Re: [openssl-users] sha256 digest support in v102l build missing; present in v110f. missing build flag?
On 30-05-17 17:25, Salz, Rich via openssl-users wrote: >> The results are both functional, but the v102l build is missing >> sha{224|256|384|512} digests > > Right; those digests are not in 1.0.2 They are, they're just not advertised: $ openssl version OpenSSL 1.0.2k 26 Jan 2017 $ openssl help [...] Message Digest commands (see the `dgst' command for more details) md4 md5 mdc2 rmd160 sha sha1 [...] $ openssl dgst -sha256 .bash_history SHA256(.bash_history)= b8f9308c4b9141993b4af1cee6cdffe36339bc2e05c0bf16206f9944f85aa102 $ openssl sha224 .bash_history SHA224(.bash_history)= a13d7f83a0dc0dcfb6032cb3cd7c4669958a2fb0e01dbb72c95e1d02 etc. -- Wouter Verhelst -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Cannot find SSL_CTX_get0_param in libssl library
On 28/05/2017 23:31, Salz, Rich via openssl-users wrote: The openssl program will use the wrong libssl.so and libcrypto.so. Yes, got it. But that's small potatoes compared to everyone else finding the wrong shared library, and just saying "use rpath" doesn't help all those others. Change the /usr/lib/libssl.so symlink to point to libssl.so.1.1, not libssl.so.1.0 while compiling with OpenSSL 1.1.x headers. Ditto for libcrypto.so. Alternatively, place such symlinks in the lib directory that is next to the include directory with OpenSSL 1.1.x headers. This should cause the resulting programs to refer to the right so-name (libssl.so.1.1 etc.) and thus either load the right library generation (1.1.x) or report that it isn't installed on the local library path (typically, /lib/, /usr/lib/ and /usr/local/lib/ in some system dependent order). After all, this is the whole point of the versioned .so file names. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] sha256 digest support in v102l build missing; present in v110f. missing build flag?
On 5/30/17 9:01 AM, Jakob Bohm wrote: Actually, in my testing of earlier 1.0.x releases, sha256 etc. are only missing from the help message, they are actually there, also as commands. On 5/30/17 9:14 AM, Salz, Rich wrote: >> Then I've misunderstood the presence of the "-DSHA256_ASM" flag. >> >> What's it specifically used for? > > To remind me to double-check my answers? :( > > Sorry, they are present. The difference is that the help message in 1.0.2 isn't complete. Did you try the commands directly? Well, touch /tmp/test.txt /usr/local/openssl10/bin/openssl dgst -sha256 /tmp/test.txt SHA256(/tmp/test.txt)= e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 /usr/local/openssl11/bin/openssl dgst -sha256 /tmp/test.txt SHA256(/tmp/test.txt)= e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 NOW I have! See? THAT'S what you get when you waste time RTFM-ing! ;-) Thanks. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] sha256 digest support in v102l build missing; present in v110f. missing build flag?
> Then I've misunderstood the presence of the "-DSHA256_ASM" flag. > > What's it specifically used for? To remind me to double-check my answers? :( Sorry, they are present. The difference is that the help message in 1.0.2 isn't complete. Did you try the commands directly? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] OpenSSL and RPATH's
The only reason why you would ever want to use RPATH with OpenSSL is because you need to install a particular old version of libssl (or libcrypto) that has the same SONAME as the system-default, but where you don't want to use that system-default one -- but why would you want to do that? Security updates are a good thing, usually. On 5/30/17 8:58 AM, Jakob Bohm wrote: > On 29/05/2017 16:39, Wouter Verhelst wrote: >> ... >> The only reason why you would ever want to use RPATH with OpenSSL is ... Well, 'different strokes' to be sure ... but, here, especially with lots of apps still not at all v110 compatible, or at best broken in their attempts, having local builds of both v110x and v102x is extremely useful -- and RPATH'ing makes that trivially manageable. My $.02. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] sha256 digest support in v102l build missing; present in v110f. missing build flag?
