pointing to function
pointers. How to find them? Do I need to implement Mutex lock here?
Thanks & Regards,
Damodhar.
+91-7702191212
General
From: openssl-users On Behalf Of Damodhar
Boddukuri via openssl-users
Sent: Friday, July 26, 2024 5:33 PM
To: Neil Horman
Cc: openssl-users@openssl
NFIG
OPENSSL_NO_RDRAND
OPENSSL_NO_PADLOCKENG
OPENSSL_NO_AFALGENG
OPENSSL_NO_STATIC_ENGINE
Thanks & Regards,
Damodhar.
+91-7702191212
General
From: Neil Horman
Sent: Wednesday, July 24, 2024 11:04 PM
To: Damodhar Boddukuri
Cc: openssl-users@openssl.org
Subject: Re: compile openssl for Arm A9 &
Hi OpenSSL user,
I am trying to compile "openSSL cross compilation for target "vxworks-armv7a"
in Windows platform":
The target compiler is ccarm.exe
Approach-1:
In Linux platform, Added the following target details in 10-main.conf file and
ran the ./config . It generat
Howdy,
But my question is why q is not 160 bits but instead 224 bits was used by
openssl since the FIPS 186 standard clearly says to use q size 160 bits for p
size 1024 bits?
Can someone familiar with the topic, clarify my doubt please? Maybe I missed
some fine points in the standard
At this point you really are going to need to dig into the VxWorks
documentation to figure out what compiler flags and include files you need
to set to get this all to work. It may require some openssl code changes
to use your compiler/build environment
On Wed, Jul 24, 2024 at 12:51 PM Damodhar
no-threads no-ts no-ui-console no-whirlpool no-asm
-DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT
>nmake
"ccarm" -g -fno-builtin -t7 -mfpu=vfp -mfloat-abi=softfp -ansi
-fno-zero-initialized-in-bss -Wall -DCPU=_VX_ARMARCH7 -DTOOL_FAMILY=gnu
-DTOOL=gnu -D_WRS_KERNEL -DARMEL -DCP
DSA param
generation, key generation and cert generation using openssl.
As per the book, the recommended size for p and q values are:
p = 1024 bits, q = 160 bits
p = 2048 bits, q = 224 bits
p = 3072 bits, q = 256 bits.
>From the book, I also understand that the length of the DSA signature r and
s
If you're trying to build on windows, you don't want to inherit from
BASE_unix, you want to inherit from BASE_Windows
On Tue, Jul 23, 2024 at 8:40 PM Damodhar Boddukuri <
damodhar.bodduk...@non.se.com> wrote:
>
>
> Hi,
>
>
>
> Thank you for the support.
&g
**
*We are announcing changes to the OpenSSL governance structure to
enhance community engagement and strengthen our commitment to our
Mission and Values <https://openssl-mission.org/>. These changes are
part of our ongoing journey to empower and provide more opportunities
and mechanis
*
Secure communication is vital in today's digital world, but it sometimes
slows down your applications. We invite you to an insightful webinar on
optimizing application performance using OpenSSL. This session is
designed for individuals seeking to enhance the security and efficienc
Hi,
Thank you for the support.
I am trying to compile “openSSL cross compilation for target "vxworks-armv7a"
in Windows platform”:
The target compiler is ccarm.exe
Approach-1:
In Linux platform, Added the following target details in 10-main.conf file and
ran the ./config . It gen
We are announcing a change in how communication and collaboration will take
place within
the OpenSSL community. Effective August 1st, 2024, the OpenSSL mailing
lists will migrate
to Google Groups. This transition is designed to streamline communication
channels and
simplify our infrastructure
/ppc/PPC32/common"), <= Set this to your
vxworks library path
ex_libs => add("-Wl,--defsym,__wrs_rtp_base=0xe000"),
<= Probably leave this alone too
},
On Wed, Jul 17, 2024 at 12:42 PM Damodhar Boddukuri via openssl-users <
openssl-users@openss
Hi openSSL users,
I would like to port openssl for Arm A9 & VxWorks Target. If someone can share
the details, Its really helpful for me.
Thanks in advance.
Thanks & Regards,
Damodhar.
+91-7702191212
General
Hi,
I am working to package OpenSSL 3.1.x with my product.
As I prefer to be FIPS complaint, I would like to use FIPS module from
OpenSSL 3.0.9.
