Re: openssl-1.0.2r
Re: openssl-fips-2.0.16
OS: Linux Mint 19.1 (Ubuntu)
I have added a shared library initializer function to cryptlib.c to force
OpenSSL into FIPS mode, without requiring a “module operator” to directly
initiate (i.e. call FIPS_mode_set(1)).
void __attribute__((constructor
I am importing some code into openssl and getting a strange build error:
make[1]: *** No rule to make target 'crypto/bn/crypto/include.o', needed by
'libcrypto.a'. Stop.
Any common ideas on what to look for (e.g., missing header file, wrong INCLUDE
settings in build.info, etc) ?
On 03/06/2019 14:35, Chitrang Srivastava wrote:
Hi,
I am porting Openssl 1.1.1b for an embedded platform.
I see that EC folder generate some of function in assembly for e.g
These functions are generated based on environment like
x86-64/ppc/armv8 etc.
Is there any C version of these function
On 30/05/2019 02:10, Michael Wojcik wrote:
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of J.
J. Farrell
Sent: Wednesday, May 29, 2019 15:02
On 29/05/2019 18:39, ramakrushna mishra wrote:
In Openssl 1.1.1, the file "rc4-ia64.pl" is missing. This cause d
On 28/05/2019 23:48, Steffen Nurpmeso wrote:
Jay Foster wrote in <84571f12-68b3-f7ee-7896-c891a2e25...@roadrunner.com>:
|On 5/28/2019 10:39 AM, Jay Foster wrote:
|> I built OpenSSL 1.1.1c from the recent release, but have noticed what
|> seems like a significant performance d
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL version 1.1.1c released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.1.1c of our open
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL version 1.1.0k released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.1.0k of our open
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL version 1.0.2s released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.0.2s of our open
Hi All,In my application I am using OPENSSL_config(NULL); call to initialize
the configuration. But it seems from openssl-1.1.1 this call is deprecated and
we should use CONF_modules_load_file call.But it will be difficult to add new
configuration file for openssl within my application
Thanks Richard, this is what I was expecting. It worked.
Configure script is not showing this option.
Configuring OpenSSL version 3.0.0-dev for target
Using os-specific seed configuration
Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx]
[-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw
./Configure linux-arm64 *no-shared*
make
make install
Thanks,
Raveendra
*From:* Dr Paul Dale [mailto:paul.d...@oracle.com]
*Sent:* Thursday, May 23, 2019 12:10 PM
*To:* Raveendra Padasalagi
*Cc:* openssl-users@openssl.org
*Subject:* Re: Compiling openssl executable as static binary
Link
Hi,
Any help/pointers on compiling openssl library to generate static version
of openssl executable for ARM64 bit linux platform will help.
Thanks,
Raveendra
On 22/05/2019 19:32, Dennis Clarke wrote:
Good options inspired by other cryptographic libraries include:
- Number of bits of entropy passed in call (For example, a
perfectly balanced coin flipper could provide the 4 byte
values "head" or "tail" with an entropy of 1 bit).
Let's drop the
On 21/05/2019 16:44, Salz, Rich via openssl-users wrote:
When I overhauled the RAND mechanism, I tried to deprecate this use of floating
point, in favor of just a number from 0 to 100 but was voted down.
It *is* stupid. Luckily, on a modern system with system-provided randomness to
seed
>Then just set it to 1.0 and be done with it.
>That hardly helps on systems that don't have floating point at all.
No it doesn't. Such systems aren't supported by OpenSSL. There are many
places were floating point is used/supported.
Removing the second arg to RA
>If it's a sarcasm, I'm missing the point.
I was't being sarcastic, I was trying to show that the team, recently, still
liked the use of floating point.
>There are use cases when one wants to mix/add extra randomness from, e.g.,
> an external source (that, for whatever reasons, is
When I overhauled the RAND mechanism, I tried to deprecate this use of floating
point, in favor of just a number from 0 to 100 but was voted down.
