On 20/10/2021 10:57, Kumar Mishra, Sanjeev wrote:
Hi,
I am upgrading the code from OpenSSL 1.0.1 to 3.0. I am getting
following compilation errors. Could you please suggest appropriate
changes for following-
1. X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE); error
Hi,
I am upgrading the code from OpenSSL 1.0.1 to 3.0. I am getting following
compilation errors. Could you please suggest appropriate changes for following-
1. X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE); error:
'X509err' was not declared in this scope
2.
I got a call on Thursday from my mom asking why Apple Mail couldn't SMTP
deliver to my LE signed SMTP server. She forgot how to start teamviewer, so
a Saturday morning trip to the small town she lives in later... and it she
looks like a problem with anchors.
On a brand new MacOS system from thi
> On Oct 3, 2021, at 7:09 PM, Rob Stradling wrote:
>
> The "Old Let’s Encrypt Root Certificate Expiration and OpenSSL 1.0.2" blog
> article [1] doesn't cover OpenSSL versions prior to 1.0.2, presumably because
> they've been unsupported for a long time. However, no doubt there are still
> s
The "Old Let’s Encrypt Root Certificate Expiration and OpenSSL 1.0.2" blog
article [1] doesn't cover OpenSSL versions prior to 1.0.2, presumably because
they've been unsupported for a long time. However, no doubt there are still
some users and applications that are stuck using even older versio
Hi All,
In our project, we are currently supporting two branches of OpenSSL (1.0.1
and 1.0.2)
Recently we had a requirement to enable elliptic curve Diffie Hellman, we
see that in
OpenSSL 1.0.2 branch, we can use the below function to enable ECDH
/* Set automatic curve selection for server ssl
, Mar 21, 2016 at 3:04 AM, Matt Caswell wrote:
>
>
> On 20/03/16 03:15, Andrew Payne wrote:
> > Hello,
> >
> > My company is in the process of upgrading from openssl 1.0.1 to openssl
> > 1.0.2. We noticed that when we use any version of openssl 1.0.2 we have
> &g
On 20/03/16 03:15, Andrew Payne wrote:
> Hello,
>
> My company is in the process of upgrading from openssl 1.0.1 to openssl
> 1.0.2. We noticed that when we use any version of openssl 1.0.2 we have
> an extremely high increase in memory usage. Around 15 or more gigs of
>
Hello,
My company is in the process of upgrading from openssl 1.0.1 to openssl
1.0.2. We noticed that when we use any version of openssl 1.0.2 we have an
extremely high increase in memory usage. Around 15 or more gigs of memory
extra are consumed.
My questions are as follows:
Are there any
This was because one of my application makefiles wasnt updated to include
the crypto/modes/ folder in its INCLUDES definition.
On Thu, Feb 18, 2016 at 8:51 PM, Bobby Philip wrote:
> Hi,
> I am trying to compile openssl 1.0.1r for android and statically link to
> my application.
> I am getting
Hi,
I am trying to compile openssl 1.0.1r for android and statically link to
my application.
I am getting a compile error in the file
https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/crypto/evp/e_aes.c
at line 61 # include "modes_lcl.h"
This modes_lcl.h is present at
https://github.
> In openssl-1.0.1/fips-2.0 it is not possible to call the low-level APIs when
> in FIPS 140-2 mode. Is there another alternative that I can use? E.g. some
> API in the FIPS module?
Sorry, no.
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.me Twitter:
Hi,
I'm in the process of upgrading from openssl-0.9.8/fips-1.2 to
openssl-1.0.1/fips-2.0. Our system can be built both with and without the fips
module. Furthermore, it can be built in a limited feature set configuration (no
fips). The limited feature set config only calls low-level op
Hi All,
When we are trying to build the openssl-1.0.1 in x86-64 board we are facing the
following error
x86cpuid.s: Assembler messages:
x86cpuid.s:8: Error: suffix or operands invalid for `push'
x86cpuid.s:9: Error: suffix or operands invalid for `push'
x86cpuid.s:10: Error: suffix o
Back in November a question(and response) were posted regarding thread safety
in the 1.0.1 branch of OpenSSL:
http://www.mail-archive.com/openssl-users@openssl.org/msg69322.html
In the response to the questions, the user states he removed the thread ID
callback function and the call to CRYPTO
Hi All,
I wanted to know the procedure and steps for cross compiling OpenSSL on Linux
along with FIPS?
Regards
Jaya
, but it is the
same kernel as windows 7.
I add the ENABLE-CAPIENG compile flag for capi to the make files
Thomas J. Hruska wrote:
>
> On 3/23/2012 12:53 AM, jeremy hunt wrote:
>> This posting is to help people to build OpenSSL 1.0.1 with Microsoft
>> Visual Studio. It may also i
Why should it be different?
--
Erwann ABALEA
-
gérontopropulsion prurigineuse: abus d'excès caractérisé par trop d'exagération
(se fait quand on pousse mémé dans les orties)
Le 13/06/2012 13:30, ankur dwivedi a écrit :
Hi,
I am observing that after doing a renegotiation, the new cipher i
Hi,
I am observing that after doing a renegotiation, the new cipher is same as
what was used while initial handshake. Is this a normal behavior ?
--
Thanks
Ankur Dwivedi
Hi,
I was trying the following on openssl 1.0.1.:
On Server :
# ./openssl s_server -state -msg
On Client:
# ./openssl s_client -cipher AES256-SHA -tls1_2 -state -msg -sess_out
/tmp/sess
The handshake went on successfully with the following output on client side:
---
SSL handshake has read 1340
On Tue, Jun 5, 2012 at 4:35 AM, Jakob Bohm wrote:
> On 6/5/2012 6:19 AM, Zack Weinberg wrote:
>> According to http://gcc.gnu.org/ml/gcc-patches/2011-03/msg00376.html the
>> last widely-used platform that crashed on free(NULL) was SunOS 4, which
>> "stopped being a reasonable portability target aro
On 6/5/2012 6:19 AM, Zack Weinberg wrote:
On 2012-06-04 8:10 PM, Dave Thompson wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
Having no current access to the C89 standard or its
drafts, I am relying on the experience that many "C89"
real world systems I have encountered di
On 2012-06-04 8:10 PM, Dave Thompson wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
Having no current access to the C89 standard or its
drafts, I am relying on the experience that many "C89"
real world systems I have encountered did not tolerate
free(NULL). In contrast all
> From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
> Sent: Tuesday, 29 May, 2012 03:34
> On 5/27/2012 2:29 AM, Jeremy Farrell wrote:
>
> Note that when considering portability, C99 is not yet
> fully implemented everywhere, so when I say "ANSI C"
> without qualification, I generally
On 5/29/2012 8:56 PM, Jeremy Farrell wrote:
From: Jakob Bohm [mailto:jb-open...@wisemo.com]
Sent: Tuesday, May 29, 2012 8:34 AM
On 5/27/2012 2:29 AM, Jeremy Farrell wrote:
From: Jakob Bohm [mailto:jb-open...@wisemo.com]
On 5/25/2012 5:30 PM, Ken Goldman wrote:
On 5/25/2012 3:33 AM, Jakob Bohm w
> From: Jakob Bohm [mailto:jb-open...@wisemo.com]
> Sent: Tuesday, May 29, 2012 8:34 AM
> On 5/27/2012 2:29 AM, Jeremy Farrell wrote:
> >> From: Jakob Bohm [mailto:jb-open...@wisemo.com]
> >> On 5/25/2012 5:30 PM, Ken Goldman wrote:
> >>> On 5/25/2012 3:33 AM, Jakob Bohm wrote:
> >>>
> ANSI C
> From: Jakob Bohm
> Which version of the ANSI Spec, and where did you get a copy?
