What do you need the NID for? Maybe the code could be changed to use
names instead of NIDs? The NIDs are somehow legacy thing that might
eventually be completely internal at some point.
However, if you need the NID, you should be able to use OBJ_sn2nid() to
obtain the NID if the curve name is in t
Dear Timo,
I'm aware of Simo Sorce (in CC) efforts in this area:
https://github.com/simo5/libp11/tree/ossl3provider
On Tue, Jun 28, 2022 at 7:45 AM Timo Teras wrote:
> Hi all,
>
> I am looking into implementing an OpenSSL 3 PKCS#11 Provider. Similar
> to libp11 engine, but targetting the new
Thanks for the answer - Ii found out that it has todo with the -static
flag.
My rationale was that I wanted to have openSSL statically compiled into
my code, so its to be used easier in the transition period where
OpenSSL3 is not yet rolled out in major distributions.
With dynamic linkage, it
Hi again Beni,
On Wed, 2022-06-22 at 08:29 +0200, Benedikt Hallinger wrote:
> Hi David and thank you for your advice and example.
my pleasure.
I was about to send a slightly improved version of my example code
regarding the use of proxies and the expected content type - see
attached
and an extend
Hi David and thank you for your advice and example.
I tried to compile it, run onto errors tough.
I just put the file into my openssl source tree, which is on commit:
commit 9e86b3815719d29f7bde2294403f97c42ce82a16 (HEAD,
origin/openssl-3.0)
Author: Randall S. Becker
Date: Tue Jun 14 06:10:5
This does not mean we wouldn't be interested in having better iOS
support if someone was willing to contribute.
Paul Dale
On 3/2/22 5:38 pm, pa...@openssl.org wrote:
The FIPS provider will likely not work with iOS as it currently stands.
The development team are not up to speed on iOS and n
The FIPS provider will likely not work with iOS as it currently stands.
The development team are not up to speed on iOS and not much effort was
put into supporting it (or Android for the same reason). We didn't even
get remotely close to having code signed.
Paul Dale
On 27/1/22 4:41 am, K
On 12/11/21 4:02 am, Kory Hamzeh wrote:
I am writing the FIPS DRBG AVS per NIST SP800-90A. I have some questions.
1. Is the TEST-RAND ok for nist test? I am planning to basically follow the
steps in test/acvp_test.c:drbg_test(), but the data is read in from a file
rather than an in memory s
unsubscribe
Get Outlook for iOS<https://aka.ms/o0ukef>
From: openssl-users on behalf of Dr Paul
Dale
Sent: Wednesday, November 10, 2021 2:20:03 PM
To: openssl-users@openssl.org
Subject: Re: OpenSSL-3.+ how to configure [random]?
I'm pretty sure the
On 11/10/21, 15:20, "openssl-users on behalf of Dr Paul Dale"
wrote:
>
> I'm pretty sure the underlying problem is that there is a call to
> RAND_set_rand_method() or RAND_set_rand_engine() occurring (likely the
> latter).
Probably...
> These completely replace the built in RNG infrastruc
I'm pretty sure the underlying problem is that there is a call to
RAND_set_rand_method() or RAND_set_rand_engine() occurring (likely the
latter).
These completely replace the built in RNG infrastructure with the
RAND_METHOD/engine. If the engine then fails to produce output for any
reason, t
Yes, it's related to https://github.com/openssl/openssl/issues/16996, and yes -
the same solution worked.
There's something wrong with how PKCS#11 engine deals with (or presents itself
as) rand provider.
In any case, removing PKCS#11 engine from the [engines] section alleviated this
problem.
T
Just chiming in quickly to mention that this could be related to
https://github.com/openssl/openssl/issues/16996
Nicola
On Wed, Nov 10, 2021 at 10:33 AM Tomas Mraz wrote:
>
> On Wed, 2021-11-10 at 03:38 +, Blumenthal, Uri - 0553 - MITLL
> wrote:
> > On 11/9/21, 22:23, "Dr Paul Dale" wrote:
On Wed, 2021-11-10 at 03:38 +, Blumenthal, Uri - 0553 - MITLL
wrote:
> On 11/9/21, 22:23, "Dr Paul Dale" wrote:
>
> > Currently I've no idea and can't reproduce locally :(
>
> Maybe you'd know how to force the "-engine rdrand" path through
> "openssl.cnf"?