It *is* stupid. Luckily, on a modern system with system-provided randomness to
seed the RNG, you never need this call.
Hello,
I am working on a Solaris 11.4 x86 64bit virtual server. There are no specific
applications loaded on it yet. I am preparing it to be a BIND server
eventually.
To that end, I downloaded and installed OpenSSL 1.1.1b so I have the latest and
greatest to work with.
The installation
Hi All,
I am in process of using TLS1.3 using openssl 1.1.1b version in my client
application. In order to use session resumption, I have implemented an external
cache when acting as the client. The key to the cache is combination of host
and port and the value associated is SSL_SESSION
.
Only deviations from the official process in creating the
fipscanister invalidates the FIPS validation.
The FIPS-capable OpenSSL is "outside the boundary" of the
FIPS module and can be changed at will. This is why a new
FIPS validation is not needed every time OpenSSL releases
a bugfix
llow
for session resumption on other nodes in a cluster.
- Added logging the list of active connections on
SIGUSR2 or with Windows GUI.
- Logging of the assigned bind address instead of the
requested bind address.
* Bugfixes
- Service threads are terminated before OpenSSL cleanup
t
On 14/05/2019 18:39, Michael Wojcik wrote:
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Karl Denninger
Sent: Tuesday, May 14, 2019 09:22
On 5/14/2019 09:48, Michael Wojcik wrote:
I can't think of what remnant of the old certificate would be there,
except
used in safestack.h and
lhash.h to omit them.
I see there is also
# elif defined(__SUNPRO_C)
#pragma weak getisax
in crypto\sparcv9cap.c
so maybe that needs consideration too.
Regards,
John.
-Original Message-
From: openssl-users On Behalf Of John
Unsworth
Sent: 10 May 2019 16:
Hi,
After upgrading openssl to 1.1.1b, I am getting compilation errors in the
openssh code.
Does Openssh 7.9p1 and above versions support building against the openssl
1.1.1b version?
In Openssh release notes, below note is mentioned:
All: support building against the openssl-1.1 API (releases
Hi Richard,
When I executed "make" in openssl directory, opensslconf.h file is
generated. When I do "make" in our projects build directory, opensslconf.h
is not generated.
is this file generated by Configure command or make command?
On Mon 13 May, 2019, 10:56 PM Richard Levi
Hi Richard,
I have extracted tar file and executed Configure command. Do we need to set
anything before Configure?
On Mon 13 May, 2019, 7:33 PM Richard Levitte, wrote:
> What else did you do other than configuring?
>
> Cheers
> Richard
>
> Samiya Khanum via openssl-users skr
Hi,
Earlier our application used openSSL version 1.0.2n. We want to upgrade to
1.1.1b.
When I compile openssl, I see "opensslconf.h" not found error.
../../../../vendor/openssl/include/openssl/e_os2.h:13:34: fatal error:
openssl/opensslconf.h: No such file or directory
With below
(hotmail.com,
live.com,
outlook.com etc.). This service load balances connections between many
servers
which cab give different results for each try.
On 10/05/2019 17:01, Chandu Gangireddy wrote:
Dear OpenSSL Users,
At my corporate environment, I'm experience a challenge to use openssl
s_client
2019, at 3:33 pm, Sunghyun Park <mailto:sun...@umich.edu>> wrote:
Nice to meet you all :)
I faced a problem while building assembly code in OpenSSL (e.g.,
crypto/x86_64cpuid.s) with Emscripten.
Since Emscripten does not support compilation for assembly code (As
far as I know), I'm
> Could you please look into the program and let me know if anything I am
> doing wrong ?
> Or else What could be the issue ?
Sorry, no not me. Maybe someone else on the list has ideas.
So now you know where to start looking, I guess. You might also change your
test program so that it calls the functions multiple times, to “smooth out” the
overhead.
