In message <1733025605.2034908.1482816244...@mail.yahoo.com> on Tue, 27 Dec
2016 05:24:04 + (UTC), "Ron Gaw "
said:
ronmlgaw> I am using a MinGW64 / MSYS2 environment to compile OpenSSL1.1.0c, but
ronmlgaw> failing consistently after multiple attempts with a few variations
ronmlgaw> each at
ly in MS cmd.exe or the like (where
backslashes make sense) rather than a Unix like shell such as bash
(where backslashes don't make sense).
So this all tells to me that your /mingw64/bin/perl.exe comes from
somewhere else, that you will probably find /usr/bin/perl.exe, and
that's the perl yo
s with Visual Studio.
(I now noticed we haven't made nmake a requirement, while we expect
everyone to use it with the VC-* config targets. We should be more
explicit about this)
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
nt it from appearing or modify it to match our
bkaduk> requirements more closely.
Yes, that happens as part of 'use Config;', unfortunately. I did look
around to try to see how to prevent this from happening, but couldn't
figure it out.
--
Richard Levitte levi...@open
bviously not intended as advice to people trying to build, more as
jb-openssl> something you might consider for an updated version of NOTES.PERL
jb-openssl> (after testing it of cause).
I've heard of more than one success with Strawberry, we just haven't
tested it ourselves.
C
L 1.1.0) to see what's disabled.
There are other things that can give you a -1 as well...
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
ns
all the data you need, including two certs.
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
telat> is there a way to get some sort of error code or something
that would at least hint at a direction..
I found that M2Crypto has an Err package, so add this to your script:
if v <= 0:
print(M2Crypto.Err.get_error());
else:
print("v = {}".format(v))
-
S. Try these lines
and see if that makes a difference:
OPENSSL_ENGINES=.
export OPENSSL_ENGINES
openssl pkeyutl -encrypt -in message.txt -pubin -inkey pubkey-B.pem -engine
rsa_engine -out cipher.bin
openssl pkeyutl -decrypt -in cipher.bin -inkey privkey-B.pem -engine rsa_engine
-out rec.txt
C
With 1.1.0 and on, the build system is of the "configure first" model,
unconditionally. You will get a working Makefile as a result, and
will find more information in README and INSTALL.
Cheers,
Richard
In message
on Tue, 14 Feb 2017 12:21:05 +0530, murugesh pitchaiah
said:
murugesh.pitchai
ed",
openssl-users> > solaris64:117$
openssl-users>
openssl-users> I would avoid adding that library dependency to all the code
just because
openssl-users> a test program uses fabs(). It is better to just avoid fabs()
in the test
openssl-users> code, or add "-lm
Fixed:
commit 6fe43af8d77b119f8af913c284149bca482ee58c
Author: Richard Levitte
Date: Sat Mar 11 11:19:20 2017 +0100
Revert "Use the callbacks from the SSL object instead of the SSL_CTX
object"
This shouldn't have been applied to t
Just add -m64 on the config line, like this:
./config no-shared zlib -m64 -IC:/_64/msys_630/1.0/local/include \
-LC:/_64/msys_630/1.0/local/lib --prefix=C:/_64/msys_630/1.0/local
This is weird, though... what config target did you get when
configuring? Ideally, you should have gotten 'mingw64',
In message <8CD5EEA9CC3F4643AAFC6D7DDF6EB449@OwnerPC311012> on Sun, 12 Mar 2017
16:15:47 +1100, said:
sisyphus1> -Original Message----- From: Richard Levitte
sisyphus1> Sent: Sunday, March 12, 2017 3:25 PM
sisyphus1> To: openssl-users@openssl.org
sisyphus1> Subject:
EM_read_bio_X509() and
extracting the public key with X509_get0_pubkey() or X509_get0_pubkey().
If IEEE certs differ in format, you must first know the exact byte
content, where the public key is in there, make sure it's encoded in
DER, and use d2i_EC_PUBKEY() to make a EC_KEY from those
Can you verify that crypto\include\internal\bn_conf.h.in exists? It
should, it's part of the source. Can you check if there's a file with
a similar name in crypto\include\internal?
Cheers,
Richard ( am wondering if there are tar implementations that screw up
file name with more than one period..
Are you running on an Itanium? If not, VC-WIN64I is not for you,
please configure with VC-WIN64A instead.
