RE: RAND SEED in vxworks6.9

find out what the current state is. If he comes up with a pull request, I could assist with reviewing it, but I can't implement it since I don't have access to the VxWorks platform. Hope that helps, Regards, Matthias [1] https://www.openssl.org/docs/man1.1.1/man7/RAND_DRBG.html [2] https://github.com/openssl/openssl/issues/7946

RE: RAND SEED in vxworks6.9

> Indeed, one workaround for your application would be to seed and reseed > the random generator manually using RAND_bytes(), ... Correction, I meant to say ".. using RAND_add()..." > -Original Message- > From: openssl-users On Behalf Of Dr. > Matthias S

RE: RAND SEED in vxworks6.9

FYI: I restarted the discussion in #7946 https://github.com/openssl/openssl/issues/7946#issuecomment-603545804 Matthias

RE: Have new release published in /source/old directory too?

enssl/issues/11521#issuecomment-612483438 and ff.) HTH, Matthias

RE: Asymetric crypto and OpenSSL 3.0 deprecated functions

to emphasize that the order of operation matters: It should be encrypt-then-sign, not vice versa. This ensures that the recipient can check the integrity of the binary before attempting to decrypt it. Matthias

RE: freefunc - name clash with Python.h

s://github.com/openssl/openssl/commit/739a1eb1961cdc3b1597a040766f3cb359d095f6 I don't see any reason to change our code, IMHO the clash is Python's fault: it declares a global typedef with a short name that has no python-specific prefix. HTH, Matthias

RE: [SOLVED] Re: OpenSSL 3.0 hangs at exit with FIPS provider

Thomas, > I consider this a bug, of course, but at least now I know what's causing it > and how to work around it. thanks for sharing your analysis. Would you mind creating a GitHub issue for the hang? https://github.com/openssl/openssl/issues Matthias From: openssl-users O

RE: The need for 'gdi32.lib'

function readscreen(), used by RAND_screen() (see [1]). A quick search shows that this function was removed in pull request #1079 (merged as commit 888db7f224fe) before the release of 1.1.0, see [2]. Would you mind creating a pull request for changing the NOTES? Matthias [1] https://github.com/op

Re: Empty directories

, Matthias [1] https://github.com/openssl/openssl/commit/25f2138b0ab54a65ba713c093ca3734d88f7cb51 [2] https://github.com/openssl/openssl/pull/9333 On 08.09.20 10:34, Gisle Vanem wrote: I've noted that when build OpenSSL using MSVC, some empty directories are created:   ./crypto/include   ./c

RE: OpenSSL version 1.1.1h published

hangelog is at the top of the page. It is indeed confusing, and it shouldn't be. See https://github.com/openssl/openssl/pull/12967 Regards, Matthias

RE: OpenSSL version 1.1.1h published

and beyond only, because 1.1.1 is not in markdown yet. https://github.com/openssl/openssl/pull/11346 Matthias

RE: Use OpenSSL to decrypt TLS session from PCAP files

/net-admin/decrypt-ssl-with-wireshark/ hth, Matthias Disclaimer: I haven’t used it for TLS myself, only for IPsec, and I can’t tell how up-to-date it is, in particular whether it is TLS 1.3 ready. From: openssl-users On Behalf Of Oren Shpigel Sent: Tuesday, December 8, 2020 3:15 PM To: openssl

RE: SHA256 openssl-1.1.1i Checksum Error

I have no experience with zsh, but it seems that quoting is handled differently by zsh? At least it looks like the double quotes ended up in the GET line and you simply received an HTTP 404 Not Found (which is the reason why your digest isn’t correct.) HTH, Matthias > GET /source/open

RE: SHA256 openssl-1.1.1i Checksum Error

You’re welcome. As Michael Woijcik pointed out in his reply to the list, the problem had nothing to do with zsh specifics. It was caused by the fact that those weren’t normal double quotes, but unicode left and right double quotes, which weren’t understood by the shell. Regards, Matthias From