I would start with doing profiling on old and new versions to see where the
slowdown is.
early_cb), I thought about whether I wanted to add a
dedicated API just for the SNI value, due to the level of complexity
involved. I ended up not doing so in the initial submission, both
because I figured it could safely be added later as an incremental
change, and because I was worried (IIRC) abou
'm hoping that there is a way to get it working.
>
https://github.com/openssl/openssl/blob/OpenSSL_1_1_1b/crypto/evp/e_aes_cbc_hmac_sha256.c
This cipher is a special purpose cipher not intended for general
use. It is
specifically targeted at usage in TLS. Unless you're writing
The intent is that you replace the upper layer, CRYPTO_secure_x
What does your implementation do differently, and which platforms does it work
on?
On 26/04/2019 08:19, Richard Levitte wrote:
On Fri, 26 Apr 2019 07:05:01 +0200,
Ande Vishnuvardhan Reddy wrote:
We would like to build Openssl 1.1.1b with Borland compiler (bcc32 -
Embarcadero C++ 7.40). Seems
support for Borland is removed from 1.1.x .
It was dropped, that's true. The main
. Even without
doing this, and using -verify_return_error, openssl s_client does not
refuse to connect to the server. Why is this and what else do I have to
do to convince the system that this self signed cert is OK?
Three suggestions, depending on what git send-email and your system
does:
1
Is anyone looking at the failing CI builds? It’s been a few days now.
Hello,
I'm finding conflicting information on whether OpenSSL can perform OCSP
validation via AIA responders through a proxy. An open issue at GitHub suggests
that this is an open feature request
(https://github.com/openssl/openssl/issues/6965), however I've seen people
saying that a proxy
“*ASN1_CTX ctx*” in openssl 1.1.0g.
Also am getting error as /usr/include/openssl/asn1_mac.h:10:2: error: #error
"This file is obsolete; please update your software."
You are using the old ASN1 API which has been obsolete since 2002. Are you
reading/writing your own custom ASN1 structu
On Wed, Apr 10, 2019 at 12:13:27PM -0400, Dennis Clarke wrote:
> On 4/10/19 7:37 AM, Richard Moore wrote:
> >Hi All,
> >
> >I haven't found a way to list the supported openssl ciphers from the
> >command line (i.e. get the list of potential values for -ciphersuites). I
&
On 10/04/2019 14:28, Kingsley O wrote:
Hello,
I get the above error when trying to build openssl. I am on a x64
Windows 10 platform, using perl 5, version 26, subversion 3 (v5.26.3)
built for MSWin32-x64-multi-thread and Visual studio express for
Windows 10
The file limits is clearly
Dear OpenSSL Users,
This is my first interaction in this community.
While am trying to build the latest openssl-1.0.2r code on CE-X86 platform, it
fails with the below error:
rsa_pk1.c
.\crypto\rsa\rsa_pk1.c(296) : warning C4761: integral size mismatch in argument
conversion supplied
.\crypto
expired, but nobody really
trusts private algorithms any more. There’s too much good stuff readily
available.
To answer your other question: OpenSSL is covered by the Apache license and any
contributions should also use the same license or they will not be accepted.
And cryptography
Hello,
I want to use OpenSSL to create an X509 request where the signature has
been calculated by an external device (ATMEL ATECC508A). With OpenSSL
1.0 I used
X509_REQ *req;
req = X509_REQ_new();
algor = X509_ALGOR_new();
algor->algorithm = OBJ_nid2
On 03/04/2019 22:16, Jeremy Harris wrote:
On 02/04/2019 17:03, Viktor Dukhovni wrote:
Does the server have a temporally stable ticket decryption key?
Is this Exim? Is the server's SSL_CTX persistent and shared
across multiple connections?
Ah, right. Unlike GnuTLS, the STEK is tied to the
On 02/04/2019 10:44, Matt Caswell wrote:
On 01/04/2019 22:23, Steffen wrote:
Hello,
I believe that I have narrowed the problem down to one specific version of
OpenSSL. Version 1.1.0b works as expected while OpenSSL 1.1.0c does not.
