Re: RedHat 8.6 libk5crypto.so.3 misses symbol EVP_KDF with openssl 1.1.1l

1 and have linked all our application servers agains this version. matthias -- Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub signature.asc Description: PGP signature

RedHat 8.6 libk5crypto.so.3 misses symbol EVP_KDF with openssl 1.1.1l

EVP_KDF (nix) I checked also the sources 1.1.1l and 1.1.1s, there are a lot of 'EVP_*' symbols, but not EVP_KDF_ctrl. What is the correct way to fix this. Thanks in advance. matthias -- Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045 Public GnuPG

RE: ungrade openssl 3.0.2 to 3.0.7

Anupam, please don’t attempt to install an openssl version which you built yourself to your Linux system, it might brake your applications. Your Linux distribution (Ubuntu) installs their own compiled versions which you can upgrade using its package manager (apt) Regards, Matthias From

RE: Test failure for 1.1.1p - 10-test_bn

My guess is that the loop is caused by one of the commits 0ed27fb7a8 and 8438d3a7b7. Would you mind to (a) check whether that's correct and which one of the two commits causes the problem, and (b) raise a GitHub issue for it? Matthias ~/src/openssl/1.1.1$ git log --oneline -

RE: Legal : guide to sign cla. has legal mail a PGP key ?

g/licenses IMHO, both the rewrite rule as well as the link in the ICLA/CCLA document should be fixed. https://www.openssl.org/policies/openssl_icla.pdf Matthias > -Original Message- > From: openssl-users On Behalf Of pl > Sent: Wednesday, April 27, 2022 10:14 PM > To: ope

RE: RSA and DES encryption and decryption with C++ on Windows

Pauli accidentally posted a link to our internal repository. You can jost replace githuib.openssl.org by github.com: https://github.com/openssl/openssl/tree/master/demos/encrypt Matthias From: openssl-users On Behalf Of John Alway Sent: Monday, April 11, 2022 7:06 PM Cc: openssl-users

RE: looking for properly configured Windows VMs

> I see lots of logs. > Maybe it's private to me. The link is not private, but it expires after a short amount of time. The timeout is visible in the URL (after url-decoding it): ...?urlExpires=2022-04-02T15:36:04.2664486Z&urlSigningMethod=HMACV1&urlSignature=J9eXW05FxMynRtIZFhvnWKNDCJtYBmn

RE: SSL_ERROR_WANT_READ after the handshake

FWIW: I noticed recently, that in TLSv1.3 it seems to be rather normal to encounter an SSL_WANT_READ immediately after returning from a successful SSL_connect() call (even in the blocking case), because part of the handshake is disguised as application data and apparently SSL_connect() returns be

RE: Upgrade openssl 1.0.2 to 1.1.1 guideline

The following wiki page might serve as a starting point: https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes HTH, Matthias > -Original Message- > From: openssl-users On Behalf Of Yan, Bob > via openssl-users > Sent: Tuesday, March 8, 2022 5:48 PM > To: openssl-us

RE: How run the specific test case //答复: How to run a simple test case

easier to discuss your problem there. You might want to tag @levitte, he should be able to help. https://github.com/openssl/openssl/issues/new/choose Matthias smime.p7s Description: S/MIME cryptographic signature

RE: How run the specific test case //答复: How to run a simple test case

, Matthias smime.p7s Description: S/MIME cryptographic signature

RE: How to run a simple test case

The README file in the test directory contains a detailed explanation. https://github.com/openssl/openssl/blob/master/test/README.md In a nutshell, you run `make test`, passing `V=1` to turn on verbose output and `TESTS=...` to select one or more tests: make V=1 TESTS= test HTH, Matthias

client/server communication with OpenSSL && with passwords or passphrase

otected by some passphrase (like for a SSH connection the usage of the private RSA key). Is there some usecase example or some tutorial for this, or any other hints? Thanks in advance matthias - Forwarded message from Matthias Apitz - Date: Tue, 19 Feb 2019 09:57:11

RE: Confusion Configuring

. And with the given information, you should be able to figure out what precisely happens in your original case using ldd an/or strace. Matthias > -Original Message- > From: openssl-users On Behalf Of Dr. > Matthias St. Pierre > Sent: Saturday, December 18, 2021 9:20

RE: Confusion Configuring

For OpenSSL 3.0, it's better to use util/wrap.pl instead. (Note: util/wrap.pl is created from util/wrap.pl.in by the Configure command) > -Original Message- > From: openssl-users On Behalf Of Dr. > Matthias St. Pierre > Sent: Saturday, December 18, 2021 9:11 AM

RE: Confusion Configuring

nstalling it: ## incorrect (without wrapper) msp@msppc:~/src/openssl-1.1.1$ apps/openssl version -d OPENSSLDIR: "/etc/ssl" ## correct (using the wrapper) msp@msppc:~/src/openssl-1.1.1$ util/shlib_wrap.sh apps/openssl version -d OPENSSLDIR: "/opt/openssl-1.1.1-dev/ssl" HTH, Mat

RE: Enumerating TLS protocol versions and ciphers supported by the peer

> Look at  > https://testssl.sh/ > That is an openssl wrapper which enumerates ciphers and protocols ( and a > whole lot more) Nice tool, I didn’t know it yet. I was already recommended to me by Michael Wojcik in his first reply, but thanks nevertheless for the link. Matthias

RE: Enumerating TLS protocol versions and ciphers supported by the peer

r failing that just a few lines of shell script) utilizing `openssl s_client`. Thanks for the weblink nevertheless. Matthias smime.p7s Description: S/MIME cryptographic signature

Enumerating TLS protocol versions and ciphers supported by the peer

Hi all, today I learned that nmap has a nice feature to enumerate the protocol versions and cipher suites supported by the peer (see below). Is there a comparable elegant way to obtain the same results using the `openssl s_client` tool? Matthias -- $ nmap -script ssl-enum-ciphers -p 443

RE: Starting the QUIC Design

Second attempt 😉 > #17184 - QUIC API Design > https://github.com/openssl/openssl/pull/17184 > > #17185 - QUIC Event Loop Design > https://github.com/openssl/openssl/pull/17185 > > -Original Message- > > From: openssl-users On Behalf Of Matt > > Caswell > > Sent: Friday, December 3, 202

RE: Starting the QUIC Design

Sorry, the links to the pull requests are broken. This will be fixed as soon as possible. Here the correct links: #17184 - QUIC API Design https://github.com/openssl/openssl/pull/17184 #17185 - QUIC Event Loop Design https://github.com/openssl/pull/17185 > -Original Message- > From: o

RE: Queries for openssl

Hi, you can find this sort of information in the manual pages, either on you UNIX*SH operating system, or online on our website: HTH, Matthias https://www.openssl.org/docs/man1.1.1/man3/PEM_read_bio_X509.html: RETURN VALUES The read routines return either a pointer to the structure read or

RE: useless search box on openssl.org

More strangeness: the side bar for the master and 1.1.1 manpage displays the text "[an error occurred while processing this directive]" https://www.openssl.org/docs/manmaster/man3/X509_get_ext_d2i.html https://www.openssl.org/docs/man1.1.1/man3/X509_get_ext_d2i.html smime.p7s Description: S/MIM

RE: useless search box on openssl.org

/docs/man1.1.0/man3/X509_get_ext_d2i.html+&cd=1&hl=de&ct=clnk&gl=de Matthias > -Original Message- > From: openssl-users On Behalf Of Dr Paul > Dale > Sent: Thursday, November 18, 2021 11:32 PM > To: openssl-users@openssl.org > Subject: Re: useless search box

RE: API to get BIGNUM member "top" in openssl 3.0

> Can you give a MWE for what you are trying to achieve? I guess that "minimal working example" is the correct choice from the gazillions of possible meanings of "MWE"? 😉 Regards, Matthias [1] https://www.acronymattic.com/MWE.html [2] https://www.abbreviatio

RE: Testing

I’ll take care of it and ask the administrator to remove it manually if possible. From: Kingsley O Sent: Thursday, August 26, 2021 3:41 PM To: Dr. Matthias St. Pierre Cc: openssl-users@openssl.org Subject: Re: Testing Didn't work..:-( Did not receive email to complete the unsubscribe pr

RE: Testing

To unsubscribe, visit https://mta.openssl.org/mailman/listinfo/openssl-users Regards From: openssl-users On Behalf Of Kingsley O Sent: Wednesday, August 25, 2021 6:06 PM To: Turritopsis Dohrnii Teo En Ming Cc: openssl-users@openssl.org Subject: Re: Testing Please remove my email from this gr

RE: How to debug ssl library in OpenSSL 1.1.1a? Thanks in advance.

If you add the `--debug` argument to your configure command and rebuild OpenSSL, you will get a library with debug information and without optimization. https://github.com/openssl/openssl/blob/master/INSTALL.md#build-type HTH, Matthias From: openssl-users On Behalf Of Ma Zhenhua Sent

RE: Hi team, I modified openssl code and make test failed. What should I do with the failed cases. Thx in advance.

The README file in the test directory contains some hints how to troubleshoot test failures. Look which test is failing and rerun it in verbose mode: make tests V=1 TESTS=testname https://github.com/openssl/openssl/blob/master/test/README.md#test-failures Hope that helps, Matthias From

Re: Remove from mailing list

El día sábado, mayo 29, 2021 a las 01:02:52a. m. -0400, Amber Shepherd escribió: > Hi, > Can you please let me know what I need to do in order to unsubscribe > from this list? Look into the header lines of the mails from the list for List-Unsubscribe: matthias -- Matthias A

RE: What's different between RSASSA and RSAPSS padding mode?

Correction: It seems like the naming of the TPM_ALG_* constants is a little bit inconsistent: According to https://trustedcomputinggroup.org/wp-content/uploads/TCG-_Algorithm_Registry_r1p32_pub.pdf * TPM_ALG_RSASSA refers to RSASSA-PKCS1-v1_5 and * TPM_ALG_RSAPSS refers to RSASSA-PSS. smime

RE: What's different between RSASSA and RSAPSS padding mode?

It’s the same. The correct full name is RSASSA-PSS, where ‘SSA’ stands for Secure Signature Algorithm (IIRC) and ‘PSS’ for Probabilistic Signature Scheme Regards https://en.wikipedia.org/wiki/PKCS_1#Schemes https://datatracker.ietf.org/doc/html/rfc4056 From: openssl-users On Behalf Of Eddie

RE: configuration options 'fips' and 'makedepend' disabled by default on master

request, the 'makedepend' option remains enabled by default. Matthias https://github.com/openssl/openssl/pull/15050 > -Original Message- > From: openssl-users On Behalf Of Dr. > Matthias St. Pierre > Sent: Tuesday, April 27, 2021 9:50 PM > To: openssl-users@

configuration options 'fips' and 'makedepend' disbled by default on master

eveloper workflow or your continuous integration relies on one of those options, now it's a good time to enable them explicitly by adding 'enable-fips' resp. 'enable-makedepend' to your configure arguments. Regards, Matthias disable fips: https://

RE: Maiising Daily Snapshots for 20210416

r you prefer. Matthias -- $ curl -JOL https://github.com/openssl/openssl/archive/refs/heads/master.tar.gz $ curl -JOL https://github.com/openssl/openssl/archive/refs/heads/OpenSSL_1_1_1-stable.tar.gz $ curl -JOL https://github.com/openssl/openssl/archive/refs/heads/master.zip $

RE: openssl-users Digest, Vol 77, Issue 6

THODs to be considered [2]. Matthias [1] https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/crypto/rand/drbg_lib.c#L958-L970 [2] https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/crypto/rand/drbg_lib.c#L1146-L1153 From: openssl-users On Behalf Of Dr Paul Dale Sent: Monday

Re: Regarding RAND_set_rand_method (was: openssl-users Digest, Vol 77, Issue 6)

blocks on the os entropy source. Please also post call stacks of the two threads if the problem persists. In particular, it would be useful to see which method is used to obtain the entropy (getrandom(), a read() from /dev/[u]random, ...), and why the system is so low on entropy. Regards, Matthias

RE: Regarding RAND_set_rand_method

each thread can do its own OpenSSL initialization) so that they can avoid above mentioned problem? No. If you really need something like that, you might want to consider splitting your two threads into two processes. HTH, Matthias From: openssl-users On Behalf Of Dr Paul Dale Sent: Friday

Re: PEM file line size

„Parsers MAYhandle other line sizes.These requirements are consistent with PEM [RFC1421 ].“ It‘s not a bug, it‘s undefined behaviour. On Wed, 24 Feb 2021 at 20:20 Frank Liu wrote: > Hi, > > I noticed openssl 1.0.1 and 1.0.2 can't read a certificate PEM file

Re: What does 'openssl ts -verify' verify exactly?

