On Tue, May 3, 2022 at 3:18 PM Chris Bare wrote:
>
>
> On Tue, May 3, 2022 at 3:10 PM William Roberts
> wrote:
>>
>> On Tue, May 3, 2022 at 1:14 PM Chris Bare wrote:
>> >
>> > I'm converting some openssl 1.0 code to 3.0 and I don't know how to g
On Tue, May 3, 2022 at 1:14 PM Chris Bare wrote:
>
> I'm converting some openssl 1.0 code to 3.0 and I don't know how to get the
> coordinates
> in a 3.0 way.
> The old code is:
> BN_CTX *ctx = BN_CTX_new ();
> BIGNUM *X = NULL, *Y = NULL;
> const EC_POINT *pubkey;
> const EC_GROUP *group;
>
On Wed, Apr 27, 2022 at 11:46 AM Philip Prindeville
wrote:
>
> Oh, forgot one other issue:
>
> I also need to pick apart the RSA keys into their constituent exponents,
> modulus, etc. as BN's that I can then compare to bit-strings.
>
> With the old RSA_* routines this was trivial. How does one
On Tue, Mar 29, 2022 at 3:40 PM Philip Prindeville
wrote:
>
> Hi,
>
> I'm trying to develop a newer replacement module for Asterisk's res_crypto
> that is (for now) 1.1.x compatible but can be easily updated to 3.0 (and
> maybe even easily add provider support for TPM escrowed secrets, etc).
On Mon, Feb 28, 2022 at 2:59 AM Matt Caswell wrote:
>
>
>
> On 25/02/2022 22:07, William Roberts wrote:
> > Hello,
> >
> > In openssl 3.0.1 the following code hits the ctx->keymgt is null check
> > and thus returns -2
> > in pmeth_gn.c:
> &
On Fri, Feb 25, 2022 at 4:19 PM William Roberts
wrote:
>
> Hi Kory,
>
> its the line:
> genctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL);
>
> There's a snippet in the first email or is there something else you're
> asking me and I'm not groking it?
>
; How are you creating the EVP_PKEY_CTX?
>
> Kory
>
>
> > On Feb 25, 2022, at 2:07 PM, William Roberts
> > wrote:
> >
> > Hello,
> >
> > In openssl 3.0.1 the following code hits the ctx->keymgt is null check
> > and thus returns -2
&
Hello,
In openssl 3.0.1 the following code hits the ctx->keymgt is null check
and thus returns -2
in pmeth_gn.c:
static int fromdata_init(EVP_PKEY_CTX *ctx, int operation)
{
if (ctx == NULL || ctx->keytype == NULL)
goto not_supported;
evp_pkey_ctx_free_old_ops(ctx);
if
On Wed, Sep 8, 2021 at 5:15 PM Steffen Nurpmeso wrote:
>
> Hello.
>
> William Roberts wrote in
> :
> |It's there:
> |https://github.com/openssl/openssl/releases/tag/openssl-3.0.0
> |
> |I checked it out this morning.
>
> Oh! I have
>
> fetch =
It's there:
https://github.com/openssl/openssl/releases/tag/openssl-3.0.0
I checked it out this morning.
On Wed, Sep 8, 2021, 16:32 Steffen Nurpmeso wrote:
> Yeah?
> :)
>
> --steffen
> |
> |Der Kragenbaer,The moon bear,
> |der holt sich munter he cheerfully and one by
I have code that applies PCKS1.5 padding via
RSA_padding_add_PKCS1_type_1 and strips it with
RSA_padding_check_PKCS1_type_2 before sending it to the HSM for raw
RSA operation to support a legacy PKCS11 interface. Is there any way
to perform these tasks with OpenSSL 3.0?
Thanks,
Bill
On Fri, Aug 27, 2021 at 2:47 PM Ken Goldman wrote:
>
> I run valgrind on all my software to find memory leaks. This worked for
> openssl 1.0.2 and 1.1.1, but fails with 3.0.0. Suggestions?