Using the cert/data files you provided me off-list (thanks
On 25/03/2019 22:53, sebastien wrote:
hi
in a terminal I've got this error with
|openssl version openssl: /usr/lib/x86_64-linux-gnu/libssl.so.1.1:
version `OPENSSL_1_1_1' not found (required by openssl) openssl:
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1: version `OPENSSL_1_1_1'
not found
>This software however is 7 years old, we’re not in a position to drop
> everything and rewrite it.
Then don't upgrade? If it's for a CA you don't need TLS 1.3 for example.
Or take the existing OpenSSL code that works and jam it into the current
release.
Maybe because EVP_PKEY_EC designates an ECDSA key, that an EdDSA key is not
generated the same way (particularly the public part), and that the encodings
are different?
Cordialement,
Erwann Abalea
Le 15/03/2019 19:20, « openssl-users au nom de Sam Roberts »
a écrit :
It seems like
On 15/03/2019 14:33, Dennis Clarke wrote:
On 3/15/19 5:38 AM, Matthias St. Pierre wrote:
My guess is that your binary is loading the system's shared libraries.
To find out whether this is the case, try
ldd bin/openssl
If my assumption is correct, you might have to set the LD_LIBRARY_PATH
* checking for SPNEGO support in GSSAPI libraries... configure: error: in
configure: error: cannot run test program while cross compiling
See `config.log' for more details
That’s ot
Openssl library version : cyrus-sasl-2.1.27
Command used : configure --host=x86_64-unknown-freebsd9 --cache
>: configure --host=x86_64-unknown-freebsd9 --cache=config.cache --disable-ntlm
>--disable-otp --disable-sample --enable-gssapi --with-des=no
>--with-gss-impl=mit
That’s not an OpenSSL configuration, and the error you got is not from OpenSSL.
It would be really good if code being merged to master had --strict-warnings
and the mdebug backtrace stuff turned on. In the past few days there have been
a flurry of checkins that these flags would have caught.
Well, flurry is admittedly too strong. …
Hi All,
The OpenSSL version 1.1.1b chooses wrong AS(assembler) on running through
Cygwin in Windows. It chooses 'ml' instead of 'nasm'(but uses the syntax of
nasm) which causes OpenSSL build failure on Windows. The same works fine with
OpenSSL 1.1.0i version.
Looks like a bug with 1.1.1b
clause 9, then moved to clause 6.1 in 2000, and clause 6.4 in 2012).
RFC5280 is far from being that clear.
OpenSSL added some checks on GeneralizedTime/UTCTime, by enforcing RFC5280
rules. I haven't followed the source code to see if these checks also apply to
data types other than RFC5280 certi
On 06/03/2019 18:38, Jordan Brown wrote:
On 3/5/2019 1:16 PM, Yann Ylavic wrote:
Furthermore, if that scenario were a real use case, it'd mean that
libldap could initialize openssl with no regard to httpd needs,
Everybody has to play nice, but ... yes. Random libraries might need
OpenSSL
On 06/03/2019 16:17, Michael Wojcik wrote:
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Richard Levitte
Sent: Wednesday, March 06, 2019 03:07
On Wed, 06 Mar 2019 10:52:44 +0100,
Jan Just Keijser wrote:
as a follow-up: Richard's analysis/suspicion was spot
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL Security Advisory [6 March 2019]
ChaCha20-Poly1305 with long nonces (CVE-2019-1543)
==
Severity: Low
ChaCha20-Poly1305 is an AEAD cipher
the default
mid-series is probably not a good idea.
Changing the default could be considered for 3.0.
Yes please, as it stands the 1.1 series is unloadable on the most
used
openssl libraries, distros'. I find this a bit unfortunate, and more
#ifdef-ery to come (though I'd like the OPENSSL_INIT_[NO_
Can we take OpenBSD code and put it under the Apache license?
