 AM To: 'openssl-users@openssl.org' Subject: Compile error on Tandem I'm trying to compile OpenSSL 1.0.1h on Tandem

Configure Error with no-ec?

passed, the for loop in RECURSIVE_MAKE is generating a syntax error. Has anyone else run into something like this? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124

RE: compilation error

It’s -lssl, not -lopenssl. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Amir Reda Sent: Thursday, September 18, 2014 1:33 PM To: openssl-users@openssl.org Subject: compilation error /usr/bin/ld: cannot find -lopenssl this is the error when i have

RE: compilation error

://stackoverflow.com/questions/7860657/undefined-reference-to-eclipse-c but i failed please hellpp On Thu, Sep 18, 2014 at 11:46 PM, Scott Neugroschl scot...@xypro.commailto:scot...@xypro.com wrote: It’s -lssl, not -lopenssl. From: owner-openssl-us...@openssl.orgmailto:owner-openssl-us

RE: 1.0.1j on Windows32 shows error C2027: use of undefined type 'in6_addr'

VS6 essentially became obsolete in 2002, with the release of Visual Studio 7 .NET. IIRC, IPv6 was still in its infancy. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of neil carter Sent: Wednesday, November 05, 2014 10:28 AM To: Walter H.;

RE: 1.0.1j on Windows32 shows error C2027: use of undefined type 'in6_addr'

RFC 790 defines IPv4, not IPv6. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Walter H. Sent: Wednesday, November 05, 2014 10:49 AM To: neil carter Cc: openssl-users@openssl.org Subject: Re: 1.0.1j on Windows32 shows error C2027: use of undefined

RE: sign problem

That looks like a debugger message, not an actual error from the code. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Amir Reda Sent: Tuesday, November 18, 2014 10:29 AM To: openssl-users@openssl.org Subject: sign problem dear all i made an

RE: version question

Should probably be asked on the OpenSSH mailing lists. My guess is that you will need to install a newer version of OpenSSL. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of David Flatley Sent: Wednesday, November 19, 2014

RE: Digital Certificates

Even assuming he figures out how to tis his algorithm into Openssl, how would he even being to specify his custom algorithm in the cert? Wouldn't he have to define his own OID for the algorithm? -Original Message- From: owner-openssl-us...@openssl.org

RE: sign problem

Your problem is with signlen. You’re accessing a null pointer in EVP_DigestSignFinal(). Declare signlen as size_t, not a size_t*, and pass the *ADDRESS* of signlen. E.g.: EVP_DigestSignFinal(mdctx, NULL, signlen); From: owner-openssl-us...@openssl.org

RE: How to determine if a ssl object is using a DTLS method?

Use getsockopt(SO_TYPE) on the underlying socket? -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of John Lane Schultz Sent: Monday, November 24, 2014 1:05 PM To: openssl-users@openssl.org Subject: How to determine if a ssl

RE: undefined reference errors, e.g. to `ERR_load_crypto_strings'

Reverse the order of the libraries. Use -lssl -lcrypto. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Alexander Raiola Sent: Tuesday, November 25, 2014 8:34 AM To: openssl-users@openssl.org Subject: undefined reference

RE: Adding new cipher to openssl.

Maybe he thinks that if he asks it often enough, the answer will magically change? -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Salz, Rich Sent: Tuesday, November 25, 2014 10:23 PM To: openssl-users@openssl.org Subject:

Re: [openssl-users] OpenSSL version 1.0.1k released

The C4047 is just a warning. The C2065 is a known issue, per Matt. -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Kevin Layer Sent: Thursday, January 08, 2015 1:13 PM To: openssl-users@openssl.org Subject: Re: [openssl-users] OpenSSL

Re: [openssl-users] base64 decode in C

I believe the SSH pubkey is binary data, not ASCII, so strlen() will not work on it if it has embedded NUL chars. As Dave Thompson suggested, instead of strlen(), use the length returned from BIO_read. From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Prashant Bapat

[openssl-users] Compiling for multiple platforms?