1) From the Documentation(
https://github.com/openssl/openssl/blob/master/README-FIPS.md) , what I
understood is,
I need to build and
algorithm function has the
following parameters:encrypt_init(void *ctx, void *key, const OSSL_PARAM
params[])But I do not know what openssl core provides by the key pointer3) How
to make sure that my RSA provider takes precedence over the built-in one?I
would appreciate your helpTom
Hello.
#?1|kent:tmp$ x=U2FsdGVkX19hzr7eekkcCcfeydWYK7HAeLr2lRPThis
[ ^ $? of last command]
#?0|kent:tmp$ printf ${x}= | openssl enc -aes256 -k "dubidada" -a -A -pbkdf2
-d
#?0|kent:tmp$ printf ${x}=t | openssl enc -aes256 -k "dubidada" -a -A -pbkdf2
-d
#?0|kent
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [27th June 2024]
==
SSL_select_next_proto buffer overread (CVE-2024-5535)
=
Severity: Low
Issue summary: Calling the OpenSSL API
On Wednesday, April 17th, 2024 at 6:57 AM, Michael Wojcik via openssl-users
wrote:
> > From: Turritopsis Dohrnii Teo En Ming teo.en.m...@protonmail.com
> > Sent: Monday, 15 April, 2024 07:36
> >
> > > > From: openssl-users openssl-users-boun...@openssl.org On
On 09/06/2024 19:59, Dennis Clarke via openssl-users wrote:
On 5/30/24 11:15, Michael Wojcik via openssl-users wrote:
From: openssl-users On Behalf Of
Dennis
Clarke via openssl-users
Sent: Thursday, 30 May, 2024 07:29
OKay, thank you. I guess today is a good day to test on a few oddball
Hi, I have a requirement to support the TLS status_request_v2 extension for
TLS 1.2 (rfc6961) using OpenSSL 3.x...
Looking at the API I've successfully used SSL_CTX_add_custom_ext() to add
the extension to the client hello, my server code is also picking this and
generating the extension i
:
008C96F90100:error:1C880004:Provider routines:rsa_verify:RSA
lib:providers/implementations/signature/rsa_sig.c:785:
License key is invalid
```
Do you have any idea of how to solve this new error? any guidance?
On Mon, Jun 10, 2024 at 11:52 PM Thomas Dwyer III via openssl-users <
openssl-us
hub.com/christiangda/LicenseValidator__;!!ACWV5N9M2RV99hQ!NbxXgIkXi0CHG7PAehmOM_k1dXimFAfepGUTqIqQlJDfvxHviaWiNf3Cq45qlpW8zwSBX6jMtdkdlo7VlA9bse82$> to
validate a hypothetical |program license| using OpenSSL 3.1 Library
<https://urldefense.com/v3/__https://wiki.openssl.
lidator> to validate a
hypothetical program license using OpenSSL 3.1 Library
<https://wiki.openssl.org/index.php/OpenSSL_3.0>, and when I tried to
validate the licensed content I got the following error:
Failed to verify license
008C1AF90100:error:0277:rsa routines:ossl_rsa_ve
On Sat, Jun 08, 2024 at 08:12:57AM -0400, Neil Horman wrote:
> > I see someone at
> > https://github.com/openssl/openssl/issues/13382#issuecomment-1181577183
> > with a similar concern suggested -macopt keyfile:file
The requested feature (explicit keyfile option) makes sense
On 5/30/24 11:15, Michael Wojcik via openssl-users wrote:
From: openssl-users On Behalf Of Dennis
Clarke via openssl-users
Sent: Thursday, 30 May, 2024 07:29
OKay, thank you. I guess today is a good day to test on a few oddball
system architectures. I suspect there are very very few people out
On 6/8/2024 5:12 AM, Neil Horman wrote:
printf '%s' "hello" | LD_LIBRARY_PATH=$PWD ./apps/openssl dgst -sha1
-hmac $(cat key.txt)
SHA1(stdin)= c3b424548c3dbd02161a9541d89287e689f076d7
That will expose the key in the process args, so is NOT secure.
--
Carson
the openssl-mac utility already contains such a option (though it doesn't
circumvent the issue as the option for the key is also passed on the
command line)
It seems some bash magic solves this problem though. By putting your key
in a file, you can use command substitution to solve
nd arguments)?
[...]
I see someone at
https://github.com/openssl/openssl/issues/13382#issuecomment-1181577183
with a similar concern suggested -macopt keyfile:file
--
Stephane
2022-08-07 18:20:56 +0200, Francois:
[...]
