Re: Establishing connection errors

To clarify, I will probably just use the API you suggested to make it more simple. Was distracted by my obvious oversight. From: openssl-users on behalf of Jason Schultz Sent: Friday, November 5, 2021 1:59 PM To: Tomas Mraz ; openssl-users@openssl.org

Re: Establishing connection errors

rust store before I know if the user wants FIPS or not. I may just set up two stores, or I need to change the order of how I do things. Thanks, Jason From: Tomas Mraz Sent: Friday, November 5, 2021 1:52 PM To: Jason Schultz ; openssl-users@openssl.org Subject

Re: Establishing connection errors

library context/provider setup, or 3.0. Let me know if you need more info. Thanks, Jason ____ From: Tomas Mraz Sent: Friday, November 5, 2021 1:19 PM To: Jason Schultz ; openssl-users@openssl.org Subject: Re: Establishing connection errors On Fri, 2021-11-05 at 13:0

Establishing connection errors

= NULL; } >From issue #16966, we know the X509_get_pubkey() call can have issues with >library contexts. I don't know the internals of OpenSSL enough to know if this >is a similar issue. I can open an Issue in github if Matt, Tomas, or others think it's appropriate. T

Re: X509_get_pubkey() in OpenSSL 3.0?

king, just some of them. I wish it were that easy, but I need to do this set up at run time. I'll see what I can find, and try a few other things to attempt to isolate the cause. If I run out of ideas, I'll probably start a new thread since it may get more attention. Thanks for your a

Re: X509_get_pubkey() in OpenSSL 3.0?

e SHA1 in the list of algorithms provided by the legacy provider in the Wiki. The next two errors are the same ones that I was getting when attempting to call X509_get_pubkey() before changing the code to get it to work, which is interesting. Maybe this is what you were tr

Re: X509_get_pubkey() in OpenSSL 3.0?

c. In any case, things appear to be working now, but I'm hitting an issue later on when calling SSL_CTX_build_cert_chain(). I working on debugging that, I may have to start yet another thread later. Thanks, Jason From: openssl-users on behalf of Viktor

Re: X509_get_pubkey() in OpenSSL 3.0?

type of certificate is in use for that ctx? Or something else along those lines? It's very possible I'm overcomplicating things with the fopen(), PEM_read_X509(), X509_get_pubkey() sequence, so any suggestions on how to better accomplish this verification are welcome. Regards, Ja

Re: X509_get_pubkey() in OpenSSL 3.0?

0:61:9e:87:15:79:09:0f:34: 14:02:21:00:fd:29:34:bf:bb:c5:02:0d:9a:04:44:6e:94:22: 52:b4:0e:ab:1f:3d:15:5c:07:47:eb:76:68:80:f9:72:96:f6 From: openssl-users on behalf of Jason Schultz Sent: Tuesday, November 2, 2021 7:42 PM To: openssl-users@o

X509_get_pubkey() in OpenSSL 3.0?

4r1) -keyout threecert.key -out threecert.crt -days 365 Aside: While I was waiting for an answer on this, I started working on removing some of the deprecated functions in my code, for example, PEM_read_DHparams(). I ended up finding the DECODER functions and plan on doing something like: Thanks, Jason

Re: OpenSSL 3.0 FIPS questions

ys 365 I kept this on the same "FIPS OpenSSL 3.0" thread because I'm not 100% sure it's unrelated. What am I missing here? Thanks, Jason ____ From: Matt Caswell Sent: Thursday, October 28, 2021 6:03 PM To: Jason Schultz ; Dr Paul Dale ; openss

Re: OpenSSL 3.0 FIPS questions

/libcrypto.so.3 Thanks, Jason From: Matt Caswell Sent: Thursday, October 28, 2021 2:00 PM To: Jason Schultz ; Dr Paul Dale ; openssl-users@openssl.org Subject: Re: OpenSSL 3.0 FIPS questions On 28/10/2021 14:49, Jason Schultz wrote: > A call to OSSL_PROVIDER_av

Re: OpenSSL 3.0 FIPS questions

need to. Would anyone reading this agree? I'm running into another issue that I need to troubleshoot a bit more before I add too much information and too many questions to a single message. Thanks to everyone for their help with this, things are starting to make more sense now. ___

Re: OpenSSL 3.0 FIPS questions

. I'm wondering if that's needed since I don't have any environment variables set up? I'm not sure what the default search path is. Jason From: Matt Caswell Sent: Wednesday, October 27, 2021 10:34 AM To: Jason Schultz ; Dr Paul Dale ; opens

Re: OpenSSL 3.0 FIPS questions

Ah, OK. Yes, I am running on the same machine. Thanks for clarifying. From: Kory Hamzeh Sent: Tuesday, October 26, 2021 9:15 PM To: Jason Schultz Cc: Dr Paul Dale ; openssl-users@openssl.org Subject: Re: OpenSSL 3.0 FIPS questions Actually, if you are

Re: OpenSSL 3.0 FIPS questions

ules/. Are you saying I still needed to do "openssl fipsinstall" after the 4 steps I already did? Thanks, Jason From: Kory Hamzeh Sent: Tuesday, October 26, 2021 8:13 PM To: Jason Schultz Cc: Dr Paul Dale ; openssl-users@openssl.org Subject: Re: Op

Re: OpenSSL 3.0 FIPS questions

tion, creating an SSL_CTX with the non_fips_libctx is successful, but later calling X509_get_pubkey() returns NULL, implying maybe something is wrong with the non_fips_libctx as well. I've tried other combinations, but at this point I'm just guessing. Is there anything obvious I could be mis

Re: OpenSSL 3.0 FIPS questions

ems like I should be doing it if I use the first method as well. Regards, Jason From: openssl-users on behalf of Dr Paul Dale Sent: Sunday, October 24, 2021 11:12 PM To: openssl-users@openssl.org Subject: Re: OpenSSL 3.0 FIPS questions The configuration

Re: OpenSSL 3.0 FIPS questions

fips, base, default, etc? Regards, Jason From: openssl-users on behalf of Dr Paul Dale Sent: Sunday, October 24, 2021 12:28 AM To: openssl-users@openssl.org Subject: Re: OpenSSL 3.0 FIPS questions Oops, the second time this occurs "defp = OSSL_PROVIDER

OpenSSL 3.0 FIPS questions

e SSL_CTX’s I create are “FIPS”. I realize there are probably several ways to do this, but I’m looking to isolate my application only this way, and not affect any other applications on the system. Thanks in advance. Jason

Re: Client side session handling

ected, and OpenSSL is doing the actual free of the SSL_SESSION when the SSL_CTX is freed. Is that accurate? Thanks, Jason

Client side session handling

associated with these connections/sessions, I see the remove callback function get called again for client-side sessions that I already called SSL_SESSION_free() on. Is this normal behavior? Is there something else I’m missing? Thanks in advance. Jason

Help on mixed encrypt/decrypt data using C++/java

(); EVP_CIPHER_CTX_init(mpCtx); Thanks for helping, Jason

Questions regarding OpenSSL 3.0 and corresponding FIPS Module

I read the most recent (10/20) update to the OpenSSL 3.0 release page here: https://www.openssl.org/blog/blog/2020/10/20/OpenSSL3.0Alpha7/ As well as the release strategy: https://wiki.openssl.org/index.php?title=OpenSSL_3.0_Release_Schedule&oldid=3099 I have not done anything with the Alpha re

Tunelling using OpenSSL.

Hello,Is it possible to tunnel a connection by OpenSSL? For example, use OpenSSL and a browser to encrypt browsing. Thank you.

A question about the “localhost.key” and “localhost.crt” files.

Hello, I think “localhost.crt” and “localhost.key” files using by Apache and they are mandatory for get a HTTPS certificate. Some tools like "Certbot" need them. If these files deleted then how can I regenerate them? Is below command OK? # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyo

Re: tbslen parameter in EVP_PKEY_sign() and EVP_PKEY_verify()

56, yes? > > tbs is the digest value you calculated, tbslen is the size in bytes of > the digest. > > -Kyle H > > On Tue, Apr 7, 2020 at 1:07 PM Jason Proctor wrote: > > > > Esteemed cryptologists, > > > > Question regarding the "tbslen"

tbslen parameter in EVP_PKEY_sign() and EVP_PKEY_verify()

Is this correct? Anything I'm missing, here? thanks for any clarity here Jason@Spatial

Re: OpenSSL vs SPKI

On Mon, Apr 6, 2020 at 10:03 PM William Roberts wrote: > > > > I don't think I would consider it a hack necessarily. I work on the TPM stack > and have to convert TPM structures to RSA public key structures for ooenssl > to utilize, and we use this routine along the way. I would imagine theirs a

Re: OpenSSL vs SPKI

On Mon, Apr 6, 2020 at 11:03 PM Viktor Dukhovni wrote: > > > Question -- is there a supported way of importing SPKI encoded public > > keys into the OpenSSL world? > > Yes. That'd be d2i_PUBKEY(3): > > https://www.openssl.org/docs/man1.1.1/man3/d2i_PUBKEY.html > Perfect! Thanks so much.

Re: OpenSSL vs SPKI

On Mon, Apr 6, 2020 at 9:44 PM William Roberts wrote: > > > There's setter functions now. See: > https://www.openssl.org/docs/man1.1.0/man3/RSA_set0_key.html Thanks, yes it does look like that replaces direct access to "n" and "e". It's a hack, but it might work for the moment. Ideally though I

OpenSSL vs SPKI

these days it seems that the RSA structure is opaque, and so I can't do that either. (I mean fair enough, it's a hack.) Question -- is there a supported way of importing SPKI encoded public keys into the OpenSSL world? thanks so much for any help with this, Jason@Spatial EAY/OpenSSL user since 1995

Re: Peer certificate verification in verify_callback

usted store, so the trusted certificates will always be in PEM files in /etc/ssl/certs/. It sounds like that's not going to hold me back from accomplishing what I need to do though, but I'll pursue this and let the list know if I run into any other issues. Thank

Re: Peer certificate verification in verify_callback

a. Thanks. From: openssl-users on behalf of Viktor Dukhovni Sent: Monday, March 30, 2020 6:17 PM To: openssl-users@openssl.org Subject: Re: Peer certificate verification in verify_callback On Thu, Mar 05, 2020 at 02:04:27PM +, Jason Schultz wrote: >

Re: Peer certificate verification in verify_callback

Just wanted to bring this up again as I didn't get any responses initially. Has anyone dealt with this or similar issues with OpenSSL 1.1.1? From: openssl-users on behalf of Jason Schultz Sent: Thursday, March 5, 2020 2:04 PM To: openssl-users@openss

SSL_CTX_build_cert_chain() and SSL_CTX_set_mode()

Changing the subject to be more relevant to my questions. Just wanted to ping the list again. From: openssl-users on behalf of Jason Schultz Sent: Friday, March 20, 2020 3:21 PM To: openssl-users@openssl.org Subject: Re: OpenSSL server sending certificate

Re: OpenSSL server sending certificate chain(inc. root cert) during handshake

;ll paste the certificate below, but I would think this version 1 certificate that does NOT have CA:TRUE would error in the same was the similar RSA certificate did above. Does anyone know what could be the result of the (seemingly) different behavior? Are there any other tests I could try to lea

Peer certificate verification in verify_callback

I have some questions about my application’s verify_callback() function and how I handle some of the OpenSSL errors. For example, if my client application is presented a self-signed certificate in the handshake, verify_callback() is called with an error, for which X509_STORE_CTX_get_error() r

Re: OpenSSL 3.0

That's fair. So the only option is to use another module? Extended 1.0.2 support does not resolve this either, correct? From: Salz, Rich Sent: Thursday, February 27, 2020 8:49 PM To: Jason Schultz ; openssl-users@openssl.org Subject: Re: OpenSS

Re: OpenSSL 3.0

For option 2, we have a support contract in place. But does this actually help us as far as the FIPS Object Module? From: openssl-users on behalf of Neptune Sent: Thursday, February 27, 2020 8:56 PM To: openssl-users@openssl.org Subject: Re: OpenSSL 3.0 You

Re: OpenSSL 3.0

Thanks for all of the responses. This question has led to other related topics, so I have another one. According to this blog: https://keypair.us/2019/12/rip-fips-186-2/ The OpenSSL FIPS Object Module will be moved to the CMVP historical list as of 9/1/2020. Since there is no OpenSSL 3.0 until

OpenSSL 3.0

Greetings. It has been several months since this blog post on OpenSSL 3.0: https://www.openssl.org/blog/blog/2019/11/07/3.0-update/ “We are now not expecting code completion to occur until the end of Q2 2020 with a final release in early Q4 2020.” Is OpenSSL 3.0 still expected to reach co

Re: Questions about using Elliptic Curve ciphers in OpenSSL

Nicola...my apologies for the typo... From: openssl-users on behalf of Jason Schultz Sent: Friday, February 21, 2020 1:05 PM To: Nicola Tuveri Cc: openssl-users Subject: Re: Questions about using Elliptic Curve ciphers in OpenSSL Nicole- This was very

Re: Questions about using Elliptic Curve ciphers in OpenSSL

way to test before they have their own certificate, signed by a CA). Thanks again. From: Nicola Tuveri Sent: Wednesday, February 19, 2020 9:42 PM To: Jason Schultz Cc: Kyle Hamilton ; openssl-users Subject: Re: Questions about using Elliptic Curve ciphers in

Re: Questions about using Elliptic Curve ciphers in OpenSSL

d of the intermediate ecparams file? Or is there something else I'm missing on the generation of certificate/private key pairs? Thanks, Jason ____ From: Nicola Tuveri Sent: Tuesday, February 18, 2020 2:50 PM To: Jason Schultz Cc: Kyle Hamilton ; openssl

Re: Questions about using Elliptic Curve ciphers in OpenSSL

/dsaparams/, which is readable. Should that file also reside in /etc/ssl/private/ so it's protected? Thanks. From: Kyle Hamilton Sent: Sunday, February 16, 2020 10:49 PM To: Jason Schultz Cc: Thulasi Goriparthi ; openssl-users Subject: Re: Questions about

Re: Questions about using Elliptic Curve ciphers in OpenSSL

Yes, absolutely. As I said in my first post, these are throwaway key pairs, not for production use, just a short time for testing to get things working. Thanks, Jason On Feb 16, 2020, at 4:49 PM, Kyle Hamilton wrote:  Be aware that you just posted your certificate's private key, and

Re: Questions about using Elliptic Curve ciphers in OpenSSL

Thank you for your response Thulasi, this helped. I'm posting this back to the OpenSSL users list in case it helps anyone else, and in case anyone can help with my additional questions. While waiting for responses, I've been able to find out how my certificate and keys were generated. I'd like

Re: Questions about using Elliptic Curve ciphers in OpenSSL

nd when do I use them? Or do I need them in a separate file? From: Salz, Rich Sent: Tuesday, February 11, 2020 4:37 PM To: Jason Schultz ; openssl-users@openssl.org Subject: Re: Questions about using Elliptic Curve ciphers in OpenSSL The first thing I would suggest is to separate ECDH, t

Re: Questions about using Elliptic Curve ciphers in OpenSSL

Anyone have any advice on Elliptic Curve? Thanks in advance. From: openssl-users on behalf of Jason Schultz Sent: Friday, February 7, 2020 2:58 AM To: openssl-users@openssl.org Subject: Questions about using Elliptic Curve ciphers in OpenSSL I’m somewhat

Questions about using Elliptic Curve ciphers in OpenSSL

I’m somewhat confused as to what I need to do to use ECDHE ciphers (ECDHE-ECDSA-AES128-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, etc). I’m hoping this list can help, or at least point me to a good tutorial somewhere. A lot of the information I’ve looked at is from the following links: https://wi

help on openssl api for encryption

Hi, Tried the example on: https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption On the Linux platform, when I set plaintext to "jason", it works fine. When I set it to "Jason", it returns an empty string. It works fine on windows platform for both case

Re: sk_X509_OBJECT_num()

That makes sense. Thanks to everyone for the responses. Jason From: Dave Coombs Sent: Wednesday, November 13, 2019 5:30 PM To: Jason Schultz Cc: openssl-users@openssl.org Subject: Re: sk_X509_OBJECT_num() Hi, They're macros, defined in SKM_DEFINE_STA

Re: Help on Diffie Hellman key exchange

Thanks Rich, On Wed, Nov 13, 2019 at 12:34 PM Salz, Rich wrote: > *>*For using 1.1.0, we only need to call RAND_bytes() ? > > > > Yes. But do check the return value of RAND_bytes. >

Re: Help on Diffie Hellman key exchange

trlen(seed)); RAND_bytes(buf, keySize / 8); return keySize / 8; } For using 1.1.0, we only need to call RAND_bytes() ? Jason On Wed, Nov 13, 2019 at 12:11 PM Salz, Rich wrote: > *>*RAND_seed(seed, ::strlen(seed)); > >RAND_bytes(buf, keySize / 8); > > > > I don’t k

sk_X509_OBJECT_num()

Hello- I am updating my Linux application from using OpenSSL 1.0.2 to 1.1.1 in preparation for OpenSSL 3.0 (and of course the EOL of 1.0.2). I'm confused about the function in the subject line as well as other, related sk_X509_* functions. My code has always used these functions, and currently

Re: Help on Diffie Hellman key exchange

, ::strlen(seed)); RAND_bytes(buf, keySize / 8); What other method do you suggest to use ? Thanks Jason On Tue, Nov 12, 2019 at 10:50 AM Jason Qian wrote: > Thanks Tomas, > > I will try that. > > On Tue, Nov 12, 2019 at 3:14 AM Tomas Mraz wrote: > >> On Mon, 2

Re: Help on Diffie Hellman key exchange

Thanks Tomas, I will try that. On Tue, Nov 12, 2019 at 3:14 AM Tomas Mraz wrote: > On Mon, 2019-11-04 at 17:34 -0500, Jason Qian via openssl-users wrote: > > Hi > > > >We have an application that does the Diffie Hellman key exchange > > (OpenSSL/1.1.0f). >

Help on Diffie Hellman key exchange

d the server side is java. DH_compute_key(secretKey, bnY, m_DH); Someone in the openssl group also talks about a similar issue, but not sure if have a solution. Thanks for your help, Jason

Re: OpenSSL server sending certificate chain(inc. root cert) during handshake

ore importantly, can I force OpenSSL to not send the root cert? Thanks, Jason From: Sam Roberts Sent: Friday, May 31, 2019 7:32 PM To: Jason Schultz Cc: openssl-users@openssl.org Subject: Re: OpenSSL server sending certificate chain(inc. root cert) during hand

OpenSSL server sending certificate chain(inc. root cert) during handshake

I believe this behavior is common among all supported versions of OpenSSL, but most of my testing has been with OpenSSL 1.0.2, the latest LTS release. My application using OpenSSL is acting as a server. I have a server certificate configured that has been signed by a self-signed/root certificate

Re: X509_STORE_CTX_get1_certs

: Re: X509_STORE_CTX_get1_certs On Wed, May 29, 2019 at 07:44:26PM +, Jason Schultz wrote: > It looks like this function is available in OpenSSL 1.1.1 (not available > in 1.0.2) and I think I need to use it, but I can't find documentation for > it anywhere. In 1.0.2

X509_STORE_CTX_get1_certs

It looks like this function is available in OpenSSL 1.1.1 (not available in 1.0.2) and I think I need to use it, but I can't find documentation for it anywhere. Is this an over site, or am I missing something obvious? Thanks, Jason

Re: [openssl-users] FIPS Module for OpenSSL 1.1.1

Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia From: Jason Schultz [mailto:jetso...@hotmail.com] Sent: Wednesday, 13 February 2019 9:39 AM To: openssl-users@openssl.org Subject: [openssl-users] FIPS Module for OpenSSL 1.1.1 Just wondering if there

[openssl-users] FIPS Module for OpenSSL 1.1.1

Just wondering if there is a time frame for the availability of the FIPS Module for OpenSSL 1.1.1? Q3 2019? Q4? I realize this has been asked before, but the most recent answer I found was from several months ago, so I thought there might be new information. Thanks in advance. -- openssl-users

Re: [openssl-users] Contents of openssl-users digest..."

Get Outlook for Android -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] (no subject)

Get Outlook for Android -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] TLSv1.3, TLS_AE3_256_GMC_SHA384

Wtf do I have to do now? Thank you Get Outlook for Android -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] help I'm lost

Get Outlook for Android -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL FIPS Object Module 2.0 on CD

Just curious, but does this satisfy Section 6.6 of the User Guide, since the CD does not come directly from the OpenSSL Foundation? I don't have a huge need to know, just curious since as with a lot of issues regarding FIPS, no answer would surprise me. From:

Re: [openssl-users] DH_generate_key Hangs

Hi Salz, I have built the 1.1.0f with vc10 ( have to move some header files) Is the OpenSSL 1.1.0f supported version ? Thanks Jason On Thu, Oct 5, 2017 at 3:31 PM, Salz, Rich wrote: > >- Compared code of RAND_poll(void) between 1.0.1 and 1.0.2 and it >seems

Re: [openssl-users] DH_generate_key Hangs

Hi Jeff, Checked https://rt.openssl.org/Ticket/Display.html?id=2100&user= guest&pass=guest and it seems exactly the same issue I have. I have moved to 1.0.1c. One question is where can I find the patch ? I have the built environment and I can build myself. Thanks for the help J

Re: [openssl-users] DH_generate_key Hangs

Thanks, On Fri, Oct 6, 2017 at 9:36 AM, Salz, Rich wrote: > Okay, you seem to be looking for an answer and there isn’t one. > > > > The release you are using has problems when it decided to walk the heap. > The release you are using WILL NOT BE FIXED. > > > > Change your code, backport the fix,

Re: [openssl-users] DH_generate_key Hangs

bytes C libeay32d.dll!*DH_generate_key*(dh_st * dh=0x03316a88) Line 84 + 0xf bytes C Jason On Thu, Oct 5, 2017 at 7:52 PM, Jeffrey Walton wrote: > >> You should avoid calls to RAND_poll altogether on Windows. Do so by > >> explicitly seeding the random number generato

Re: [openssl-users] DH_generate_key Hangs

More : The call stacks are from 1.0.1c when calling DH_generate_key. Is any fix in the latest version for this ? Thanks Jason On Thu, Oct 5, 2017 at 3:53 PM, Jason Qian wrote: > We call DH_generate_key(DH *dh) and the RAND_poll() is called > ssleay_rand_bytes > > >

Re: [openssl-users] DH_generate_key Hangs

and(bignum_st * rnd=0x03318518, int bits=1023, int top=0, int bottom=0) Line 213 + 0x17 bytes C libeay32d.dll!generate_key(dh_st * dh=0x03316a88) Line 170 + 0x11 bytes C libeay32d.dll!DH_generate_key(dh_st * dh=0x03316a88) Line 84 + 0xf bytes C Thanks Jason On Thu, Oct 5, 2017 at 3:33 PM, Jeff

Re: [openssl-users] DH_generate_key Hangs

Compared code of RAND_poll(void) between 1.0.1 and 1.0.2 and it seems no change Thanks On Thu, Oct 5, 2017 at 2:59 PM, Salz, Rich wrote: > You could try to backport the win_rand file from a more recent release. > > > > Far better, as Michael first said, to move to 1.0.2 or later. > > > > > --

Re: [openssl-users] DH_generate_key Hangs

ntry, hlist.th32ProcessID, hlist.th32HeapID)) Jason On Thu, Oct 5, 2017 at 11:59 AM, Michael Wojcik < michael.woj...@microfocus.com> wrote: > As I speculated, it appears you're hanging in random-number generation, > probably due to a blocking CPRNG that can'

Re: [openssl-users] DH_generate_key Hangs

Here is the stack trace : libeay32.dll!RAND_poll Normal [External Code] libeay32.dll!RAND_poll() Line 523 libeay32.dll!ssleay_rand_bytes(unsigned char * buf, int num, int pseudo) Line 395 libeay32.dll!ssleay_rand_nopseudo_bytes(unsigned char * buf, int num) Line 536 Thanks Jason On

[openssl-users] DH_generate_key Hangs

Hi, Need some help, one of our application that hangs when calling DH_generate_key (openssl-0.9.8y). This occurs randomly under loaded condition. Not sure, if anyone know this issue ? Thanks Jason -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl

Re: [openssl-users] Core dump on DSA_free -- libssl.so.1.0.0

Thanks for look into this, void * pKey = LockResource(hHandle); The code works most of the time, only occasionally generates exception and Not sure why on DSA_free(pDSA); On Fri, Aug 11, 2017 at 2:57 PM, Salz, Rich wrote: > > DSA *pDSA = d2i_DSA_PUBKEY(NULL, (const unsigned char **) &pKey,

[openssl-users] Core dump on DSA_free -- libssl.so.1.0.0

Thanks for the help, DSA *pDSA = d2i_DSA_PUBKEY(NULL, (const unsigned char **) &pKey, dwKeySize); bool bRet = false; if (pDSA) { bRet = DSA_verify(0, signature, 20, (BYTE *) pFile, dwSize, (DSA *) pDSA) == 1 ? true : false; DSA_free(pDSA); } Jason -- openssl-users mailing list To unsubsc

Re: [openssl-users] Help with ssl error

>From the original question, it appears the server here only supports two >cipher suites: RSA_With_AES_128_CBC_SHA and RSA_With_3DES_EDE_CBC_SHA This would explain the alert 71, which is the sent because there are no cipher suites in common. From: openssl-users

[openssl-users] FIPS & FIPS_SIgnature

Hello all, I have successfully compiled/linked w/ fipsld and FIPS_mode_set(1) returns true. I'm trying to understand what the FIPS_signature variable represents. Can it be used to verify/match against the FIPS library somehow? Is it supposed to match the sha/mac from the fips build? Or should t

Re: [openssl-users] is 1.0.2g meant to be buildable ? missing rc4_md5_enc implementation !

for practical everyday use, what is the latest / best stable OpenSSL ? 1.0.1s or 1.0.2g ? The last one I used extensively was 1.0.1g - but I'd like to build the latest stable release now. Thanks & Regards, Jason On 06/04/2016, Jakob Bohm wrote: > No, that script is run by th

Re: [openssl-users] is 1.0.2g meant to be buildable ? missing rc4_md5_enc implementation !

Aha! Configure-ing with 'no-asm' fixed it. Apparently, my perl-5.22.1 installation is lacking in some way . I'm surprised the make script did not complain that it could not generate the ASM before attempting to build openssl using the deficient libcrypto . Regards, Jason On 06/04/

Re: [openssl-users] is 1.0.2g meant to be buildable ? missing rc4_md5_enc implementation !

Aha! I just saw rc4-md5-x86_64.pl - am I meant to run this manually to produce the ASM to compile to produce the object ? Why wasn't this run as part of the build ? I am building with perl-5.22.1 , gcc-5.3.0, make-4.1 on Linux x86_64 LFS . On 06/04/2016, Jason Vas Dias wrote: > pl

[openssl-users] is 1.0.2g meant to be buildable ? missing rc4_md5_enc implementation !

please can anyone tell me: Is the 1.0.2g release from : http://www.openssl.org/source/openssl-1.0.2g.tar.gz meant to build ? Is this meant to be the latest stable release , or is that 1.0.1s ? The 1.0.2g release does not build, for the linux-x86_64:gcc 'threads shared' configuration (or any othe

[openssl-users] Building 1.0.2g with "no-idea"

I am re-posting this (and another) message to the list as I was having email issues with the list and I posted an erroneous subject line, which may have deterred responses. I have another question that was encountered at the same time as my previous one, but I believe it is two separate issues,

[openssl-users] Build of 1.0.2g fails

Greetings. I am re-posing this message (as well as another message) to the list as I was having problems with my list membership when it was posted, and I also made a mistake in the subject line, which may have deterred some responses. I'm having problems building OpenSSL, starting with 1.0.1g.

Re: [openssl-users] help on des_cblock

Thanks, Jason On Fri, Mar 18, 2016 at 4:23 PM, Scott Neugroschl wrote: > I suspect the use of std::string and c_str(). Use a std::vector > instead. > > > > *From:* openssl-users [mailto:openssl-users-boun...@openssl.org] *On > Behalf Of *Jason Qian > *Sent:* Friday

[openssl-users] help on des_cblock

,109,84,88) Client -- openSSL get from des_cblock struct DES Key size (8) (-83,-113,-74,-77,109,84,88,8) Thanks Jason Here is the C++ code void DiffieHellmanCipher::init(const std::string &Y){ if (Y.length() == 0) { return; } if (m_DH == NULL) { return; }

[openssl-users] Building 1.0.1g with "no-idea"

I have another question that was encountered at the same time as my previous one, but I believe it is two separate issues, so I created a different thread. When building 1.0.2g and attempting to remove some ciphers at build time ("no-idea"), I discovered that the Make scripting was attempting to

[openssl-users] Build of 1.0.1g fails

Greetings. I'm having problems building OpenSSL, starting with 1.0.1g. The scenario is as follows. I'm not sure when the problem was introduced; however, with the compiling-out of SSLv2 *by default* in -1.0.2g, that change has exacerbated this problem. (That is, instead of affecting only those

Re: [openssl-users] Peer closing connection with a FIN without first sending a close_notify

g connection with a FIN without first > sending a close_notify > > On Mon, Apr 20, 2015 at 03:03:37PM +, Jason Schultz wrote: > > > We am seeing the following situation and are not quite sure the proper > > way to handle it, so I thought I'd solicit the mailing l

[openssl-users] Peer closing connection with a FIN without first sending a close_notify

Greetings. We am seeing the following situation and are not quite sure the proper way to handle it, so I thought I'd solicit the mailing list. Our application is an FTP server using OpenSSL. The peer is a non-OpenSSL FTP client in active mode. The problem comes in with how the FTP client handles

[openssl-users] FIPS_module_version_text()

Is this function available to call in OpenSSL 1.0.1? I'm trying to call it from my application running a FIPS capable version of OpenSSL (everything else works, turning FIPS on, etc), but I include fips.h but I get a compile error saying the function was not declared. I did find something in the

Re: [openssl-users] FIPS_module_version_text()

Hmm. I am pretty sure I was linking against the FIPS capable OpenSSL but I will double check tomorrow to make sure I did it right. Thanks. > On Mar 10, 2015, at 7:28 PM, Dr. Stephen Henson wrote: > >> On Tue, Mar 10, 2015, Jason Schultz wrote: >> >> Is this funct

Re: [openssl-users] FIPS_module_version_text()

I guess I didn't have the correct fips.h file in my include path when I couldn't get it to compile. But I don't think it will work for my purposes since if I install my application on another system, that entry point is not defined in libcrypto.so or libssl.so. Does anyone know if it's really g

Re: [openssl-users] OpenSSL and detecting whether bugs have been patched

n number. Maybe it's just a case of the vendor (RedHat etc.) should come up with a solution - a /usr/share/openssl/heartbleed_fixed file added to the package, or a /usr/share/openssl/patchlist file containing list of patches applied. Freeradius can then check this

  1   2   3   >