>
> vex amd64->IR: unhandled instruction bytes: 0xF3 0xF 0x1E 0xFA 0x49 0x89 0xD8
> 0x31
> vex amd64->IR:
On Thu, Aug 26, 2021 at 3:01 AM Tomas Mraz wrote:
>
> On Wed, 2021-08-25 at 13:20 -0500, William Roberts wrote:
> > Hello,
> >
> > I am trying to verify an HMAC signature with the code below and the
> > EVP_DigestVerifyInit()
> > routine is failing w
Hello,
I am trying to verify an HMAC signature with the code below and the
EVP_DigestVerifyInit()
routine is failing with "error:0608F096:digital envelope
routines:EVP_PKEY_verify_init:operation not supported for this
keytype". Eventually it gets to EVP_PKEY_verify_init() and since the
On Wed, Jul 14, 2021, 09:27 Ken Goldman wrote:
> On 7/13/2021 5:14 PM, William Roberts wrote:
> > Outside of the migration guide others have pointed out, I think the
> functions you need are:
> >
> > https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_set1_RSA.html <
I'd be nice to have a more detailed porting guide, I'd been poking into
this a little bit, but did you see Matt's response? (Pasted below)
Those functions are deprecated. Better would be EVP_PKEY_fromdata():
https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_fromdata.html
On Wed, Jul 14,
Outside of the migration guide others have pointed out, I think the
functions you need are:
https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_set1_RSA.html
Use use EVP level now as pointed out in the guide.
On Tue, Jul 13, 2021, 16:04 Ken Goldman wrote:
> What is the 3.0.0 equivalent to
On Tue, Dec 22, 2020 at 3:45 AM prudvi raj wrote:
>
> Hello all,
>
> We use a hardware accelerator to calculate BIGNUM rr = a^p mod m .(
> bn_mod_exp). I am trying to rewrite that logic for openssl 1.1.1. Code
> snippet of custom bn_mod_exp function:
> --
> if(rr->d)
> {
>
You might try changing this:
8. gcc -shared -o librsa_engine.so libdune/libdune.a -lcrypto rsa-engine.o
rsa/rsa.o rsa/bignum.o rsa/aes.o rsa/x509parse.o rsa/pem.o
to this:
gcc –shared –o librsa_engine.so –L./libdune rsa_engine.o
rsa/rsa.o rsa/bignum.o rsa/aes.o
On Mon, Jun 22, 2020 at 10:45 AM shiva kumar wrote:
>
> Hi,
> I was using the structure
> struct x509_store_ctx_st
> provide by x509_vfy.h in openssl 1.0.2, but can you please help me on how to
> use the same or alternative for the above structure on openssl 1.1.1
I think just use the accessor
On Mon, Apr 6, 2020, 11:59 PM Jason Proctor wrote:
> On Mon, Apr 6, 2020 at 9:44 PM William Roberts
> wrote:
> >
> >
> > There's setter functions now. See:
> > https://www.openssl.org/docs/man1.1.0/man3/RSA_set0_key.html
>
> Thanks, yes it does look li
On Mon, Apr 6, 2020, 9:16 PM Jason Proctor wrote:
> Distinguished crypto community,
>
> I have the requirement to import RSA keypairs generated by the Amazon
> Key Management System into my environment. These keypairs arrive in
> the de facto standard of SPKI for the public component and PKCS8
On Thu, Feb 27, 2020 at 1:01 PM Andersen, John S
wrote:
>
> Hi All,
>
> The TPM 2.0 PKCS11 project has been attempting to get the TPM working with
> EAP-TLS WiFi.