>
> I have to rely on secondary sources and experience using various
> implementations that claim conformance.
I generally refer to Plauger's "The Standard C Library", where he quotes
the spec with commentary an
On 5/27/2012 2:29 AM, Jeremy Farrell wrote:
From: Jakob Bohm [mailto:jb-open...@wisemo.com]
On 5/25/2012 5:30 PM, Ken Goldman wrote:
On 5/25/2012 3:33 AM, Jakob Bohm wrote:
ANSI C and POSIX free() is NOT required to handle free(NULL)
as a NOP.
I checked reputable sources (Plauger, Harbison an
Hi all,
> Which version of the ANSI Spec, and where did you get a copy?
>
> I have to rely on secondary sources and experience using
> various implementations that claim conformance.
Wikipedia http://en.wikipedia.org/wiki/ANSI_C is used to have
a link to a recent draft (free of charge) which is
(somewhat offtopic)
> From: owner-openssl-us...@openssl.org On Behalf Of Jeremy Farrell
> Sent: Saturday, 26 May, 2012 20:29
> > From: Jakob Bohm [mailto:jb-open...@wisemo.com]
> > Which version of the ANSI Spec, and where did you get a copy?
>
> I quoted from C99 in a recent message; can't re
> From: Jakob Bohm [mailto:jb-open...@wisemo.com]
> On 5/25/2012 5:30 PM, Ken Goldman wrote:
> > On 5/25/2012 3:33 AM, Jakob Bohm wrote:
> >
> >> ANSI C and POSIX free() is NOT required to handle free(NULL)
> >> as a NOP.
> >
> > I checked reputable sources (Plauger, Harbison and Steele, the ANSI
>
On 05/26/2012 12:28 PM, Jakob Bohm wrote:
> On 5/25/2012 5:30 PM, Ken Goldman wrote:
>> On 5/25/2012 3:33 AM, Jakob Bohm wrote:
>>
>>> ANSI C and POSIX free() is NOT required to handle free(NULL)
>>> as a NOP.
>>
>> I checked reputable sources (Plauger, Harbison and Steele, the ANSI
>> spec, and th
In message
on Fri, 25 May 2012 11:39:05 -0400, Jeffrey Walton said:
noloader> Perhaps I'm looking at the wrong free function (or I'm not
noloader> reading/deducing correct behavior), but it looks like a double free to
noloader> me:
noloader>
noloader> void CRYPTO_free(void *str)
noloader> {
no
On 5/25/2012 5:30 PM, Ken Goldman wrote:
On 5/25/2012 3:33 AM, Jakob Bohm wrote:
ANSI C and POSIX free() is NOT required to handle free(NULL)
as a NOP.
I checked reputable sources (Plauger, Harbison and Steele, the ANSI
spec, and the IEEE POSIX spec).
All agree that (e.g. ANSI)
"If ptr is
> From: Jakob Bohm [mailto:jb-open...@wisemo.com]
>
> On 5/25/2012 12:30 AM, Richard Levitte wrote:
> >
> > sudarshan.t.raghavan> I am assuming the default
> > sudarshan.t.raghavan> free routine ignores a NULL argument
> >
> > Your assumption is correct, OpenSSL expects the same semantics as
> >
Hi all!
> > If the library crashes on free(NULL), you're just making
> > people like me do this everywhere:
> >
> > if (ptr != NULL) free (ptr);
ok, if you have a test case "free (NULL)", agreed ;-)
Seems not all platforms conform to the "free(NULL) is a no-op".
I understand your example, thanks
On 5/25/2012 11:41 AM, Carter Browne wrote:
That's not the normal library behavior.
My typical design pattern is:
void *ptr = NULL;
do stuff which may in some branches allocate the pointer
free(ptr);
If the library crashes on free(NULL), you're just making people like me
do this everywhere:
On 5/25/2012 12:09 PM, Jeffrey Walton wrote:
My typical design pattern is:
void *ptr = NULL;
do stuff which may in some branches allocate the pointer
free(ptr);
This is very old, and has not evolved as security needs have changed
(forgive me if I read too much into it). For example, the ret
On Fri, May 25, 2012 at 11:25 AM, Ken Goldman wrote:
> On 5/25/2012 11:03 AM, Steffen DETTMER wrote:
>>
>> I think crashing with NULL is quite good: a must-not-happen situation
>> leads to a defined dead of SIGSEGVs, at least for platforms supporting
>> that, typically with good aid for debuggin (
ot;
wrote:
> Hi all!
>
> * Jeffrey Walton Sent: Friday, May 25, 2012 4:39 PM
> > On Fri, May 25, 2012 at 7:25 AM, Sudarshan Raghavan
> > wrote:
> > > Ok, I can fix the custom free to take care of this.
> > > But, why is th
On 5/25/2012 11:25 AM, Ken Goldman wrote:
> On 5/25/2012 11:03 AM, Steffen DETTMER wrote:
>>
>> I think crashing with NULL is quite good: a must-not-happen situation
>> leads to a defined dead of SIGSEGVs, at least for platforms supporting
>> that, typically with good aid for debuggin (like core fi
On Thu, May 24, 2012 at 8:16 AM, Sudarshan Raghavan
wrote:
> Hi,
>
> I am using CRYPTO_set_mem_functions to use our own custom memory
> routines in a non blocking proxy implementation. This was working fine
> in 0.9.8 and 1.0.0 but with 1.0.1c I can see that the custom free
> routine is being invo
On 5/25/2012 3:33 AM, Jakob Bohm wrote:
ANSI C and POSIX free() is NOT required to handle free(NULL)
as a NOP.
I checked reputable sources (Plauger, Harbison and Steele, the ANSI
spec, and the IEEE POSIX spec).
All agree that (e.g. ANSI)
"If ptr is a null pointer, no action occurs."
___
On 5/25/2012 11:03 AM, Steffen DETTMER wrote:
I think crashing with NULL is quite good: a must-not-happen situation
leads to a defined dead of SIGSEGVs, at least for platforms supporting
that, typically with good aid for debuggin (like core files or halting
debuggers providing a backtrace). Mayb
Hi all!
* Jeffrey Walton Sent: Friday, May 25, 2012 4:39 PM
> On Fri, May 25, 2012 at 7:25 AM, Sudarshan Raghavan
> wrote:
> > Ok, I can fix the custom free to take care of this.
> > But, why is this happening in openssl 1.0.1 and not in 1.0.0 o
On Fri, May 25, 2012 at 7:25 AM, Sudarshan Raghavan
wrote:
> Ok, I can fix the custom free to take care of this. But, why is this
> happening in openssl 1.0.1 and not in 1.0.0 or 0.9.8?
I think the question to ask is why your code or library routines are
not validating parameters before ope
In message <4fbf35d0.3020...@wisemo.com> on Fri, 25 May 2012 09:33:36 +0200,
Jakob Bohm said:
jb-openssl> On 5/25/2012 12:30 AM, Richard Levitte wrote:
jb-openssl> > In
jb-openssl> >
message
jb-openssl> > on Thu, 24 May 2012 17:46:49 +0530, Sudarshan
jb-openssl> > Raghavan said:
jb-openssl> >
j
I can see this code in s3_lib.c
if (ctx->srp_ctx.login != NULL)
OPENSSL_free(ctx->srp_ctx.login);
while tls_srp.c does not have the NULL check before calling free. I
added the NULL check in tls_srp.c and I am not seeing the crash
anymore. Is this the fix or
I enabled debug symbols in openssl and this is what I am seeing
#3 0x0828bd74 in CUSTOM_FREE (oldMem=0x0) at ssl_mem.c:34
#4 0xb758e160 in CRYPTO_free (str=0x0) at mem.c:397
#5 0xb773520c in SSL_SRP_CTX_free (s=0xb3e4f300) at tls_srp.c:102
#6 0xb77091c0 in ssl3_free (s=0xb3e4f300) at s3_lib.c
Ok, I can fix the custom free to take care of this. But, why is this
happening in openssl 1.0.1 and not in 1.0.0 or 0.9.8? Is there is a
document or resource in the web that explains what is expected from
the custom alloc, realloc and free routines?
Regards,
Sudarshan
On Fri, May 25, 2012 at 4
On 5/25/2012 12:30 AM, Richard Levitte wrote:
In message on
Thu, 24 May 2012 17:46:49 +0530, Sudarshan Raghavan
said:
sudarshan.t.raghavan> Hi,
sudarshan.t.raghavan>
sudarshan.t.raghavan> I am using CRYPTO_set_mem_functions to use our own
custom memory
sudarshan.t.raghavan> routines in a
In message
on Thu, 24 May 2012 17:46:49 +0530, Sudarshan Raghavan
said:
sudarshan.t.raghavan> Hi,
sudarshan.t.raghavan>
sudarshan.t.raghavan> I am using CRYPTO_set_mem_functions to use our own custom
memory
sudarshan.t.raghavan> routines in a non blocking proxy implementation. This was
work
On Thu, May 24, 2012, Sudarshan Raghavan wrote:
> Hi,
>
> I am using CRYPTO_set_mem_functions to use our own custom memory
> routines in a non blocking proxy implementation. This was working fine
> in 0.9.8 and 1.0.0 but with 1.0.1c I can see that the custom free
> routine is being invoked with a
Hi,
I am using CRYPTO_set_mem_functions to use our own custom memory
routines in a non blocking proxy implementation. This was working fine
in 0.9.8 and 1.0.0 but with 1.0.1c I can see that the custom free
routine is being invoked with a NULL argument after calling SSL_free
and this results in the
On 29/04/12 05:23, MauMau wrote:
Q2: Is AES-XTS slower than AES-CBC? Does AES-NI speed up AES-XTS
like AES-CBC?
Yes it is slower because there is an additional encryption operation
on the "tweak".
I think AES-NI speeds up the implementation of the underlying AES
cipher, and therefore would be
From:
This code is only relevant if the EVP_CIPH_CUSTOM_IV flag is not set. If
it is set it is ignored. XTS sets this flag in e_aes.c:
#define XTS_FLAGS(EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV \
| EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT)
Oh, I see. As you say,
On 25/04/12 15:03, MauMau wrote:
Q1: Is AES-XTS officially supported by OpenSSL 1.0.1? I'm wondering if
XTS is still an experimental feature in OpenSSL, because the file
"Changes" in the OpenSSL 1.0.1 tarball does not refer to XTS.
Well 1.0.1 is the latest stable version,
enSSL 1.0.1? I'm wondering if XTS
is still an experimental feature in OpenSSL, because the file "Changes" in
the OpenSSL 1.0.1 tarball does not refer to XTS.
Please look at crypt/evp/evp_enc.c. The below code fragment in
EVP_CipherInit_ex() does not appear to have
On 23/04/12 13:16, MauMau wrote:
Apart from that, let me go back to my original question 4 in my first
mail.
Q4: Do I have to call EVP_EncryptInit_ex/EVP_DecryptInit_ex for each
block/record? I'm concerned about the overhead of those functions. For
exa
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of MauMau
>
> But folks here gave me suggestions that different IVs should be used for
> each 4KB block. I think I should do that, and I'd like to follow those
> precious advice.
>
> (However, I'm wonde
From:
I believe this will reeuse the same IV for block2 that it uses for
block1. It will appear to work but is a really bad idea and will lead
to major security problems.
From: "Jeffrey Walton"
You should have a look at Microsft's paper by Neils Ferguson on
Bitlocker's design and implementat
On 23 April 2012 13:16, MauMau wrote:
> /* encrypt first block */
> EVP_EncryptUpdate(&enc_ctx, block1, &outlen, block1, 4096);
> /* encrypt second block */
> EVP_EncryptInit_ex(&enc_ctx, NULL, NULL, NULL, NULL);
> EVP_EncryptUpdate(&enc_ctx, block2, &outlen, block2, 4096);
I believe this will r
On Mon, Apr 23, 2012 at 8:16 AM, MauMau wrote:
> Hello,
>
>
> Thanks a lot for your valuable advice. I'm looking into the CBC with IVs
> based on block numbers, CTR, and XTS. I'm refering to the pages below:
>
> Block cipher modes of operation
> http://en.wikipedia.org/wiki/Block_cipher_mode
>
> D
Hello,
Thanks a lot for your valuable advice. I'm looking into the CBC with IVs
based on block numbers, CTR, and XTS. I'm refering to the pages below:
Block cipher modes of operation
http://en.wikipedia.org/wiki/Block_cipher_mode
Disk encryption theory
http://en.wikipedia.org/wiki/Disk_encry
On Wed, Apr 18, 2012 at 9:04 AM, Edward Ned Harvey
wrote:
>> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
>> us...@openssl.org] On Behalf Of Jeffrey Walton
>>
>> On Tue, Apr 17, 2012 at 9:47 PM, Edward Ned Harvey
>> wrote:
>> >> From: owner-openssl-us...@openssl.org [mailto:owner-
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Jeffrey Walton
>
> On Tue, Apr 17, 2012 at 9:47 PM, Edward Ned Harvey
> wrote:
> >> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> >> us...@openssl.org] On Behalf Of Ken Goldman
> >>
>
On Tue, Apr 17, 2012 at 9:47 PM, Edward Ned Harvey
wrote:
>> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
>> us...@openssl.org] On Behalf Of Ken Goldman
>>
>> The standard answer: If this is a real security project, hire an
>> expert. If you design your own crypto algorithm, you
On Tue, Apr 17, 2012 at 7:59 AM, Edward Ned Harvey
wrote:
>> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
>> us...@openssl.org] On Behalf Of Edward Ned Harvey
>>
>> attacker doesn't know is your key and your plaintext. There is only one
>> solution. You must use a second key. Us
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Ken Goldman
>
> The standard answer: If this is a real security project, hire an
> expert. If you design your own crypto algorithm, you will get it wrong.
Or, if you're pretty confident you know how
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Ken Goldman
>
> The standard answer: If this is a real security project, hire an
> expert. If you design your own crypto algorithm, you will get it wrong.
>
> If this is just for fun, to learn about
On 17/04/12 15:31, MauMau wrote:
Hello, Edward, Jakob, Ken,
Thanks for lots of ideas and information. I'll investigate Edward's
block-number-based iv and Ken's CTR mode. Let me consult you if I get
stuck again. I'll consider some way to eliminate the need to call
EVP_EncryptInit_ex/EVP_Decryp
Hello, Edward, Jakob, Ken,
Thanks for lots of ideas and information. I'll investigate Edward's
block-number-based iv and Ken's CTR mode. Let me consult you if I get stuck
again. I'll consider some way to eliminate the need to call
EVP_EncryptInit_ex/EVP_DecryptInit_ex for each block/record.
The standard answer: If this is a real security project, hire an
expert. If you design your own crypto algorithm, you will get it wrong.
If this is just for fun, to learn about openssl, CTR mode will give you
random access.
On 4/16/2012 6:41 PM, MauMau wrote:
As for Q4, yes, decrypting bl
On 4/17/2012 1:59 PM, Edward Ned Harvey wrote:
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Edward Ned Harvey
attacker doesn't know is your key and your plaintext. There is only one
solution. You must use a second key. Use your first key to encr
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Edward Ned Harvey
>
> attacker doesn't know is your key and your plaintext. There is only one
> solution. You must use a second key. Use your first key to encrypt the
> second key (so an attacker ca
> From: Edward Ned Harvey
>
> I can't think of anything wrong with using the block number as the
> IV, and then use ECB.
Oh yeah. I can think of something wrong with that. If an attacker knows
the block number, and they have some intelligent guess about the plaintext,
then they might be able to
Hello, Stephen, Thomas,
From: "Thomas BERNARD"
To my understanding :
With ECB, the order in which the blocks are crypted/decrypted doesn't
matter.
With CBC and most block modes, it DOES matter !
So if block 1 is encrypted first it MUST be decrypted first.
/* decrypt second block */
EVP_Decrypt
On Mon, Apr 16, 2012, MauMau wrote:
> Hello
>
> Q1: Is AES-NI automatically utilized on the processors that have the
> capability? Do I have to do anything (e.g. specify some engine in
> openssl.conf)?
>
In OpenSSL 1.0.1 it is automatically supported provided you use the
> /* one-time initialization */
> ERR_load_crypto_strings();
> OpenSSL_add_all_algorithms();
> EVP_CIPHER_CTX_init(&enc_ctx);
> EVP_CIPHER_CTX_init(&dec_ctx);
> EVP_EncryptInit_ex(&enc_ctx, EVP_aes_256_cbc(), NULL, key, iv);
> EVP_CIPHER_CTX_set_padding(&enc_ctx, 0);
> EVP_DecryptInit_ex(&dec_ctx,
Hello
I'm new to OpenSSL and this is my first post here. Please let me ask you a
few questions about the symmetric encryption API (EVP_) of OpenSSL 1.0.1.
I'm developing an application which encrypts+writes and reads+decrypts data
to/from files. It has the following re
Hi,
I am asked to explore AES-XTS for one of the task. When i was going though
Openssl 1.0.1, i found the below EVP interface EVP_aes_256_xts() but looks
like it needs FIPS mode . Apart from this, i also found other API but to me
they could only support 128 bits. My requirement is 512 bit key
On 04/04/2012 11:01 AM, Christian Weber wrote:
Dear users and developers,
we just read through some of the code examples for SRP usage.
Concerning the necessary callbacks we wonder why in
s_server.c the verifier parametrization is being delayed.
Within apps/s_server.c we can find the comment:
Dear users and developers,
we just read through some of the code examples for SRP usage.
Concerning the necessary callbacks we wonder why in
s_server.c the verifier parametrization is being delayed.
Within apps/s_server.c we can find the comment:
"When the callback is called for a new connect
Hi,
I would like to have a look at the new FIPS 140-2 module. From what I've been
able to find out, it is targeting openssl-1.0.1. I've downloaded openssl-1.0.1
and a fips snapshot (openssl-fips-2.0-test-20120331.tar.gz). Is there a how-to
or similar description of how to configure
ngrading to OpenSSL 1.0.0 solved the problem.
> >> I'm not sure how to determine if it's a bug, an Arch Linux package
> >> issue, or a problem with the service providers server?
> >>
> >> I tested using Python and Ruby (multiple versions):
> >>
&
ow to determine if it's a bug, an Arch Linux package
>> issue, or a problem with the service providers server?
>>
>> I tested using Python and Ruby (multiple versions):
>>
>> With OpenSSL 1.0.1-1 under Arch Linux, this times out:
>>
>> python
>>
oblem with the service providers server?
>
> I tested using Python and Ruby (multiple versions):
>
> With OpenSSL 1.0.1-1 under Arch Linux, this times out:
>
> python
> >>> import requests
> >>> r = requests.get('https://esqa.moneris.com', timeout=5)
&
ssl-us...@openssl.org
>
> 03/28/2012 06:03 PM
>
> Please respond to
> openssl-users@openssl.org
>
> To
>
> openssl-users@openssl.org
>
> cc
>
> Subject
>
> OpenSSL 1.0.1 handshake timeout
>
> I recently had a timeout issue with a service pro
n and Ruby (multiple versions):
With OpenSSL 1.0.1-1 under Arch Linux, this times out:
python
>>> import requests
>>> r = requests.get('https://esqa.moneris.com', timeout=5)
With OpenSSL 1.0.0 under Arch Linux, it works.
OpenSSL 1.0.1 does work however connecting to o
From: "Jeffrey Walton"
To: openssl-users@openssl.org
Sent: Tuesday, March 27, 2012 9:49:58 PM
Subject: Re: Successfully building openssl-1.0.1 with Microsoft Visual Studio.
On Sun, Mar 25, 2012 at 7:31 PM, jeremy hunt wrote:
> Thomas J. Hruska wrote:
>>
>> On 3
On Sun, Mar 25, 2012 at 7:31 PM, jeremy hunt wrote:
> Thomas J. Hruska wrote:
>>
>> On 3/23/2012 12:53 AM, jeremy hunt wrote:
>>>
>>> This posting is to help people to build OpenSSL 1.0.1 with Microsoft
>>> Visual Studio. It may also indicate a req
M", I still miss 8 out of the 24 available ciphers.
Martin
-Message d'origine-
De : owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
De la part de Dr. Stephen Henson
Envoyé : lundi 26 mars 2012 18:25
À : openssl-users@openssl.org
Objet : Re: OpenSSL 1.0.
On Mon, Mar 26, 2012, KUTILEK Martin wrote:
> Hi,
>
> I am doing some testing with openssl 1.0.1 and I am trying to find the
> proper syntax to display only TLSv1.1+ ciphers.
>
> When I look in ./ssl/ssl.h, I see
> #define SSL_TXT_TLSV1_2 "TLSv1.2"
>
Hi,
I am doing some testing with openssl 1.0.1 and I am trying to find the
proper syntax to display only TLSv1.1+ ciphers.
When I look in ./ssl/ssl.h, I see
#define SSL_TXT_TLSV1_2 "TLSv1.2"
but what ever I try, I always get:
Error in cipher list
error:14
Thomas J. Hruska wrote:
On 3/23/2012 12:53 AM, jeremy hunt wrote:
This posting is to help people to build OpenSSL 1.0.1 with Microsoft
Visual Studio. It may also indicate a required change to the build
instructions
for Microsoft Visual Studio.
Summary:
--
I found I needed to install
iday, March 23, 2012 5:01 PM
To: openssl-users@openssl.org
Subject: RE: OpenSSL 1.0.1 libraries have "1.0.0" in the names
opensslv.h
From: dave.mclel...@emc.com [mailto:dave.mclel...@emc.com]
Sent: Thursday, March 22, 2012 8:43 PM
To: openssl-users@openssl.org
Subject: OpenSSL 1.0.1 libra
opensslv.h
From: dave.mclel...@emc.com [mailto:dave.mclel...@emc.com]
Sent: Thursday, March 22, 2012 8:43 PM
To: openssl-users@openssl.org
Subject: OpenSSL 1.0.1 libraries have "1.0.0" in the names
I'm seeing "1.0.0" used in the library (.so) names for cryp
On 3/23/2012 12:53 AM, jeremy hunt wrote:
This posting is to help people to build OpenSSL 1.0.1 with Microsoft
Visual Studio. It may also indicate a required change to the build
instructions for Microsoft Visual Studio.
Summary:
--
I found I needed to install the Windows SDK and
This posting is to help people to build OpenSSL 1.0.1 with Microsoft
Visual Studio. It may also indicate a required change to the build
instructions for Microsoft Visual Studio.
Summary:
--
I found I needed to install the Windows SDK and manually configure my
build environment to
I'm seeing "1.0.0" used in the library (.so) names for crypto and ssl versions.
I expected to see 1.0.1, consistent with the 0.9.X stream, where the version
number agrees with version in the library name (as referenced in the link of
the openssl executable for example).
Can someone help me un
1 - 100 of 176 matches
Mail list logo
