Re: [openssl-dev] Definitions for some structures are strangely missing from 'evp.h' or other header files in OpenSSL 1.1.0a

[Salz, Rich]

>    EVP_ENCODE_CTX base64;
>    base64 = EVP_ENCODE_CTX_new();

You can't do this kind of thing anymore.  You can only have pointers, and the 
contents of those pointers are hidden from your program.  This is what we mean 
by 'opaque' pointers.  In this case, for example you do
EVP_ENCODE_CTX *base64 = EVP_ENCODE_CTX_new();

... and so on ...

Perhaps post some code on openssl-users mailing list, and look at 
wiki.openssl.org for help.


-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Definitions for some structures are strangely missing from 'evp.h' or other header files in OpenSSL 1.1.0a

[J Liu]

Dear Salz,

I don't know how to use accessors/settor functions. And I still don't know
how to correct the compiling error in Visual Studio 2010. 

Specifically, for this line of code: EVP_ENCODE_CTX base64, I got the
following error:

error C2079: "base64"use undefined struct"evp_Encode_Ctx_st".

 

My code is as follows:

 

//base64 encoding

void encode(unsigned char* outData,

int * outlen,

const unsigned char* data,

int datalen)

{

int tmp=0;

EVP_ENCODE_CTX base64;

base64 = EVP_ENCODE_CTX_new();

EVP_EncodeInit(); 



EVP_EncodeUpdate(,

outData,

outlen,

data,

datalen

);

tmp=*outlen;

EVP_EncodeFinal(,outData+*outlen,outlen);

EVP_ENCODE_CTX_free();

*outlen+=tmp;

outData[*outlen]=0;

print("base64 encoded:",outData,*outlen);

}

 

Cheers,

Jing

 

From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of
Salz, Rich
Sent: Friday, September 23, 2016 9:55 PM
To: openssl-dev@openssl.org
Subject: Re: [openssl-dev] Definitions for some structures are strangely
missing from 'evp.h' or other header files in OpenSSL 1.1.0a

 

Yes, in 1.1.0 we =ade many structures opaque.  You will have to use
accessors/settor =unctions.

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Openssl upgrade in debian

[Short, Todd]

You need to do this on your own (get the toolchain), and/or get updates from 
Debian.
--
-Todd Short
// tsh...@akamai.com
// "One if by land, two if by sea, three if by the Internet."

On Sep 23, 2016, at 7:21 AM, Shantibhushan Sale 
> wrote:

I am a student developing some tool w.r.t openssl on DEBIAN.Currently my 
configuration of system is :
Kernel:2.6.28.10.
Openssl:1.0.1e
system:ARMv5

Now i have to upgrade openssl version to Openssl 1.0.1t or higher.I do not have 
toolchain with me.
I would need all binaries which used openssl1.0.1h for above installation.How 
can i proceed to this?

Please help me on this.I need all the depending libraries/packages w.r.t 
1.0.1t. Those are:
1.Libencryption.
2.openssh,
3.ntp,
4.ping6,
5.stunnel,
6.openldap

Please help me here to solve this.

--

Regards
Shantibhushan Sale
9545534899
Pune

--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Definitions for some structures are strangely missing from 'evp.h' or other header files in OpenSSL 1.1.0a

[Richard Levitte]

In message <008e01d2159c$e9d00010$bd700030$@sina.com> on Fri, 23 Sep 2016 
21:17:48 +0800, "Jing Liu"  said:

jingmliu> Recently when I used a library ‘libcrypto.lib’ compiled from OpenSSL
jingmliu> 1.1.0a in my project, some compiling errors led me to find that the
jingmliu> header file 'evp.h' in OpenSSL 1.1.0a is incomplete. More
jingmliu> specifically, definitions for many structures are strangely missing.
jingmliu> For example, the definitions for structures EVP_ENCODE_CTX,
jingmliu> EVP_CIPHER, EVP_CIPHER_CTX, EVP_MD, EVP_MD_CTX, and EVP_PKEY (maybe
jingmliu> there are more) cannot be found in ‘evp.h’ or ‘ossl_typ.h’ or any
jingmliu> other header files. While for OpenSSL 1.0.X, we can find definitions
jingmliu> for these structures in ‘evp.h’ or other header files.

