Re: [openssl-users] MinGW64 / MSYS2 and ./Configure : use of Windows style path causing failures to 'make'

In message <1733025605.2034908.1482816244...@mail.yahoo.com> on Tue, 27 Dec 2016 05:24:04 + (UTC), "Ron Gaw " said: ronmlgaw> I am using a MinGW64 / MSYS2 environment to compile OpenSSL1.1.0c, but ronmlgaw> failing consistently after multiple attempts with a few variations ronmlgaw> each at

Re: [openssl-users] MinGW64 / MSYS2 and ./Configure : use of Windows style path causing failures to 'make'

ly in MS cmd.exe or the like (where backslashes make sense) rather than a Unix like shell such as bash (where backslashes don't make sense). So this all tells to me that your /mingw64/bin/perl.exe comes from somewhere else, that you will probably find /usr/bin/perl.exe, and that's the perl yo

Re: [openssl-users] Unable to build with dmake

s with Visual Studio. (I now noticed we haven't made nmake a requirement, while we expect everyone to use it with the VC-* config targets. We should be more explicit about this) Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Unable to build with dmake

nt it from appearing or modify it to match our bkaduk> requirements more closely. Yes, that happens as part of 'use Config;', unfortunately. I did look around to try to see how to prevent this from happening, but couldn't figure it out. -- Richard Levitte levi...@open

Re: [openssl-users] Build problems on Windows

bviously not intended as advice to people trying to build, more as jb-openssl> something you might consider for an updated version of NOTES.PERL jb-openssl> (after testing it of cause). I've heard of more than one success with Strawberry, we just haven't tested it ourselves. C

Re: [openssl-users] troubleshooting a puzzling issue

L 1.1.0) to see what's disabled. There are other things that can give you a -1 as well... Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] troubleshooting a puzzling issue

ns all the data you need, including two certs. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] troubleshooting a puzzling issue

telat> is there a way to get some sort of error code or something that would at least hint at a direction.. I found that M2Crypto has an Err package, so add this to your script: if v <= 0: print(M2Crypto.Err.get_error()); else: print("v = {}".format(v)) -

Re: [openssl-users] RSA engine is not using the functions mentioned in struct

S. Try these lines and see if that makes a difference: OPENSSL_ENGINES=. export OPENSSL_ENGINES openssl pkeyutl -encrypt -in message.txt -pubin -inkey pubkey-B.pem -engine rsa_engine -out cipher.bin openssl pkeyutl -decrypt -in cipher.bin -inkey privkey-B.pem -engine rsa_engine -out rec.txt C

Re: [openssl-users] Fwd: Makefile.org in openSSL 1.1.0d

With 1.1.0 and on, the build system is of the "configure first" model, unconditionally. You will get a working Makefile as a result, and will find more information in README and INSTALL. Cheers, Richard In message on Tue, 14 Feb 2017 12:21:05 +0530, murugesh pitchaiah said: murugesh.pitchai

Re: [openssl-users] undefined symbol fabs in file test/ct_test.o in openssl 1.1.0e on solaris

ed", openssl-users> > solaris64:117$ openssl-users> openssl-users> I would avoid adding that library dependency to all the code just because openssl-users> a test program uses fabs(). It is better to just avoid fabs() in the test openssl-users> code, or add "-lm

Re: [openssl-users] [openssl-dev] Openssl 1.0.2 snap STABLE 20170311 issue

Fixed: commit 6fe43af8d77b119f8af913c284149bca482ee58c Author: Richard Levitte Date: Sat Mar 11 11:19:20 2017 +0100 Revert "Use the callbacks from the SSL object instead of the SSL_CTX object" This shouldn't have been applied to t

Re: [openssl-users] mingw 64-bit build of 1.1.0e

Just add -m64 on the config line, like this: ./config no-shared zlib -m64 -IC:/_64/msys_630/1.0/local/include \ -LC:/_64/msys_630/1.0/local/lib --prefix=C:/_64/msys_630/1.0/local This is weird, though... what config target did you get when configuring? Ideally, you should have gotten 'mingw64',