| +- libcrypto.a | +- libssl.a | +- openssl --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 | ___ openssl-users

[openssl-users] BIO_new_dgram() called in apps/s_server.c

= BIO_new_socket(s, BIO_NOCLOSE); +#else +sbio = BIO_new_socket(s, BIO_NOCLOSE); +#endif if (s_nbio_test) { BIO *test; cut here Does this fix make sense? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA

[openssl-users] BIO_new_dgram() called in apps/s_server.h

= BIO_new_socket(s, BIO_NOCLOSE); +#endif if (s_nbio_test) { BIO *test; cut here Does this fix make sense? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124

Re: [openssl-users] BIO_new_dgram() called in apps/s_server.c

Correction to subject, it's s_server.c My typo. -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Scott Neugroschl Sent: Monday, April 20, 2015 11:32 AM To: openssl-us...@mta.opensslfoundation.net Subject: [openssl-users] BIO_new_dgram

Re: [openssl-users] Vulnerability logjam downgrades TLS connections to 512 Bit

Is OpenSSL vulnerable to Logjam? ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Vulnerability logjam downgrades TLS connections to 512 Bit

On Wednesday, May 20, 2015 10:18 AM, Kurt Roeckx wrote: On Wed, May 20, 2015 at 03:47:33PM +, Scott Neugroschl wrote: Is OpenSSL vulnerable to Logjam? See http://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/ Thanks. Scott

Re: [openssl-users] How can i verify a signature without knowing the private key? not by openssl command but openssl function.

Ignore me. I completely misread your email. From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Scott Neugroschl Sent: Friday, September 25, 2015 10:32 AM To: openssl-users@openssl.org Subject: Re: [openssl-users] How can i verify a signature without knowing the private

Re: [openssl-users] How can i verify a signature without knowing the private key? not by openssl command but openssl function.

That's the whole point of private key encryption. You don't NEED to know the private key. What you do is write out the data (abcde1234). Then hash it (SHA-256), and encrypt the *HASH* with the private key. The recipient reads the data and encrypted hash. He then decrypts the hash with the

Re: [openssl-users] Do you need EGD support?

Will you still support PRNGD? I need PRNGD, as I'm on a platform without a built-in random device or cpu instructions. From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Salz, Rich Sent: Monday, January 11, 2016 7:06 AM To: openssl-...@openssl.org;

Re: [openssl-users] no version information available error

OpenSSH does not work with the FIPS mode of OpenSSL. This has been discussed both here and on the OpenSSH list. From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of cloud force Sent: Friday, February 12, 2016 11:44 AM To: openssl-users@openssl.org Subject: Re:

Re: [openssl-users] Trouble compiling in version 0.9.8h

0.9.8h…. REALLY The latest is 0.9.8zh. And on top of that 0.9.8 got EOL’ed as of the beginning of the year. Can you update to 1.0.1? (Latest is 1.0.1q). From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Luiz Laranjeira Sent: Sunday, December 27, 2015 7:02 AM To:

Re: [openssl-users] help on des_cblock

I suspect the use of std::string and c_str(). Use a std::vector instead. From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Jason Qian Sent: Friday, March 18, 2016 1:19 PM To: openssl-users@openssl.org Subject: [openssl-users] help on des_cblock I am new on openSSl and

Re: [openssl-users] help on des_cblock

] help on des_cblock Thanks, Jason On Fri, Mar 18, 2016 at 4:23 PM, Scott Neugroschl <scot...@xypro.com<mailto:scot...@xypro.com>> wrote: I suspect the use of std::string and c_str(). Use a std::vector instead. From: openssl-users [mailto:openssl-users-boun...@openssl.org<mailt

Re: [openssl-users] DROWN (CVE-2016-0800)

>From the linked document: "All client sessions are vulnerable if the target server still supports SSLv2 today, irrespective of whether the client ever supported it" I'm trying to understand this. I am using a custom build of OpenSSL as a client, which was configured no-ssl2 and no-ssl3. My

[openssl-users] DROWN (CVE-2016-0800)

Hi, I've got a question about DROWN. Is the vulnerability due to a specific coding error in OpenSSL, or is it something that other SSL implementations may be vulnerable to? Which commit fixed this, so that I can see the changes? Thanks, ScottN -- openssl-users mailing list To

Re: [openssl-users] DROWN (CVE-2016-0800)

Thank you Michael and Victor for your explanation. It's much appreciated. ScottN --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 | -- openssl-users mailing list To unsubscribe: https

Re: [openssl-users] Reload certificates?

