Re: [openssl-users] Key wrapping methods for NIST 800-38F

2016-11-03 Thread Nauman Hameed
Hi Guys Can anyone please provide some feedback on this? Thanks in advance. Regards Nauman From: Nauman Hameed Sent: Tuesday, November 1, 2016 6:42 PM To: 'openssl-users@openssl.org' Subject: Key wrapping methods for NIST 800-38F Hi Guys We are using OpenSLL

[openssl-users] [FIPS compliance] ssl reneg when counter overflows(AES_GCM)

2016-11-03 Thread Akshar Kanak
Dear team as per the documnet http://csrc.nist.gov/groups/ STM/cmvp/documents/fips140-2/FIPS1402IG.pdf page 150 , Its mentioned The implementation of the nonce_explicit management logic inside the module shall ensure that when the nonce_explicit part of the IV exhausts the maximum

Re: [openssl-users] After building 1.0.2h , ldd output shows current version as 1.0.0. How to CHange this , Why is this so ?

2016-11-03 Thread Wouter Verhelst
Hi Ishan, On 03-11-16 12:29, Ishan Thakur wrote: Hi , When I run "otool -L in MAC" , or "ldd in linux" machines I get the _current version_ of OpenSSL as 1.0.0 but I have built OpenSSL v1.0.2h , how to change this "current version" in the libraries. $ otool -L ./libssl.dylib

Re: [openssl-users] openssl-1.1.0b : Getting keys from TPM

2016-11-03 Thread Zvi Vered
Hi Ken, 1. I mean: read from TPM 2. In order to create an SSL session with the server, should I need also the private key ? 3. I want to use TPM 2.0 Thank you for your help, Z.V On Thu, Nov 3, 2016 at 5:21 PM, Ken Goldman wrote: > A few comments: > > 1 - Does "take ...

Re: [openssl-users] openssl-1.1.0b : Getting keys from TPM

2016-11-03 Thread Ken Goldman
A few comments: 1 - Does "take ... keys" mean read then out of the TPM. 2 - Getting a public key from the TPM is easy. Getting the private key is harder. In addition, some keys can be created so that the private part never leaves the TPM. 3 - You have to specify whether this is TPM 1.2 or

Re: [openssl-users] OpenSSL with Qt5 on Win7

2016-11-03 Thread Matt Caswell
On 03/11/16 13:14, Kim Gräsman wrote: > On Thu, Nov 3, 2016 at 2:02 PM, Michel > wrote: > > Hi, > > __ __ > > As nmake is not in your current path, it looks like you didn’t > launch the ‘Developer Command Prompt for

Re: [openssl-users] OpenSSL with Qt5 on Win7

2016-11-03 Thread Kim Gräsman
On Thu, Nov 3, 2016 at 2:02 PM, Michel wrote: > Hi, > > > > As nmake is not in your current path, it looks like you didn’t launch the > ‘Developer Command Prompt for Visual Studio’. > > > > > For posterity, I've gotten that message even when nmake is on the path. Invoking

Re: [openssl-users] OpenSSL with Qt5 on Win7

2016-11-03 Thread Michel
Hi, As nmake is not in your current path, it looks like you didn’t launch the ‘Developer Command Prompt for Visual Studio’. Regards, Michel. De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de Peissert, Roland (ext) Envoyé : jeudi 3 novembre 2016 12:59 À

Re: [openssl-users] [openssl-dev] After building 1.0.2h , ldd output shows current version as 1.0.0. How to CHange this , Why is this so ?

2016-11-03 Thread Richard Levitte
Hi, I'm curious. Why exactly do you want to change the shared library version? That being said, this is not a good idea. I hope I explained why well enough in the thread with the subject "OpenSSL 1.0.2h generates libss.so.1.0.0 instead of libssl.so.1.0.2" started by you on openssl-dev. For

Re: [openssl-users] OpenSSL with Qt5 on Win7

2016-11-03 Thread Richard Moore
On 3 November 2016 at 11:59, Peissert, Roland (ext) < roland.peissert@siemens.com> wrote: > 3. Next I download OpenSSL openssl-1.1.0b.tar.gz from here: > http://www.openssl.org/source >

[openssl-users] OpenSSL with Qt5 on Win7

2016-11-03 Thread Peissert, Roland (ext)
Hello, I want to use OpenSSL with Qt5 on Win 7. Is there any tutorial or how do or documentation, how to install and recompile OpenSSL and Qt5 on Win7 ? 1. I download still install Win 7 with Visual Studio 2015 2. Then I install Q5 with Visual Studio AddOn for Qt 3. Next I

[openssl-users] After building 1.0.2h , ldd output shows current version as 1.0.0. How to CHange this , Why is this so ?

2016-11-03 Thread Ishan Thakur
Hi , When I run "otool -L in MAC" , or "ldd in linux" machines I get the current version of OpenSSL as 1.0.0 but I have built OpenSSL v1.0.2h , how to change this "current version" in the libraries.$ otool -L ./libssl.dylib libssl.1.0.0.dylib (compatibility version 1.0.0, current

[openssl-users] OpenSSL 1.0.1 branch : setting Diffie Hellman Elliptic curve name via SSL_set_tmp_ecdh and EC_KEY_new_by_curve_name

2016-11-03 Thread Sreekanth Sukumaran
Hi All, In our project, we are currently supporting two branches of OpenSSL (1.0.1 and 1.0.2) Recently we had a requirement to enable elliptic curve Diffie Hellman, we see that in OpenSSL 1.0.2 branch, we can use the below function to enable ECDH /* Set automatic curve selection for server ssl

[openssl-users] [FIPS compliance] ssl reneg when counter overflows(AES_GCM)

2016-11-03 Thread Akshar Kanak
Dear team as per the documnet http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-2/FIPS1402IG.pdf page 150 , Its mentioned The implementation of the nonce_explicit management logic inside the module shall ensure that when the nonce_explicit part of the IV exhausts the maximum