[openssl-users] X25519 - why openssl shows server temp key as 253 bits?
Hi, When using openssl with X25519, why it shows the server temp key as 253 bits? Example: --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA Server Temp Key: X25519, 253 bits --- I thought Curve25519 is using 256 bit keys. Why 253 instead of 256? with regards, Saravanan -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] OpenSSL version 1.1.0i make test fails - 80-test_cms.t
> On Sep 4, 2018, at 12:16 AM, James Brown via openssl-users > wrote: > > Running ‘make test’ for 1.1.0i fails with: > > Test Summary Report > --- > ../test/recipes/80-test_cms.t(Wstat: 256 Tests: 4 Failed: 1) > Failed test: 4 > Non-zero exit status: 1 > Files=99, Tests=561, 83 wallclock secs ( 0.94 usr 0.23 sys + 49.59 cusr > 22.30 csys = 73.06 CPU) > Result: FAIL > make[1]: *** [_tests] Error 1 > make: *** [tests] Error 2 > > I first ran: > > ./Configure --prefix=/usr/local shared darwin64-x86_64-cc > enable-ec_nistp_64_gcc_128 no-ssl2 no-ssl3 > > then > > make depend The "make depend" should not be necessary with "1.1.0" builds. > then: make test > > macOS X 10.7.5 > > Any suggestions? I'm using MacOS X 10.13.6 (aka Darwin 17.7.0), and all tests pass. You could try "make V=1 test" and report more details from the test failure, but first consider skipping "make depend" and perhaps a less ancient MacOS X version. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] OpenSSL version 1.1.0i make test fails - 80-test_cms.t
Running ‘make test’ for 1.1.0i fails with: Test Summary Report --- ../test/recipes/80-test_cms.t(Wstat: 256 Tests: 4 Failed: 1) Failed test: 4 Non-zero exit status: 1 Files=99, Tests=561, 83 wallclock secs ( 0.94 usr 0.23 sys + 49.59 cusr 22.30 csys = 73.06 CPU) Result: FAIL make[1]: *** [_tests] Error 1 make: *** [tests] Error 2 I first ran: ./Configure --prefix=/usr/local shared darwin64-x86_64-cc enable-ec_nistp_64_gcc_128 no-ssl2 no-ssl3 then make depend then: make test macOS X 10.7.5 Any suggestions? Thanks, James.-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] build.info
Using the linux env var LD_PRELOAD, maybe? Sent from BlueMail On Sep 3, 2018, 15:05, at 15:05, "Thomás Inskip" wrote: >Does anyone know how I can specify that a specific shared library (in >this >case an engine) is dependent on a system-installed shared library (i.e. >not >built along with openssl)?. Basically the equivalent of LDFLAGS += >-lsomelib > > > > >-- >openssl-users mailing list >To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] stunnel 5.49 released
Dear Users, I have released version 5.49 of stunnel. Version 5.49, 2018.09.03, urgency: MEDIUM * New features - Performance optimizations. - Logging of negotiated or resumed TLS session IDs (thx to ANSSI - National Cybersecurity Agency of France). - Merged Debian 10-enabled.patch and 11-killproc.patch (thx to Peter Pentchev). - OpenSSL DLLs updated to version 1.0.2p. - PKCS#11 engine DLL updated to version 0.4.9. * Bugfixes - Fixed a crash in the session persistence implementation. - Fixed syslog identifier after configuration file reload. - Fixed non-interactive "make check" invocations. - Fixed reloading syslog configuration. - stunnel.pem created with SHA-256 instead of SHA-1. - SHA-256 "make check" certificates. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: 3d6641213a82175c19f23fde1c3d1c841738385289eb7ca1554f4a58b96d955e stunnel-5.49.tar.gz 459bbb212baf0b9821c80e0664c830246ef6e97c7329fb08160e87ff11ae9692 stunnel-5.49-win32-installer.exe 72416c6664106ad815a8da67a525c6593247fc06cbca3b8918ffc87ae92595e8 stunnel-5.49-android.zip Best regards, Mike signature.asc Description: OpenPGP digital signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] build.info
Does anyone know how I can specify that a specific shared library (in this case an engine) is dependent on a system-installed shared library (i.e. not built along with openssl)?. Basically the equivalent of LDFLAGS += -lsomelib -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Engines on Mac OS X
Ouch... Spelling Corrector doing is best. The text below should've been: "... spitting out a pile of error..." Oh well. Hard to admit, but sometimes automatic correctors are even more eloquent than me, and seem freeer in their choice of words too. ;-) Regards, Uri Sent from my iPhone > On Sep 3, 2018, at 14:31, Blumenthal, Uri - 0553 - MITLL > wrote: > > If it builds a dummy engine - then shouldn't a dummy engine respond > gracefully to requests with something like "sorry I can't do anything > useful", instead of spitting outa puke of error messages in response to > "openssl engine -t capi"? > > Regards, > Uri > > Sent from my iPhone > >> On Sep 3, 2018, at 12:27, Richard Levitte wrote: >> >> In message <62b8aa9b-d6d2-4f33-94c5-7bfe11e46...@akamai.com> on Mon, 3 Sep >> 2018 13:56:41 +, "Salz, Rich" said: >> Gotcha. In that case why does it get built on Mac? I.e., why doesn’t the build process exclude it automatically? >>> >>> Beats me. It ends up being a zero-length object file, more or >>> less. Perhaps Richard Levitte knows. >> >> We've made it conditional in the source file rather than the build >> configuration, so on non-MSWindows platforms, it becomes a minimal >> shared object with an entry point that fails unconditionally. >> >> We should obviously rethink that strategy... >> >> Cheers, >> Richard >> >> -- >> Richard Levitte levi...@openssl.org >> OpenSSL Project http://www.openssl.org/~levitte/ >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users smime.p7s Description: S/MIME cryptographic signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Engines on Mac OS X
If it builds a dummy engine - then shouldn't a dummy engine respond gracefully to requests with something like "sorry I can't do anything useful", instead of spitting outa puke of error messages in response to "openssl engine -t capi"? Regards, Uri Sent from my iPhone > On Sep 3, 2018, at 12:27, Richard Levitte wrote: > > In message <62b8aa9b-d6d2-4f33-94c5-7bfe11e46...@akamai.com> on Mon, 3 Sep > 2018 13:56:41 +, "Salz, Rich" said: > >>> Gotcha. In that case why does it get built on Mac? I.e., why >>> doesn’t the build process exclude it automatically? >> >> Beats me. It ends up being a zero-length object file, more or >> less. Perhaps Richard Levitte knows. > > We've made it conditional in the source file rather than the build > configuration, so on non-MSWindows platforms, it becomes a minimal > shared object with an entry point that fails unconditionally. > > We should obviously rethink that strategy... > > Cheers, > Richard > > -- > Richard Levitte levi...@openssl.org > OpenSSL Project http://www.openssl.org/~levitte/ > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users smime.p7s Description: S/MIME cryptographic signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Engines on Mac OS X
In message <62b8aa9b-d6d2-4f33-94c5-7bfe11e46...@akamai.com> on Mon, 3 Sep 2018 13:56:41 +, "Salz, Rich" said: > > Gotcha. In that case why does it get built on Mac? I.e., why > > doesn’t the build process exclude it automatically? > > Beats me. It ends up being a zero-length object file, more or > less. Perhaps Richard Levitte knows. We've made it conditional in the source file rather than the build configuration, so on non-MSWindows platforms, it becomes a minimal shared object with an entry point that fails unconditionally. We should obviously rethink that strategy... Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Engines on Mac OS X
On 03/09/18 14:56, Salz, Rich via openssl-users wrote: > *>*Gotcha. In that case why does it get built on Mac? I.e., why doesn’t > the build process exclude it automatically? > > > > Beats me. It ends up being a zero-length object file, more or less. > Perhaps Richard Levitte knows. It skips building it completely if configured with no-engine, no-dynamic-engine or no-capieng. Otherwise it will attempt the build. Inside e_capi.c it performs various compile time checks to determine whether its got everything it needs to produce the engine. If it doesn't then it just ends up building a dummy engine that doesn't do anything. Matt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Engines on Mac OS X
>Gotcha. In that case why does it get built on Mac? I.e., why doesn’t the build >process exclude it automatically? Beats me. It ends up being a zero-length object file, more or less. Perhaps Richard Levitte knows. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] curl and wget not working with https sites after upgrade to ubuntu 18.04.1
Seems to be a openssl related issue. Anyone have any ideas as to what this is? Note that the url works in a browser. With wget: # wget -d https://deb.nodesource.com/setup_8.x DEBUG output created by Wget 1.19.4 on linux-gnu. Reading HSTS entries from /home/user/.wget-hsts URI encoding = ‘UTF-8’ Converted file name 'setup_8.x' (UTF-8) -> 'setup_8.x' (UTF-8) --2018-09-02 19:54:06-- https://deb.nodesource.com/setup_8.x Could not seed PRNG; consider using --random-file. OpenSSL: error:2406F07A:random number generator:RAND_load_file:Not a regular file Disabling SSL due to encountered errors. With curl: # curl -v -L https://deb.nodesource.com/setup_8.x * Trying 205.251.207.2... * TCP_NODELAY set * Connected to deb.nodesource.com (205.251.207.2) port 443 (#0) -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users