Re: [openssl-users] mingw 64-bit build of 1.1.0e

In message <8CD5EEA9CC3F4643AAFC6D7DDF6EB449@OwnerPC311012> on Sun, 12 Mar 2017 16:15:47 +1100, said: sisyphus1> -Original Message----- From: Richard Levitte sisyphus1> Sent: Sunday, March 12, 2017 3:25 PM sisyphus1> To: openssl-users@openssl.org sisyphus1> Subject:

Re: [openssl-users] openssl-users Digest, Vol 28, Issue 21

EM_read_bio_X509() and extracting the public key with X509_get0_pubkey() or X509_get0_pubkey(). If IEEE certs differ in format, you must first know the exact byte content, where the public key is in there, make sure it's encoded in DER, and use d2i_EC_PUBKEY() to make a EC_KEY from those

Re: [openssl-users] NMAKE error

Can you verify that crypto\include\internal\bn_conf.h.in exists? It should, it's part of the source. Can you check if there's a file with a similar name in crypto\include\internal? Cheers, Richard ( am wondering if there are tar implementations that screw up file name with more than one period..

Re: [openssl-users] Win 10 failure on install

Are you running on an Itanium? If not, VC-WIN64I is not for you, please configure with VC-WIN64A instead. Cheers, Richard In message on Mon, 1 May 2017 18:02:54 -0500, Jon Coons said: jonacoons> Hello, jonacoons> jonacoons> I keep running into a Win 10 failure using nmake for SSL installat

Re: [openssl-users] Build from source; library not found?

x27;t automatically applied to the openssl application, but is a matter of extra configuration arguments. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Build from source; library not found?

application (executables) but not for shared libraries? hiran.chaudhuri> In that case the test I tried would be totally meaningless. Yes, that's correct. -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-users mailing list T

Re: [openssl-users] Build from source; library not found?

In message on Thu, 18 May 2017 18:35:32 -0400, Viktor Dukhovni said: openssl-users> openssl-users> > On May 18, 2017, at 4:08 PM, Richard Levitte wrote: openssl-users> > openssl-users> > hiran.chaudhuri> Incidently, I think that when you do this, you'

Re: [openssl-users] Building libssl and libcrypto, .dlls and .libs, with different names?

e simply called libcrypto.lib and libssl.lib from OpenSSL 1.1.0 and on. That will most likely not change at all for the far future. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Building libssl and libcrypto, .dlls and .libs, with (ABI compatibility)

IF statement for /^VC-/ ? Yes, the top build.info is the file to make changes in for this. However, once again, I really do not recommend this. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] MSVC Compiling OpenSSL on Windows 64 issues with missing libs

lib >From those, I guess you need to change your dependencies to be libcrypto64MT.lib instead of libeaymt64.lib, and libssl64MT.lib instead of ssleaymt64.lib. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- open

Re: [openssl-users] MSVC Compiling OpenSSL on Windows 64 issues with missing libs

what I know at least. So I raymi.coevan> don't understand why I got these link errors... Can't help you there, sorry. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-users mailing list To unsubscribe:

Re: [openssl-users] OpenSSL 1.1.0 providing new OIDs to source code

his at the start of your main()? OPENSSL_init_crypto(0, NULL); (note, that should be seen as a temporary measure, as this is called internally in quite a number of spots, so for larger uses of OpenSSL functionality, you shouldn't need that) Cheers, Richard -- Richard Levitte le

Re: [openssl-users] OpenSSL 1.1.0 providing new OIDs to source code

ds Matthias.Ballreich> Matthias.Ballreich> Matthias Matthias.Ballreich> Matthias.Ballreich> Von: Richard Levitte Matthias.Ballreich> Gesendet: Montag, 10. Juli 2017 06:14 Matthias.Ballreich> An: openssl-users@openssl.org Matthias.Ballreich> Betreff: Re: [openssl-users] OpenSSL 1.1.0 provid

