Re: [openssl-users] How to get verbose output from 'make test'

> On Mar 19, 2016, at 10:07 PM, Jeffrey Walton wrote: > > Hi Everyone, > > I'm working with OpenSSL 1.1.0. I think I'm seeing a hang in: > >../test/recipes/80-test_ssl.t . {5|6}/47 > > It seems like its timing out, and then the tests march on with: > >

[openssl-users] Increased memory consumption noticed when upgrading from openssl 1.0.1 to openssl 1.0.2

Hello, My company is in the process of upgrading from openssl 1.0.1 to openssl 1.0.2. We noticed that when we use any version of openssl 1.0.2 we have an extremely high increase in memory usage. Around 15 or more gigs of memory extra are consumed. My questions are as follows: Are there any

[openssl-users] How to get verbose output from 'make test'

Hi Everyone, I'm working with OpenSSL 1.1.0. I think I'm seeing a hang in: ../test/recipes/80-test_ssl.t . {5|6}/47 It seems like its timing out, and then the tests march on with: ../test/recipes/80-test_ssl.t . ok I tried to get a verbose output with 'make

[openssl-users] OpenVMS modifications to build scripts

I’m currently working on additions to the openVMS build scripts. My goal is to modify the scripts so that they can easily build (when requested) the libraries in a case sensitive linkage. I have successfully created and tested the SSL libraries built in this fashion with cUrl but with

Re: [openssl-users] How to configure without OPENSSL_die?

> How do we configure without OPENSSL_die? You can't. you can replace the function with something that does something better for your needs. But the times you get there, a catastrophic error has happened and the library cannot proceed. It would be great to fix those things; start by picking

Re: [openssl-users] Naive: how to generate EC public key from EC private key?

> On Mar 17, 2016, at 5:17 PM, Blumenthal, Uri - 0553 - MITLL > wrote: > > I’ve an extremely naïve question. I am generating ephemeral EC keys for ECDH, > following the example in > https://wiki.openssl.org/index.php/EVP_Key_and_Parameter_Generation > > But it looks like

[openssl-users] Naive: how to generate EC public key from EC private key?

I’ve an extremely naïve question. I am generating ephemeral EC keys for ECDH, following the example in https://wiki.openssl.org/index.php/EVP_Key_and_Parameter_Generation But it looks like the example ends on generation of the private key: /* Generate the key */ if (!EVP_PKEY_keygen(kctx, )) goto

[openssl-users] How to configure without OPENSSL_die?

openssl/crypto.h has the following: /* die if we have to */ # if OPENSSL_API_COMPAT < 0x1010L # define OpenSSLDie(f,l,a) OPENSSL_die((a),(f),(l)) # endif void OPENSSL_die(const char *assertion, const char *file, int line); # define OPENSSL_assert(e) \ (void)((e) ? 0 :

Re: [openssl-users] Naive: how to generate EC public key from EC private key?

Answered my own question: should use EVP_PKEY_bits(pkey) instead. -- Regards, Uri Blumenthal On 3/18/16, 14:57 , "openssl-users on behalf of Blumenthal, Uri - 0553 - MITLL" wrote: >First, Stephen and Viktor - thank you! > >On

Re: [openssl-users] OpenSSL version 1.1.0 pre release 4 published

Any particular reasone why the links in these announcements are http links and not https links? On 16/03/2016 18:50, OpenSSL wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.1.0 pre release 4 (beta) === OpenSSL - The

Re: [openssl-users] 'makedepend' in openssl builds: clarify need and correct usage

On 03/16/2016 02:52 PM, Jeffrey Walton wrote: If I can ask as a user, if I say do this _all the time_, then would it be easiest on you? make depend && make clean && make Or is there something else you would recommend? If it were up to _me_, I'd move to a cmake build system, with

Re: [openssl-users] Naive: how to generate EC public key from EC private key?

On Fri, Mar 18, 2016 at 06:59:36PM +, Blumenthal, Uri - 0553 - MITLL wrote: > Answered my own question: should use EVP_PKEY_bits(pkey) instead. That's not the right way to determine the curve id. > >How do I determine what curve the above key is on? For that you need to determine the

Re: [openssl-users] About no-ssl2

-Message d'origine- De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de Viktor Dukhovni Envoyé : mercredi 16 mars 2016 23:40 À : openssl-users@openssl.org Objet : Re: [openssl-users] About no-ssl2 ... > In what release? Sorry, I forgot to mention : current

Re: [openssl-users] About no-ssl2

>​The problem is the concept itself since it will require every app to have >coded into it when a given feature was removed should it attempt to support it >when present. Yes. It dates back to the very early days (when SSLeay was developed on clay tablets), when the default was "get it all"

Re: [openssl-users] Questions about OCB and Wrap modes

Thank you again and again Matt, Regards, Michel. -Message d'origine- De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de Matt Caswell Envoyé : vendredi 18 mars 2016 13:08 À : openssl-users@openssl.org Objet : Re: [openssl-users] Questions about OCB and Wrap

Re: [openssl-users] Verifying the sha1 of fipscanister.o with what is embedded in libcrypto.so

On 03/15/2016 08:38 PM, Satya Das wrote: > Steve, > > How does one get a hold of the embedded signature in libcrypto.so ? I assume you're referring to the known-good FIPS 140-2 integrity check digest that is used for the runtime integrity check in the POST. Several people have already tried to

Re: [openssl-users] help on des_cblock

Thanks, Jason On Fri, Mar 18, 2016 at 4:23 PM, Scott Neugroschl wrote: > I suspect the use of std::string and c_str(). Use a std::vector > instead. > > > > *From:* openssl-users [mailto:openssl-users-boun...@openssl.org] *On > Behalf Of *Jason Qian > *Sent:* Friday, March

Re: [openssl-users] 0.9.8 - 1.0.0 DER format breaking change

On Wed, Mar 16, 2016, Krzysztof Modras wrote: > Hello, > > I'm new to the group, so please excuse me if I'm describing my issue > incorrectly. > > I've originally posted this github issue: > https://github.com/openssl/openssl/issues/883 > > As it may not exactly be a openssl problem (both old

Re: [openssl-users] About no-ssl2

On Wed, Mar 16, 2016 at 11:32:28PM +0100, Michel wrote: > IMHO, whether SSL2 is completly removed or disabled, I would have expected > opensslconf.h to reflect the situation to applications. In what release? > But now, it just contains : > > #ifndef OPENSSL_NO_SSL3 > > # define

Re: [openssl-users] help on des_cblock

I suspect the use of std::string and c_str(). Use a std::vector instead. From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Jason Qian Sent: Friday, March 18, 2016 1:19 PM To: openssl-users@openssl.org Subject: [openssl-users] help on des_cblock I am new on openSSl and

Re: [openssl-users] About no-ssl2

On 16 March 2016 at 22:39, Viktor Dukhovni wrote: > On Wed, Mar 16, 2016 at 11:32:28PM +0100, Michel wrote: > OpenSSL 1.1.0 has no vestigial SSLv2 code, and so nothing to disable > with OPENSSL_NO_SSL2. The "OPENSSL_NO_..." macros specify disabled > features, not

[openssl-users] About no-ssl2

Hi, IMHO, whether SSL2 is completly removed or disabled, I would have expected opensslconf.h to reflect the situation to applications. But now, it just contains : #ifndef OPENSSL_NO_SSL3 # define OPENSSL_NO_SSL3 #endif Was it really intended ? Regards, Michel. --

Re: [openssl-users] About no-ssl2

On Wed, Mar 16, 2016 at 10:52:39PM +, Richard Moore wrote: > On 16 March 2016 at 22:39, Viktor Dukhovni > wrote: > > > On Wed, Mar 16, 2016 at 11:32:28PM +0100, Michel wrote: > > OpenSSL 1.1.0 has no vestigial SSLv2 code, and so nothing to disable > > with

Re: [openssl-users] Naive: how to generate EC public key from EC private key?

Oh, and I'd much prefer to stay at the EVP level, rather than invoke BIO primitives for this task. Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.   Original Message   From: Blumenthal, Uri - 0553 - MITLL Sent: Thursday, March 17, 2016 18:09 To: Viktor Dukhovni;

[openssl-users] Help with CRL stuff

Hey guys! I have a quick question that I can't seem to find the answer to anywhere: I know how to add a "fullname" CRL distribution point extension, but how does one add nameRelativeToCRLIssuer? The RFC says that it's a 'choice' element in x509 CRL extensions, but when I try to replace

Re: [openssl-users] Naive: how to generate EC public key from EC private key?

On Thu, Mar 17, 2016, Viktor Dukhovni wrote: > > > On Mar 17, 2016, at 6:32 PM, Blumenthal, Uri - 0553 - MITLL > > wrote: > > > > Oh, and I'd much prefer to stay at the EVP level, rather than invoke BIO > > primitives for this task. > > Well you can work with >

Re: [openssl-users] Naive: how to generate EC public key from EC private key?

Great! Say, I want to extract the public key and make it available to another entity or module? Possibly DER-encoded, though I'd like to learn how to do both: extract  ASN.1-encoded and raw (assuming it is possible).  Thanks! Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE 

Re: [openssl-users] [openssl-dev] openssl 1.0.1p PEM_write_bio_RSAPrivateKey fail. error: ASN1_get_object:too long

Hi Farrell, Thanks a lot for your reply. I've actually used password of 64 characters in my program, for simplicity I've showcased as 6 byte password in below example. Looks like there is some other issue or some stringent check that is added in 1.0.1p as the same code works fine in 0.9.8zg

Re: [openssl-users] 'makedepend' in openssl builds: clarify need and correct usage

On Wed, Mar 16, 2016 at 11:10:33PM +0100, Jakob Bohm wrote: > Wait, are you saying that OpenSSL 1.1.0 no longer implements > all the known SSL/TLS versions (some of which are disabled by > default because of security)? > > That would mean it is no longer a full featured TLS and SSL > toolkit?

Re: [openssl-users] openssl 1.0.1p PEM_write_bio_RSAPrivateKey fail. error: ASN1_get_object:too long

> On Mar 18, 2016, at 2:14 AM, Tekale, Sharad wrote: > > Thanks a lot for your reply. > > I've actually used password of 64 characters in my program, for simplicity > I've showcased as 6 byte password in below example. > > Looks like there is some other issue or

Re: [openssl-users] Naive: how to generate EC public key from EC private key?

First, Stephen and Viktor - thank you! On 3/17/16, 19:45 , "openssl-users on behalf of Dr. Stephen Henson" wrote: >On Thu, Mar 17, 2016, Viktor Dukhovni wrote: >> >>Well you can work with

[openssl-users] 0.9.8 - 1.0.0 DER format breaking change

Hello, I'm new to the group, so please excuse me if I'm describing my issue incorrectly. I've originally posted this github issue: https://github.com/openssl/openssl/issues/883 As it may not exactly be a openssl problem (both old and new behaviour meet the specification?), I will try to

[openssl-users] help on des_cblock

I am new on openSSl and run into a issue need some help. In our application, the client and server perform a Diffie Hellman Key exchange and then encrypt the data The client is written in C++(using openSSL), and server is in java. Most of time, it is running correctly, but occasionally the