RE: OpenSSL version 3.0.0-alpha10 published

users resp. https://mta.openssl.org/mailman/listinfo/openssl-announce and follow the instructions for unsubscribing. Regards, Matthias > -Original Message- > From: openssl-users On Behalf Of John > Wasilewski > Sent: Thursday, January 7, 2021 3:23 PM > To: open...@opens

RE: Regarding RAND_set_rand_method

each thread can do its own OpenSSL initialization) so that they can avoid above mentioned problem? No. If you really need something like that, you might want to consider splitting your two threads into two processes. HTH, Matthias From: openssl-users On Behalf Of Dr Paul Dale Sent: Friday

Re: Regarding RAND_set_rand_method (was: openssl-users Digest, Vol 77, Issue 6)

blocks on the os entropy source. Please also post call stacks of the two threads if the problem persists. In particular, it would be useful to see which method is used to obtain the entropy (getrandom(), a read() from /dev/[u]random, ...), and why the system is so low on entropy. Regards, Matthias

RE: openssl-users Digest, Vol 77, Issue 6

THODs to be considered [2]. Matthias [1] https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/crypto/rand/drbg_lib.c#L958-L970 [2] https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/crypto/rand/drbg_lib.c#L1146-L1153 From: openssl-users On Behalf Of Dr Paul Dale Sent: Monday

RE: Maiising Daily Snapshots for 20210416

r you prefer. Matthias -- $ curl -JOL https://github.com/openssl/openssl/archive/refs/heads/master.tar.gz $ curl -JOL https://github.com/openssl/openssl/archive/refs/heads/OpenSSL_1_1_1-stable.tar.gz $ curl -JOL https://github.com/openssl/openssl/archive/refs/heads/master.zip $

configuration options 'fips' and 'makedepend' disbled by default on master

eveloper workflow or your continuous integration relies on one of those options, now it's a good time to enable them explicitly by adding 'enable-fips' resp. 'enable-makedepend' to your configure arguments. Regards, Matthias disable fips: https://

RE: configuration options 'fips' and 'makedepend' disabled by default on master

request, the 'makedepend' option remains enabled by default. Matthias https://github.com/openssl/openssl/pull/15050 > -Original Message- > From: openssl-users On Behalf Of Dr. > Matthias St. Pierre > Sent: Tuesday, April 27, 2021 9:50 PM > To: openssl-users@

RE: What's different between RSASSA and RSAPSS padding mode?

It’s the same. The correct full name is RSASSA-PSS, where ‘SSA’ stands for Secure Signature Algorithm (IIRC) and ‘PSS’ for Probabilistic Signature Scheme Regards https://en.wikipedia.org/wiki/PKCS_1#Schemes https://datatracker.ietf.org/doc/html/rfc4056 From: openssl-users On Behalf Of Eddie

RE: What's different between RSASSA and RSAPSS padding mode?

Correction: It seems like the naming of the TPM_ALG_* constants is a little bit inconsistent: According to https://trustedcomputinggroup.org/wp-content/uploads/TCG-_Algorithm_Registry_r1p32_pub.pdf * TPM_ALG_RSASSA refers to RSASSA-PKCS1-v1_5 and * TPM_ALG_RSAPSS refers to RSASSA-PSS. smime

RE: Hi team, I modified openssl code and make test failed. What should I do with the failed cases. Thx in advance.

The README file in the test directory contains some hints how to troubleshoot test failures. Look which test is failing and rerun it in verbose mode: make tests V=1 TESTS=testname https://github.com/openssl/openssl/blob/master/test/README.md#test-failures Hope that helps, Matthias From

RE: How to debug ssl library in OpenSSL 1.1.1a? Thanks in advance.