Re: [openssl-users] [openssl-dev] how to compile out selected ciphers

not for the moment allow it to be disabled. That's the issue you're hitting. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Problem with Last step in setup

Elio.Gerardi> make: *** [install_dev] Error 2 Is there a directory /usr/local on your system? Does the user your running 'make install' with have permission to write to the /usr/local directory? An alternative, if you have sudo privileges, is this: sudo make install Cheers,

Re: [openssl-users] OpenSSL on side

I got curious and decided to take a look, and well, it appears setup.py has issues. I posted an issue in gitlab about it: https://gitlab.com/m2crypto/m2crypto/issues/184 In message on Wed, 11 Oct 2017 08:12:38 +0200, Matěj Cepl said: mcepl> On 2017-10-10, 21:17 GMT, Blumenthal, Uri - 0553 -

Re: [openssl-users] Where is mttest.c?

0.2 manpages, right? charlesm> I’ve got the 1.1.0f tar and the crypto directory does not charlesm> contain a threads directory. Where do I find mttest.c? You don't. It's been removed in 1.1.0, and as far as I can see, you won't find any reference to mttest.c in the

Re: [openssl-users] OpenSSL engine and TPM usage.

s. For keys such as RSA ones, you can simply create the resulting fetched key with RSA_new_method(e), where |e| is your TPM engine, and your engine's RSA method will be attached to that key rather than the default. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project

Re: [openssl-users] Certificate expired on https://mta.openssl.org/

ve URL. simon.d.matthews> simon.d.matthews> You might want to contact Richard Levitte at levi...@openssl.org. I simon.d.matthews> think he handles most OpenSSL infrastructure. simon.d.matthews> simon.d.matthews> Jeff simon.d.matthews> -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Building OpenSSL for Intel Xeon Phi

>From the look of that PNG, you're building in a native Windows environment. The ony configs available in the main source are for Visual C, and are configured like this: perl Configure --prefix=D:\openssl\bin shared VC-WIN64A If you meant to cross compile for a Linux, I do not have an answer

Re: [openssl-users] Upgrading to 1.1.1

something similar? Another option is if you could craft a simple program that demonstrates the issue, that would certainly help. Lastly, unless you get a quick answer here, this might be worth making a github issue here: https://github.com/openssl/openssl/issues Cheers, Richard -- Richard L

Re: [openssl-users] openssl-users Digest, Vol 37, Issue 1

ctually pretty easy, the package they use has a function to parse PKCS#8 private keys as well: https://golang.org/pkg/crypto/x509/#ParsePKCS8PrivateKey openssl-users-request> How do I make `openssl pkcs12` output a correct openssl-users-request> PKCS#1 private key? You don't. If you

Re: [openssl-users] ASN1 & Recursive Structures definition

ll it takes is a forward declaration: ASN1_SEQUENCE(TEST); ASN1_SEQUENCE(TEST) = { ASN1_SIMPLE(TEST, version, ASN1_INTEGER), ASN1_EXP_SEQUENCE_OF_OPT(TEST, otherTests, TEST, 0) } ASN1_SEQUENCE_END(TEST) IMPLEMENT_ASN1_FUNCTIONS(TEST) (I tested that just now) Cheers,

Re: [openssl-users] ASN1 & Recursive Structures definition

TEST_SIGNATURE as well, before the construction of TEST. (also, to be picky, you need to make sure that ASN1_SEQUENCE(TBS_TEST) is ended with ASN1_SEQUENCE_END(TBS_TEST), not ASN1_SEQUENCE_END(TEST)) Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project

Re: [openssl-users] ASN1 & Recursive Structures definition

.. :D madwolf> madwolf> If there is no easy answer, I guess I will have to either change the envisioned approach (maybe madwolf> introducing an intermediate data structure of some kind..?) or use the ASN1_ANY approach. madwolf> madwolf> Cheers, madwolf> Max madwolf> madwolf> On

Re: [openssl-users] Can't build OpenSSL on Windows

> POLY1305_OBJ =poly1305-x86_64.o omgalvan.86> BLAKE2_OBJ= omgalvan.86> PROCESSOR = omgalvan.86> RANLIB=true omgalvan.86> ARFLAGS =/nologo omgalvan.86> PERL =C:\Perl64\bin\perl.exe omgalvan.86> omgalvan.86> SIXTY_FOUR_BIT mode omgalvan.8

Re: [openssl-users] Can't build OpenSSL on Windows

, Configurations/*.tmpl, and all the build.info files. If any of those are newer, 'nmake' will automatically reconfigure and ask you to run again. Timing is everything ;-) Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levi

Re: [openssl-users] How to form a proper hash after writing somethinginto SSL handshake.

Marty, you might want to consider that the values of western society are hardly universal. Comic Sans isn't as badly seen everywhere, and there's no reason why western society biases should trump any other. Also, I'd like to remind everyone that we have a code of conduct, https://www.openssl.org/

Re: [openssl-users] OPENSSL_USE_IPV6 -- bio_dgram, vs travis-ci

oking up an address with BIO_lookup_ex, you can specify the address family the same way. 'openssl s_client' and 'openssl s_server' both take options -4 and -6 to say which address family should be used. Now, this ties back to your request on building. Why should you disable

Re: [openssl-users] OSSL_STORE_ctrl

sion that takes va_args like this? norm.green> norm.green> int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args); norm.green> norm.green> OpenSSL already have this precedent in other places, such as with norm.green> BIO_printf() / BIO_vprintf() Good idea, that can certainly

Re: [openssl-users] Building OpenSSL from sources

gt; beldmit> *) Removed automatic addition of RPATH in shared libraries and executables, beldmit> as this was a remainder from OpenSSL 1.0.x and isn't needed any more. beldmit> [Richard Levitte] beldmit> beldmit> Could you please clarify why this changes were introduced? Th

Re: [openssl-users] Compiling on AIX

Thank you, that was an omission on our part. Fixed here: https://github.com/openssl/openssl/pull/5386 Cheers, Richard In message on Thu, 15 Feb 2018 12:53:52 -0500, Jerry L said: artlemuel> I failed to point out that I was test compiling the 1.1.1 version. I apologize for that omission

Re: [openssl-users] Building OpenSSL from sources

rselves using 'ln -s' (if the symlinks are wrong, please raise an issue on github). If it's for the cache, we could of course add some kind of post-shared config attribute to reflect that need (a little like we have one for ranlib). Cheers, Richard -- Richard Levitte levi...

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

figured C compiler for linking programs. So unless you define it specifically, it will remain undefined. -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL 1.1.1pre1 fails to build on AIX 7.1

en> ar: 0707-101 / is not a valid flag. norm.green> make: The error code from the last command is 1. norm.green> norm.green> norm.green> Stop. norm.green> make: The error code from the last command is 2. norm.green> norm.green> commit 6475b64978083750018db90c60f4df142a

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

and this one will register $^X (perl's internal variable to indicate the exact file name of the interpreter), which is then propagated to Makefile (make variable $(PERL)) and used there. Did we miss a spot? I'm willing to correct that... Cheers, Richard -- Richard Levitte levi.