Cheers,
Richard
In message
on Mon, 1 May 2017 18:02:54 -0500, Jon Coons said:
jonacoons> Hello,
jonacoons>
jonacoons> I keep running into a Win 10 failure using nmake for SSL
installat
x27;t automatically
applied to the openssl application, but is a matter of extra
configuration arguments.
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
application (executables) but not for shared libraries?
hiran.chaudhuri> In that case the test I tried would be totally meaningless.
Yes, that's correct.
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
openssl-users mailing list
T
In message on Thu, 18 May
2017 18:35:32 -0400, Viktor Dukhovni said:
openssl-users>
openssl-users> > On May 18, 2017, at 4:08 PM, Richard Levitte
wrote:
openssl-users> >
openssl-users> > hiran.chaudhuri> Incidently, I think that when you do
this, you'
e simply called
libcrypto.lib and libssl.lib from OpenSSL 1.1.0 and on. That will
most likely not change at all for the far future.
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
IF
statement for /^VC-/ ?
Yes, the top build.info is the file to make changes in for this.
However, once again, I really do not recommend this.
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
lib
>From those, I guess you need to change your dependencies to be
libcrypto64MT.lib instead of libeaymt64.lib, and libssl64MT.lib
instead of ssleaymt64.lib.
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
open
what I know at least.
So I
raymi.coevan> don't understand why I got these link errors...
Can't help you there, sorry.
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
openssl-users mailing list
To unsubscribe:
his at the start of your main()?
OPENSSL_init_crypto(0, NULL);
(note, that should be seen as a temporary measure, as this is called
internally in quite a number of spots, so for larger uses of OpenSSL
functionality, you shouldn't need that)
Cheers,
Richard
--
Richard Levitte le
ds
Matthias.Ballreich>
Matthias.Ballreich> Matthias
Matthias.Ballreich>
Matthias.Ballreich> Von: Richard Levitte
Matthias.Ballreich> Gesendet: Montag, 10. Juli 2017 06:14
Matthias.Ballreich> An: openssl-users@openssl.org
Matthias.Ballreich> Betreff: Re: [openssl-users] OpenSSL 1.1.0 provid
not for the moment allow it to be disabled.
That's the issue you're hitting.
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Elio.Gerardi> make: *** [install_dev] Error 2
Is there a directory /usr/local on your system?
Does the user your running 'make install' with have permission to
write to the /usr/local directory?
An alternative, if you have sudo privileges, is this:
sudo make install
Cheers,
I got curious and decided to take a look, and well, it appears
setup.py has issues. I posted an issue in gitlab about it:
https://gitlab.com/m2crypto/m2crypto/issues/184
In message on Wed, 11 Oct 2017
08:12:38 +0200, Matěj Cepl said:
mcepl> On 2017-10-10, 21:17 GMT, Blumenthal, Uri - 0553 -
0.2 manpages, right?
charlesm> I’ve got the 1.1.0f tar and the crypto directory does not
charlesm> contain a threads directory. Where do I find mttest.c?
You don't. It's been removed in 1.1.0, and as far as I can see, you
won't find any reference to mttest.c in the
s.
For keys such as RSA ones, you can simply create the resulting fetched
key with RSA_new_method(e), where |e| is your TPM engine, and your
engine's RSA method will be attached to that key rather than the
default.
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project
ve URL.
simon.d.matthews>
simon.d.matthews> You might want to contact Richard Levitte at
levi...@openssl.org. I
simon.d.matthews> think he handles most OpenSSL infrastructure.
simon.d.matthews>
simon.d.matthews> Jeff
simon.d.matthews>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>From the look of that PNG, you're building in a native Windows
environment. The ony configs available in the main source are for
Visual C, and are configured like this:
perl Configure --prefix=D:\openssl\bin shared VC-WIN64A
If you meant to cross compile for a Linux, I do not have an answer
something similar?
Another option is if you could craft a simple program that
demonstrates the issue, that would certainly help.
Lastly, unless you get a quick answer here, this might be worth making
a github issue here: https://github.com/openssl/openssl/issues
Cheers,
Richard
--
Richard L
ctually
pretty easy, the package they use has a function to parse PKCS#8
private keys as well:
https://golang.org/pkg/crypto/x509/#ParsePKCS8PrivateKey
openssl-users-request> How do I make `openssl pkcs12` output a correct
openssl-users-request> PKCS#1 private key?