> I am reading some doc instructing me to run
>
> printf '%s' "${challenge}" | openssl dgst -sha1 -hmac ${APP_TOKEN}
>
> Doing so would leak the APP_TOKEN on the command line arguments (so a
> user running
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 3.1.6 released
==
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 3.1.6 of our open source
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 3.0.14 released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 3.0.14 of our open
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 3.3.1 released
==
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 3.3.1 of our open source
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 3.2.2 released
==
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 3.2.2 of our open source
ards,
Vishal
General
-Original Message-
From: openssl-users On Behalf Of Viktor
Dukhovni
Sent: Friday, May 31, 2024 06:14 PM
To: openssl-users@openssl.org
Subject: Re: Issue in DH Algorithm Keys Generation in OpenSSL 3.3.0
[External email: Use caution with links and attachm
Hello everyone, I want to contribute my source code to openssl, But I am in
trouble:
When building openssl with MinGW64, make test is hung up
<https://github.com/openssl/openssl/issues/24436>.
For so many days, nobody has replied to me, I value your feedback.
On Fri, May 31, 2024 at 07:47:40AM +, Vishal Kevat via openssl-users wrote:
> Hi OpenSSL users,
>
> I am using OpenSSL source version 3.3.0 and facing an issue in key generation
> part of Diffie Hellman (DH) Algorithm. Below are the APIs I am using for
> generating Public a
On Fri, May 31, 2024 at 12:39:12PM +, Vishal Kevat via openssl-users wrote:
> Is there any way to make this prime number work by doing some
> modifications in the openssl source code.
It ISN'T a *prime* number.
> Like bypassing the OpenSSL DH prime check?
Why do you want to u
Hi Viktor,
Is there any way to make this prime number work by doing some modifications in
the openssl source code.
Like bypassing the OpenSSL DH prime check?
Regards,
Vishal
General
-Original Message-
From: openssl-users On Behalf Of Viktor
Dukhovni
Sent: Friday, May 31, 2024 03:01
On Fri, May 31, 2024 at 07:47:40AM +, Vishal Kevat via openssl-users wrote:
> I am using OpenSSL source version 3.3.0 and facing an issue in key
> generation part of Diffie Hellman (DH) Algorithm. Below are the APIs I
> am using for generating Public and Private Keys:
>
>
Hi OpenSSL users,
I am using OpenSSL source version 3.3.0 and facing an issue in key generation
part of Diffie Hellman (DH) Algorithm. Below are the APIs I am using for
generating Public and Private Keys:
static unsigned char DH_PRIME_128[] = { /* 128 bit prime */
0xff, 0xff, 0xff, 0xff
> From: openssl-users On Behalf Of Dennis
> Clarke via openssl-users
> Sent: Thursday, 30 May, 2024 07:29
>
> OKay, thank you. I guess today is a good day to test on a few oddball
> system architectures. I suspect there are very very few people out there
> running actual HP
On 5/30/24 03:03, Tomas Mraz wrote:
You can just test the HEAD commits in the respective branches (openssl-
3.0, openssl-3.1, openssl-3.2 and openssl-3.3) in git. The repository
will be frozen today afternoon so there should be no further changes
apart from eventual regression fixes and the
You can just test the HEAD commits in the respective branches (openssl-
3.0, openssl-3.1, openssl-3.2 and openssl-3.3) in git. The repository
will be frozen today afternoon so there should be no further changes
apart from eventual regression fixes and the release commits.
Regards,
Tomas Mraz
On 5/28/24 08:51, Tomas Mraz wrote:
The OpenSSL project team would like to announce the upcoming release of
OpenSSL versions 3.3.1, 3.2.2, 3.1.6 and 3.0.14.
Will there be any release candidate tarballs for testing on various
systems? Perhaps there already exists some commit or &quo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [28th May 2024]
=
Use After Free with SSL_free_buffers (CVE-2024-4741)
Severity: Low
Issue summary: Calling the OpenSSL API
The OpenSSL project team would like to announce the upcoming release of
OpenSSL versions 3.3.1, 3.2.2, 3.1.6 and 3.0.14.
We will be also releasing extended support OpenSSL version
1.1.1y which will be available to premium support customers.
These releases will be made available on Tuesday 4th
Hi,
I observed that openssl(3.2.1) currently doesn't provide a way(this is my
understanding :P) to do complete record processing in one go instead of
doing it in multiple APIs/functions. This record processing feature allows
for HW implementations to do complete SSL record processing withou
Hi!