>
> > A rogue configuration
On 11/9/21, 23:07, "Dr Paul Dale" wrote:
>There is documentation:
> https://www.openssl.org/docs/man3.0/man5/config.html
Yes, I know. Alas, it's not helpful at all. RDRAND is an *engine*, but it does
not seem to have a "separate" physical presence, like a shared library. For
other engines
There is documentation: https://www.openssl.org/docs/man3.0/man5/config.html
I don't think the rdrand engine takes any extras.
Pauli
On 10/11/21 1:38 pm, Blumenthal, Uri - 0553 - MITLL wrote:
On 11/9/21, 22:23, "Dr Paul Dale" wrote:
Currently I've no idea and can't reproduce locally :(
On 11/9/21, 22:23, "Dr Paul Dale" wrote:
>Currently I've no idea and can't reproduce locally :(
Maybe you'd know how to force the "-engine rdrand" path through "openssl.cnf"?
>A rogue configuration file could cause the DRBGs/seeds to fail. Do you
>have seed=rdrand line in the rand
Currently I've no idea and can't reproduce locally :(
A rogue configuration file could cause the DRBGs/seeds to fail. Do you
have seed=rdrand line in the random section? That will cause the
seeding source to fail to load at all.
Pauli
On 10/11/21 1:10 pm, Blumenthal, Uri - 0553 - MITLL wr
Thank you!
I'm trying to:
a. understand why something like "openssl-3 rand -hex 4" does not work (returns
empty string), but "openssl-3 rand -engine rdrand -hex 4" works fine, and gives
me my random bytes - here's an illustration
$ openssl3 version
OpenSSL 3.1.0-dev (Library: OpenSSL 3.1.0-de
Currently there is exactly one seed source that is usable in OpenSSL
3.0: "SEED-SRC". It is documented in EVP_RAND-SEED-SRC. The reason the
seed source can be set is to allow you to use a third party provider
than includes one.
If you want to force RDRAND as the only seeding source, this nee
On Tue, 2021-09-14 at 21:46 -0700, Kory Hamzeh wrote:
> I have written a custom provider which I need to include (link) with
> my Application at link time rather than load it at run-time. The init
> function is defined like this:
>
> OSSL_provider_init_fn sck_provider_init;
>
> int sck_provider_i
On Fri, Jul 02, 2021 at 04:12:29PM +0200, Tomas Mraz wrote:
> On Fri, 2021-07-02 at 07:53 -0600, The Doctor wrote:
> > So far working better with openssh 8.6 .
> >
> > Ruby 2.7 and rust is of concern.
>
> Language bindings are expected to require some minor changes to be able
> to properly work w
On Fri, 2021-07-02 at 07:53 -0600, The Doctor wrote:
> So far working better with openssh 8.6 .
>
> Ruby 2.7 and rust is of concern.
Language bindings are expected to require some minor changes to be able
to properly work with OpenSSL 3.0. Hopefully the maintainers of these
language bindings foll
On Wed, Aug 05, 2020 at 04:49:36PM +0300, me...@cyberia.net.sa wrote:
>
>
> Hello,
>
>
>
>
>
> I have sucesfully installed openssl 3.x version but when I was trying to
> check the version wheather it installed sucesfully or not, it gives error as
> below , any assistance would be highly
On 12/05/2020 15:35, Billy Brumley wrote:
> Howdy Folks,
>
> I checked https://www.openssl.org/policies/releasestrat.html but did
> not manage to find an answer.
>
> At what stages is marking a function deprecated still allowed? Only
> before beta? Or at all stages? Or is it case-by-case with
On 07/05/2020 01:22, Norm Green wrote:
> All tests on AIX fail like this. Is this a known issue? What debugging
> information is needed? Should I open an issue on github?
Yes - please open an issue on github.
>
> Also note I had to set LD_LIBRARY_PATH to the SSL build directory to get
> th
I would have to build a new perl from source, but the perl I'm using
meets the requirements.
I built the current version (5.24.0) from a source a while back when
openssl started requiring at least 5.10.0.
Tests pass on the same machine with openssl 1.1.1 .
On 5/6/2020 5:33 PM, Benjamin Kadu
On Wed, May 06, 2020 at 05:22:17PM -0700, Norm Green wrote:
> All tests on AIX fail like this. Is this a known issue? What debugging
> information is needed? Should I open an issue on github?
>
> Also note I had to set LD_LIBRARY_PATH to the SSL build directory to get the
> tests to run at all.
28 matches
Mail list logo