I believe that's specific to the servers in question. Often you can "restart" a server by giving it a SIGHUP. I don't know if slapd and slurpd will respond in the way you want. From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Jordan Brown Sent: Wednesday, May 18,

[openssl-users] Spam

Can the spam filters on the listserv be updated? Got two today in Spanish and Portuguese for monetary scams. Anyone else getting these? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124

[openssl-users] CVE-2016-2177

CVE 2016-2177 notes that it applies to all versions up to 1.0.2h. Does this mean that the fix is not applied to the 1.0.1 series (in particular 1.0.1t)? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805

[openssl-users] Error building 1.0.1t with no-srp

? Anyone have suggestions? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 | -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Should openssl publish the commit #'s that fixed each CVE?

The CVE itself contains the commit info. Find it at cve.mitre.org From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Ethan Rahn Sent: Thursday, January 26, 2017 10:40 AM To: openssl-users@openssl.org Subject: [openssl-users] Should openssl publish the commit #'s that

[openssl-users] Building OpenSSL 1.0.1t without tls1.1 support?

I've done a custom build of OpenSSL where I ran Configure with "no-ssl2" and "no-ssl3". I'd like to disable TLS1 and 1.1 if possible. Will the no-tls1 option disable just TLS1 or all TLS1.x protocols? Thanks, ScottN -- openssl-users mailing list To unsubscribe:

[openssl-users] Disable a cipher suite in openssl.cnf?

Hi, I'm afraid the man page on the conf file is not particularly clear. I'm looking at mitigating CVE-2016-2183 (SWEET32), and am not sure how to disable the DES and 3DES suites in the conf file. Can someone give me a hand? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian

Re: [openssl-users] Enabling FIPS on an custom embedded system.

No. You can check with the OpenSSH mailing list, but I’m pretty darned sure the answer is no. --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 | From: openssl-users [mailto:openssl-users

[openssl-users] Dumb question about DES

-CBC3-SHA --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 | -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Dumb question about DES

remain in libcrypto. -Ben On 05/11/2017 11:07 AM, Scott Neugroschl wrote: Has DES been deprecated in OpenSSL? If so, what release? In particular the following ciphers 0.19 EDH-DSS-DES-CBC3-SHA 0.22 EDH-RSA-DES-CBC3-SHA 192.13 ECDH-RSA-DES-CBC3-SHA 192.3 ECDH-ECDSA-DES-

Re: [openssl-users] Dumb question about DES

So if I'm using 1.0.2, and want to deprecate 3DES, I need to do that as part of my build? From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Scott Neugroschl Sent: Thursday, May 11, 2017 11:13 AM To: openssl-users@openssl.org Subject: Re: [openssl-users] Dumb question

Re: [openssl-users] Certificate Comparison

How about saving the received cert as a PEM file and comparing the two? -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Yan, Bob via openssl-users Sent: Tuesday, September 19, 2017 10:53 AM To: openssl-users@openssl.org Subject:

Re: [openssl-users] SMIME -sign subcommand

Run it in a debugger? From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Carlos Caraccia Sent: Thursday, September 07, 2017 5:02 AM To: openssl-users@openssl.org Subject: [openssl-users] SMIME -sign subcommand Hello, is there a way to debug or watch line by line which

Re: [openssl-users] PRNG is not seeded

> Either way, trying to use OpenSSL's PRNGD to seed OpenSSL's PRNGD is an > exercise in futility. Oh, I agree on that. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] PRNG is not seeded