On 30/05/2017 17:20, PGNet Dev wrote: I'm building separate local instances of latest Openssl v1.1.0 & v1.0.2 on linux64, to keep not-yet-v110-compliant apps happy. The results are both functional, but the v102l build is missing sha{224|256|384|512} digests v 1.0.2l /usr/local/openssl10/bin/openssl version OpenSSL 1.0.2l 26 Jan 2017 /usr/local/openssl10/bin/openssl version -f compiler: /usr/bin/gcc-7 -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -D_GNU_SOURCE -DOPENSSL_NO_BUF_FREELISTS -DOPENSSL_NO_HEARTBEAT -DPURIFY -DSSL_FORBID_ENULL -DTERMIO -Wa,--noexecstack -Wall -fno-common -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM /usr/local/openssl10/bin/openssl help ... Message Digest commands (see the `dgst' command for more details) md4 md5 rmd160sha sha1 ... ldd /usr/local/openssl10/bin/openssl | egrep 'lib(ssl|crypto)' libssl.so.1.0.0 => /usr/local/openssl10/lib64/libssl.so.1.0.0 (0x7f1619534000) libcrypto.so.1.0.0 => /usr/local/openssl10/lib64/libcrypto.so.1.0.0 (0x7f16190aa000) Actually, in my testing of earlier 1.0.x releases, sha256 etc. are only missing from the help message, they are actually there, also as commands. v 1.1.0f /usr/local/openssl11/bin/openssl version OpenSSL 1.1.0f 25 May 2017 /usr/local/openssl11/bin/openssl version -f /usr/local/openssl11/bin/openssl version -f compiler: /usr/bin/gcc-7 -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSL_API_COMPAT=0x1010L -D_GNU_SOURCE -DOPENSSL_NO_BUF_FREELISTS -DOPENSSL_NO_HEARTBEAT -DPURIFY -DSSL_FORBID_ENULL -DTERMIO -DOPENSSLDIR="\"/usr/local/openssl11\"" -DENGINESDIR="\"/usr/local/openssl11/lib64/engines-1.1\"" -Wa,--noexecstack -Wall -fno-common -Wa,--noexecstack /usr/local/openssl11/bin/openssl help ... Message Digest commands (see the `dgst' command for more details) blake2b512blake2s256gost md4 md5 rmd160sha1 sha224 sha256sha384sha512 ... ldd /usr/local/openssl11/bin/openssl | egrep 'lib(ssl|crypto)' libssl.so.1.1 => /usr/local/openssl11/lib64/libssl.so.1.1 (0x7fc9c70f4000) libcrypto.so.1.1 => /usr/local/openssl11/lib64/libcrypto.so.1.1 (0x7fc9c6c48000) The "-DSHA256_ASM" flag is present for the 102l build. Is there an additional, specific flag required to enable the higher bit-depth digests for v102l that I've missed. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] OpenSSL and RPATH's (was: Cannot find SSL_CTX_get0_param in libssl library)
On 29/05/2017 16:39, Wouter Verhelst wrote: ... The only reason why you would ever want to use RPATH with OpenSSL is because you need to install a particular old version of libssl (or libcrypto) that has the same SONAME as the system-default, but where you don't want to use that system-default one -- but why would you want to do that? Security updates are a good thing, usually. There is another, converse case: If the system comes with a (patched) old version of the OpenSSL libraries (for example, Debian 7 comes with a patched OpenSSL 1.0.1 that ensures 100% compatibility with programs compiled against version 1.0.1t headers), then you may also need a special SO name or RPATH to link locally compiled software against the latest 1.0.x release, rather than 1.0.1 . RPATH support is nice for corner cases, but it should not be the default, ever. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] sha256 digest support in v102l build missing; present in v110f. missing build flag?
On 5/30/17 8:25 AM, Salz, Rich wrote: The results are both functional, but the v102l build is missing sha{224|256|384|512} digests Right; those digests are not in 1.0.2 Then I've misunderstood the presence of the "-DSHA256_ASM" flag. What's it specifically used for? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] sha256 digest support in v102l build missing; present in v110f. missing build flag?
> The results are both functional, but the v102l build is missing > sha{224|256|384|512} digests Right; those digests are not in 1.0.2 -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] sha256 digest support in v102l build missing; present in v110f. missing build flag?
I'm building separate local instances of latest Openssl v1.1.0 & v1.0.2 on linux64, to keep not-yet-v110-compliant apps happy. The results are both functional, but the v102l build is missing sha{224|256|384|512} digests v 1.0.2l /usr/local/openssl10/bin/openssl version OpenSSL 1.0.2l 26 Jan 2017 /usr/local/openssl10/bin/openssl version -f compiler: /usr/bin/gcc-7 -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -D_GNU_SOURCE -DOPENSSL_NO_BUF_FREELISTS -DOPENSSL_NO_HEARTBEAT -DPURIFY -DSSL_FORBID_ENULL -DTERMIO -Wa,--noexecstack -Wall -fno-common -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM /usr/local/openssl10/bin/openssl help ... Message Digest commands (see the `dgst' command for more details) md4 md5 rmd160sha sha1 ... ldd /usr/local/openssl10/bin/openssl | egrep 'lib(ssl|crypto)' libssl.so.1.0.0 => /usr/local/openssl10/lib64/libssl.so.1.0.0 (0x7f1619534000) libcrypto.so.1.0.0 => /usr/local/openssl10/lib64/libcrypto.so.1.0.0 (0x7f16190aa000) v 1.1.0f /usr/local/openssl11/bin/openssl version OpenSSL 1.1.0f 25 May 2017 /usr/local/openssl11/bin/openssl version -f /usr/local/openssl11/bin/openssl version -f compiler: /usr/bin/gcc-7 -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSL_API_COMPAT=0x1010L -D_GNU_SOURCE -DOPENSSL_NO_BUF_FREELISTS -DOPENSSL_NO_HEARTBEAT -DPURIFY -DSSL_FORBID_ENULL -DTERMIO -DOPENSSLDIR="\"/usr/local/openssl11\"" -DENGINESDIR="\"/usr/local/openssl11/lib64/engines-1.1\"" -Wa,--noexecstack -Wall -fno-common -Wa,--noexecstack /usr/local/openssl11/bin/openssl help ... Message Digest commands (see the `dgst' command for more details) blake2b512blake2s256gost md4 md5 rmd160sha1 sha224 sha256sha384sha512 ... ldd /usr/local/openssl11/bin/openssl | egrep 'lib(ssl|crypto)' libssl.so.1.1 => /usr/local/openssl11/lib64/libssl.so.1.1 (0x7fc9c70f4000) libcrypto.so.1.1 => /usr/local/openssl11/lib64/libcrypto.so.1.1 (0x7fc9c6c48000) The "-DSHA256_ASM" flag is present for the 102l build. Is there an additional, specific flag required to enable the higher bit-depth digests for v102l that I've missed. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users