If you add the `--debug` argument to your configure command and rebuild OpenSSL, you will get a library with debug information and without optimization. https://github.com/openssl/openssl/blob/master/INSTALL.md#build-type HTH, Matthias From: openssl-users On Behalf Of Ma Zhenhua Sent

RE: Testing

To unsubscribe, visit https://mta.openssl.org/mailman/listinfo/openssl-users Regards From: openssl-users On Behalf Of Kingsley O Sent: Wednesday, August 25, 2021 6:06 PM To: Turritopsis Dohrnii Teo En Ming Cc: openssl-users@openssl.org Subject: Re: Testing Please remove my email from this gr

RE: Testing

I’ll take care of it and ask the administrator to remove it manually if possible. From: Kingsley O Sent: Thursday, August 26, 2021 3:41 PM To: Dr. Matthias St. Pierre Cc: openssl-users@openssl.org Subject: Re: Testing Didn't work..:-( Did not receive email to complete the unsubscribe pr

RE: API to get BIGNUM member "top" in openssl 3.0

> Can you give a MWE for what you are trying to achieve? I guess that "minimal working example" is the correct choice from the gazillions of possible meanings of "MWE"? 😉 Regards, Matthias [1] https://www.acronymattic.com/MWE.html [2] https://www.abbreviatio

RE: useless search box on openssl.org

/docs/man1.1.0/man3/X509_get_ext_d2i.html+&cd=1&hl=de&ct=clnk&gl=de Matthias > -Original Message- > From: openssl-users On Behalf Of Dr Paul > Dale > Sent: Thursday, November 18, 2021 11:32 PM > To: openssl-users@openssl.org > Subject: Re: useless search box

RE: useless search box on openssl.org

More strangeness: the side bar for the master and 1.1.1 manpage displays the text "[an error occurred while processing this directive]" https://www.openssl.org/docs/manmaster/man3/X509_get_ext_d2i.html https://www.openssl.org/docs/man1.1.1/man3/X509_get_ext_d2i.html smime.p7s Description: S/MIM

RE: Queries for openssl

Hi, you can find this sort of information in the manual pages, either on you UNIX*SH operating system, or online on our website: HTH, Matthias https://www.openssl.org/docs/man1.1.1/man3/PEM_read_bio_X509.html: RETURN VALUES The read routines return either a pointer to the structure read or

RE: Starting the QUIC Design

Sorry, the links to the pull requests are broken. This will be fixed as soon as possible. Here the correct links: #17184 - QUIC API Design https://github.com/openssl/openssl/pull/17184 #17185 - QUIC Event Loop Design https://github.com/openssl/pull/17185 > -Original Message- > From: o

RE: Starting the QUIC Design

Second attempt 😉 > #17184 - QUIC API Design > https://github.com/openssl/openssl/pull/17184 > > #17185 - QUIC Event Loop Design > https://github.com/openssl/openssl/pull/17185 > > -Original Message- > > From: openssl-users On Behalf Of Matt > > Caswell > > Sent: Friday, December 3, 202

Enumerating TLS protocol versions and ciphers supported by the peer

Hi all, today I learned that nmap has a nice feature to enumerate the protocol versions and cipher suites supported by the peer (see below). Is there a comparable elegant way to obtain the same results using the `openssl s_client` tool? Matthias -- $ nmap -script ssl-enum-ciphers -p 443

RE: Enumerating TLS protocol versions and ciphers supported by the peer

r failing that just a few lines of shell script) utilizing `openssl s_client`. Thanks for the weblink nevertheless. Matthias smime.p7s Description: S/MIME cryptographic signature

RE: Enumerating TLS protocol versions and ciphers supported by the peer

> Look at  > https://testssl.sh/ > That is an openssl wrapper which enumerates ciphers and protocols ( and a > whole lot more) Nice tool, I didn’t know it yet. I was already recommended to me by Michael Wojcik in his first reply, but thanks nevertheless for the link. Matthias

RE: Confusion Configuring

nstalling it: ## incorrect (without wrapper) msp@msppc:~/src/openssl-1.1.1$ apps/openssl version -d OPENSSLDIR: "/etc/ssl" ## correct (using the wrapper) msp@msppc:~/src/openssl-1.1.1$ util/shlib_wrap.sh apps/openssl version -d OPENSSLDIR: "/opt/openssl-1.1.1-dev/ssl" HTH, Mat

RE: Confusion Configuring

For OpenSSL 3.0, it's better to use util/wrap.pl instead. (Note: util/wrap.pl is created from util/wrap.pl.in by the Configure command) > -Original Message- > From: openssl-users On Behalf Of Dr. > Matthias St. Pierre > Sent: Saturday, December 18, 2021 9:11 AM

RE: Confusion Configuring

. And with the given information, you should be able to figure out what precisely happens in your original case using ldd an/or strace. Matthias > -Original Message- > From: openssl-users On Behalf Of Dr. > Matthias St. Pierre > Sent: Saturday, December 18, 2021 9:20

RE: How to run a simple test case

The README file in the test directory contains a detailed explanation. https://github.com/openssl/openssl/blob/master/test/README.md In a nutshell, you run `make test`, passing `V=1` to turn on verbose output and `TESTS=...` to select one or more tests: make V=1 TESTS= test HTH, Matthias

RE: How run the specific test case //答复: How to run a simple test case

, Matthias smime.p7s Description: S/MIME cryptographic signature

RE: How run the specific test case //答复: How to run a simple test case

easier to discuss your problem there. You might want to tag @levitte, he should be able to help. https://github.com/openssl/openssl/issues/new/choose Matthias smime.p7s Description: S/MIME cryptographic signature

RE: Upgrade openssl 1.0.2 to 1.1.1 guideline

The following wiki page might serve as a starting point: https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes HTH, Matthias > -Original Message- > From: openssl-users On Behalf Of Yan, Bob > via openssl-users > Sent: Tuesday, March 8, 2022 5:48 PM > To: openssl-us

RE: SSL_ERROR_WANT_READ after the handshake

FWIW: I noticed recently, that in TLSv1.3 it seems to be rather normal to encounter an SSL_WANT_READ immediately after returning from a successful SSL_connect() call (even in the blocking case), because part of the handshake is disguised as application data and apparently SSL_connect() returns be

RE: looking for properly configured Windows VMs

> I see lots of logs. > Maybe it's private to me. The link is not private, but it expires after a short amount of time. The timeout is visible in the URL (after url-decoding it): ...?urlExpires=2022-04-02T15:36:04.2664486Z&urlSigningMethod=HMACV1&urlSignature=J9eXW05FxMynRtIZFhvnWKNDCJtYBmn

RE: RSA and DES encryption and decryption with C++ on Windows

Pauli accidentally posted a link to our internal repository. You can jost replace githuib.openssl.org by github.com: https://github.com/openssl/openssl/tree/master/demos/encrypt Matthias From: openssl-users On Behalf Of John Alway Sent: Monday, April 11, 2022 7:06 PM Cc: openssl-users

RE: Legal : guide to sign cla. has legal mail a PGP key ?

g/licenses IMHO, both the rewrite rule as well as the link in the ICLA/CCLA document should be fixed. https://www.openssl.org/policies/openssl_icla.pdf Matthias > -Original Message- > From: openssl-users On Behalf Of pl > Sent: Wednesday, April 27, 2022 10:14 PM > To: ope

RE: Test failure for 1.1.1p - 10-test_bn

My guess is that the loop is caused by one of the commits 0ed27fb7a8 and 8438d3a7b7. Would you mind to (a) check whether that's correct and which one of the two commits causes the problem, and (b) raise a GitHub issue for it? Matthias ~/src/openssl/1.1.1$ git log --oneline -

Re: [openssl-users] [openssl-announce] Forthcoming OpenSSL releases

Thanks for the three line upgracde recipe in https://wiki.openssl.org/index.php/Code_reformatting It's as simple as you stated, indeed. The reformatting was a good thing to do. Also, it makes sense to me to apply it to all stable branches uniformly, in order to simplify cross-branch merging. ms

Re: [openssl-users] [openssl-announce] Forthcoming OpenSSL releases

Hello, Here is a recipe to guide you through the reformatting. It worked nicely for me. I wrote a small bash shell script which helped me do the bulk conversion, see attachment Hope you'll find this information helpful. In following I briefly describe the steps how you can 1) get your patches i

[openssl-users] Minimizing the pain of reformatting your OpenSSL patches

Hello, the upcoming security update imposes a special challenge to all OpenSSL users who maintain their own patch sets. The reason is the code reformat which has taken place in between the last and the upcoming release, which renders existing patches useless.

Re: [openssl-users] [openssl-announce] Forthcoming OpenSSL releases

I just posted an updated version of my script in a new thread, titled Minimizing the pain of reformatting your OpenSSL patches Regards, msp On 03/19/2015 02:22 AM, Dr. Matthias St. Pierre wrote: > Hello, > > Here is a recipe to guide you through the reformatting. > It worked n

Re: [openssl-users] Minimizing the pain of reformatting your OpenSSL patches

Copy & Paste error: The name of the new branch is "${upstream}-post-auto-reformat" not "${upstream}-pre-auto-reformat" msp On 03/19/2015 09:40 AM, Dr. Matthias St. Pierre wrote: > For every commit on the rebased branch, it does an automatic > conversion,

Re: [openssl-users] Minimizing the pain of reformatting your OpenSSL patches

Sorry for that, another typo: Please replace OpenSSL_1_0_1k by OpenSSL_1_0_1m below. On 03/19/2015 09:40 AM, Dr. Matthias St. Pierre wrote: > 3) After the script has succeeded, you can rebase your > reformatted branch to the head of the stable branch or > to the tag of the most recen

Re: [openssl-users] FIXED: Minimizing the pain of reformatting your OpenSSL patches

Hello, my original post contained two typos. Also, the script reversed the order of the commits due to a forgotten '--reverse'. (Probably, it was too late, last night ;) So here comes a repost with all corrections. Sorry for the inconveniences. Regards, msp -- Hello, the upcoming securit

Re: [openssl-users] question on Alternative chains certificate forgery (CVE-2015-1793)

Precisely the versions as stated in https://openssl.org/news/secadv_20150709.txt are affected: This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o. OpenSSL 1.0.2b/1.0.2c users should upgrade to 1.0.2d OpenSSL 1.0.1n/1.0.1o users should upgrade to 1.0.1p

[openssl-users] FIPS_drbg_*() are not exported from FIPS capable libeay32.dll on Windows (OpenSSL 1.0.2x and 1.0.1x)

Dear Mr. Henson, I noticed that for OpenSSL 1.0.2x and 1.0.1x on Windows the FIPS capable libeay32.dll does not export any of the FIPS_drbg_*() functions, although they are officially documented by the OpenSSL FIPS 2.0 User Guide. Is this an oversight or was this done on purpose? (IOW, is it a

Re: [openssl-users] FIPS_drbg_*() are not exported from FIPS capable libeay32.dll on Windows (OpenSSL 1.0.2x and 1.0.1x)

ation developers? Thank you in advance, Regards, Matthias St. Pierre On 08/26/2015 05:14 PM, Dr. Matthias St. Pierre wrote: > > Dear Mr. Henson, > > I noticed that for OpenSSL 1.0.2x and 1.0.1x on Windows the FIPS capable > libeay32.dll > does not export any of the FIPS_drbg_*() f

Re: [openssl-users] Dynamically loading OpenSSL on Windows

on for this would be to have an OpenSSL API call such as OPENSSL_register_applink(), which could be used by an executable or a shared library likewise. The only problem I see is to add the new api and stay compatible to the old hacky way. Maybe you should open a ticket on the rt for this. Regard

Re: [openssl-users] FIPS 3.0 Canister Status

You might be interested in the following two blog posts: https://www.openssl.org/blog/blog/2017/07/25/fips/ https://www.openssl.org/blog/blog/2017/08/17/fips/ Matthias On 25.01.2018 16:34, xemdetia . wrote: > Hey all, > > Back in 2016 there was a news post found > https://www

Re: [openssl-users] Enable the FIPS mode in the library level

ensure that the FIPS initialization succeeded. However, an application which is not FIPS-aware won't check the result. * It can happen that applications which have their own configuration and enable/disable FIPS mode explicitely, call FIPS_mode_set(0) afterwards. HTH, Matthias -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Enable the FIPS mode in the library level

On 05.03.2018 11:57, Dr. Matthias St. Pierre wrote: > > However, I am sceptical whether this approach will be accepted, > because there are (at least) two potential problems: > > * Normally, it is mandatory to check the result of FIPS_mode_set() or > FIPS_mode() to en

Re: [openssl-users] Enable the FIPS mode in the library level

d of mail. Changing applications from the low level api is not a simple bugfix. It's a nontrivial task. So the situation is hopeless, I would say. Matthias crypto.h: === # define fips_md_init(alg) fips_md_init_ctx(alg, alg) # ifdef OPENSSL_FIPS # define fips_md_init_ctx(alg, cx) \

Re: [openssl-users] Enable the FIPS mode in the library level

Am 05.03.2018 um 19:55 schrieb Alan Dean: > Thanks a lot Matthias for the suggestion. > > I have few follow-up questions below: > Please see my other replies. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Enable the FIPS mode in the library level

Am 05.03.2018 um 20:39 schrieb Alan Dean: > Thanks Matthias for your response. > > I have a different question: > > Per your suggestion in the previous email, FIPS_mode_set() can be > moved inside of OPENSSL_init(), in order to force the FIPS mode > enabled in the libra

Re: [openssl-users] OpenSSL 1.0.2n Build Failed on Windows 32bit Platform

. https://github.com/openssl/openssl/commits/OpenSSL_1_0_2-stable Regards, Matthias > -Ursprüngliche Nachricht- > Von: openssl-users Im Auftrag von Wang > Gesendet: Dienstag, 13. März 2018 10:14 > An: openssl-users@openssl.org > Betreff: [openssl-users] OpenSSL 1.0.2n Build Fa

Re: [openssl-users] OpenSSL 1.0.2n Build Failed on Windows 32bit Platform

Note: If you don't have git available, you can download the sources as a zip archive using the following link: https://github.com/openssl/openssl/archive/OpenSSL_1_0_2-stable.zip Matthias > -Ursprüngliche Nachricht- > Von: openssl-users Im Auftrag von Dr. > Matth

Re: [openssl-users] Hashing public keys

Hello Jan, the canonical way to create the hash of the public key is to use d2i_PUBKEY() to save the public key in (binary) DER format and then calculate the hash of that using EVP_DigestInit()/EVP_DigestUpdate()/EVP_DigestFinal(). Hope that helps, Matthias Am 21.03.2018 um 14:42 schrieb Jan

Re: [openssl-users] error: void value not ingored as it to be crypto/err/err_all.c

Hi Mark, I guess your problem is that you are trying to build OpenSSL 1.1.0 with FIPS. Only OpenSSL 1.0.2 has FIPS support. Regards, Matthias Von: openssl-users Im Auftrag von Mark via openssl-users Gesendet: Mittwoch, 22. August 2018 18:38 An: openssl-users@openssl.org Betreff: [openssl

Re: [openssl-users] openssl 1.1.1 release

Final release is still scheduled for September 11, see also the discussion on openssl-project https://mta.openssl.org/pipermail/openssl-project/2018-September/001010.html HTH, Matthias Von: openssl-users Im Auftrag von Juan Isoza Gesendet: Dienstag, 4. September 2018 09:09 An: openssl-users

Re: [openssl-users] openssl 1.0.2 and TLS 1.3

ture in OpenSSL 1.1.1 which will be released today. OpenSSL 1.0.2 is an LTS release which will only receive security updates and no new features. HTH, Matthias See also https://wiki.openssl.org/index.php/TLS1.3 https://www.openssl.org/policies/releasestrat.html -- openssl-users mailing list

Re: [openssl-users] Manpages still say "pre-release"

Thanks for the reminder, see https://github.com/openssl/web/pull/83. Matthias -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Certificate format question?

ompliance the default behavior and introduces a new '-inform b64' option for raw base64 parsing. https://github.com/openssl/openssl/pull/7320 I would be interested in your (the users) opinion about whether this should become the new default in the future, or whether raw base64 pa

Re: [openssl-users] Seeding before RSA key generation

OpenSSL_1_0_2-stable branch. Matthias -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How to compile 1.1.1 under Windows

Hi, a lot of structures where made opaque going from 1.0.2 to 1.1.0. This means, you will have to make changes to your program source code to compile it against 1.1.0 or 1.1.1. For details, see https://www.openssl.org/docs/faq.html#PROG2 HTH, Matthias > -Ursprüngliche Nachricht- &g

Re: [openssl-users] How to compile 1.1.1 under Windows

Oh, I should have read your mail until the end: Are you upgrading from 1.0.0h or 1.1.0h? Your post mentions both versions. > -Ursprüngliche Nachricht- > Von: openssl-users Im Auftrag von Dr. > Matthias St. Pierre > Gesendet: Dienstag, 23. Oktober 2018 09:17 > An

Re: [openssl-users] Error: does not have a number assigned

ers will get overwritten (if you extract tarballs). You will have to renumber you symbols (or remove them and run 'make update' again). HTH, Matthias > -Ursprüngliche Nachricht- > Von: openssl-users Im Auftrag von Jakob > Bohm via openssl-users > Gesendet: Die

Re: [openssl-users] The 9 Lives of Bleichenbacher's CAT - Is there a CVE for OpenSSL?

ar as I know, the question is still unanswered... HTH Matthias -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] openssl 1.1.1 manuals

ill be fixed shortly, see https://github.com/openssl/web/pull/100 HTH, Matthias -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] openssl 1.1.1 manuals

: msp@msppc:~$ man BIO_new BIO_new BIO_new_file BIO_new_CMS BIO_new_fp BIO_new_accept BIO_new_mem_buf BIO_new_bio_pairBIO_new_socket BIO_new_buffer_ssl_connect BIO_new_ssl BIO_new_connect BIO_new_ssl_connect BIO_new_fd Matthias -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] openssl 1.1.1 manuals

ocs/man1.1.1/man3/CMS_sign.html https://www.openssl.org/docs/man1.1.0/crypto/CMS_sign.html Matthias -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Build target architecture

ng configuration and apply incremental changes. HTH, Matthias -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] RNG behavior by default

le to obey: Always check the error return value of RAND_bytes(3) and do not take randomness for granted. https://www.openssl.org/docs/man1.1.1/man7/RAND.html (See also https://www.openssl.org/docs/man1.1.1/man7/RAND_DRBG.html) Matthias -- openssl-users mailing list To

Re: [openssl-users] RNG behavior by default

the return value of the RAND_bytes() function. Because in the error state, the buffer is not filled at all. Matthias -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] RNG behavior by default

, you could theoretically register your own get_entropy callback for the master DRBG at application startup time. But if you don't have a better entropy source than OpenSSL, you are bound to fail, too. And isn't it better for your application to fail gracefully in this case than to pr

Re: [openssl-users] Possible bug in crypto/engine

at the segmentation fault. HTH, Matthias Von: openssl-users Im Auftrag von Antonio Iacono Gesendet: Sonntag, 6. Januar 2019 19:55 An: openssl-users@openssl.org Betreff: [openssl-users] Possible bug in crypto/engine Hi, I sign a text file with: openssl cms -sign -signer cert.pem -inkey 01

Re: [openssl-users] Possible bug in crypto/engine

Sorry, the command contains a little error: please replace `gdb …` by `gdb –args …`: util/shlib_wrap.sh gdb --args apps/openssl cms -sign -signer cert.pem -inkey 101 -keyform engine -engine pkcs11 -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/open

AW: OpenSSL version 1.1.1b published

is file. This seems to be a bug of the tar command which was fixed in 1.14. https://lkml.org/lkml/2005/6/18/5 https://marc.info/?l=linux-kernel&m=111909182607985&w=2 HTH, Matthias

AW: AES-cipher offload to engine in openssl-fips

configured and built with `./configure fips ...` in order to integrate the FIPS Object Module. Until FIPS 3.0 has been released and FIPS 2.0 is history, we should stick to that definition and not confuse FIPS users by reinterpreting it or pretend that it is not used anymore or has a different

AW: AES-cipher offload to engine in openssl-fips

e; I'm currently not 100% up-to-date) instead. Matthias

AW: Building openssh7.9p1 and above against openssl1.1.1b

against version 1.0.2 will be supported until it is end-of-life, which is by the end of this year. HTH, Matthias Von: openssl-users Im Auftrag von Samiya Khanum via openssl-users Gesendet: Mittwoch, 15. Mai 2019 04:55 An: openssl-users@openssl.org Betreff: Building openssh7.9p1 and above

AW: why does RAND_add() take "randomness" as a "double"?

.1, because we tried very hard not to add unnecessary breaking changes to the ones made in 1.1.0. Matthias

AW: Slightly funny tar ball for openssl 1.1.1c ?

and the links to the LKML which it contains https://lkml.org/lkml/2005/6/18/5 https://marc.info/?l=linux-kernel&m=111909182607985&w=2 HTH, Matthias

AW: Performance Issue With OpenSSL 1.1.1c

ound on GitHub: - issue #8215, fixed by pull request #8251 - issue #8416, fixed by pull request #8428 (see links below). And you are right, the change should have been mentioned in the CHANGES file. Apologies for that. HTH, Matthias https://github.com/openssl/openssl/issues/8215 https://github.

AW: Performance Issue With OpenSSL 1.1.1c

ub.com/openssl/openssl/blob/OpenSSL_1_1_1c/crypto/rand/rand_unix.c#L509-L535 I think that pull request #8251 needs to be reconsidered. Give me one day or two, I'll create a GitHub issue for that and post the link here when it's ready. Matthias

AW: Performance Issue With OpenSSL 1.1.1c

without having to add special defines on the commandline. Matthias

AW: AW: Performance Issue With OpenSSL 1.1.1c

startup delay is encountered only at early boot time or also when you start the daemon manually when the system is up and running. Matthias

AW: FIPS_selftest() Usage

0 object module. Anything you need to know you should be able to find in there. Regards, Matthias

AW: Test failed with openssl-1.1.1d ../test/recipes/20-test_enc.t

n certain situations you have to press CTRL-D in the console more often than expected in order to indicate EOF to the openssl application. https://github.com/openssl/openssl/commit/8be96f236969caabf303bec389a2f812b4869c1c HTH, Matthias

OpenSSL 1.1.1d: test 20-test_enc.t fails if zlib is enabled

76c66 manually to your copy of 1.1.1d (see [3]). - Update to the tip of the OpenSSL_1_1_1-stable branch (see [4]). Regards, Matthias [1] https://github.com/openssl/openssl/issues/9866 [2] https://github.com/openssl/openssl/pull/9877 [3] https://github.com/openssl/openssl/c

<    1   2   3   >