On Tue, Feb 16, 2021 at 8:56 PM Viktor Dukhovni wrote: > > On Feb 16, 2021, at 1:34 PM, Hubert Kario wrote: > > > > the whole problem is that if you trust the date in the timestamp as the > date the timestamp was created, attacker can compromise the TSA key years > after > > it was last used and

Re: What does 'openssl ts -verify' verify exactly?

On Tue, Feb 16, 2021 at 4:34 PM Hubert Kario wrote: > On Tuesday, 16 February 2021 15:54:24 CET, Matthias Buehlmann wrote: > > Hello Hubert (sorry, replied to your e-mail address directly before > instead > > of the mailing list), > > > > thank you for your r

Re: What does 'openssl ts -verify' verify exactly?

encountered so far have very short lifetimes (1-3 years). If it was true that tokens would only remain valid within that period without being restamped, the whole point of PAdES LTV would be moot. Cheers and thank you for your help, Matthias On Tue, Feb 16, 2021 at 2:49 PM Hubert Kario w

What does 'openssl ts -verify' verify exactly?

If openssl ts -verify is used, what exactly is verified? For example, while the [-crl_check] [-crl_check_all] and [-extended_crl] verify options are supported, there is no way to pass CRLs to the call. So, is anything checked for revocation? How are timestamps verified for which the signing certi

RE: OpenSSL version 3.0.0-alpha10 published

users resp. https://mta.openssl.org/mailman/listinfo/openssl-announce and follow the instructions for unsubscribing. Regards, Matthias > -Original Message- > From: openssl-users On Behalf Of John > Wasilewski > Sent: Thursday, January 7, 2021 3:23 PM > To: open...@opens

RE: SHA256 openssl-1.1.1i Checksum Error

You’re welcome. As Michael Woijcik pointed out in his reply to the list, the problem had nothing to do with zsh specifics. It was caused by the fact that those weren’t normal double quotes, but unicode left and right double quotes, which weren’t understood by the shell. Regards, Matthias From

RE: SHA256 openssl-1.1.1i Checksum Error

I have no experience with zsh, but it seems that quoting is handled differently by zsh? At least it looks like the double quotes ended up in the GET line and you simply received an HTTP 404 Not Found (which is the reason why your digest isn’t correct.) HTH, Matthias > GET /source/open

RE: Use OpenSSL to decrypt TLS session from PCAP files

/net-admin/decrypt-ssl-with-wireshark/ hth, Matthias Disclaimer: I haven’t used it for TLS myself, only for IPsec, and I can’t tell how up-to-date it is, in particular whether it is TLS 1.3 ready. From: openssl-users On Behalf Of Oren Shpigel Sent: Tuesday, December 8, 2020 3:15 PM To: openssl

RE: OpenSSL version 1.1.1h published

and beyond only, because 1.1.1 is not in markdown yet. https://github.com/openssl/openssl/pull/11346 Matthias

RE: OpenSSL version 1.1.1h published

hangelog is at the top of the page. It is indeed confusing, and it shouldn't be. See https://github.com/openssl/openssl/pull/12967 Regards, Matthias

Re: Empty directories

, Matthias [1] https://github.com/openssl/openssl/commit/25f2138b0ab54a65ba713c093ca3734d88f7cb51 [2] https://github.com/openssl/openssl/pull/9333 On 08.09.20 10:34, Gisle Vanem wrote: I've noted that when build OpenSSL using MSVC, some empty directories are created:   ./crypto/include   ./c

RE: The need for 'gdi32.lib'

function readscreen(), used by RAND_screen() (see [1]). A quick search shows that this function was removed in pull request #1079 (merged as commit 888db7f224fe) before the release of 1.1.0, see [2]. Would you mind creating a pull request for changing the NOTES? Matthias [1] https://github.com/op

RE: [SOLVED] Re: OpenSSL 3.0 hangs at exit with FIPS provider

Thomas, > I consider this a bug, of course, but at least now I know what's causing it > and how to work around it. thanks for sharing your analysis. Would you mind creating a GitHub issue for the hang? https://github.com/openssl/openssl/issues Matthias From: openssl-users O

RE: freefunc - name clash with Python.h

s://github.com/openssl/openssl/commit/739a1eb1961cdc3b1597a040766f3cb359d095f6 I don't see any reason to change our code, IMHO the clash is Python's fault: it declares a global typedef with a short name that has no python-specific prefix. HTH, Matthias

RE: Asymetric crypto and OpenSSL 3.0 deprecated functions

to emphasize that the order of operation matters: It should be encrypt-then-sign, not vice versa. This ensures that the recipient can check the integrity of the binary before attempting to decrypt it. Matthias

RE: Have new release published in /source/old directory too?

enssl/issues/11521#issuecomment-612483438 and ff.) HTH, Matthias

RE: RAND SEED in vxworks6.9

FYI: I restarted the discussion in #7946 https://github.com/openssl/openssl/issues/7946#issuecomment-603545804 Matthias

RE: RAND SEED in vxworks6.9

> Indeed, one workaround for your application would be to seed and reseed > the random generator manually using RAND_bytes(), ... Correction, I meant to say ".. using RAND_add()..." > -Original Message- > From: openssl-users On Behalf Of Dr. > Matthias S

RE: RAND SEED in vxworks6.9

find out what the current state is. If he comes up with a pull request, I could assist with reviewing it, but I can't implement it since I don't have access to the VxWorks platform. Hope that helps, Regards, Matthias [1] https://www.openssl.org/docs/man1.1.1/man7/RAND_DRBG.html [2] https://github.com/openssl/openssl/issues/7946

RE: How to split a pfx file into cert and key?

key: openssl rsa -in key.pem -out server.key HTH, Matthias From: openssl-users On Behalf Of Michael Leone Sent: Thursday, February 13, 2020 9:34 PM To: openssl-users@openssl.org Subject: How to split a pfx file into cert and key? I received a pfx file from one our techs. A pfx file is a cert

RE: Re:openssl-users Digest, Vol 62, Issue 6

users-requ...@openssl.org<mailto:openssl-users-requ...@openssl.org> Regards, Matthias From: openssl-users On Behalf Of RUBEN BARAINCA Sent: Monday, January 27, 2020 7:44 PM To: openssl-users@openssl.org Subject: Re:openssl-users Digest, Vol 62, Issue 6 Importance: High Hi!! I wan

Re: Usage of Secure C (memcpy_s, strcpy_s etc) functions on OpenSSL

referred to as C90. ISO/IEC 9899:1999 (also known as C99) is not supported on some platforms that OpenSSL is used on and therefore should be avoided. (see https://www.openssl.org/policies/codingstyle.html) Matthias On 26.11.19 12:07, Raja ashok wrote: Hi All, We are using OpenSSL in our

Re: Problems porting Openssl 1.1.1d to zos.

Please see also GitHub issue #4154, in particular https://github.com/openssl/openssl/issues/4154#issuecomment-552838141

Re: Problems porting Openssl 1.1.1d to zos.

_1_1_1-stable branch. Regards, Matthias

AW: Base64 or Base64url

P.S: My answer to your original question applies to 1.0.1 as well: https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/doc/crypto/EVP_EncodeInit.pod Von: openssl-users Im Auftrag von Dr. Matthias St. Pierre Gesendet: Freitag, 18. Oktober 2019 09:10 An: Benjamin ENTE ; openssl-users

AW: Base64 or Base64url

Just noticed your OpenSSL version: it is _very_ old and not supported anymore. its successor, OpenSSL 1.0.2, will be EOL by the end of this year. The current stable LTS version is OpenSSL 1.1.1. Matthias Von: openssl-users Im Auftrag von Benjamin ENTE Gesendet: Freitag, 18. Oktober 2019 08:51

AW: Base64 or Base64url

OpenSSL is using regular base64 encoding, see for example https://www.openssl.org/docs/man1.1.1/man3/EVP_EncodeInit.html But if you need base64url encoding, no problem: a simple string replace will help. https://brockallen.com/2014/10/17/base64url-encoding/ Regards, Matthias Von: openssl

AW: AW: building OpenSSL 1.1.1 with -DPURIFY

/openssl/commits/OpenSSL_1_1_1-stable > > Matt You are right, thanks for the correction. I must have selected the wrong entry in the GitHub branch selection box without noticing it. Fortunately, Tim didn't follow my advice blindly ;-) Matthias

AW: building OpenSSL 1.1.1 with -DPURIFY

/openssl/openssl/commits/OpenSSL_1_0_1-stable Regards, Matthias

AW: OpenSSL compilation errors in Windows

use the new accessors instead, instead of forcing the impossible to circumvent the new policy. For more information, see https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes Matthias

AW: OpenSSL compilation errors in Windows

eaders. Including *internal* headers is neither supported nor possible with a C++ compiler. And as Matt Caswell already told you, there are no compatibility guarantees for those headers. Matthias

AW: OpenSSL compilation errors in Windows

e compiled with a C++ compiler? Note that this is an internal header file and not meant to be included by third party software. HTH, Matthias Von: openssl-users Im Auftrag von Nagalakshmi V J Gesendet: Montag, 30. September 2019 08:44 An: openssl-users@openssl.org Cc: Umamaheswari Nagaraj

OpenSSL 1.1.1d: test 20-test_enc.t fails if zlib is enabled

76c66 manually to your copy of 1.1.1d (see [3]). - Update to the tip of the OpenSSL_1_1_1-stable branch (see [4]). Regards, Matthias [1] https://github.com/openssl/openssl/issues/9866 [2] https://github.com/openssl/openssl/pull/9877 [3] https://github.com/openssl/openssl/c

AW: Test failed with openssl-1.1.1d ../test/recipes/20-test_enc.t

n certain situations you have to press CTRL-D in the console more often than expected in order to indicate EOF to the openssl application. https://github.com/openssl/openssl/commit/8be96f236969caabf303bec389a2f812b4869c1c HTH, Matthias

AW: FIPS_selftest() Usage

0 object module. Anything you need to know you should be able to find in there. Regards, Matthias

Re: RAND_seed buffer freeing

. For more details, see https://www.openssl.org/docs/man1.1.1/man7/RAND.html <https://www.openssl.org/docs/man1.1.1/man7/RAND.html> and https://www.openssl.org/docs/man1.1.1/man7/RAND_DRBG.html <https://www.openssl.org/docs/man1.1.1/man7/RAND_DRBG.html> HTH, Matthias

AW: AW: Performance Issue With OpenSSL 1.1.1c

startup delay is encountered only at early boot time or also when you start the daemon manually when the system is up and running. Matthias

Re: AW: Performance Issue With OpenSSL 1.1.1c

Hi, I opened an issue on GitHub to discuss this problem in more detail. https://github.com/openssl/openssl/issues/9078 It would be nice if you could join the discussion there. Matthias @Jay:  in particular I'm interested to learn, which linux version and distribution you were usin

AW: Performance Issue With OpenSSL 1.1.1c

without having to add special defines on the commandline. Matthias

AW: Performance Issue With OpenSSL 1.1.1c

ub.com/openssl/openssl/blob/OpenSSL_1_1_1c/crypto/rand/rand_unix.c#L509-L535 I think that pull request #8251 needs to be reconsidered. Give me one day or two, I'll create a GitHub issue for that and post the link here when it's ready. Matthias

Re: Forthcoming OpenSSL Releases

On 29.05.19 15:05, The Doctor wrote: For the next branch of OpenSSL is it 1.1.2 or 1.2.0 ? The next major release will be 3.0.0. See https://www.openssl.org/blog/blog/2018/11/28/version <https://www.openssl.org/blog/blog/2018/11/28/version/> for an explanation. Matthias

AW: Performance Issue With OpenSSL 1.1.1c

ound on GitHub: - issue #8215, fixed by pull request #8251 - issue #8416, fixed by pull request #8428 (see links below). And you are right, the change should have been mentioned in the CHANGES file. Apologies for that. HTH, Matthias https://github.com/openssl/openssl/issues/8215 https://github.

AW: Slightly funny tar ball for openssl 1.1.1c ?

and the links to the LKML which it contains https://lkml.org/lkml/2005/6/18/5 https://marc.info/?l=linux-kernel&m=111909182607985&w=2 HTH, Matthias

AW: why does RAND_add() take "randomness" as a "double"?

.1, because we tried very hard not to add unnecessary breaking changes to the ones made in 1.1.0. Matthias

AW: Building openssh7.9p1 and above against openssl1.1.1b

against version 1.0.2 will be supported until it is end-of-life, which is by the end of this year. HTH, Matthias Von: openssl-users Im Auftrag von Samiya Khanum via openssl-users Gesendet: Mittwoch, 15. Mai 2019 04:55 An: openssl-users@openssl.org Betreff: Building openssh7.9p1 and above

Re: Reg solaris support for openssl 1.1.1b

My guess is that your binary is loading the system's shared libraries. To find out whether this is the case, try     ldd bin/openssl If my assumption is correct, you might have to set the LD_LIBRARY_PATH explicitely. HTH, Matthias On 15.03.19 09:43, ramakrushna mishra wrote: Hi,

Re: Developers, a small request

On 13.03.19 21:09, Richard Levitte wrote: So yeah, we do need to remember that PRs go through the CIs before merging. Agreed, and thanks Rich for the polite reminder :-) Matthias

AW: AES-cipher offload to engine in openssl-fips

e; I'm currently not 100% up-to-date) instead. Matthias

AW: AES-cipher offload to engine in openssl-fips

configured and built with `./configure fips ...` in order to integrate the FIPS Object Module. Until FIPS 3.0 has been released and FIPS 2.0 is history, we should stick to that definition and not confuse FIPS users by reinterpreting it or pretend that it is not used anymore or has a different

Re: AW: OpenSSL version 1.1.1b published

On 27.02.19 13:51, Jan Ehrhardt wrote: Matthias St. Pierre in gmane.comp.encryption.openssl.user (Wed, 27 Feb 2019 13:00:55 +0100): On 27.02.19 10:09, Jan Ehrhardt wrote: I ran into this using 7-Zip 18.05 (x64) on Windows, which is a fairly recent version. Thanks for the Updates about 7-Zip

Re: AW: OpenSSL version 1.1.1b published

On 27.02.19 10:09, Jan Ehrhardt wrote: Thomas J. Hruska in gmane.comp.encryption.openssl.user (Tue, 26 Feb 2019 23:07:53 -0700): On 2/26/2019 10:05 PM, Dr. Matthias St. Pierre wrote: Hi Thomas, Unlike previous releases, this tar-gzipped file contains a 52 byte file called

AW: OpenSSL version 1.1.1b published

is file. This seems to be a bug of the tar command which was fixed in 1.14. https://lkml.org/lkml/2005/6/18/5 https://marc.info/?l=linux-kernel&m=111909182607985&w=2 HTH, Matthias

Re: understand 'openssl dhparms ....'

El día Tuesday, February 19, 2019 a las 10:47:44AM +, Matt Caswell escribió: > > > On 19/02/2019 08:57, Matthias Apitz wrote: > > > > Two questions: > > > > 1. Why this has no input file? Shouldn't it have on, and which? The man > > page say

understand 'openssl dhparms ....'

M4x z6WsA3tVbykRw80A0Rja2y7IHZ9dGJc/guxrxUpNketeSddFzGicz6mrEafSdurd ephztXEmQ63XP4ULPlcaOXzYk6GLUXFYKVYuIHnpdcJLLRMFWZ0bAgEC -END DH PARAMETERS- How this is supposed to work? Thanks matthias -- Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub

Re: [openssl-users] Possible bug in crypto/engine

Sorry, the command contains a little error: please replace `gdb …` by `gdb –args …`: util/shlib_wrap.sh gdb --args apps/openssl cms -sign -signer cert.pem -inkey 101 -keyform engine -engine pkcs11 -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/open

Re: [openssl-users] Possible bug in crypto/engine

at the segmentation fault. HTH, Matthias Von: openssl-users Im Auftrag von Antonio Iacono Gesendet: Sonntag, 6. Januar 2019 19:55 An: openssl-users@openssl.org Betreff: [openssl-users] Possible bug in crypto/engine Hi, I sign a text file with: openssl cms -sign -signer cert.pem -inkey 01

Re: [openssl-users] RNG behavior by default

, you could theoretically register your own get_entropy callback for the master DRBG at application startup time. But if you don't have a better entropy source than OpenSSL, you are bound to fail, too. And isn't it better for your application to fail gracefully in this case than to pr

Re: [openssl-users] RNG behavior by default

the return value of the RAND_bytes() function. Because in the error state, the buffer is not filled at all. Matthias -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] RNG behavior by default

le to obey: Always check the error return value of RAND_bytes(3) and do not take randomness for granted. https://www.openssl.org/docs/man1.1.1/man7/RAND.html (See also https://www.openssl.org/docs/man1.1.1/man7/RAND_DRBG.html) Matthias -- openssl-users mailing list To

Re: [openssl-users] Build target architecture

ng configuration and apply incremental changes. HTH, Matthias -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] openssl 1.1.1 manuals

ocs/man1.1.1/man3/CMS_sign.html https://www.openssl.org/docs/man1.1.0/crypto/CMS_sign.html Matthias -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

  1   2   3   >