You don't. If you
ll it takes is a forward declaration:
ASN1_SEQUENCE(TEST);
ASN1_SEQUENCE(TEST) = {
ASN1_SIMPLE(TEST, version, ASN1_INTEGER),
ASN1_EXP_SEQUENCE_OF_OPT(TEST, otherTests, TEST, 0)
} ASN1_SEQUENCE_END(TEST)
IMPLEMENT_ASN1_FUNCTIONS(TEST)
(I tested that just now)
Cheers,
TEST_SIGNATURE as well, before the construction of TEST. (also, to be
picky, you need to make sure that ASN1_SEQUENCE(TBS_TEST) is ended
with ASN1_SEQUENCE_END(TBS_TEST), not ASN1_SEQUENCE_END(TEST))
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project
.. :D
madwolf>
madwolf> If there is no easy answer, I guess I will have to either change the
envisioned approach (maybe
madwolf> introducing an intermediate data structure of some kind..?) or use the
ASN1_ANY approach.
madwolf>
madwolf> Cheers,
madwolf> Max
madwolf>
madwolf> On
> POLY1305_OBJ =poly1305-x86_64.o
omgalvan.86> BLAKE2_OBJ=
omgalvan.86> PROCESSOR =
omgalvan.86> RANLIB=true
omgalvan.86> ARFLAGS =/nologo
omgalvan.86> PERL =C:\Perl64\bin\perl.exe
omgalvan.86>
omgalvan.86> SIXTY_FOUR_BIT mode
omgalvan.8
, Configurations/*.tmpl, and all the
build.info files. If any of those are newer, 'nmake' will
automatically reconfigure and ask you to run again.
Timing is everything ;-)
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levi
Marty, you might want to consider that the values of western society
are hardly universal. Comic Sans isn't as badly seen everywhere, and
there's no reason why western society biases should trump any other.
Also, I'd like to remind everyone that we have a code of conduct,
https://www.openssl.org/
oking up an address with BIO_lookup_ex, you can
specify the address family the same way. 'openssl s_client' and
'openssl s_server' both take options -4 and -6 to say which address
family should be used.
Now, this ties back to your request on building. Why should you
disable
sion that takes va_args like this?
norm.green>
norm.green> int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args);
norm.green>
norm.green> OpenSSL already have this precedent in other places, such as with
norm.green> BIO_printf() / BIO_vprintf()
Good idea, that can certainly
gt;
beldmit> *) Removed automatic addition of RPATH in shared libraries and
executables,
beldmit> as this was a remainder from OpenSSL 1.0.x and isn't needed any more.
beldmit> [Richard Levitte]
beldmit>
beldmit> Could you please clarify why this changes were introduced?
Th
Thank you, that was an omission on our part. Fixed here:
https://github.com/openssl/openssl/pull/5386
Cheers,
Richard
In message
on Thu, 15 Feb 2018 12:53:52 -0500, Jerry L said:
artlemuel> I failed to point out that I was test compiling the 1.1.1 version. I
apologize for that omission
rselves using 'ln -s' (if the
symlinks are wrong, please raise an issue on github). If it's for the
cache, we could of course add some kind of post-shared config
attribute to reflect that need (a little like we have one for ranlib).
Cheers,
Richard
--
Richard Levitte levi...
figured C compiler for linking programs. So
unless you define it specifically, it will remain undefined.
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
en> ar: 0707-101 / is not a valid flag.
norm.green> make: The error code from the last command is 1.
norm.green>
norm.green>
norm.green> Stop.
norm.green> make: The error code from the last command is 2.
norm.green>
norm.green>
commit 6475b64978083750018db90c60f4df142a
and this one will register $^X (perl's internal variable
to indicate the exact file name of the interpreter), which is then
propagated to Makefile (make variable $(PERL)) and used there. Did we
miss a spot? I'm willing to correct that...
Cheers,
Richard
--
Richard Levitte levi.
In message on Sat, 24 Feb
2018 06:14:50 -0500, Dennis Clarke said:
dclarke> On 24/02/18 05:13 AM, Richard Levitte wrote:
dclarke> > In message <607c8d70-4283-1b55-2eac-c9f30a3a3...@blastwave.org> on
dclarke> > Sat, 24 Feb 2018 00:24:34 -0500, Dennis Clarke
dclarke> &g
in file
appro> > fabs test/ct_test.o
appro>
appro> ??? One can only wonder where does it come from. I see no fabs
anywhere...
E
: ; git grep fabs
test/ct_test.c:if (!TEST_uint_le((unsigned
int)fabs(difftime(time(NULL), default_time)),
--
Ric
I fixes got merged about half an hour ago:
https://github.com/openssl/openssl/pull/5472
Cheers,
Richard
In message <6acdd452-4b5e-1225-bb3c-b5e0243a0...@gemtalksystems.com> on Tue, 27
Feb 2018 12:39:47 -0800, Norm Green said:
norm.green> With CC=cc, I get this:
norm.green>
norm.green> cc -I
Something here makes no sense at all... you configure with
'no-shared', and then get an apps/openssl that's linked with the
system shared libraries?
In message <323c64fe-c3a7-0b93-a11e-46f743b99...@coderhacks.com> on Tue, 13 Mar
2018 23:46:14 +0100, "e...@coderhacks.com" said:
etc> Hi!
etc>
e
Are there more parameters than no-shared that influence that??
etc>
etc> Thanks!
etc> Chris
etc>
etc> On 2018-03-14 10:54, Richard Levitte wrote:
etc> > Something here makes no sense at all... you configure with
etc> > 'no-shared', and then get an apps/open
It would help if you showed us the exact command that ended up with
that bunch of errors... however, having seen this before, I'm going
to venture a guess that you either didn't include '-lssl' in your
linking command, or got the order between '-lcrypto' and '-lssl'
wrong.
However, seeing the act
In message on Wed,
28 Mar 2018 08:02:37 -0700, Jordan Brown said:
openssl> I'm finding that it would be helpful to have a function that
openssl> would, given PEM data (in memory or in a file) return an
openssl> indication of what kind of object it represents: a
openssl> certificate, a private k
deas, and considering
those internal functions I mentioned, we do have some kind of base set
up already, so it would probably not be that hard to open up that kind
of functionality to the public. Perhaps as a side thing, like STORE
UTILS?
--
Richard Levitte levi...@openssl.org
OpenSSL Proj
orage for that kind of protected data, and to directly
translate it to usable objects, something that would be quite
difficult with the BIO API.
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
n.Eichenberger> Parent(s): 17592f323a
John.Eichenberger>
John.Eichenberger> Don't check RSA_FLAG_SIGN_VER.
John.Eichenberger>
John.Eichenberger> Reviewed-by: Richard Levitte
John.Eichenberger>
John.Eichenberger> The change made in that commit was to simply remove
John.Ei
A structure
in OpenSSL). You *must* make them available. The rest of the numbers
are private and do not need to be part of the RSA structure that
OpenSSL handles.
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
openssl verify -CAfile your_ca_cert.pem SignedCertificate.pem
Hope that helped
Cheers,
Richard
In message <1525335799770-0.p...@n7.nabble.com> on Thu, 3 May 2018 01:23:19
-0700 (MST), morthalan said:
morthalaanilreddy> No, technically not. I am just searching for a simple method
just to chec
essage. It's made prominent
so no one will miss it (people do miss such message, you'd be
surprised)
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
You need to do this in the top directory first:
make rehash
Cheers,
Richard
In message
on Fri, 18 May 2018 11:22:14 -0400, Philippe Anctil
said:
philippe.anctil> Hi,
philippe.anctil>
philippe.anctil> I have been compiling openssl libraries on RHEL5 for
philippe.anctil> a while without
nough entropy, such as comp.sys.tandem,
perhaps?
Either way, trying to use OpenSSL's PRNGD to seed OpenSSL's PRNGD is
an exercise in futility.
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
openssl-users mail
In message <320e1fc3-aa47-456b-9c1b-9930992c9...@tiscali.it> on Sat, 2 Jun 2018
07:39:35 +0200, "sampe...@tiscali.it" said:
sampei02> I think It’s installed 2 version OpenSSL; the former by rpm package
while the latter by source tar infact I see following files into
/usr/local/openssl-0.9.7e :
ag and will
therefore be affected by a change, or do you know anyone who will?
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
In message <641feb77-064e-4a49-a30b-41edf1279...@akamai.com> on Sat, 11 Aug
2018 13:37:07 +, "Salz, Rich" said:
rsalz> Matt has already prepared a PR (the number escapes me)
https://github.com/openssl/openssl/pull/6741
--
Richard Levitte levi...@openssl.
d, or even better (because evp_int.h is internal so
you shouldn't look), use EVP_PKEY_get0().
director> Thanks for any help for understanding all these details... :D
Let's keep talking... I need to dig deeper anyway ;-)
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
n
encryption key that, as you noticed, can be any random bytes (although
they are usually generated from a passphrase using a secure key
derivation function). For more information, I suggest you read the
PHP docs (which is essentially what I did):
http://php.net/manual/en/function.openssl-encryp
up being a zero-length object file, more or
> less. Perhaps Richard Levitte knows.
We've made it conditional in the source file rather than the build
configuration, so on non-MSWindows platforms, it becomes a minimal
shared object with an entry point that fails unconditionally.
We should
We currently don't have per-engine support of the kind. The cleanest
you can do is probably having a private config looking something like
this:
our %targets = (
'mytarget' => {
inherit_from=> [ 'whatever' ],
dso_ldflags => '-lsomelib'
}
> > get for rushing that. It's a bit ironic since I'm notorious for
> > wrapping everything in extra parenthesis just to avoid memorizing
> > operator precedence.
> >
> > Thanks for pointing that out though.
> >
>
> Is this new to 1.1.1? Or doe
In message <20180914140848.gg23...@doctor.nl2k.ab.ca> on Fri, 14 Sep 2018
08:08:48 -0600, The Doctor said:
> When will those be ready to go?
At 06:22 UTC today. That's just over 1½ hours from now.
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Projec
sure what engine-pkcs11 asks of you otherwise, but one guess
could be to change 'id=%11%11' to 'id=' in that URL and try again.
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
I'm noticing these from the dump:
Recorded environment:
...
CC =
/u/build/build1/engtools/linux/2.6.18-8.el5/x86_64/gcc/versions/4.3.2/bin/gcc
CXX =
/u/build/build1/engtools/linux/2.6.18-8.el5/x86_64/gcc/versions/4.3.2/bin/g++
Could it be that those compilers don't
2/bin/g++
>
> I was using these for openssl 1.1.0h and it compiled with this option "
> enable-ec_nistp_64_gcc_128"
>
> Any other possibility, Please suggest.
...
> Message: 1
> Date: Mon, 24 Sep 2018 15:42:48 +0200 (CEST)
> From: Richard Levit
Well, that will kinda sorta work, I think... what you're basically
doing there, albeit not entirely clearly, is making the type a part of
the directory index, not just its name. I haven't looked thoroughly
enough to see if there are corner cases that will screw that up.
That being said, you will
Our scripts have *never*, as far as I know, produced libraries named
like that. Don't those DLLs come from some specific packager that
produces binary install kits?
For 1.1.x, *our* naming is a bit more elaborate, you will see these
names:
libcrypto-1_1.dll & libssl-1_1.dll - VC-WI
Fixed. Thanks.
In message <1df7e534-d4f0-7ac1-4de5-4cb8fb37d...@zil.li> on Sat, 6 Oct 2018
22:48:01 +0200, Paul Zillmann said:
> Hello,
>
> the wiki page [1] is wrong about the pass parameter.
> According to [2] the parameter for a keyfile is -pass file:path and
> not -pass pass:path
>
> - P
I'm curious about this error line from the 'openssl ca' output:
> 140735853761408:error:28078064:UI routines:UI_set_result_ex:result too
> large:crypto/ui/ui_lib.c:910:You must type in 4 to 32 characters
It should be interesting to try and figure out what pass phrased was
passed and where it cam
as option names).
We really should look over those options... (but with all the other
stuff we have going on, I'm afraid this isn't the highest on our
priority list)
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
-
That's very odd. Are you *sure* the one you're looking at is the one
actually included?
Cheers,
Richard
In message <1540230631.4886.20.ca...@taygeta.com> on Mon, 22 Oct 2018 10:50:31
-0700, Skip Carter said:
> Yes the macro is there, its just not being expanded by the pre-
> compiler.
>
>
>
If the compiler found opensslconf.h in
/usr/include/x86_64-linux-gnu/openssl/, that usually means you have an
distribution openssl package installed, one that other programs are
relying on.
Depending on the version of that package, you may have screwed things
up or not. If you're lucky, things wi
I suspect you'll find some kind of error message in
crypto\sm2\sm2_sign.d. I suspect that /showIncludes isn't supported
in VS 2008.
There is a workaround for this problem, and it's to use the
'no-makedepend' option:
perl Configure VC-WIN64A --prefix=c:/openssl no-makedepend
For a single bui
t; -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS"
> -D"OPENSSL_USE_APPLINK" -D"NDEBUG" -c /Focrypto\sm2\sm2_sign.obj
> "crypto\sm2\sm2_sign.c"
> sm2_sign.c
> crypto\sm2\sm2_sign.c(70) : error C2065: 'UINT16_MAX
Silly me, I forgot we already fixed that bug:
commit 6258e244bf702dc981c8ad63ab61133b8bbf2ba3
Author: Richard Levitte
Date: Wed Sep 12 02:06:26 2018 +0200
crypto/sm2/sm2_sign.c: ensure UINT16_MAX is properly defined
Fixes #7186
I discovered that very same issue earlier today. Fix is in:
commit 28361a0b821d36e3b19271b0a7909d5355b0990c (HEAD -> OpenSSL_1_1_1-stable,
origin/OpenSSL_1_1_1-stable)
Author: Richard Levitte
Date: Tue Oct 23 10:15:12 2018 +0200
RAND: ensure INT32_MAX is defined
This value
h, so that upgrade should go
smoothly.
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
fers (i.e. input and output
buffer are the same). So that is to say that if that behaviour ever
stopped working, we would certainly notice.
Does that help?
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
openssl-users
ently of the existing library of openssl?
> Thanks a lot.
Nope. We're pushing hard for people to use the EVP API, and newer
algorithms are therefore only implemented as EVP backends.
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.open
rameter hasn't been set in dh, you must give that
one too, so essentially, this is safer:
if (!DH_set0_pqg(dh, bn_p, NULL, bn_g))
goto end;
See the manual pages for DH_set0_pqg and DH_get0_pqg
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project
(that was Rich responding, not Matt ;-))
There are penty of functions to assign values properly to BIGNUMs
without having to resort to accessing the structure members. If you
still have reasons to do so, that sounds like you want to modify the
API somehow, and since you do have access to the Open
Did you ever get an answer to that? There is a call BN_num_bytes(),
so the fix should be this:
*var = rc_vmalloc(BN_num_bytes(bn));
(*var)->l = BN_bn2bin(bn, (unsigned char *)(*var)->v);
Cheers,
Richard ( you should probably study include/openssl/bn.h in depth )
In message
on Mon, 26
EVP_EncryptUpdate, and all that
will happen is... well, nothing much in the general case:
if (inl <= 0) {
*outl = 0;
return inl == 0;
}
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
es the the generation of .asm-files be so damn hard to
> figure out? Some cmd-line help to show what "auto" does would
> be nice.
The "auto" flavor takes note of the output file extension. .asm vs .s
in this case.
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
In message <3fc4d543-d71a-8c22-566a-d902c4f7d...@gmail.com> on Mon, 24 Dec 2018
13:17:51 +0100, Gisle Vanem said:
> Richard Levitte wrote:
>
> >> I experimented some more. I figured the "auto" does not work.
> >> But this works:
> >>perl
In message <98f571de-f47e-6259-f1ac-792ebed3e...@wisemo.com> on Thu, 27 Dec
2018 10:12:34 +0100, Jakob Bohm said:
> On 24/12/2018 19:08, Richard Levitte wrote:
> > In message <3fc4d543-d71a-8c22-566a-d902c4f7d...@gmail.com> on Mon, 24
> > Dec 2018 13:17:
\\"
> > ""
> > ""
> > ""
> > ""
> > };
>
> So, no. I don't trust anyone. Especially not this mess of a code.
You do know
In message <20181229.170846.804158981742723988.levi...@openssl.org> on Sat, 29
Dec 2018 17:08:46 +0100 (CET), Richard Levitte said:
> In message <38b97114-0c66-40ed-f631-58aa20940...@gmx.de> on Sat, 29 Dec 2018
> 14:19:47 +0100, "C.Wehrmeyer" said:
>
...
>
> server application (and its configuration) deems secure.
>
> Then why doesn't the documentation page of SSL_clear() mention this
> directly? "If you want to reuse an SSL object, use this function to set
> some option on the SSL_CTX object".
>
> On 29.12.18
101 - 200 of 1068 matches
Mail list logo