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

In message on Sat, 24 Feb 2018 06:14:50 -0500, Dennis Clarke said: dclarke> On 24/02/18 05:13 AM, Richard Levitte wrote: dclarke> > In message <607c8d70-4283-1b55-2eac-c9f30a3a3...@blastwave.org> on dclarke> > Sat, 24 Feb 2018 00:24:34 -0500, Dennis Clarke dclarke> &g

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

   in file appro> > fabs    test/ct_test.o appro> appro> ??? One can only wonder where does it come from. I see no fabs anywhere... E : ; git grep fabs test/ct_test.c:if (!TEST_uint_le((unsigned int)fabs(difftime(time(NULL), default_time)), -- Ric

Re: [openssl-users] OpenSSL 1.1.1pre2 build failure on Darwin

I fixes got merged about half an hour ago: https://github.com/openssl/openssl/pull/5472 Cheers, Richard In message <6acdd452-4b5e-1225-bb3c-b5e0243a0...@gemtalksystems.com> on Tue, 27 Feb 2018 12:39:47 -0800, Norm Green said: norm.green> With CC=cc, I get this: norm.green> norm.green> cc  -I

Re: [openssl-users] Vanilla OpenSSL uses sytems libs

Something here makes no sense at all... you configure with 'no-shared', and then get an apps/openssl that's linked with the system shared libraries? In message <323c64fe-c3a7-0b93-a11e-46f743b99...@coderhacks.com> on Tue, 13 Mar 2018 23:46:14 +0100, "e...@coderhacks.com" said: etc> Hi! etc> e

Re: [openssl-users] Vanilla OpenSSL uses sytems libs

Are there more parameters than no-shared that influence that?? etc> etc> Thanks! etc> Chris etc> etc> On 2018-03-14 10:54, Richard Levitte wrote: etc> > Something here makes no sense at all... you configure with etc> > 'no-shared', and then get an apps/open

Re: [openssl-users] Migrating to openssl 1.1.0

It would help if you showed us the exact command that ended up with that bunch of errors... however, having seen this before, I'm going to venture a guess that you either didn't include '-lssl' in your linking command, or got the order between '-lcrypto' and '-lssl' wrong. However, seeing the act

Re: [openssl-users] get type of PEM data

In message on Wed, 28 Mar 2018 08:02:37 -0700, Jordan Brown said: openssl> I'm finding that it would be helpful to have a function that openssl> would, given PEM data (in memory or in a file) return an openssl> indication of what kind of object it represents: a openssl> certificate, a private k

Re: [openssl-users] get type of PEM data

deas, and considering those internal functions I mentioned, we do have some kind of base set up already, so it would probably not be that hard to open up that kind of functionality to the public. Perhaps as a side thing, like STORE UTILS? -- Richard Levitte levi...@openssl.org OpenSSL Proj

[openssl-users] STORE (was: get type of PEM data)

orage for that kind of protected data, and to directly translate it to usable objects, something that would be quite difficult with the BIO API. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Correct the check of RSA_FLAG_SIGN_VER

n.Eichenberger> Parent(s): 17592f323a John.Eichenberger> John.Eichenberger> Don't check RSA_FLAG_SIGN_VER. John.Eichenberger> John.Eichenberger> Reviewed-by: Richard Levitte John.Eichenberger> John.Eichenberger> The change made in that commit was to simply remove John.Ei

Re: [openssl-users] engine interface for genrsa

A structure in OpenSSL). You *must* make them available. The rest of the numbers are private and do not need to be part of the RSA structure that OpenSSL handles. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ --

Re: [openssl-users] How to prove a Certificate is Signed or not

openssl verify -CAfile your_ca_cert.pem SignedCertificate.pem Hope that helped Cheers, Richard In message <1525335799770-0.p...@n7.nabble.com> on Thu, 3 May 2018 01:23:19 -0700 (MST), morthalan said: morthalaanilreddy> No, technically not. I am just searching for a simple method just to chec

Re: [openssl-users] Unable to install OpenSSL

essage. It's made prominent so no one will miss it (people do miss such message, you'd be surprised) Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] test make_verify fails on brand new red hat enterprise 7 box

You need to do this in the top directory first: make rehash Cheers, Richard In message on Fri, 18 May 2018 11:22:14 -0400, Philippe Anctil said: philippe.anctil> Hi, philippe.anctil> philippe.anctil> I have been compiling openssl libraries on RHEL5 for philippe.anctil> a while without