>
> We've run into an issue where the TPM spec specifies that for RSA PSS signing
> keys, the random salt length will be the largest
This thread actually has some code on it for doing this:
https://www.mail-archive.com/openssl-users@openssl.org/msg86672.html
Bill
On Mon, Aug 26, 2019 at 9:46 AM Ken Goldman wrote:
>
> On 8/17/2019 5:35 AM, Billy Brumley wrote:
> > Hey Ken,
> >
> >> I have an ECDSA signature supplied to me as
On Tue, Aug 6, 2019 at 11:18 AM William Roberts
wrote:
>
> On Tue, Aug 6, 2019 at 11:16 AM Matt Caswell wrote:
> >
> >
> >
> > On 06/08/2019 17:00, William Roberts wrote:
> > > On Tue, Aug 6, 2019 at 10:56 AM Matt Caswell wrote:
> > >>
> &
On Tue, Aug 6, 2019 at 11:16 AM Matt Caswell wrote:
>
>
>
> On 06/08/2019 17:00, William Roberts wrote:
> > On Tue, Aug 6, 2019 at 10:56 AM Matt Caswell wrote:
> >>
> >>
> >>
> >> On 06/08/2019 16:34, William Roberts wrote:
> >
On Tue, Aug 6, 2019 at 10:56 AM Matt Caswell wrote:
>
>
>
> On 06/08/2019 16:34, William Roberts wrote:
> > Hi,
> > I occasionally get spurious errors in my ECDSA signatures, and it
> > appears that when the top byte is over 0x80 of either the R or S
> >
Hi,
I occasionally get spurious errors in my ECDSA signatures, and it
appears that when the top byte is over 0x80 of either the R or S
component, that I get a zero pad. I noticed all this when reading
through the source, their was some comments (see below). I noticed a
d2i_ASN1_UINTEGER, but I
On Wed, Nov 28, 2018 at 1:22 AM Fuchs, Andreas
wrote:
>
> Hi all,
>
> I'm currently implementing a TPM2 engine for OpenSSL over at
> https://github.com/tpm2-software/tpm2-tss-engine
> The problem I'm facing is that OpenSSL's TLS negotiation will request ECDSA
> from my engine with any hash alg,
I would like to use OpenSSL to compute the DigestInfo structure to
pass to a TPM for a TPM side RSA_Decrypt() operation when the TPM
doesn't support the digest algorithm.
I see in crypt/rsa_sign.c the routine encode_pkcs1() seems to do what
I want. Is their
a public version of this or a better
On Tue, Sep 11, 2018, 13:10 Kurt Roeckx wrote:
> On Tue, Sep 11, 2018 at 04:59:45PM +0200, Juan Isoza wrote:
> > Hello,
> >
> > What is the better way, for anyone running, by example, Apache or nginx
> on
> > a popular Linux districution (Ubuntu, Debian, Suse) and want support TLS
> > 1.3 ?
> >
I can successfully deconstruct an an ECDSA Signature Sequence, but now I
need
to construct it, and I am getting lost.
The format I need to build is:
sECDSA-Sig-Value ::= SEQUENCE { r INTEGER, s INTEGER }
I have r and s as buffers in the same format as returned from:
d2i_ASN1_INTEGER() if one
On Sat, Jul 28, 2018, 09:13 Devang Kubavat wrote:
> Hi Kaarhik,
>
> Please refer https://github.com/ThomasHabets/openssl-tpm-engine. It is
> OpenSSL TPM Engine. It will help to offload all crypto operation to TPM.
>
Is this for tpm2.0?
> Regards,
> Devang.
>
> On Tue, Jul 24, 2018 at 4:48 PM,
On Wed, Jul 25, 2018 at 11:30 AM, Michael Wojcik
wrote:
>> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
>> Sudarshan Soma
>> Sent: Wednesday, July 25, 2018 12:13
>
>> But rand() returns max value of 32767 . Is there a recomended way to
>> convert RAND_bytes to
On Tue, Jul 24, 2018 at 4:18 AM, Kaarthik Sivakumar
wrote:
> Hello
>
> I need to create a key pair using a TPM (proprietary) and build a CSR and
What TPM Version?
If it's TPM 2.0, a new Engine project has emerged here:
https://github.com/tpm2-software/tpm2-tss-engine
This might be able to
he CAPI engine) implement the genrsa hook. If you are
> looking for wide compatibility you may wish to ask your clients to do key
> generation using an external utility (as that's how almost everyone else
> does it).
I have only looked at the PKCS11 module, and it's quite limited in
functiona
On Fri, Apr 13, 2018 at 2:55 PM, Richard Levitte <levi...@openssl.org> wrote:
> In message
> <CAFftDdqWPXq1+Mo9_6J0EzhZ4uwg5QC=R5fx8N1j=qycha8...@mail.gmail.com> on Fri,
> 13 Apr 2018 09:17:28 -0700, William Roberts <bill.c.robe...@gmail.com> said:
>
> bill.
I am currently working on writing an openssl engine
to interface with a piece of hardware.
I am trying to understand how to implement
rsa key generation, where the private key
bytes would not be available.
I am currently invoking the
command:
openssl genrsa -engine foo
Which is calling my
On Fri, Mar 17, 2017 at 12:06 PM, Michael Wojcik
wrote:
>
>> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
>> Of Neptune
>> Sent: Friday, March 17, 2017 09:26
>> To: openssl-users@openssl.org
>> Subject: [openssl-users] Static FIPS Library
printf( RED
" ERROR: Could not load Private KEY!\n"
" PEM_read_bio_RSA_PUBKEY FAILED:\n %s\n" OFF,
ERR_error_string( ERR_get_error(), NULL ) ) ;
else Check_Key( RSA2, ";" );
--
William Estrada
Mt Umunhum, CA, USA, Earth
B4559 2D2D2D2D 2D0A /* KEY-. */
End of block - 426 bytes --------- /* */
Method 1
ERROR: Could not load PUBLIC KEY!
PEM_read_bio_RSA_PUBKEY FAILED:
error:0906D06C:PEM routines:func(109):reason(108)
Method 2
107 (Key) Make Key Failed!
error:2007507E:BIO routines:func(117):reason(126)
Method 3
116 (Key) Make Key Failed!
error:0407B093:rsa routines:func(123):reason(147)
BIO RC: 1
121 (Key) Make Key Failed!
error:0407B093:rsa routines:func(123):reason(147)
Method 4
EVP Error: (null)
142 (Key) Make Key Failed!
error:0407B093:rsa routines:func(123):reason(147)
No usable RSA structures, quiting
Hope this clarifies what I am attempting to do?
Appreciate any help, thanks for your time.
--
William Estrada
Mt Umunhum, CA, USA, Earth
HTTP:// Mt-Umunhum-Wireless.net
Skype: MrUmunhum
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
a static buffer?
It points to a char string
>
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
--
William Estrada
Mt Umunhum, CA, USA, Earth
HTTP:// Mt-Umunhum-Wireless.net
Skype: MrUmunhum
--
openssl-users mailing lis
It's my SPAM filtering, somehow this list go on it.
> How do I set up to receive Email notices for my post here?
>
>
> --
> William Estrada
> Mt Umunhum, CA, USA, Earth
> HTTP:// Mt-Umunhum-Wireless.net
> Skype: MrUmunhum
>
> --
> openssl-users mai
How do I set up to receive Email notices for my post here?
--
William Estrada
Mt Umunhum, CA, USA, Earth
HTTP:// Mt-Umunhum-Wireless.net
Skype: MrUmunhum
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Not sure this is the proper way to use this mailing system?
My source can be viewed at: mt-umunhum-wireless.net/Sources/rsa/rsa.c
What version of openssl? I'm guessing 1.0.2.
Put this line inyour code
ERR_load_ERR_strings();
And youll get a more informative message.
I'm using: openssl
or:2007507E:lib(32):func(117):reason(126)
Can anyone tell me what this error is and how to fix it?
--
William Estrada
Mt Umunhum, CA, USA, Earth
HTTP:// Mt-Umunhum-Wireless.net
Skype: MrUmunhum
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
"Matched\n");
}
Does the BIO_seek() not handle incrementing or decrementing the IV
counter? is there a callback that needs to be set to calculate what the
IV counter value should be for a given file position for the cipher?
William King
Senior Engineer
Quentus Technologies, INC
1037
28);
/* END CODE BLOCK */
What I'm finding is that using fread() of the unencrypted file and
comparing that to the BIO_seek() then BIO_read(), the data is not
properly decrypted. Comparing fread() of the unencrypted file, to just
doing BIO_read()'s does decrypt the file correctly.
William King
Senio
What is needed to be able to BIO_seek() on a bio_f_cipher() with a
cipher of EVP_aes_256_ctr() without the counter, or IV or another
internal state getting corrupted?
It seems that doing a seek any direction results in corrupted output.
--
William King
Senior Engineer
Quentus Technologies, INC
Hi,
I'm trying to dig through a problem where building the FIPS capable version
of OpenSSL-1.0.1r is not generating the correct code.
I have done the following:
Created the fips canister according to the instructions in the User Guide, and
installed it.
Then in the openssl source, I use
Just FTR...
http://www.osnews.com/story/28933/Blue_Lion_new_OS_2_distribution_due_2016
Not that I'd take that as a mandate to preserve support... We are having
the same internal dialog at the ASF httpd project and coming to the same
conclusions.
On Mar 17, 2016 1:36 PM, "Salz, Rich"
us to know how wanguard
is structured (we can't track every product that uses openssl), they're more
familiar with its error modes and how to work through them.
-Kyle H
On 12/17/2015 10:00 PM, Alex william wrote:
>
> Hello,
>
>
>
>
> I have been trying to inst
Hello,
I have been trying to install a product named wanguard and each time am
starting a collector I receive this error message:
segfault at efe000 ip 7ffb571e479c sp 7ffced00dcf0 error 4 in
libcrypto.so.1.0.0[7ffb57166000+1cb000]
And the collector stops immediately.
Has anyone
So, I am trying to create a shared object to implement some functionality in
libpam. It has dependencies on a number of dynamic objects, but I am trying to
include statically linked copies of libcrypto and libssl. These are coming
from a FIPS capable version of OpenSSL (1.0.1)built and
On Nov 19, 2014, at 5:03 PM, Maarten Bodewes maarten.bode...@gmail.com
wrote:
Hi all,
I would be very grateful if somebody could explain why the following problem
occurs:
a test vector with an AAD of 20 bytes created an authentication tag that is
not correct,
this could for
On Nov 19, 2014, at 6:09 PM, William McGovern w...@thaiglish.com wrote:
On Nov 19, 2014, at 5:03 PM, Maarten Bodewes maarten.bode...@gmail.com
mailto:maarten.bode...@gmail.com wrote:
Hi all,
I would be very grateful if somebody could explain why the following problem
occurs
On Nov 19, 2014, at 6:26 PM, William McGovern w...@thaiglish.com wrote:
On Nov 19, 2014, at 6:09 PM, William McGovern w...@thaiglish.com
mailto:w...@thaiglish.com wrote:
On Nov 19, 2014, at 5:03 PM, Maarten Bodewes maarten.bode...@gmail.com
mailto:maarten.bode...@gmail.com wrote
On Nov 19, 2014, at 6:26 PM, William McGovern w...@thaiglish.com wrote:
On Nov 19, 2014, at 6:09 PM, William McGovern w...@thaiglish.com
mailto:w...@thaiglish.com wrote:
On Nov 19, 2014, at 5:03 PM, Maarten Bodewes maarten.bode...@gmail.com
mailto:maarten.bode...@gmail.com wrote
Hi Aya,
I have not tried this with a self-signed certificate, but putting the
-sha256 option in the signature command has worked for me before, i.e.,
x509 -req -in server.csr -signkey server.key -out server.crt -sha256
The can check the attribute with:
x509 -text -in server.crt
...
Signature
On Tue, 21 May 2013 16:12:45 +0530
Abhijit Ray Chaudhury abhijit.ray.chaudh...@gmail.com wrote:
Hi,
I have compiled openssl-fips and openssl in Windows CE 6. But when I
run fips_premain_dso.exe libeay32.dll in target environment I get
following error:
=
On Tue, 21 May 2013 16:12:45 +0530
Abhijit Ray Chaudhury abhijit.ray.chaudh...@gmail.com wrote:
Which means GetProcAddress is failing for symbol name
FINGERPRINT_premain. But if I do dumpbin /exports libeay32.dll, I
can see the symbol FINGERPRINT_premain exported.
Quote that output line from
Hi Dave,
Thank you very much.
You just answered all my questions.
That helped a lot!!
Regards,
David William
On Tue, Sep 25, 2012 at 9:15 PM, Dave Thompson dthomp...@prinpay.comwrote:
From: owner-openssl-us...@openssl.org On Behalf Of David William
Sent: Tuesday, 25 September, 2012 07:07
with a self signed certificate?
Thanks,
David William
Hi,
Does the PEM file have any Bag Attributes at the head of the file before
-BEGIN CERTIFICATE-? Not sure, but I have heard these can cause
issues with conversions.
Regards,
Bill
-Original Message-
From: owner-openssl-us...@openssl.org
Hi,
Does the PEM file have any Bag Attributes at the head of the file before
-BEGIN CERTIFICATE-? Not sure, but I have heard these can cause
issues with conversions.
Regards,
Bill
-Original Message-
From: owner-openssl-us...@openssl.org
--- On Sun, 2/12/12, Ryan Brown mp3g...@gmail.com wrote:
From: Ryan Brown mp3g...@gmail.com
Subject: OpenSSL and AES-NI not there?
To: openssl-users@openssl.org
Date: Sunday, February 12, 2012, 7:39 PM
Wanting to use AES-NI extension, but
I'm not seeing it there.. Using
Intel E3-1230 on a
/dev/random is your culprit... your config isn't 100% transportable between
Solaris and linux.
Sent from my Verizon Wireless 4G LTE Phone
-Original message-
From: Ruiyuan Jiang ruiyuan_ji...@liz.com
To: openssl-users@openssl.org openssl-users@openssl.org
Sent: Mon, Jan 23, 2012
On 1/18/2012 9:57 AM, Brooke, Simon wrote:
Sadly, removing -fomit-frame-pointer does not work.
Isn't that the default behavior for -O3?
__
OpenSSL Project http://www.openssl.org
User Support
On 11/1/2011 8:35 PM, Bin Lu wrote:
Do you have an answer for my question below? Is the fips-2.0-test code
branched off from a
FIPS-capable version? Which version is it based on if yes?
AIUI, fipscanister doesn't include TLS 1.2. Nor 1.0, nor SSLv3 or v2.
That's the beauty of proper
On 10/5/2011 10:08 AM, Dr. Stephen Henson wrote:
On Tue, Oct 04, 2011, William A. Rowe Jr. wrote:
On 10/4/2011 10:45 PM, Bill Durant wrote:
But when I run it under Windows NT, I get the following run-time error:
The procedure entry point Module32NextW could not be located
On 10/4/2011 10:45 PM, Bill Durant wrote:
Does anyone know how to produce a FIPS-capable OpenSSL that works on Windows
NT?
It's likely not possible...
But when I run it under Windows NT, I get the following run-time error:
The procedure entry point Module32NextW could not be
and How to correctly Call Pthread_destroy_mutex and OPENSSL_free?
Or, NOT Need to Call these two functions?
Thanks, Regards.
William
On 5/7/2011 7:16 AM, Justin Schoeman wrote:
It does not matter which of these I try, openssl always binds to '::1:8008',
which does
not accept IPV4.
I have tried various combinations of:
BIO_new_accept(0.0.0.0:8008)
This syntax should have bound to all IPv4 interfaces alone,
so as
Hi,
I have read this thread: Best way to convert a DER-encoded DN?
http://www.mail-archive.com/openssl-users@openssl.org/msg37207.html, and I
wanted to ask if someone knows what is the best method to do the reverse
operation, respectively the encoding of a LDAP human readable string
On 3/6/2011 3:48 PM, Tim Hudson wrote:
In the example of building the openssl FIPS *capable* distribution, it
seems one should take the distribution from the official
openssl.org/source website and validate it using PGP. However,
FreeBSD ships openssl distribution within its source tree.
On 1/31/2011 1:07 PM, John R Pierce wrote:
On 01/31/11 10:55 AM, Harshvir Sidhu wrote:
Hi,
Can we use OpenSSL lib with Managed C++? Thanks.
can you call native C style DLL's from this 'Managed C++' (whatever that
is) ? my
initial google of 'Managed C++' indicates its a Microsoft .NET
On 1/6/2011 12:23 PM, Garry S Ditzler wrote:
Can you tell me if OpenSSL 0.9.7 is still supported?
Yes, the answer is no, it is not.
__
OpenSSL Project http://www.openssl.org
User Support Mailing
On 11/18/2010 10:36 AM, Dr. Stephen Henson wrote:
A 1.0.0c release is planned in the next few days. We're just seeing if any
other issues arise before the release: a couple have been fixed already.
Have any observed issues affected 0.9.8p? If so, is there a planned .8q?
On 11/18/2010 12:05 PM, Victor Duchovni wrote:
None that are publically visible. You can check for yourself:
No commits to the 0.9.8 branch after the release of 0.9.8p.
http://cvs.openssl.org/chngview?cn=19996
I was aware of this. It's why I raised the question, if any of these were
On 10/13/2010 3:31 PM, Bill Durant wrote:
I am interested in building the static version of the FIPS-capable OpenSSL as
an universal
binary.
Three builds, per spec, of the FIPS canister. No tweaks, no exceptions to
the security policy.
Then it's possible but non-trivial to integrate these
On 10/13/2010 7:22 PM, Bill Durant wrote:
On Oct 13, 2010, at 5:19 PM, William A. Rowe Jr. wrote:
On 10/13/2010 3:31 PM, Bill Durant wrote:
I am interested in building the static version of the FIPS-capable OpenSSL
as an universal
binary.
Three builds, per spec, of the FIPS canister
I noticed that there is an AES-based FIPS implementation distributed
with validated FIPS version based upon 0.9.8.
Does 1.0.0 have an X9.31 compliant RNG available?
Thank you,
Bill
On 9/30/2010 11:42 AM, Jakob Bohm wrote:
In Windows XP, Microsoft introduced their own badly designed idea of
versioned so-names in the form of so-called Assemblies. Unless
you are writing .NET code, you should really avoid that nonsense.
I expect SxS packages for openssl (and several other
On 8/3/2010 1:17 PM, William A. Rowe Jr. wrote:
On 8/3/2010 10:05 AM, Bryan wrote:
I see a fips directory in 0.9.8o. If I'm building OpenSSL with FIPS
on cygwin, should I use the openssl-fips, or use the 0.9.8o tarfile?
This is well documented in the FIPS user guide and security policy
On 8/3/2010 10:05 AM, Bryan wrote:
I see a fips directory in 0.9.8o. If I'm building OpenSSL with FIPS
on cygwin, should I use the openssl-fips, or use the 0.9.8o tarfile?
This is well documented in the FIPS user guide and security policy, and
if you haven't read them in detail, what you are
On 7/9/2010 9:05 AM, Steve Marquess wrote:
Mark Parr wrote:
Use of the FIPS OpenSSL is a mandated thing and not just something that we
are looking to do for the fun of it. In fact, the base OpenSSL was working
fine using the FIPS AES 256 encryption in a non FIPS Certified mode.
...
Yes,
Hi,
Is there a way to make the version 1.0.0a ocsp responder to sign
responses using SHA256? The rsigner certificate is SHA256 and the
requests are signed with SHA256 but responses are always SHA1.
I saw a reference in a thread from 5/13/10 to
draft-ietf-pkix-ocspagility that seems to imply
On 6/24/2010 4:04 AM, Deckers, Rob wrote:
Creating library out32dll\libeay32.lib and object out32dll\libeay32.exp
IF EXIST out32dll\libeay32.dll.manifest mt -nologo -manifest
out32dll\libeay32.dll.manifest -outputresource:out32dll\libeay32.dll;2
mt: Unknown option -n
Usage: mt
On 6/17/2010 10:10 PM, Dave Thompson wrote:
From: owner-openssl-us...@openssl.org On Behalf Of JC Yang
Sent: Wednesday, 16 June, 2010 23:53
Hi, I'm new to openssl. I've just compiled openssl with Visual C++
2008,
I've read the installation guide and added the debug
On 6/16/2010 12:10 PM, Dr. Stephen Henson wrote:
Those for the bleeding egde development version are also available online too,
see: http://www.openssl.org/docs/ the API doesn't change that much so those
will be largely accurate for older versions of OpenSSL.
The examples at the bottom of
On 6/2/2010 11:08 AM, Alona Rossen wrote:
Building dynamic library on HP-UX fails despite I explicitly specify
‘shared’ as Configure argument:
./Configure hpux64-ia64-cc -D_REENTRANT shared
Why are you adding -D for _REENTRANT?
I did a very similar build last week, no such problems, would
On 6/2/2010 4:04 PM, Alona Rossen wrote:
This is a suggested configuration. -D stands for preprocessor define.
The reason I ask is that the entries in Configure should provide the
necessary defines, and if not, that is a bug. As it was 'suggested',
we'll just presume things are fine w/w-o it.
On 4/15/2010 12:42 PM, Adam Grossman wrote:
hello,
i had my code running on 0.9.8e without any issues. i upgraded to
0.9.8n, and now when my server initiates a renegotiation with the client
(which is either IE or Firefox), SSL_renegotiation returns a 0. i
understand from the CHANGELOG the
On 4/13/2010 4:49 PM, 芦翔 wrote:
Dear all,
I am trying to add the security flavor to an application. To achieve
this objective, I wrote the codes to establish a security tunnel between
the server and the client with VC2008. When I build the whole project,
there are tens of similar errors.
On 4/7/2010 12:33 PM, Ryan Pfeifle wrote:
While we are on the subject of Unicode, there are other areas of OpenSSL
that need Unicode support added, in particular handling of paths and
filenames on UTF16-based filesystems that require wchar_t* parameters.
For instance, on Windows, OpenSSL
On 3/30/2010 10:58 AM, Gatewood (Woody) Green wrote:
I assume the 2010 limit on new validations is the impending finalization
of 140-3.
What you are thinking of won't be designated 140-3, it's not sequential,
there is such a FIPS level already. Probably FIPS-{new}-2 or FIPS-140-2 2010
or
On 3/31/2010 4:21 PM, Gatewood (Woody) Green wrote:
Actually, no 140-3 will be successor to 140-2 which is successor to
140-1. The hyphenated number is a release version.
Woody, thanks for this clarification...
You are trying to talk about FIPS 140-2, Level 3 certification in your
On 1/18/2010 2:42 PM, Kyle Hamilton wrote:
The way that the FIPS module verifies its signature is that it forces
itself to load (via a pre-main() section) and then calculate the
checksum of the image in-core. Probably the reason why you're running
into issues is because of the fixup step of
James Baker wrote:
The problem does occur with full admin privileges.
To be 100% clear, this is full admin with no UAC? UAC will drop privilege
of an app seemingly running as 'administrator'.
__
OpenSSL Project
greetings:
i'm trying to build openssl-0.9.8l according to these instructions.
perl Configure VC-WIN64A
ms\do_win64a
nmake -f ms\ntdll.mak
cd out32dll
..\ms\test
i'm using dmake due to the incompatibility of nmake15 with vista 64.
this is the error i am getting.
1 - 100 of 182 matches
Mail list logo