>>> I’m using PRNGD to seed my random numbers (I’m on a system without >>> /dev/random and /dev/urandom). I occasionally get the dreaded “PRNG is >>> not seeded” error. >> >> I don’t know your OS or environment, have you tried the ‘openssl rand’ >> functionality as a random source to seed your

[openssl-users] PRNG is not seeded

Hi, I'm using PRNGD to seed my random numbers (I'm on a system without /dev/random and /dev/urandom). I occasionally get the dreaded "PRNG is not seeded" error. I know this is caused by a lack of available entropy in the system; but what can I do to address this? Is it just a matter of

Re: [openssl-users] Vanilla OpenSSL uses sytems libs

Set LD_LIBRARY_PATH to use your compiled versions. -Original Message- From: openssl-users On Behalf Of e...@coderhacks.com Sent: Tuesday, March 13, 2018 3:46 PM To: openssl-users@openssl.org Subject: [openssl-users] Vanilla OpenSSL uses sytems libs

Re: [openssl-users] CVE-201-0737

On 16/04/18 0935PDT, Matt Caswell wrote: >On 16/04/18 16:59, Scott Neugroschl wrote: >> Hi, >> >> I'm trying to make sure I have grokked this advisory properly. >> >> The advisory says this is a cache timing side channel attack on key >> ge

[openssl-users] CVE-201-0737

cache info Or am I completely mistaken here? Thanks, ScottN --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 | -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman

[openssl-users] Certificate format question?

I tried googling, but couldn't find an answer to this... I came across a certificate that had some text garbage before the BEGIN CERTIFICATE line. I know that the cert is defined as the data between the delimiters. Do the specs say anything about data before the BEGIN delimiter?

Re: [openssl-users] Certificate format question?

Steffen Nurpmeso, Tuesday, September 25, 2018 11:57 AM > The RFC 7468 term "parsers SHOULD ignore whitespace and other non- >base64 characters" makes me wonder. The relevant clause is a few sentences up: "Data before the encapsulation boundaries are permitted, and parsers MUST NOT

Re: [openssl-users] Certificate format question?

>On Sept 24, 2018, at 3:55 PM, Viktor Dukhovni wrote: >> On Sep 24, 2018, at 6:25 PM, Scott Neugroschl > wrote: >> >> I tried googling, but couldn’t find an answer to this… >> >> I came across a certificate that had some text garbage before the BEGIN

RE: OpenSSL Security Advisory

Is this a client-side or server-side vulnerability? Or does it matter? Thanks, ScottN --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 | -Original Message- From: openssl-users

RE: OpenSSL Security Advisory

Thanks. -Original Message- From: openssl-users On Behalf Of Matt Caswell Sent: Wednesday, February 27, 2019 11:18 AM To: openssl-users@openssl.org Subject: Re: OpenSSL Security Advisory On 27/02/2019 18:43, Scott Neugroschl wrote: > Is this a client-side or server-side vulnerabil

Re: [openssl-users] How to use a specific ip interface while testing TLS/SSL connectivity.

Hi Rajinder, Have you tried the “socket_transport_name_set” call in your main program? ScottN From: openssl-users On Behalf Of Rajinder Pal Singh Sent: Friday, February 08, 2019 12:54 PM To: m...@foocrypt.net Cc: openssl-users Subject: Re: [openssl-users] How to use a specific ip interface

RE: Compiling for RISC-V

Is the “no-asm” configuration option still supported? From: openssl-users On Behalf Of Kristin Barber Sent: Monday, March 9, 2020 12:03 PM To: Richard Levitte Cc: openssl-users@openssl.org Subject: Re: Compiling for RISC-V Hi Richard, thanks for the reply. It was helpful. You are correct, I

RE: Can't link a static library with custom OpenSSL rsa engine

You need to put the static library at the END of your link command. A static library is searched when it is encountered in the link stream, and only the items needed will be used from it. Because you have it first, there are no undefined symbols, and no items will be used from it. From: