Re: [openssl-users] Porting to OpenSSL 1.1

2016-10-10 Thread Matt Caswell
On 10/10/16 23:56, Bernhard Rosenkraenzer wrote: > Hi, > I'm porting some code to OpenSSL 1.1 -- for the most part, it's going > well, but there's some things I'm not sure about: > > - What replaces a direct access to "sha1_hash" in an X509? (found in Qt 5.7) You could use X509_digest() to

[openssl-users] Porting to OpenSSL 1.1

2016-10-10 Thread Bernhard Rosenkraenzer
Hi, I'm porting some code to OpenSSL 1.1 -- for the most part, it's going well, but there's some things I'm not sure about: - What replaces a direct access to "sha1_hash" in an X509? (found in Qt 5.7) So far, haven't come up with a proper alternative to this. Should the code be refactored to

Re: [openssl-users] pod to html

2016-10-10 Thread Benjamin Kaduk
On 10/10/2016 08:30 AM, Ken Goldman wrote: > On 10/6/2016 10:11 AM, Matt Caswell wrote: >> make install_html_docs > > That somewhat worked. > > 1 - I get 100's of errors of the form > > /usr/bin/pod2html: -: cannot resolve L in paragraph 11. > Trying the install locally, at

Re: [openssl-users] Building an application with OpenSSL and FIPS support.

2016-10-10 Thread Matthew Heimlich
$openssl version returns: OpenSSL 1.0.2j-fips My FIPS module version is openssl-fips-2.0.13 $OPENSSL_FIPS=1 openssl md5 /dev/null returns: Error setting digest md5 140066569107136:error:060A80A3:digital envelope routines:FIPS_DIGESTINIT:disabled for fips:fips_md.c:180: $OPENSSL_FIPS=1

Re: [openssl-users] pod to html

2016-10-10 Thread Ken Goldman
On 10/6/2016 10:11 AM, Matt Caswell wrote: make install_html_docs That somewhat worked. 1 - I get 100's of errors of the form /usr/bin/pod2html: -: cannot resolve L in paragraph 11. 2 - The links, typically in "SEE ALSO" are not links. 3 - The back navigation at the

Re: [openssl-users] Building an application with OpenSSL and FIPS support.

2016-10-10 Thread Dr. Stephen Henson
On Fri, Oct 07, 2016, Matthew Heimlich wrote: > Which returns > > > Attempting to set FIPS mode to 1... > Last error was: 2d06b06f > FIPS_mode_set failed: 2d06b06f > FIPS mode is: 0??? > > So it would appear that my FIPS mode is never even being set, and walking > through the code would seem

Re: [openssl-users] Linking FIPS 2.0.12 and OpenSSL 1.0.2f - "multiple definition of `bn_div_3_words"

2016-10-10 Thread Dr. Stephen Henson
On Fri, Oct 07, 2016, craig_we...@trendmicro.com wrote: > I am trying to build a library of FIPS 2.0.12 and OpenSSL 1.0.2f for MIPS > architecture on vxWorks. I am getting this error during the link step: > > ../libcrypto.a(bn-mips.o)(.text+0x700): In function `bn_div_3_words': > : multiple

Re: [openssl-users] Getting the retry reason for a "failed" BIO_write/BIO_read

2016-10-10 Thread Ajay Garg
On Mon, Oct 10, 2016 at 2:47 PM, Ajay Garg wrote: > > > On Mon, Oct 10, 2016 at 1:31 PM, Viktor Dukhovni < > openssl-us...@dukhovni.org> wrote: > >> >> > On Oct 10, 2016, at 3:52 AM, Ajay Garg wrote: >> > >> > If(BIO_should_read(socket->ssl_bio)

Re: [openssl-users] Getting the retry reason for a "failed" BIO_write/BIO_read

2016-10-10 Thread Ajay Garg
On Mon, Oct 10, 2016 at 1:31 PM, Viktor Dukhovni wrote: > > > On Oct 10, 2016, at 3:52 AM, Ajay Garg wrote: > > > > If(BIO_should_read(socket->ssl_bio) != 0) > > > > If(BIO_should_write(socket->ssl_bio) != 0) > > In Postfix, we don't bother

Re: [openssl-users] Getting the retry reason for a "failed" BIO_write/BIO_read

2016-10-10 Thread Viktor Dukhovni
> On Oct 10, 2016, at 3:52 AM, Ajay Garg wrote: > > If(BIO_should_read(socket->ssl_bio) != 0) > > If(BIO_should_write(socket->ssl_bio) != 0) In Postfix, we don't bother with the application layer ssl_bio, and just do SSL_read()/SSL_write() directly. You only need this

Re: [openssl-users] Root-Level queries while using SSL-connections wrapping "sockets"

2016-10-10 Thread Ajay Garg
Hi All. I guess all my theories are bang on, as the entire framework was integrated seamlessly making use of the above "theories". Thanks a ton to everyone, and extra thanks to Viktor  Thanks and Regards, Ajay On 10 Oct 2016 6:34 a.m., "Ajay Garg" wrote: > Thanks

Re: [openssl-users] Getting the retry reason for a "failed" BIO_write/BIO_read

2016-10-10 Thread Ajay Garg
Following works : If(BIO_should_read(socket->ssl_bio) != 0) If(BIO_should_write(socket->ssl_bio) != 0) With this, I could get the entire end-to-end workflow to work Thanks a ton for all the help !!! On Mon, Oct 10, 2016 at 11:50 AM, Ajay Garg wrote: > Hi All. >

Re: [openssl-users] Getting the retry reason for a "failed" BIO_write/BIO_read

2016-10-10 Thread Ajay Garg
Hi Viktor, I am already setting that. socket->ssl_bio = BIO_new(BIO_f_ssl()); if (!(socket->ssl_bio)) { HANDLE_CATASTROPHIC_INIT_ERROR("client-ssl-bio") return; } SSL_set_connect_state(socket->ssl); SSL_set_bio(socket->ssl, socket->inter_bio,

Re: [openssl-users] Getting the retry reason for a "failed" BIO_write/BIO_read

2016-10-10 Thread Viktor Dukhovni
> On Oct 10, 2016, at 2:20 AM, Ajay Garg wrote: > >BIO *inter_bio; // intermediate-bio, have no idea > what it really is used for. The internal BIO from BIO_new_bio_pair must be attached to the SSL handle via: SSL_set_bio(ssl,

[openssl-users] Getting the retry reason for a "failed" BIO_write/BIO_read

2016-10-10 Thread Ajay Garg
Hi All. Taking the socket-structure as :: # SSL *ssl; BIO *ssl_bio; // app-payload-bytes will be written by app into it. BIO *inter_bio;