Quite a lot has happened in 1.1.0.  You might want to read NEWS.  One
of the items in there is this:

  o *Most* libcrypto and libssl public structures were made opaque,
including:
BIGNUM and associated types, EC_KEY and EC_KEY_METHOD,
DH and DH_METHOD, DSA and DSA_METHOD, RSA and RSA_METHOD,
BIO and BIO_METHOD, EVP_MD_CTX, EVP_MD, EVP_CIPHER_CTX,
EVP_CIPHER, EVP_PKEY and associated types, HMAC_CTX,
X509, X509_CRL, X509_OBJECT, X509_STORE_CTX, X509_STORE,
X509_LOOKUP, X509_LOOKUP_METHOD

Cheers,
Richard

-- 
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Definitions for some structures are strangely missing from 'evp.h' or other header files in OpenSSL 1.1.0a

[Salz, Rich]

Yes, in 1.1.0 we made many structures opaque.  You will have to use 
accessors/settor functions.
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] Definitions for some structures are strangely missing from 'evp.h' or other header files in OpenSSL 1.1.0a

[Jing Liu]

Recently when I used a library 'libcrypto.lib' compiled from OpenSSL 1.1.0a
in my project, some compiling errors led me to find that the header file
'evp.h' in OpenSSL 1.1.0a is incomplete. More specifically, definitions for
many structures are strangely missing. For example, the definitions for
structures EVP_ENCODE_CTX,  EVP_CIPHER, EVP_CIPHER_CTX, EVP_MD, EVP_MD_CTX,
and EVP_PKEY  (maybe there are more) cannot be found in 'evp.h' or
'ossl_typ.h' or any other header files. While for OpenSSL 1.0.X, we can find
definitions for these structures in 'evp.h' or other header files.

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4684] Potential problem with OPENSSL_cleanse

[Andy Polyakov]

> Actually it should also be noted that snippet presented in originally
> mentioned
> http://www.metzdowd.com/pipermail/cryptography/2016-September/030151.html
> is actually compiles as just
> 
> _intel_fast_memset(args)
> 
> by Intel compiler 17.0 (a.k.a. 2017).

Second look at code generated by icc 17 revealed following. Consider

#include 

static void *(*volatile const deleter)(void*,int,size_t)=memset;
static void erase(void *buf,size_t len){deleter(buf, 0, len);}

void foo()
{  char t[6];
   erase(t,sizeof(t));
}

void bar()
{  char t[6];
   memset(t,0,sizeof(t));
}

As it turns out icc 17 generates *identical* code for *both* foo() and
bar(), i.e. foo doesn't reference deleter, but both[!] do wipe t[6].
Moreover, they do it in so called red zone, i.e. above stack pointer,
without allocating frame. In other words icc 17 *apparently* considers
_intel_fast_memset as memset_s. This by the way also differs from claim
in original report. It might happen that reporter refers to different
version... And just in case, for reference, gcc (as well as clang)
reduces bar() to single return instruction, i.e. as if t is not there,
while foo() does dereference deleter.

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] Openssl upgrade in debian

[Shantibhushan Sale]

I am a student developing some tool w.r.t openssl on DEBIAN.Currently my
configuration of system is :
Kernel:2.6.28.10.
Openssl:1.0.1e
system:ARMv5

Now i have to upgrade openssl version to Openssl 1.0.1t or higher.I do not
have toolchain with me.
I would need all binaries which used openssl1.0.1h for above
installation.How can i proceed to this?

Please help me on this.I need all the depending libraries/packages w.r.t
1.0.1t. Those are:
1.Libencryption.
2.openssh,
3.ntp,
4.ping6,
5.stunnel,
6.openldap

Please help me here to solve this.

-- 




*RegardsShantibhushan Sale9545534899Pune*
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Certificate torture test

[David Woodhouse]

On Fri, 2016-09-02 at 20:20 +, Salz, Rich wrote:
> > I've started collecting a certificate torture test suite at
> > http://git.infradead.org/users/dwmw2/openconnect.git/blob/HEAD:/tests/
> > Makefile.am
> 
> I think this is cool, and splitting it off is a good idea.  I think
> some IETF folks would be interested, too.

We've turned this into a nascent Internet-Draft. It's not filed yet;
preliminary feedback would be very welcome.

http://david.woodhou.se/draft-woodhouse-cert-best-practice.html

Pull requests accepted at
https://github.com/dwmw2/ietf-cert-best-practice

There's plenty of things I'm not quite sure about. In particular, is
there any reason why we'd want to use the new PKCS#8 formats defined in
RFC5958? OpenSSL doesn't support those at all, right? Does anyone?

Also, should we make any attempt to handle keys managed by a TPM? Or
can we rely on PKCS#11 for that?

I note that historically, the OpenSSL TPM ENGINE supported a 'TSS KEY
BLOB' PEM format which contained a TPM-wrapped key, and OpenConnect at
least would Just Work™ when handed such a PEM file.

-- 
dwmw2

smime.p7s
Description: S/MIME cryptographic signature
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev