ECDH- NID_X9_62_prime256v1 - EVP_RAND_generate()

Hi, I am implementing ECDH- Group19 (NID_X9_62_prime256v1). I followed the below sequence. 1. ecdh_group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1); // NID_X9_62_prime256v1 or NID_secp256k1 2. ecdh_keys = EC_KEY_new(); 3. ret = EC_KEY_set_group(ecdh_keys, ecdh_group); 4. re

ECDH- NID_X9_62_prime256v1 - EVP_RAND_instantiate()

Hi, I am implementing ECDH- Group19 (NID_X9_62_prime256v1). I followed the below sequence. 1. ecdh_group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1); // NID_X9_62_prime256v1 or NID_secp256k1 2. ecdh_keys = EC_KEY_new(); 3. ret = EC_KEY_set_group(ecdh_keys, ecdh_group); 4. re

RE: compile openssl for Arm A9 & VxWorks - evp_rand_******_locked() API

pointing to function pointers. How to find them? Do I need to implement Mutex lock here? Thanks & Regards, Damodhar. +91-7702191212 General From: openssl-users On Behalf Of Damodhar Boddukuri via openssl-users Sent: Friday, July 26, 2024 5:33 PM To: Neil Horman Cc: openssl-users@openssl

RE: compile openssl for Arm A9 & VxWorks

NFIG OPENSSL_NO_RDRAND OPENSSL_NO_PADLOCKENG OPENSSL_NO_AFALGENG OPENSSL_NO_STATIC_ENGINE Thanks & Regards, Damodhar. +91-7702191212 General From: Neil Horman Sent: Wednesday, July 24, 2024 11:04 PM To: Damodhar Boddukuri Cc: openssl-users@openssl.org Subject: Re: compile openssl for Arm A9 &

openSSL cross compilation for target "vxworks-armv7a" in Windows platform

Hi OpenSSL user, I am trying to compile "openSSL cross compilation for target "vxworks-armv7a" in Windows platform": The target compiler is ccarm.exe Approach-1: In Linux platform, Added the following target details in 10-main.conf file and ran the ./config . It generated the configdata.pm, c

RE: compile openssl for Arm A9 & VxWorks

\lib\app_libctx.c:10: include/openssl/crypto.h:88: error: expected ')' before '*' token include/openssl/crypto.h:90: error: expected ')' before '*' token include/openssl/crypto.h:434: warning: type defaults to 'int' in declaration of 'time_t

RE: compile openssl for Arm A9 & VxWorks

L$(WS_ROOT_DIR)\obj\vxworks-6.9\krnl\lib_smp\arm\ARMARCH7\common -L$(WIND_HOME)\components\obj\vxworks-6.9\krnl\lib_smp\arm\ARMARCH7\gnu -L$(WIND_HOME)\components\obj\vxworks-6.9\krnl\lib_smp\arm\ARMARCH7\common'), ex_libs => add("-Wl,--defsym,__wrs_rtp_base=0xe000"

Can I set the names of the DLLs/LIBs created during the build?

I want to have debug and optimized DLLs/LIBs for use by developers who need them to link their or open source code. I can manually rename the LIBs, but I can't rename the DLLs since the LIBs provide the original name of the DLLs. Any suggestions? I know that the DCMTK team built their own DLLs

RE: Building x32 libraries on x64 windows machine

Sorry. Friday afternoon brain. Forgot to do a `nmake clean` Thom Bentley | Senior Software Engineer | Medidata, a Dassault Systèmes company<http://www.mdsol.com/> From: BENTLEY Thom Sent: Friday, July 19, 2024 3:48 PM To: openssl-users@openssl.org Subject: Building x32 libraries

Building x32 libraries on x64 windows machine

Hi All, I trying to build openssl 3.0.8 to generate x32/win32 libraries and header files. I used the following steps: Opened the x86 Native Tools Command Prompt (Sets the environment to use 32-bit, x86-native tools to build 32-bit, x86-native code) perl Configure --debug --openssldir="C:\OpenS

compile openssl for Arm A9 & VxWorks

Hi openSSL users, I would like to port openssl for Arm A9 & VxWorks Target. If someone can share the details, Its really helpful for me. Thanks in advance. Thanks & Regards, Damodhar. +91-7702191212 General

ECDH Algoritm (Group 19)

Hi OpenSSL users, We are planning to use ECDH Algorithm(Group 19) in an Embedded System Product for the shared secret key generation. When I go through the code, I understand that it requires engine libraries/files from the following folders: \openssl-3_1_3\crypto\engine\ \openssl-3_1_3

Non-Programmatic Deterministic Key Generation for ED25519 and ED448 Keys

I need a non-programmatic method for using seeds to generate ED25519 and ED448 (Goldilocks) key pairs. This means using only shell-accessible tools within OpenSSL rather than binding programmatically. While reading the documentation it seems that neither 'genpkey' nor 'pkeyutl' have a facility for

ECDH - Group19 example code

Hi, I am looking for a example code for ECDH - Group19, There are many API's in the lib. If you could help me with a simple code with: 1. Initializing the context if any? 2. Selecting ECDH Group 19 3. Private/Public Key Generation 4. Shared secret Key Generation Or any other exact s

Library and DLL names on Windows X64

Hi All, I had to change the names of the .lib files to: "dcmtkcrypto_d.lib" - debug version "dcmtkcrypto_o.lib" - release version (optimized) "dcmtkssl_d.lib"- debug version "dcmtkssl_o.lib"- release version (optimized) This was required by the DCMTK team's CMak

Macro definitions

Hi OpenSSL, I am compiling OpenSSL 3.1.3 for ARM A9. It's unable get the following macro definitions. They are used in der_ec_sig.c ossl_der_oid_ecdsa_with_SHA1 ossl_der_oid_ecdsa_with_SHA224 ossl_der_oid_ecdsa_with_SHA256 ossl_der_oid_ecdsa_with_SHA384 ossl_der_oid_ecdsa_with_SHA512 ossl_der_oi

RE: Can we provide --debug and --release on a single build?

Thanks for the confirmation. Thom Bentley | Senior Software Engineer | Medidata, a Dassault Systèmes company<http://www.mdsol.com/> From: Neil Horman Sent: Wednesday, July 10, 2024 1:56 PM To: BENTLEY Thom Cc: openssl-users@openssl.org Subject: Re: Can we provide --debug and --releas

RE: Can we provide --debug and --release on a single build?

st distributions create their debuginfo packages On Wed, Jul 10, 2024 at 1:22 PM BENTLEY Thom via openssl-users mailto:openssl-users@openssl.org>> wrote: Hi, I was wondering if the build scripts could handling providing –debug and –release for a build. Would this create release and debug lib

Can we provide --debug and --release on a single build?

Hi, I was wondering if the build scripts could handling providing -debug and -release for a build. Would this create release and debug libraries in a single build? Thanks. P.S. I know I could try it, but I thought others might want to know later too. Perhaps an update in the INSTALL.md file.

RE: Missing header file ts_local.h in install location.

rts(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs); Thom Bentley | Senior Software Engineer | Medidata, a Dassault Systèmes company<http://www.mdsol.com/> From: Tomas Mraz Sent: Monday, July 1, 2024 4:12 AM To: BENTLEY Thom ; Matt Caswell ; openssl-users@openssl.org Subject: Re: Missing he

ECDH Group 19 (256-bit Elliptic curve) key length

Hi OpenSSL, I am using group 19 which is ECDH elliptic curve group (NID_X9_62_prime256v1) and is giving 32 bytes/256 bit of shared secret key. I want to use it to work with AES-128 CBC encryption algorithm. As the key length generated by ECDH is 32 bytes, is there any way to generate the key l

RE: Maximum encryption key length supported by AES-128 CBC

That answers my questions. Thanks Viktor. General -Original Message- From: openssl-users On Behalf Of Viktor Dukhovni Sent: Friday, July 5, 2024 08:01 AM To: openssl-users@openssl.org Subject: Re: Maximum encryption key length supported by AES-128 CBC [External email: Use caution

Maximum encryption key length supported by AES-128 CBC

Hi OpenSLL users, I want to know what length of encryption key does AES-128 CBC supports? I believe that it supports key length max upto 128 bits that is 16 bytes. What happens if I give the input key of more than 16 bytes? Will the AES-128 drop the remaining bytes and consider only first 16 by

Re: Certificate verification with cross signed CAs (James)

From: James To: mailto:openssl-users@openssl.org Subject: Re: Certificate verification with cross signed CAs Message-ID: Content-Type: text/plain; charset="utf-8" > The certificates are attached below.

RE: Missing header file ts_local.h in install location.

m Bentley | Senior Software Engineer | Medidata, a Dassault Systèmes company<http://www.mdsol.com/> From: Matt Caswell Sent: Friday, June 28, 2024 11:54 AM To: BENTLEY Thom ; Tomas Mraz ; openssl-users@openssl.org Subject: Re: Missing header file ts_local.h in install location. On 28/06/2024 16

Re: Missing header file ts_local.h in install location.

Engineer |Medidata, a Dassault Systèmes company thom.bent...@3ds.com From: Matt Caswell Date: Friday, June 28, 2024 at 11:53 AM To: BENTLEY Thom , Tomas Mraz , "openssl-users@openssl.org" Subject: Re: Missing header file ts_local.h in install location. On 28/06/2024 16: 29, BENTLE

RE: Missing header file ts_local.h in install location.

s\include\dcmtk\dcmtls\tlslayer.h(37,8): 16:35:16:392 26>see declaration of 'ssl_ctx_st' Thom Bentley | Senior Software Engineer | Medidata, a Dassault Systèmes company<http://www.mdsol.com/> From: Tomas Mraz Sent: Friday, June 28, 2024 10:15 AM To: BENTLEY Thom ; opens

RE: Missing header file ts_local.h in install location.

ley | Senior Software Engineer | Medidata, a Dassault Systèmes company<http://www.mdsol.com/> From: Matt Caswell Sent: Friday, June 28, 2024 10:18 AM To: BENTLEY Thom ; openssl-users@openssl.org Subject: Re: Missing header file ts_local.h in install location. On 28/06/2024 15: 09, BENTLEY

Missing header file ts_local.h in install location.

Hi All, I build and installed version 3.0.8 on Windows with Visual Studio using the instructions provided. I copied the bin, include, and lib directories to a location that would be found by the CMake for the DCMTK toolkit version 3.6.8. When I attempt to build the DCMTK toolkit, I see that the

Re: Issue with install after using `perl Configure` to set --prefix and --openssldir

, "openssl-users@openssl.org" Subject: Re: Issue with install after using `perl Configure` to set --prefix and --openssldir You seem to have space instead of = between --openssldir and the path. And yeah, try to experiment with the doublequotes if that does not help. I do not know the e

Re: Issue with install after using `perl Configure` to set --prefix and --openssldir

at 1:29 PM To: BENTLEY Thom , "openssl-users@openssl.org" Subject: Re: Issue with install after using `perl Configure` to set --prefix and --openssldir Hello, you have to use "--openssldir=C: \OpenSSLInstallDir\CommonFiles\SSL" Regards, Tomas Mraz, OpenSSL On Thu, 2024-0

Issue with install after using `perl Configure` to set --prefix and --openssldir

Hi All, I get an error running `perl Configure --openssldir "C:\OpenSSLInstallDir\CommonFiles\SSL" --prefix=C:\OpenSSLInstallDir VC-WIN64A` target already defined - C:\OpenSSLInstallDir\Common Files\SSL (offending arg: VC-WIN64A) If I remove --openssldir "C:\OpenSSLInstallDir\CommonFiles\SSL",

Syntax of OID values

I want to make my own tiny rootca. There are problem with supporting OIDS. I found in documentation about oid_file, but can not decode syntax of values. DER: works fine, but I want to use more readeable format. All I can find is the same docs without a tiny working example how to use my defined

RE: Issue building after configuring for VC-WIN64A (version 3.0.8)

:29 PM To: BENTLEY Thom Cc: openssl-users@openssl.org Subject: Re: Issue building after configuring for VC-WIN64A (version 3.0.8) You will almost certainly need to preform an nmake distclean (or just run git clean on your tree) prior to reconfiguring. nmake is really bad about getting l

RE: Issue building after configuring for VC-WIN64A (version 3.0.8)

Did you do an "nmake clean" after switching to the correct compiler? You need to get rid of those 32-bit objects, or you'll continue to have a machine-type mismatch. -- Michael Wojcik Rocket Software Rocket Software, Inc. and subsidiaries ■ 77 Fourth Avenue, Walt

Issue building after configuring for VC-WIN64A (version 3.0.8)

Hi All, I followed the instructions for building OpenSSL 3.0.8 at https://github.com/openssl/openssl/blob/openssl-3.0.8/NOTES-WINDOWS.md#native-builds-using-visual-c The nmake step failed with the following error: cmd /C ""cl" /Zs /showIncludes /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3

Re: 20240619 snapshots

On Wed, Jun 19, 2024 at 09:53:19AM +0200, Tomas Mraz wrote: > They are there. Maybe you've looked too soon before the CDN caches were > synchronized. > > > On Tue, 2024-06-18 at 21:12 -0600, The Doctor via openssl-users wrote: > > Where are they? > > -- > To

20240619 snapshots

Where are they? -- Member - Liberal International This is doc...@nk.ca Ici doc...@nk.ca Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising! Look at Psalms 14 and 53 on Atheism ; United Kingdom save the NAtion on 4 July 2024 vote Liberal Democrat

RE: [EXTERNAL] - 32-bit OpenSSL binary found in Suprema BioStar 2 door access system

On Wednesday, April 17th, 2024 at 6:57 AM, Michael Wojcik via openssl-users wrote: > > From: Turritopsis Dohrnii Teo En Ming teo.en.m...@protonmail.com > > Sent: Monday, 15 April, 2024 07:36 > > > > > > From: openssl-users openssl-users-boun...@openssl.org On

Re: [External] : Why do I get the following error `wrong signature length` when I try to validate a signed file using the c++ OpenSSL 3.1 library?

|if (EVP_PKEY_verify(ctx, licenseSignature, sizeof(licenseSignature), licenseContent, sizeof(licenseContent)) <= 0)| The sizeof operator is not doing what you think it's doing. It's computing the sizes of the pointers (typically 4 or 8 bytes depending on your architecture) and not the sizes of

Re: New OpenSSL Releases

On 5/30/24 11:15, Michael Wojcik via openssl-users wrote: From: openssl-users On Behalf Of Dennis Clarke via openssl-users Sent: Thursday, 30 May, 2024 07:29 OKay, thank you. I guess today is a good day to test on a few oddball system architectures. I suspect there are very very few people out

RE: Issue in DH Algorithm Keys Generation in OpenSSL 3.3.0

ards, Vishal General -Original Message- From: openssl-users On Behalf Of Viktor Dukhovni Sent: Friday, May 31, 2024 06:14 PM To: openssl-users@openssl.org Subject: Re: Issue in DH Algorithm Keys Generation in OpenSSL 3.3.0 [External email: Use caution with links and attachm

Re: Blocking on a non-blocking socket?

- Original Message - > From: "Wiebe Cazemier" > To: openssl-users@openssl.org > Sent: Thursday, 23 May, 2024 12:22:31 > Subject: Blocking on a non-blocking socket? > > Hi List, > > I have a very obscure problem with an application using O_NONBLOCK stil

RE: Issue in DH Algorithm Keys Generation in OpenSSL 3.3.0

Hi Viktor, Is there any way to make this prime number work by doing some modifications in the openssl source code. Like bypassing the OpenSSL DH prime check? Regards, Vishal General -Original Message- From: openssl-users On Behalf Of Viktor Dukhovni Sent: Friday, May 31, 2024 03:01

RE: Issue in DH Algorithm Keys Generation in OpenSSL 3.3.0

Hi OpenSSL users, I am using OpenSSL source version 3.3.0 and facing an issue in key generation part of Diffie Hellman (DH) Algorithm. Below are the APIs I am using for generating Public and Private Keys: static unsigned char DH_PRIME_128[] = { /* 128 bit prime */ 0xff, 0xff, 0xff, 0xff

RE: New OpenSSL Releases

> From: openssl-users On Behalf Of Dennis > Clarke via openssl-users > Sent: Thursday, 30 May, 2024 07:29 > > OKay, thank you. I guess today is a good day to test on a few oddball > system architectures. I suspect there are very very few people out there > running actual HP

Re: New OpenSSL Releases

On 5/30/24 03:03, Tomas Mraz wrote: You can just test the HEAD commits in the respective branches (openssl- 3.0, openssl-3.1, openssl-3.2 and openssl-3.3) in git. The repository will be frozen today afternoon so there should be no further changes apart from eventual regression fixes and the relea

Re: New OpenSSL Releases

On 5/28/24 08:51, Tomas Mraz wrote: The OpenSSL project team would like to announce the upcoming release of OpenSSL versions 3.3.1, 3.2.2, 3.1.6 and 3.0.14. Will there be any release candidate tarballs for testing on various systems? Perhaps there already exists some commit or "tag" ( wha

Re: Blocking on a non-blocking socket?

Hi Detlef, - Original Message - > From: "Detlef Vollmann" > To: openssl-users@openssl.org > Sent: Friday, 24 May, 2024 12:02:37 > Subject: Re: Blocking on a non-blocking socket? > > That's correct, but if I understand Matt correctly, t

Re: Blocking on a non-blocking socket?

Hi Matt, - Original Message - > From: "Matt Caswell" > To: openssl-users@openssl.org > Sent: Friday, 24 May, 2024 00:26:28 > Subject: Re: Blocking on a non-blocking socket? > Not quite. > > When you call SSL_read() it is because you are hoping to read &

Re: Blocking on a non-blocking socket?

Hi Neil, - Original Message - > From: "Neil Horman" > To: "Wiebe Cazemier" > Cc: "udhayakumar" , openssl-users@openssl.org > Sent: Thursday, 23 May, 2024 23:42:18 > Subject: Re: Blocking on a non-blocking socket? > from

Re: Blocking on a non-blocking socket?

- Original Message - > From: "Neil Horman" > To: "udhayakumar" > Cc: "Wiebe Cazemier" , openssl-users@openssl.org > Sent: Thursday, 23 May, 2024 22:05:22 > Subject: Re: Blocking on a non-blocking socket? > do you have a stack trace of t

Blocking on a non-blocking socket?

Hi List, I have a very obscure problem with an application using O_NONBLOCK still blocking. Over the course of a year of running with hundreds of thousands of clients, it has happened twice over the last month that a worker thread froze. It's a long story, but I'm pretty sure it's not a deadloc

Trouble decoding key in provider

Hi there, I am trying to implement a provider. The decoder successfull decodes the key (it is using an ED25519 key with a custom OID -> hence the provider). Currently I am facing two problems: 1. the PEM decoding is ignored unless I comment out the DER decoding part The private key is packag

Re: OpenSSL version 3.3.0 published

On 5/16/24 08:28, Neil Horman wrote: Glad its working a bit better for you. If you are inclined, please feel free to open a PR with your changes for review. Well, the changes are *really* trivial. Necessary and trivial. -- Dennis Clarke RISC-V/SPARC/PPC/ARM/CISC UNIX and Linux spoken

Re: OpenSSL version 3.3.0 published

On 5/15/24 18:34, Neil Horman wrote: You are correct, the files you reference (most of them in fact) get built into separate objects in the event the build flags are different for shared and static libraries, and should be unrelated to the issue you are seeing I was somewhat puzzled by thi

Re: OpenSSL version 3.3.0 published

On 5/13/24 03:34, Matt Caswell wrote: On 13/05/2024 02:42, Neil Horman wrote: We added support for RCU locks in 3.3 which required the use of atomics (or emulated atomic where they couldn't be supported), but those were in libcrypro not liberal Right - its supposed to fallback to emulated

Re: OpenSSL version 3.3.0 published

On 5/12/24 21:42, Neil Horman wrote: We added support for RCU locks in 3.3 which required the use of atomics (or emulated atomic where they couldn't be supported), but those were in libcrypro not liberal I see. I am having great difficulty with 3.3 on an old Sun SPARC64 server where there

Re: OpenSSL version 3.3.0 published

On 4/9/24 08:56, OpenSSL wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL version 3.3.0 released == Trying to compile this on an old Solaris 10 machine and over and over and over I see these strange things as Undefined symbols : Undefin

Re: goto out not working in tests

On Mon, May 06, 2024 at 11:34:59PM -0600, The Doctor via openssl-users wrote: > Using clang versino 18 > > and it is spewing at goto out > Line 417 and 434 of test/threadstest.c in openssl-3.3 daily -- Member - Liberal International This is doc...@nk.ca Ici doc...@nk.ca

goto out not working in tests

Using clang versino 18 and it is spewing at goto out -- Member - Liberal International This is doc...@nk.ca Ici doc...@nk.ca Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising! Look at Psalms 14 and 53 on Atheism ;

RE: Open SSL 1.1.1 and Vxworks 5.4.2 - Query on Entropy source

generate random numbers. Does Vxworks not use an OS based entropy source ? I see so in the openssl link: https://mta.openssl.org/pipermail/openssl-users/2020-March/012087.html. In our implementation, we have the OPENSSL_RAND_SEED_NONE macro definition commented in the opensslconf.h file. What would be

Invalid code generated by GCC on 32-bit x86 in gcm128.c

We recently debugged, and found a workaround for, a GCC [###version] code-generation error when compiling OpenSSL 3.0.8 for 32-bit on Intel x86. This error resulted in a use of a misaligned memory operand with a packed-quadword instruction, producing a SIGSEGV on RedHat 8. (I'm a bit surprised

Re: [External] : Re: BIO_read() crash

On Mon, Dec 05, 2022 at 11:31:18AM -0800, Thomas Dwyer III wrote: > Why does EVP_get_digestbyname("md4") return non-NULL if the legacy provider > isn't loaded? Similarly, why does it return non-NULL for "md5" after doing > EVP_set_default_properties(NULL, "fips=yes")? This seems unintuitive. Legacy

Re: Upgrading OpenSSL on Windows 10

​​> From: Steven_M.irc > Sent: Thursday, November 24, 2022 21:21 > > This is not true in the general case. There are applications which are > > available on Linux which do not use the > > distribution's package manager. There are applications which use their own > > OpenSSL build, possibly link

RE: Upgrading OpenSSL on Windows 10

s probably off topic for this group but there > are several different ways to use powershell to gain this information from > different viewpoints (Installed files, registry, event log, etc...). > > Thanks, > Job > > -----Original Message- > From: openssl-users openssl-us

Re: Upgrading OpenSSL on Windows 10

Hi Michael, Thanks very much for replying to my e-mail/post. I apologize for the lateness of my reply. > This is not true in the general case. There are applications which are > available on Linux which do not use the distribution's package manager. There > are applications which use their own

Re: an oldie but a goodie .. ISO C90 does not support 'long long'

On 2022-11-15 21:36, Phillip Susi wrote: Jakob Bohm via openssl-users writes: Performance wise, using a newer compiler that implements int64_t etc. via frequent library calls, while technically correct, is going to run unnecessarily slow compared to having algorithms that actually use the

Re: Upgrading OpenSSL on Windows 10

> From: openssl-users on behalf of > Steven_M.irc via openssl-users > Sent: Monday, November 21, 2022 15:56   > However, I am running Windows 10, and since (unlike Linux) every piece of > software outside of Windows itself > needs to be updated individually, I don't

Upgrading OpenSSL on Windows 10

Hi All, A few weeks ago I sent this e-mail to the group: https://mta.openssl.org/pipermail/openssl-users/2022-November/015613.html I received a couple of replies, but sadly I have been too busy to respond to them. Regardless, I need a bit more information please. In one of the replies, Viktor

Re: X52219/X448 export public key coordinates

Thanks for the explanation, that probably makes sense. Thank you Matt From: Kyle Hamilton Date: Monday, 21 November 2022 12:46 To: ORNEST Matej - Contractor Cc: openssl-users Subject: Re: X52219/X448 export public key coordinates The reason has to do with the type of curve representation

Re: X52219/X448 export public key coordinates

implemented outside the context of EC. It’s not clear to me why but I believe there’s a good reason for it. Anyway, thanks for your answer! Regards Matt On 18. 11. 2022, at 17:13, Kyle Hamilton wrote:  X25519? On Mon, Nov 14, 2022, 05:23 ORNEST Matej - Contractor via openssl-users mailto:openssl

X52219/X448 export public key coordinates

Hi all, I need to implement support for X52219/X448 for DH key exchange (and Ed52219/Ed448 for DSA) elliptic curves in our project. I need to export public key for DH exchange in form of DER encoded chunk in form tag+X-coordinate+Y-coordinate. Thus I need to get EC_POINT from EVP_PKEY and enco

Fw:OpenSSL AES Decryption fails randomly C++

: "WuJinze" <294843...@qq.com>; Date: Sat, Nov 12, 2022 06:17 PM To: "openssl-users"

OpenSSL AES Decryption fails randomly C++

Dear OpenSSL Group, Greetings. I was working on writing simple aes encrypt/decrypt wrapper function in c++ and running into a strange problem. The minimal reproducible examples in gist seems working fine but when i uncomment lines 90-92, it will fail to decrypt randomly. Can someone help me

Re: an oldie but a goodie .. ISO C90 does not support 'long long'

On 2022-11-06 23:14, raf via openssl-users wrote: On Sat, Nov 05, 2022 at 02:22:55PM +, Michael Wojcik wrote: From: openssl-users On Behalf Of raf via openssl-users Sent: Friday, 4 November, 2022 18:54 On Wed, Nov 02, 2022 at 06:29:45PM +, Michael Wojcik via openssl-users wrote

Re: an oldie but a goodie .. ISO C90 does not support 'long long'

On Sat, Nov 05, 2022 at 02:22:55PM +, Michael Wojcik wrote: > > From: openssl-users On Behalf Of raf > > via > > openssl-users > > Sent: Friday, 4 November, 2022 18:54 > > > > On Wed, Nov 02, 2022 at 06:29:45PM +0000, Michael Wojcik via openssl-us

Re: TLS 1.3 Early data

On Sat, Nov 05, 2022 at 11:50:18AM +0100, Dirk Menstermann wrote: > Hello, > > I did few experiments with early data but was not successful in solving my > exotic use case: "Using early data dependent on the SNI" > > I control the server (linux, supports http2) based on OpenSSL 111q and use a > r

RE: an oldie but a goodie .. ISO C90 does not support 'long long'

> From: openssl-users On Behalf Of raf via > openssl-users > Sent: Friday, 4 November, 2022 18:54 > > On Wed, Nov 02, 2022 at 06:29:45PM +, Michael Wojcik via openssl-users > wrote: > > > > > I'm inclined to agree. While there's an argum

Re: an oldie but a goodie .. ISO C90 does not support 'long long'

On Wed, Nov 02, 2022 at 06:29:45PM +, Michael Wojcik via openssl-users wrote: > > From: openssl-users On Behalf Of Phillip > > Susi > > Sent: Wednesday, 2 November, 2022 11:45 > > > > The only thing to fix is don't put your compiler in strict C90 mode

RE: OpenSSL 3.0.7 make failure on Debian 10 (buster)

> From: openssl-users On Behalf Of Matt > Caswell > Sent: Friday, 4 November, 2022 06:43 > > This looks like something environmental rather than a problem with > OpenSSL itself. /usr/lib/gcc/x86_64-linux-gnu/8/include-fixed/limits.h > is clearly a system include file, t

Re: Output buffer length in EVP_EncryptUpdate for ECB mode

Matt, EVP_EncryptUpdate() can be called repeatedly, incrementally feeding in the data to be encrypted. The ECB mode (when used with AES-128) will encrypt input data 16 bytes at a time, and the output size will also be 16 bytes per input block. If the data that you feed in to EVP_EncryptUpdate

RE: SSL_read empty -> close?

> From: Felipe Gasper > Sent: Thursday, 3 November, 2022 10:43 > > > > And your description looks wrong anyway: shutdown(SHUT_RD) has > > implementation-defined behavior for TCP sockets (because TCP does not > > announce the read side of half-close to the peer), and on Linux causes > > blocked rec

RE: SSL_read empty -> close?

> From: Felipe Gasper > Sent: Thursday, 3 November, 2022 08:51 > > You probably know this, but: On Linux, at least, if a TCP socket close()s > with a non-empty read buffer, the kernel sends TCP RST to the peer. Yes, that's a conditional-compliance (SHOULD) requirement from the Host Requirements

Output buffer length in EVP_EncryptUpdate for ECB mode

Hello, I'd like to clarify one aspect of the API regarding EVP_EncryptUpdate [0] that is the length of the output buffer that should be passed to that function ("out" parameter). (Actually I'm using EVP_CipherUpdate but the docs are more comprehensive for EVP_EncryptUpdate). [0]: https://www.o

RE: SSL_read empty -> close?

> From: Felipe Gasper > Sent: Thursday, 3 November, 2022 07:42 > > It sounds, then like shutdown() (i.e., TCP half-close) is a no-no during a > TLS session. Um, maybe. Might generally be OK in practice, particularly with TLSv1.3, which got rid of some of the less-well-considered ideas of earlie

RE: Worried about the vulnerabilities recently found in OpenSSL versions 3.0.0 - 3.0.6.

> From: openssl-users On Behalf Of > Steven_M.irc via openssl-users > Sent: Wednesday, 2 November, 2022 17:18 > > I'm really worried about the vulnerabilities recently found in OpenSSL > versions 3.0.0 - 3.0.6. Why? What's your threat model? > If I understand

How to upgrade openssl from 3.0.2 to 3.0.7

Hi Team, I want to upgrade the openssl version from 3.0.2 to 3.0.7. My OS version is Ubuntu 22.04.1 LTS (Jammy Jellyfish). Please help .It is urgent. Regards, Anupam

自动回复: Re: Worried about the vulnerabilities recently found in OpenSSLversions 3.0.0 - 3.0.6.

这是一封自动回复邮件。已经收到您的来信，我会尽快回复。

Worried about the vulnerabilities recently found in OpenSSL versions 3.0.0 - 3.0.6.

Hi All, I'm really worried about the vulnerabilities recently found in OpenSSL versions 3.0.0 - 3.0.6. If I understand things correctly (and please do correct me if I'm wrong), it doesn't matter which version of OpenSSL clients are running, only which version of OpenSSL *servers* are running. Th

RE: SSL_read empty -> close?

> From: Felipe Gasper > Sent: Wednesday, 2 November, 2022 12:46 > > I wouldn’t normally expect EPIPE from a read operation. I get why it happens; > it just seems odd. Given that it’s legitimate for a TLS peer to send the > close_notify and then immediately do TCP close, it also seems like EPIPE i

Re: an oldie but a goodie .. ISO C90 does not support 'long long'

On 11/2/22 18:29, Michael Wojcik via openssl-users wrote: From: openssl-users On Behalf Of Phillip Susi Sent: Wednesday, 2 November, 2022 11:45 The only thing to fix is don't put your compiler in strict C90 mode. I'm inclined to agree. While there's an argument for backwar

RE: an oldie but a goodie .. ISO C90 does not support 'long long'

> From: openssl-users On Behalf Of Phillip > Susi > Sent: Wednesday, 2 November, 2022 11:45 > > The only thing to fix is don't put your compiler in strict C90 mode. I'm inclined to agree. While there's an argument for backward compatibility, C99 was standardized

Re: an oldie but a goodie .. ISO C90 does not support 'long long'

On 11/2/22 07:30, Tomas Mraz wrote: No, long long and unsigned long long is required and it was required for quite some time. The code is mostly C90 but not strictly. I suppose on platforms with 64bit long type we could make it work without long long though. Pull requests are welcome. Tomas Mra

RE: ungrade openssl 3.0.2 to 3.0.7

: openssl-users On Behalf Of Anupam Dutta via openssl-users Sent: Wednesday, November 2, 2022 9:12 AM To: openssl-users@openssl.org Subject: ungrade openssl 3.0.2 to 3.0.7 Hi Team, I want to upgrade openssl from 3.0.2 to 3.0.7. I have downloaded 3.0.7 from https://www.openssl.org/source and

ungrade openssl 3.0.2 to 3.0.7

Hi Team, I want to upgrade openssl from 3.0.2 to 3.0.7. I have downloaded 3.0.7 from https://www.openssl.org/source and installed successfully. But, still it is showing version 3.0.2.Please help. It's urgent. My OS: 22.04.1 LTS (Jammy Jellyfish) Regards, Anupam

自动回复: Re: issues with OpenSSL 1.1.1n

这是一封自动回复邮件。已经收到您的来信，我会尽快回复。

an oldie but a goodie .. ISO C90 does not support 'long long'

Good day : This always bites me when I try strict C90 : In file included from include/openssl/x509.h:41, from apps/include/apps.h:29, from apps/lib/app_libctx.c:10: include/openssl/sha.h:106:37: error: ISO C90 does not support 'long long' [-Wlong-long]

stunnel 5.67 released

Dear Users, I have released version 5.67 of stunnel. ### Version 5.67, 2022.11.01, urgency: HIGH * Security bugfixes   - OpenSSL DLLs updated to version 3.0.7. * New features   - Provided a logging callback to custom engines. * Bugfixes   - Fixed "make cert" with OpenSSL older than 3.0.   - Fixe

自动回复: Re: issue with 1.1.1n

这是一封自动回复邮件。已经收到您的来信，我会尽快回复。

  1   2   3   4   5   6   7   8   9   10   >