Sorry, when I try to click the links, I am offered to download something.
Is it intentional?
On Tue, 21 May 2024, 19:48 Kajal Sapkota, wrote:
> *Hi All,*
>
>
>
>
>
>
>
>
> * We are pleased to announce our upcoming webinar, Getting Started with
> QU
**
*Hi All,*
*
We are pleased to announce our upcoming webinar, Getting Started with
QUIC and OpenSSL.
In this brief yet comprehensive session, we'll dive into the basics of
QUIC and guide you through implementing a simple client using the QUIC
OpenSSL API. By the end of this we
On 5/16/24 08:28, Neil Horman wrote:
Glad its working a bit better for you. If you are inclined, please feel
free to open a PR with your changes for review.
Well, the changes are *really* trivial. Necessary and trivial.
--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [16th May 2024]
=
Excessive time spent checking DSA keys and parameters (CVE-2024-4603)
=
Severity: Low
Issue
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [16th May 2024]
=
Excessive time spent checking DSA keys and parameters (CVE-2023-3446)
=
Severity: Low
Issue
stream_map.c) and just declare a prototype in
> > the quic_stream_map.h header, so as to avoid the unneeded symbol
> > resolution. You would have to lather rinse repeat with the other
> missing
> > symbols of course.
> >
> > As to your prior question about how long th
toform you are building on is on our unadpoted platform list:
https://www.openssl.org/policies/general-supplemental/platforms.html
And while we endeavor to keep openssl building on as many platforms as
possible, its not feasible to cover all the currently
unmaintained platforms. You do have some
al/platforms.html
And while we endeavor to keep openssl building on as many platforms as
possible, its not feasible to cover all the currently
unmaintained platforms. You do have some agency here however. If you are
willing and interested, you could volunteer to be a community platform
maintain
d I am able to get a good
result if I go with "no-quic" in the config :
hubble $ $PERL ./Configure solaris64-sparcv9-cc \
> --prefix=/opt/bw no-asm no-engine shared zlib-dynamic \
> no-quic enable-weak-ssl-ciphers -DPEDANTIC 2>&1
Configuring OpenSSL version 3.3.0 for target
Hello openssl-users,
My team and I have identified some Minerva attack[1] side channels in
various architectures. We are using statistical analysis to identify such
side channels. For each architecture we have tested and found out, it is
vulnerable we have created an upstream issue ( Intel[2
PM Dennis Clarke via openssl-users
mailto:openssl-users@openssl.org>> wrote:
On 4/9/24 08:56, OpenSSL wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
>
> OpenSSL version 3.3.0 released
> ==
there really is not any libatomic support. Well, there is
sort of but it is a hack. Given how portable the code is there must be a
configuration option somewhere to disable the need for those atomic ops.
Meanwhile, OpenSSL 3.0.x builds and tests flawlessly but ... how
long will that
We added support for RCU locks in 3.3 which required the use of atomics (or
emulated atomic where they couldn't be supported), but those were in
libcrypro not liberal
On Sun, May 12, 2024, 7:26 PM Dennis Clarke via openssl-users <
openssl-users@openssl.org> wrote:
>
> On 4/9/
On 4/9/24 08:56, OpenSSL wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 3.3.0 released
==
Trying to compile this on an old Solaris 10 machine and over and over
and over I see these strange things as Undefined symbols
Is anyone out there building OpenSSL for a FreeRTOS system? If so, was it a
difficult port, and what are the main changes that were necessary?
Thank you.
- Steve Wall
That is the master branch CHANGES.md. It will be synced later.
For the 3.1 changes please look at the CHANGES.md in the openssl-3.1
branch and/or inside the alpha tarball.
Tomas
On Thu, 2022-12-01 at 15:15 +, Kenneth Goldman wrote:
> The changes show a jump from 3.0 to 3.2
>
&
The changes show a jump from 3.0 to 3.2
https://github.com/openssl/openssl/blob/master/CHANGES.md
smime.p7s
Description: S/MIME cryptographic signature
e still applies and
> migration from 3.0 to 3.1 should be just seamless.
>
> Tomas
>
>
> On Thu, 2022-12-01 at 09:40 -0500, Felipe Gasper wrote:
>> AFAICT, the migration guide doesn’t actually seem to mention upgrades
>> to 3.1.
>>
>> -FG
>>
>&g
t;
> -FG
>
>
> > On Dec 1, 2022, at 09:00, OpenSSL wrote:
> >
> > -BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA256
> >
> >
> > OpenSSL version 3.1 alpha 1 released
> >
> >
> >
AFAICT, the migration guide doesn’t actually seem to mention upgrades to 3.1.
-FG
> On Dec 1, 2022, at 09:00, OpenSSL wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
>
> OpenSSL version 3.1 alpha 1 released
> ====
&
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 3.1 alpha 1 released
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
OpenSSL 3.1 is currently in alpha.
OpenSSL 3.1 alpha 1 has now been made available
Hi team,
Do you know how to programmatically specify the path of fipsmodule.cnf and load
it in application without using openssl.cnf in OpenSSL 3.0?
Historically, my product uses customized OpenSSL and doesn't have an
openssl.cnf.
I need to use FIPS module, and I try to load it, it fails un
> From: Steven_M.irc
> Sent: Thursday, November 24, 2022 21:21
> > This is not true in the general case. There are applications which are
> > available on Linux which do not use the
> > distribution's package manager. There are applications which use their own
Steven_M.irc via openssl-users wrote:
> Hi Michael, Thanks very much for replying to my e-mail/post. I
> apologize for the lateness of my reply.
>> This is not true in the general case. There are applications which are
>> available on Linux which do not use
On Friday, 25 November 2022 05:21:00 CET, Steven_M.irc via openssl-users
wrote:
Hi Michael,
Thanks very much for replying to my e-mail/post. I apologize
for the lateness of my reply.
This is not true in the general case. There are applications
which are available on Linux which do not use
Hi all,
I have created small server application ssl based Data sharing to
the Public. i faced Handling the incoming connection. if multiple
connections are arrived. i ready accept . if and creating the New thread
. data send backandforth . i facing issue if 2 or 3 client has arrived
s
, Job Cacka wrote:
> Michael's point should be asked and answered first for your environment.
>
> To find all of the OpenSSL bits used on a windows system you would use
> Powershell or a tool that flexes its use like PDQ Inventory. There is a
> steep learning curve and it i
use their own OpenSSL build, possibly linked
> statically or linked into one of their own shared objects or with the OpenSSL
> shared objects renamed. Linux distributions have not magically solved the
> problem of keeping all software on the system current.
That's dishearteni
Am 11.11.2022 um 17:44 schrieb Matt Caswell:
On 11/11/2022 12:41, f...@plutonium24.de wrote:
My apologies. I tested the code you supplied and of course it also fails with 1.1.1. The
code was changed without my knowledge when updating to 3.0 and the version that was
working used the depre
A good question.
In a nut shell: the 3.0.0 FIPS provider is designed to work with all
3.0.x releases. We actively test this as part of our CI loops and it's
the way to claim FIPS compliance when using OpenSSL 3.0.7. You need to
build 3.0.7 (with or without FIPS support) and the 3.0.0
The OpenSSL project has obtained certificate #4282
<https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4282>
from NIST for the FIPS provider. Nice. However, the certificate and
accompanying security policy specifically list version 3.0.0 while the
current rele
Michael's point should be asked and answered first for your environment.
To find all of the OpenSSL bits used on a windows system you would use
Powershell or a tool that flexes its use like PDQ Inventory. There is a
steep learning curve and it is probably off topic for this group but ther
> From: openssl-users on behalf of
> Steven_M.irc via openssl-users
> Sent: Monday, November 21, 2022 15:56
> However, I am running Windows 10, and since (unlike Linux) every piece of
> software outside of Windows itself
> needs to be updated individually, I don't
Hi All,
A few weeks ago I sent this e-mail to the group:
https://mta.openssl.org/pipermail/openssl-users/2022-November/015613.html I
received a couple of replies, but sadly I have been too busy to respond to
them. Regardless, I need a bit more information please.
In one of the replies, Viktor
Answering myself here. It appears this is pretty logical. Openssl 3.0 has a
"legacy" provider which is normally compiled as a separate legacy.so module
which is loaded on demand at run time. Now, when compiled with
-fvisibility=hidden, this does not work because neither side ca
Can someone please suggest if we can build OpenSSL 3.0 for iOS platform?
Don’t see iphoneos-cross under supported os/platform list.
Regards,
Madhu
Hello Jinze.
The issue doesn't come from OpenSSL. It comes from at least two buffer overruns.
