On 2021-11-25 15:00, Matt Caswell wrote:
Please see the new blog post by Tim Hudson giving an update on the
OpenSSL Project.
https://www.openssl.org/blog/blog/2021/11/25/openssl-update/
Followup:
While the OpenSSL leadership may think they have made things easier
for algorithm developers
Please note that the embedded github links don't work for me, as all
I get is an error page with a log in form.
One major issue with any QUIC implementation is how closely that
protocol is tied to Google and their desire to have web browsers
quickly load elements from 3rd part webservers, such
Which is indeed what I do in our notarized MacOsX and iOS applications.
However to do so, I have historically needed to clean up OpenSSL source
code to actually behave as a proper static library where only used
functions are linked in. Most notably, the source files named xxx_lib.c
tend
Testing to see if I get a blank.
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b
Merry Christmas
> I've raised a PR to correct the docs here:
>
> https://github.com/openssl/openssl/pull/17111
>
> Hopefully that is sufficient to convince your reviewers.
Thanks, Matt. That should do the trick.
Regards,
Andrew.
Hi,
We have an application that uses OpenSSL 1.1.1k to receive AES256-GCM encrypted
messages. The streamed data starts with a 12 byte IV, then the ciphertext and
ends with the 16 byte tag. Our decryption code is based directly on the sample
code in the Wiki and the distribution.
https
您好,您的邮件我已收到,我会尽快阅读,谢谢!
您好,您的邮件我已收到,我会尽快阅读,谢谢!
您好,您的邮件我已收到,我会尽快阅读,谢谢!
您好,您的邮件我已收到,我会尽快阅读,谢谢!
您好,您的邮件我已收到,我会尽快阅读,谢谢!
Hello
I get my log spammed with this alert:
sslize error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert
certificate unknown
As far as I can read from the net, it is because the CA certificates on my
server is not up to date.
Actually there is none, as this is an embedded target, and
- Forwarded Message - From: Zlatko Vrastic To:
"openssl-users@openssl.org" Sent: Friday, October
22, 2021, 03:25:10 PM GMT+2Subject: openssl s_client privatekey engine pkcs11 -
no SSL_connect:SSLv3/TLS write certificate verify
When using
openssl s_client .. -keyf
erall size crosses 4k. We used BIO_set_write_buffer_size() API to
> > increase the size from 4k to 8k of the BIO buffer in SSL context.
> >
> > Regards
> > Vishal
> >
> >
> > On Wed, Oct 20, 2021 at 3:26 PM Vishal Sinha > <mailto:vishals1...@gmail.com>> wrote:
RedfishOid.4 = Redfish internal LDAP extensions used by HR
Next for the OpenSSL command line tools, you need to add the individual
X.509 relatedOIDs to the openssl.cnf file:
In the [default] section:
oid_section = new_oids
In the [new_oids] section
RedFishFooBar=1.3.6.1.4.1.9
Hi,
We encrypt data using openSSL C++ API, decrypt data using java(default
security package).
99.9% of the time, it works fine, but when multi-instances of apps encrypt
data at same time, java fails to decrypt .
We are using version 1.1.01 (AES/CBC/PKCS5Padding)
mpCtx = EVP_CIPHER_CTX_new
to reimplement seed_src_generate() to use your RNG.
To use your custom seed source, you can either use the OpenSSL
configuration file to set a "random" section that includes a "seed"
setting or you can call RAND_set_seed_source_type() early in your
startup sequence.
Pauli
On 1
Hi, there
Is there a way to implement the different access identity for the different
cert? For example, by setting the custom field, then the code the read it from
the cert.
BRs
Mystic
--Original--
From:
Hi. There
Could you give me some help?
Thanks a lot.
BRs
Mystic
On Thu, Sep 16, 2021 at 12:40:55PM -0400, Viktor Dukhovni wrote:
> On Thu, Sep 16, 2021 at 09:30:18AM -0700, Benjamin Kaduk via openssl-users
> wrote:
> > On Thu, Sep 16, 2021 at 12:20:05PM -0400, Viktor Dukhovni wrote:
> > >
> > > I don't recall whether OpenSSL m
On Thu, Sep 16, 2021 at 12:20:05PM -0400, Viktor Dukhovni wrote:
>
> I don't recall whether OpenSSL makes any effort to or supports deferring
> the transmission of session tickets until just before the first
> application data transmission from server to client (or else perhaps
&
it to make a connection in the future, server needs to
> > > send a new
> > > one.
> >
> > Single-use tickets are only a protocol requirement when 0-RTT data is used.
> > The OpenSSL implementation even allows the libssl-internal enforcement of
> > single-u
e single use. If the ticket was used by a client, and
> you expect it to make a connection in the future, server needs to send a new
> one.
Single-use tickets are only a protocol requirement when 0-RTT data is used.
The OpenSSL implementation even allows the libssl-internal enforcement
eed more than 256 independent random bits to satisfy
their
security design. Some of the newer RNGs in OpenSSL presume otherwise in
their
government design.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16
Hi fellow sufferer,
I used to do a lot of manual patching of OpenSSL 1.0.x to remove the
insane object interdependencies (such as objects named foolib.c being
nexus points that bring in tonnes of irrelevant code because someone was
too unfamiliar with basic library concepts to make an actual
On Sat, Sep 11, 2021 at 10:29:07PM -0400, Dennis Clarke via openssl-users wrote:
>
> This is slightly better than the beta release :
>
> Test Summary Report
> ---
> 03-test_internal_modes.t (Wstat: 256 Tests: 1 Failed: 1)
> Failed test: 1
>
This is slightly better than the beta release :
Test Summary Report
---
03-test_internal_modes.t (Wstat: 256 Tests: 1 Failed: 1)
Failed test: 1
Non-zero exit status: 1
90-test_ige.t(Wstat: 256 Tests: 1 Failed: 1)
Failed test: 1
Non-zero exit
figuration was :
./Configure solaris64-sparcv9-cc no-asm --prefix=/opt/bw shared
no-engine -DPEDANTIC
So the no-engine may just mean I get an empty directory result ?
beta # /opt/bw/bin/openssl version
OpenSSL 3.0.0 7 sep 2021 (Library: OpenSSL 3.0.0 7 sep 2021)
beta #
Looks fine and wit
abbrev-commit
> #?0|kent:tls-openssl.git$ gl1 openssl-3.0.0
> commit 89cd17a031e022211684eb7eb41190cf1910f9fa (tag:
> refs/tags/openssl-3.0.0)
> ...
>
> i do not. Hm, maybe i need to relearn git again, looking around
> i see a couple of projects for which this is t
On Thu, Sep 09, 2021 at 12:15:44AM +0200, Steffen Nurpmeso wrote:
>
> P.S.: maybe at least release commits and tags could be signed?
> And/or HTTPS access to the repository ... but then i get the gut
> feeling that the answer to this will be "use github" or something.
ta
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL version 3.0.0 released
==
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 3.0.0 of our open source
Hi,
I have some piece of software using OpenSSL that works right now on a single
thread right now. I am adding a bit more "const" in the code everywhere I can
as we want to start using the same code in multithreaded environment, and
potentially two threads might sign/verify/encry
On Wed, Sep 01, 2021 at 03:36:36PM +, Zeke Evans wrote:
> Hi,
>
> Is there any way to check the status of client authentication sent in a TLS
> 1.3 handshake after SSL_connect returns? With TLS 1.2 SSL_connect seems to
> always capture the status and return an error code if it failed but
Building openssl-1.1.1l with Xcode 10.1 under macOS 10.13.6 fails with this
error
In file included from crypto/rand/rand_unix.c:38:
/usr/include/CommonCrypto/CommonRandom.h:35:9: error: unknown type name
'CCCryptorStatus'
typedef CCCryptorStatus CCRNGStatus;
^
crypto/rand/rand_unix.c
For the below symptoms, I would recommend a watching the application
port with WireShark.
This should show any the TLS protocol deviations and any problems in
handling and establishing the TCP connections.
On 2021-08-19 00:38, David Bowers via openssl-users wrote:
* We have a server
On 21/08/2021 19:42, Michael Wojcik wrote:
From: rgor...@centerprism.com
Sent: Saturday, 21 August, 2021 11:26
My openssl.cnf (I have tried `\` and `\\` and `/` directory separators):
Use forward slashes. Backslashes should work on Windows, but forward slashes work
everywhere. I don't know
source library files contain only
code for one of those architectures.
A potential workaround is to build OpenSSL for all 3 macOs desktop
architectures and combine them with the "lipo" tool to create a "fat
library". The major shortcoming of this is that they use the same
arch
wrote:
> On 16 Aug 2021, at 5:58 am, Bala Duvvuri via openssl-users
> wrote:
>
> We are using OpenSSl version 1.1.1d in our program and crash is being seen in
> "OPENSSL_sk_pop_free" API, we invoke this API in our certificate verification
> API. Since crash
* We have a server that has around 2025 clients connected at any instant.
* Our application creates a Server /Listener socket that then is converted
into a Secure socket using OpenSSL library. This is compiled and built in a
Windows x64 environment. We also built the OpenSSL
e.t.buffer;
> TPM_ADDTOCERT *addToCert = d2i_TPM_ADDTOCERT(NULL,
> , out.addedToCertificate.t.size);
The dump you show below is:
Attributes (set, tagged with a 0, optional)
Version
privateKeyAlgorithm
privateKey
This is a PKCS#8 packet for a key. The encapsulated data is the RSA public key
in PKCS
t
> side,
> where I need d2i().
>
> I posted the DER dump below, but I don't know how to map that to the
> structures that the openssl macros can consume.
If you want a generalized parser, you need the schema. Yes, you could make an
ASN1 structure to parse THAT input, but if
for each new release.
* Bugfixes
- Fixed 'redirect' with 'protocol'. This combination is
not supported by 'smtp', 'pop3' and 'imap' protocols.
- Enforced minimum WIN32 log window size.
- Fixed support for password-protected private keys with
OpenSSL 3.0 (thx to Dmitry Belyavskiy).
Home page
Hi All,
We are using OpenSSl version 1.1.1d in our program and crash is being seen in
"OPENSSL_sk_pop_free" API, we invoke this API in our certificate verification
API. Since crash is not seen always, trying to understand from OpenSSL code,
when can this occur?
Below is the bt of
Hi All,
We are using OpenSSl version 1.1.1d in our program and crash is being seen in
"OPENSSL_sk_pop_free" API, we invoke this API in our certificate verification
API. Since crash is not seen always, trying to understand from OpenSSL code,
when can this occur?
Below is the bt of
On 8/12/21 10:11, Matt Caswell wrote:
>
>
> On 12/08/2021 01:35, Dennis Clarke via openssl-users wrote:
>> On 8/5/21 00:55, Dr Paul Dale wrote:
>>> Dennis,
>>>
>>> Thanks for the information. Solaris and z/OS are not tested by the
>>> pro
On 8/5/21 00:55, Dr Paul Dale wrote:
> Dennis,
>
> Thanks for the information. Solaris and z/OS are not tested by the
> project, so it's good to know they aren't too far from working out of
> the box.
>
> We would definitely be interested in a pull request with your fixes at
> some stage --
On 2021-08-11 13:52, Keine Eile wrote:
Hi list members,
I have a .p7f in hands, which seems to be a DER encoded PKCS7
structure in some way, I can use 'openssl pkcs' to transform it in a
PEM form, I also can pull a bunch of certificates out of it. But I
know, there is some encrypted pay load
Hello,
I am trying to implement the following chain:
SSL BIO <-> cipher BIO <-> socket BIO (wrapped around a TCP socket())
There are two aspects of this setup that I can't find enough documentation on:
the buffering aspect and the blocking/non-blocking aspect.
buffering:
When feeding data to
>From another thread :
>
> The OpenSSL team has wondered how many people were trying out 3.0
> during the beta period without any way of knowing for sure.
>
If your curious about the old legacy Solaris 10 on reasonably new
Fujitsu SPARC64 then I can tell you nearly everyth
I want to reduce the size of EDK2 CryptoPkg by enabling, at build time, only
the OpenSSL algorithms I want supported in my code. Is this possible via a
configuration mechanism? I can't find anything in documentation. Does this
violate the GPL license?
Thanks.Lee
to me) that
the naming convention of binaries for OpenSSL 3 on Windows platform is like
this:
libcrypto-3.dll (and libssl-3.dll) for the 32 bits
(release) builds
libcrypto-3-x64.dll (and libssl-3-x64.dll) for the 64 bits
(release) builds
Is this naming
> The OpenSSL team has wondered how many people were trying out 3.0 during the
> beta period without any way of knowing for sure. That you've had what seems
> like a fairly smooth transition is wonderful.
It obviously solely has to do with the huge amount of quality work people
con
> Know I have to do it, but only really use low level stuff to build Json
> Web Keys, and the EC keys I build for signing seen incompatible with
> some servers, so really needs deeper investigation.
For JWS signing in relation to Letsencrypt (my use case for this - mKey is a
RSA keypair in
> Likewise, I've updated our Windows code to use 3.0 easily, been running
> one public web server for three weeks.
> ...
> Not looked at replacing low level RSA and EC APIs yet.
We forced ourselves down that path because we had an internal policy to only
build OpenSSL toolkit with 'n
Hello,
Just wanted to report that our private code update to move on from OpenSSL
1.1.1 to 3.0 Beta 2 is successful.
It revolved around replacing some code still using RSA_ apis directly by proper
EVP_PKEY_ apis, and some other minor details. Nothing too fancy after some
effort understanding
);
EVP_PKEY_set_bn_param(mKey, OSSL_PKEY_PARAM_RSA_E, e2);
EVP_PKEY_set_bn_param(mKey, OSSL_PKEY_PARAM_RSA_D, d2);
But how to get the proper int type to pass to EVP_PKEY_set_type()?
Thanks all for support switching to OpenSSL 3.0.
__
Best Regards, Meilleures salutations, Met vriendelijke
Dear all,
Testing migration to OpenSSL 3.0.
Got to update some code building a JWK (in relation to ACME LetsEncrypt
protocols).
Having an EVP_PKEY which happens to be a RSA key, I proceeded this way (1.1.1)
to extract the bignums needed for inclusion into the JWK:
// Access
Hi Tomáš and openssl users,
finally the server at gibs.earthdata.nasa.gov was upgraded in order to
support SHA256 (instead of SHA1) as peer signing digest algorithm.
So, it is now possible to properly connect to it on Ubuntu 20.04 without
the need of lower the default SECURITY LEVEL from 2
ing modes_internal_test
#
--
# Failed test 'running modes_internal_test'
# at
/opt/bw/build/openssl-3.0.0-beta1_sunos5.10_sparcv9.002/util/perl/OpenSSL/Test/Simple.pm
line 77.
# Looks like you failed 1 test of 1.03-test_internal_modes.t ...
Dubious, test returned 1 (wstat 256, 0x100)
but
> we still require help testing.
Not a problem. I do understand. This is not exactly a common platform
anymore but the things just keep on running. And running.
> This would best be raised as an issue on GitHub
> [https://github.com/openssl/openssl/issues/new?assignees==issue%3A+bug+re
After some work to clean out previous versions of OpenSSL 1.1.1x for
some x I was able to get 3.0.0 beta1 to build. However it looks like
some horrific perl problem in the test harness :
#
--
# Failed test 'Name
and the library search path however that
resulted in a pile of undefined symbols.
So then I went and deleted my previous 1.1.1k libs and the openssl
binary and tried the manual link once again with success.
Not sure if anyone else runs into this but I would hope that the
previous libs would
Hi,
Dynamic CRL not working when signed by intermediate CA when ca-file (Trusted CA
certs bundle) includes only the intermediate CA that signed the CRL.
Causing to this the handshake is failing, is there a way to avoid in OpenSSL
1.0.2s-fips 28 May 2019?
Br, Malli
Question was how to retrieve those lists for any given certificate,
using currently supported OpenSSL APIs.
The lists of usage bits and extusage OIDs in any given certificate
are finite, even if the list of values that could be in other
certificates is infinite.
On 2021-07-16 06:44, Kyle
The cadence of 1.1.1 release is supposed to be quarterly (I seem to recall
reading that somewhere, but I can't find it)?
It has been almost 4 months since 1.1.1k (25-March-2021) was released.
Are there any plans for 1.1.1l (ell)?
--
-Todd Short
// tsh...@akamai.com
// “One if by land, two if
that automagically adds those.
And oh boy! openssl-users having almost 3000 subscribers, that's
quite a lot of people to chase down and ensure they have destroyed all
copies, I tell ya! "Good luck" is probably an appropriate response
;-)
Which is why I have set up dedicated e-mail
On 01.07.2021 08:04, Viktor Dukhovni wrote:
> On Thu, Jul 01, 2021 at 12:36:10AM +, Konstantin Boyandin via
openssl-users wrote:
>
>> OpenSSL version: 1.1.1k.
>>
>> I noticed that
>>
>> X509 *d2i_X509(X509 **px, const unsigned char **in, long len);
Hello,
OpenSSL version: 1.1.1k.
I noticed that
X509 *d2i_X509(X509 **px, const unsigned char **in, long len);
function is no longer defined in openssl/x509.h available in 1.0.x
versions, the only one available is now
X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length);
Do I
> On 28.06.2021, at 01:02, Michel wrote:
>
> Hi Mariano,
>
> My quick answer : your key file looks like an (old ?) custom *OpenSSH* format
> that *OpenSSL* cannot read natively.
> You should easily find an OpenSSH command or other free tools to converts
> between for
to log in to my Google cloud instance
through browser console, and I get the following error:
"Error: Failed to read key. The key file must be ECDSA or RSA in PEM format. "
I googled how to achieve this, and tried the following on my local machine:
$ openssl rsa -in id_rsa.txt -out
On Tue, Jun 22, 2021 at 04:18:25AM +, Revestual, Raffy [AUTOSOL/PSS/MNL]
wrote:
> Also asked this question in stackoverflow.com
>
> https://urldefense.com/v3/__https://stackoverflow.com/questions/68077419/can-openssl-handle-multiple-authentication-mechanisms-on-the-same-ssl-
-S /usr/lib/x86_64-linux-gnu/libssl3.so
> libnss3:amd64: /usr/lib/x86_64-linux-gnu/libssl3.so
> something up there that should be concerning, because maybe it will cause
> confusion.
NSS is the mozilla TLS stack, used by firefox/etc.
> My newly installed openssl 3 has:
>
> %ls -l /s
On 2021-06-18 17:07, Viktor Dukhovni wrote:
On Fri, Jun 18, 2021 at 03:09:47PM +0200, Jakob Bohm via openssl-users wrote:
Now the client simply works backwards through that list, checking if
each certificate signed the next one or claims to be signed by a
certificate in /etc/certs
On 2021-06-18 16:23, Michael Wojcik wrote:
From: openssl-users On Behalf Of Jakob
Bohm via openssl-users
Sent: Friday, 18 June, 2021 07:10
To: openssl-users@openssl.org
Subject: Re: reg: question about SSL server cert verification
On 2021-06-18 06:38, sami0l via openssl-users wrote:
I'm
On 2021-06-18 06:38, sami0l via openssl-users wrote:
I'm curious how exactly an SSL client verifies an SSL server's
certificate which is signed by a CA. So, during the SSL handshake,
when the server sends its certificate, will the SSL client first
checks the `Issuer`'s `CN` field from the x509
I'm curious how exactly an SSL client verifies an SSL server's certificate
which is signed by a CA. So, during the SSL handshake, when the server sends
its certificate, will the SSL client first checks the `Issuer`'s `CN` field
from the x509 SSL certificate that it received for example, and
On 2021-06-17 15:49, Viktor Dukhovni wrote:
On Sat, Jun 12, 2021 at 10:20:22PM +0200, Gaardiolor wrote:
When I compare those, they are exactly the same. But that's the thing, I
think server.sig.decrypted should be prepended with a sha256 designator
30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01
Oops, forgot to sha1; now it works.
Am 14.06.21 um 11:20 schrieb Elmar Stellnberger via openssl-users:
I wanna use the DSA signature algorithms of OpenSSL to verify RRSIG
and DNSKEY DNSSEC resource records. This is described in RFC2536 (a very
short RFC).
As far as I could try it out
I wanna use the DSA signature algorithms of OpenSSL to verify RRSIG
and DNSKEY DNSSEC resource records. This is described in RFC2536 (a very
short RFC).
As far as I could try it out (see my attachement) there are two ways
to sign and verify with OpenSSL/DSA: via the EVP interface and via
Jan Schaumann via openssl-users wrote:
> New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Same for TLS 1.2, btw. (I accidentally copied the
default output when writing the email.)
-Jan
Hello,
Based on https://alpaca-attack.com/, I was looking at
how a TLS connection with ALPN set to e.g., "banana"
by the client to a server that has ALPN set to "h2"
would behave. For example:
$ openssl s_server -www -accept 443 -alpn h2 \
-key /tmp/key.pem
Dear team,
It would be nice if there was a user- and security-friendly best
practice document for distributions (such as Linux distributions) that
freeze on an OpenSSL release version (such as 1.1.1z) and then backport
any important fixes.
Perhaps something like the following:
1
,
not all of them?
// Signing
openssl smime -binary -sign -nodetach -in file -out file.signed -inkey
key1.pem -signer cert1.pem -inkey key2.pem -signer cert2.pem
// this command fails with signer certificate not found"
openssl smime -binary -verify -nointern -noverify -certfile cert1.pem
fault"
X509_VERIFY_PARAM
From: openssl-users On Behalf Of Graham
Leggett via openssl-users
Sent: Friday, 28 May, 2021 06:30
I am lost - I can fully understand what the code is doing, but I can’t see
why openssl only trusts certs with “anyExtendedKeyUsage”.
Interesting. I wondered if this might be
I have never had a break in. The Fortinet 60E firewall does an amazing job.
I will just leave it up to Ubuntu to provide the best OpenSSL solutions. Many
people complain Ubuntu LTS is never on the latest kernel and lacks other things
the 9 month distros like 21.04 and 21.10 give you.I
cryptology.The OpenSSL
bugs state to upgrade beyond 1.1.1f.
-Original Message-
From: openssl-users On Behalf Of Mauricio
Tavares
Sent: Monday, May 31, 2021 7:45 AM
To: openssl-users@openssl.org
Subject: Re: Why can't we get a proper installation method to keep OpenSSL at
the latest
Keijser
; openssl-users@openssl.org
Subject: Re: Why can't we get a proper installation method to keep OpenSSL at
the latest revision for Linux?
If you use a supported distro (i.e., one that is not out of life) then the
distro is expected to supply CVE issue fixes in form of updates.
They usually
My wordpress servers are under constant attack. My Fortinet 60E firewall logs
are filled. Openssl is constantly reported on The Hacker News and other sites.
So I don't need to worry about upgrading OpenSSL in the future to 1.1.1k or
above? I can just use what the distro has to offer
b.com/openssl/openssl/blob/master/crypto/x509/x509_trs.c#L72
int X509_check_trust(X509 *x, int id, int flags)
{
X509_TRUST *pt;
int idx;
/* We get this as a default value */
if (id == X509_TRUST_DEFAULT)
return obj_trust(NID_anyExtendedKeyUsage, x,
Hi,
after studying the different key generator functions more closely I came to the
conclusion that, since the Prime256 curve has a cofactor of 1, both KDF should
produce the same value and so everything has cleared up.
Kind regards,
Henning
From: openssl-users
Hi,
I'm trying to encrypt an email using the ECDH One-Pass algorithm. I've first
created an X509 certificate with an EDSA key based on the curve prime256v1.
Then, I ran this command:
openssl cms -encrypt -in Unencrypted.eml -binary -recip ecc.cer -aes256 -keyopt
ecdh_kdf_md:sha256 -keyopt
of
the following diagnostic commands (after Ubuntu apparently
undid your upgrade).
$ dpkg --status libssl1.1
$ dpkg --status libssl-dev
$ dpkg --status openssl
$ type openssl
$ openssl version -a
$ ls -alF /usr/lib/x86_64-linux-gnu/libssl*
$ ls -alF /usr/locallib/libssl*
Oops, my bad, should have
Long shot if someone may know. Secure heap was added long ago for private keys
for
RSA, DSA and DH however EC key generation does not seem to be included.
I see some other EC functions that use secure heap and I also noticed that the
CHANGES
file stated: "Add secure heap for storage of private
On 2021-05-19 19:56, Michael McKenney wrote:
I installed Openssl 1.1.1k and Ubuntu 20.04 did an upgrade and
reverted it back to 1.1.1f. Usually Ubuntu upgrades don’t break it.
OpenSSL 1.1.1f 31 Mar 2020 (Library: OpenSSL 1.1.1k 25 Mar 2021)
built on: Thu Apr 29 14:11:04 2021 UTC
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 3.0 alpha 17 released
=
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
OpenSSL 3.0 is currently in alpha.
OpenSSL 3.0 alpha 17 has now been made
Hi,
I am working with some legacy code which was written to use openssl
version 1.0.
I am trying to make it work with openssl version 1.1.1 but the following
line returns NULL.
const EVP_MD* messageDigest = EVP_get_digestbyname("sha");
I changed it to the following.
co
201 - 300 of 1657 matches
Mail list logo