Re: [openssl-users] PRNG is not seeded

nough entropy, such as comp.sys.tandem, perhaps? Either way, trying to use OpenSSL's PRNGD to seed OpenSSL's PRNGD is an exercise in futility. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-users mail

Re: [openssl-users] database openssl

In message <320e1fc3-aa47-456b-9c1b-9930992c9...@tiscali.it> on Sat, 2 Jun 2018 07:39:35 +0200, "sampe...@tiscali.it" said: sampei02> I think It’s installed 2 version OpenSSL; the former by rpm package while the latter by source tar infact I see following files into /usr/local/openssl-0.9.7e :

[openssl-users] Will a PKCS#12 safeContentsBag change affect anyone?

ag and will therefore be affected by a change, or do you know anyone who will? Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] [openssl-project] TLS 1.3 and the release

In message <641feb77-064e-4a49-a30b-41edf1279...@akamai.com> on Sat, 11 Aug 2018 13:37:07 +, "Salz, Rich" said: rsalz> Matt has already prepared a PR (the number escapes me) https://github.com/openssl/openssl/pull/6741 -- Richard Levitte levi...@openssl.

Re: [openssl-users] How to Implement a new PubKey method correctly

d, or even better (because evp_int.h is internal so you shouldn't look), use EVP_PKEY_get0(). director> Thanks for any help for understanding all these details... :D Let's keep talking... I need to dig deeper anyway ;-) Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Using random bytes only in openssl_encrypt versus real private key

n encryption key that, as you noticed, can be any random bytes (although they are usually generated from a passphrase using a secure key derivation function). For more information, I suggest you read the PHP docs (which is essentially what I did): http://php.net/manual/en/function.openssl-encryp

Re: [openssl-users] Engines on Mac OS X

up being a zero-length object file, more or > less. Perhaps Richard Levitte knows. We've made it conditional in the source file rather than the build configuration, so on non-MSWindows platforms, it becomes a minimal shared object with an entry point that fails unconditionally. We should

Re: [openssl-users] build.info

We currently don't have per-engine support of the kind. The cleanest you can do is probably having a private config looking something like this: our %targets = ( 'mytarget' => { inherit_from=> [ 'whatever' ], dso_ldflags => '-lsomelib' }

Re: [openssl-users] NMAKE fatal error, 32-bit time_t

> > get for rushing that.  It's a bit ironic since I'm notorious for > > wrapping everything in extra parenthesis just to avoid memorizing > > operator precedence. > > > > Thanks for pointing that out though. > > > > Is this new to 1.1.1? Or doe

Re: [openssl-users] openssl 1.1.1 daily snapshots

In message <20180914140848.gg23...@doctor.nl2k.ab.ca> on Fri, 14 Sep 2018 08:08:48 -0600, The Doctor said: > When will those be ready to go? At 06:22 UTC today. That's just over 1½ hours from now. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Projec

Re: [openssl-users] Softhsm + engine_pkcs11 + openssl with EC keys fail.

sure what engine-pkcs11 asks of you otherwise, but one guess could be to change 'id=%11%11' to 'id=' in that URL and try again. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Build issues with openssl-1.1.1

I'm noticing these from the dump: Recorded environment: ... CC = /u/build/build1/engtools/linux/2.6.18-8.el5/x86_64/gcc/versions/4.3.2/bin/gcc CXX = /u/build/build1/engtools/linux/2.6.18-8.el5/x86_64/gcc/versions/4.3.2/bin/g++ Could it be that those compilers don't

Re: [openssl-users] openssl-users Digest, Vol 46, Issue 46

2/bin/g++ > > I was using these for openssl 1.1.0h and it compiled with this option " > enable-ec_nistp_64_gcc_128" > > Any other possibility, Please suggest. ... > Message: 1 > Date: Mon, 24 Sep 2018 15:42:48 +0200 (CEST) > From: Richard Levit

Re: [openssl-users] Same dir with different type in X509_LOOKUP_hash_dir

Well, that will kinda sorta work, I think... what you're basically doing there, albeit not entirely clearly, is making the type a part of the directory index, not just its name. I haven't looked thoroughly enough to see if there are corner cases that will screw that up. That being said, you will

Re: [openssl-users] How to build libcrypto64*.lib and libssl64*.lib on Windows 64-bit?

Our scripts have *never*, as far as I know, produced libraries named like that. Don't those DLLs come from some specific packager that produces binary install kits? For 1.1.x, *our* naming is a bit more elaborate, you will see these names: libcrypto-1_1.dll & libssl-1_1.dll - VC-WI

Re: [openssl-users] Wiki misleading Enc

Fixed. Thanks. In message <1df7e534-d4f0-7ac1-4de5-4cb8fb37d...@zil.li> on Sat, 6 Oct 2018 22:48:01 +0200, Paul Zillmann said: > Hello, > > the wiki page [1] is wrong about the pass parameter. > According to [2] the parameter for a keyfile is -pass file:path and > not -pass pass:path > > - P

Re: [openssl-users] openssl ca pkcs11 UI_set_result_ex:result too large:crypto/ui/ui_lib.c:910:You must type in 4 to 32 characters

I'm curious about this error line from the 'openssl ca' output: > 140735853761408:error:28078064:UI routines:UI_set_result_ex:result too > large:crypto/ui/ui_lib.c:910:You must type in 4 to 32 characters It should be interesting to try and figure out what pass phrased was passed and where it cam

Re: [openssl-users] openssl ca pkcs11 UI_set_result_ex:result too large:crypto/ui/ui_lib.c:910:You must type in 4 to 32 characters

as option names). We really should look over those options... (but with all the other stuff we have going on, I'm afraid this isn't the highest on our priority list) Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -

Re: [openssl-users] What to do with deprecation errors

That's very odd. Are you *sure* the one you're looking at is the one actually included? Cheers, Richard In message <1540230631.4886.20.ca...@taygeta.com> on Mon, 22 Oct 2018 10:50:31 -0700, Skip Carter said: > Yes the macro is there, its just not being expanded by the pre- > compiler. > > >

Re: [openssl-users] What to do with deprecation errors

If the compiler found opensslconf.h in /usr/include/x86_64-linux-gnu/openssl/, that usually means you have an distribution openssl package installed, one that other programs are relying on. Depending on the version of that package, you may have screwed things up or not. If you're lucky, things wi

Re: [openssl-users] How to compile 1.1.1 under Windows

I suspect you'll find some kind of error message in crypto\sm2\sm2_sign.d. I suspect that /showIncludes isn't supported in VS 2008. There is a workaround for this problem, and it's to use the 'no-makedepend' option: perl Configure VC-WIN64A --prefix=c:/openssl no-makedepend For a single bui

Re: [openssl-users] How to compile 1.1.1 under Windows

t; -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" > -D"OPENSSL_USE_APPLINK" -D"NDEBUG" -c /Focrypto\sm2\sm2_sign.obj > "crypto\sm2\sm2_sign.c" > sm2_sign.c > crypto\sm2\sm2_sign.c(70) : error C2065: 'UINT16_MAX

Re: [openssl-users] How to compile 1.1.1 under Windows

Silly me, I forgot we already fixed that bug: commit 6258e244bf702dc981c8ad63ab61133b8bbf2ba3 Author: Richard Levitte Date: Wed Sep 12 02:06:26 2018 +0200 crypto/sm2/sm2_sign.c: ensure UINT16_MAX is properly defined Fixes #7186

Re: [openssl-users] How to compile 1.1.1 under Windows

I discovered that very same issue earlier today. Fix is in: commit 28361a0b821d36e3b19271b0a7909d5355b0990c (HEAD -> OpenSSL_1_1_1-stable, origin/OpenSSL_1_1_1-stable) Author: Richard Levitte Date: Tue Oct 23 10:15:12 2018 +0200 RAND: ensure INT32_MAX is defined This value

Re: [openssl-users] Trouble installing openssl 1.1.0 on Ubuntu 14.04

h, so that upgrade should go smoothly. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] In-place encryption/decryption via the EVP_* APIs

fers (i.e. input and output buffer are the same). So that is to say that if that behaviour ever stopped working, we would certainly notice. Does that help? Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-users

Re: [openssl-users] Is there any C code that implements SM2 algorithm separately?

ently of the existing library of openssl? > Thanks a lot. Nope. We're pushing hard for people to use the EVP API, and newer algorithms are therefore only implemented as EVP backends. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.open

Re: [openssl-users] openssl 1.1.1 opaque structures

rameter hasn't been set in dh, you must give that one too, so essentially, this is safer: if (!DH_set0_pqg(dh, bn_p, NULL, bn_g)) goto end; See the manual pages for DH_set0_pqg and DH_get0_pqg Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project

Re: [openssl-users] openssl 1.1.1 opaque structures

(that was Rich responding, not Matt ;-)) There are penty of functions to assign values properly to BIGNUMs without having to resort to accessing the structure members. If you still have reasons to do so, that sounds like you want to modify the API somehow, and since you do have access to the Open

Re: [openssl-users] openssl 1.1.1 opaque structures

Did you ever get an answer to that? There is a call BN_num_bytes(), so the fix should be this: *var = rc_vmalloc(BN_num_bytes(bn)); (*var)->l = BN_bn2bin(bn, (unsigned char *)(*var)->v); Cheers, Richard ( you should probably study include/openssl/bn.h in depth ) In message on Mon, 26

Re: [openssl-users] Two questions on OpenSSL EVP API

EVP_EncryptUpdate, and all that will happen is... well, nothing much in the general case: if (inl <= 0) { *outl = 0; return inl == 0; } Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] PerlASM for x64

es the the generation of .asm-files be so damn hard to > figure out? Some cmd-line help to show what "auto" does would > be nice. The "auto" flavor takes note of the output file extension. .asm vs .s in this case. Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] PerlASM for x64

In message <3fc4d543-d71a-8c22-566a-d902c4f7d...@gmail.com> on Mon, 24 Dec 2018 13:17:51 +0100, Gisle Vanem said: > Richard Levitte wrote: > > >> I experimented some more. I figured the "auto" does not work. > >> But this works: > >>perl

Re: [openssl-users] PerlASM for x64

In message <98f571de-f47e-6259-f1ac-792ebed3e...@wisemo.com> on Thu, 27 Dec 2018 10:12:34 +0100, Jakob Bohm said: > On 24/12/2018 19:08, Richard Levitte wrote: > > In message <3fc4d543-d71a-8c22-566a-d902c4f7d...@gmail.com> on Mon, 24 > > Dec 2018 13:17:

Re: [openssl-users] Authentication over ECDHE

\\" > > "" > > "" > > "" > > "" > > }; > > So, no. I don't trust anyone. Especially not this mess of a code. You do know

Re: [openssl-users] Authentication over ECDHE

In message <20181229.170846.804158981742723988.levi...@openssl.org> on Sat, 29 Dec 2018 17:08:46 +0100 (CET), Richard Levitte said: > In message <38b97114-0c66-40ed-f631-58aa20940...@gmx.de> on Sat, 29 Dec 2018 > 14:19:47 +0100, "C.Wehrmeyer" said: > ... >

Re: [openssl-users] Authentication over ECDHE

> server application (and its configuration) deems secure. > > Then why doesn't the documentation page of SSL_clear() mention this > directly? "If you want to reuse an SSL object, use this function to set > some option on the SSL_CTX object". > > On 29.12.18

<    1   2   3   4   5   6   7   8   9   10   >