In aesEncrypt:
>
> ret = EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, (const unsigned
> char*)key.c_str(), NULL);
You use key.c_str() to set the key. However, key here is &q
Dear OpenSSL Group,
Greetings. I was working on writing simple aes encrypt/decrypt wrapper
function in c++ and running into a strange problem. The minimal reproducible
examples in gist seems working fine but when i uncomment lines 90-92, it will
fail to decrypt randomly. Can someone help me
On 11/11/2022 12:41, f...@plutonium24.de wrote:
My apologies. I tested the code you supplied and of course it also fails
with 1.1.1. The code was changed without my knowledge when updating to
3.0 and the version that was working used the deprecated
"EC_POINT_point2oct". During my test I mi
On 11/11/2022 00:49, James Muir wrote:
On 2022-11-10 18:35, f...@plutonium24.de wrote:
I have been using EVP_PKEY_get_raw_public_key with OpenSSL 1.1.1
without any problems to extract a raw public key (secp521r1, NIST
curve P-521). With OpenSSL 3.0 this fails. I'm using this call t
On 2022-11-10 18:35, f...@plutonium24.de wrote:
I have been using EVP_PKEY_get_raw_public_key with OpenSSL 1.1.1 without
any problems to extract a raw public key (secp521r1, NIST curve P-521).
With OpenSSL 3.0 this fails. I'm using this call to get the raw public
key and to compare it w
I have been using EVP_PKEY_get_raw_public_key with OpenSSL 1.1.1 without
any problems to extract a raw public key (secp521r1, NIST curve P-521).
With OpenSSL 3.0 this fails. I'm using this call to get the raw public
key and to compare it with a reference value I have and I also check
tha
We have a Linux application which can load a lot of different .so modules at
runtime, which in turn might be contain various third-party libraries. In the
past we have seen the problems that there might appear different binarily
incompatible openssl versions in the process memory, which might
On Tuesday, 8 November 2022 08:51:32 CET, Matthias Apitz wrote:
El día martes, noviembre 08, 2022 a las 08:26:54a. m. +0100,
Tomas Mraz escribió:
Hi,
Red Hat patches its OpenSSL implementation with some additional API
calls. That means you cannot use builds from an unpatched upstream
OpenSSL
noviembre 08, 2022 a las 08:26:54a. m. +0100, Tomas
> Mraz escribió:
>
> > Hi,
> >
> > Red Hat patches its OpenSSL implementation with some additional API
> > calls. That means you cannot use builds from an unpatched upstream
> > OpenSSL tarball in place
El día martes, noviembre 08, 2022 a las 08:26:54a. m. +0100, Tomas Mraz
escribió:
> Hi,
>
> Red Hat patches its OpenSSL implementation with some additional API
> calls. That means you cannot use builds from an unpatched upstream
> OpenSSL tarball in place of the system libcr
Hi,
Red Hat patches its OpenSSL implementation with some additional API
calls. That means you cannot use builds from an unpatched upstream
OpenSSL tarball in place of the system libcrypto and libssl libraries.
The proper way is to always obtain updated system packages from your
vendor, i.e., Red
Hello,
We compile openssl 1.1.1l from the sources and run on RedHat 8.6 into the
problem that the system shared lib /usr/lib64/libk5crypto.so.3 misses a
symbol from openssl:
# objdump -TC /usr/lib64/libk5crypto.so.3 | grep EVP_KDF
DF *UND* OPENSSL_1_1_1b
I'd like to use OpenSSL with KTLS for websocket protocol, mainly for
receiving but also transmit. I'm using the latest version of OpenSSL from
source, with Ubuntu 20.04 and 22.04.
I currently use the regular SSL_read() and SSL_write() functions to receive
and transmit bytes. I have no
On 2022-11-04 09:14, Michael Wojcik via openssl-users wrote:
Specifically, limits.h is part of the C standard library (see e.g. ISO
9899:1999 7.10). This is a GCC issue; there's something wrong with John's GCC
installation, or how his environment configures it.
GCC often appea
> From: openssl-users On Behalf Of Matt
> Caswell
> Sent: Friday, 4 November, 2022 06:43
>
> This looks like something environmental rather than a problem with
> OpenSSL itself. /usr/lib/gcc/x86_64-linux-gnu/8/include-fixed/limits.h
> is clearly a system include file, t
include/openssl/types.h:14,
from apps/include/app_libctx.h:13,
from apps/lib/app_libctx.c:9:
/usr/lib/gcc/x86_64-linux-gnu/8/include-fixed/limits.h:194:15: fatal
error: limits.h: No such file or directory
#include_next /* recurse down to the real one
1 - 100 of 6721 matches
Mail list logo