On 01/03/2019 12:38, Chethan Kumar wrote:
Dear all,
In need of some assistance. I compiled openssl1.1.1b on Debian and
executed openssl commands on another Debian machine.
Its giving below error:
openssl: */lib/i386-linux-gnu/libc.so.6: version `GLIBC_2.25' not
found (required by /home
Hi,
Earlier our application used OpenSSL version 1.0.2n. Now we wanted to
upgrade to 1.1.1b.
After upgrade when i compile OpenSSL, i see the following errors:
Tried to generate the Makefile with both the ways mentioned below..
But getting compilation errors as attached mainly at places
where
at libcrypto could "magically" combine two
different FIPS providers, which would be none of the two options
mentioned above.
Yes. I believe this is okay, but also that OpenSSL is not going to support
this.
>Huh? From the design document, section "Example dynamic views of
algorithm selection", after the second diagram:
An EVP_DigestSign* operation is more complicated because it
involves two algorithms: a signing algorithm, and a digest
algorithm. In general those
>I always understood "FIPS-capable OpenSSL" to refer specifically to an
OpenSSL compiled with the options to incorporate the FIPS canister
module, not just any OpenSSL build that might be used in FIPS compliant
applications (as that would be any OpenSSL
On 27/02/2019 22:18, Richard Levitte wrote:
On Wed, 27 Feb 2019 21:55:29 +0100,
Jakob Bohm via openssl-users wrote:
On 27/02/2019 20:59, Salz, Rich via openssl-users wrote:
If you change a single line of code or do not build it EXACTLY as documented,
you cannot claim to use the OpenSSL
On 27/02/2019 20:59, Salz, Rich via openssl-users wrote:
If you change a single line of code or do not build it EXACTLY as documented,
you cannot claim to use the OpenSSL validation.
I believe the context here is one I also mentioned in my comment on
the 3.0 draft spec:
- OpenSSL FIPS
If you change a single line of code or do not build it EXACTLY as documented,
you cannot claim to use the OpenSSL validation.
PREFIX/bin/openssl{.exe,}) link to the
shared library in the build tree whenever the target allows
this.
Some examples:
- Windows(all versions): This is already the system default
if the shared libraries are copied into the test program
directory, even in Windows versions that don't search th
No.
The OpenSSL FIPS Module is not written that way. It should not be permitting
any non-FIPS implementations (see Rich's email regarding a bug).
You could write your own engine, get that FIPS certified, and run it with
plain, vanilla OpenSSL.
There's a design spec out for OpenSSL 3.0.0
On 2/26/2019 6:28 PM, Hong Cho wrote:
> I see no code change between 1.0.2q and 1.0.2r.
>
> --
> # diff -dup openssl-1.0.2q openssl-1.0.2r |& grep '^diff' | awk
> '{print $4}'
> openssl-1.0.2r/CHANGES
> openssl-1.0.2r/Makefile
> openssl-1.0.2r/Makefile.org
>
-validated code,
which means that you *have* to use the OpenSSL implementation.
If you do not use the OpenSSL implementation, then you cannot claim to be FIPS
validated, and you must get your validation for your implementation.
et."
On Feb 26, 2019, at 10:40 AM, Matt Caswell
mailto:m...@openssl.org>> wrote:
On 26/02/2019 15:03, Short, Todd via openssl-users wrote:
The latest security advisory:
https://www.openssl.org/news/secadv/20190226.txt
mentions stitched vs. non-stitched ciphersuites, but doesn’t really
The latest security advisory:
https://www.openssl.org/news/secadv/20190226.txt
mentions stitched vs. non-stitched ciphersuites, but doesn’t really elaborate
on which ciphersuites are stitched and non-stitched.
"In order for this to be exploitable "non-stitched" ciphersuites must be in
use.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL Security Advisory [26 February 2019]
0-byte record padding oracle (CVE-2019-1559)
Severity: Moderate
If an application encounters a fatal protocol
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL version 1.1.1b released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.1.1b of our open
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL version 1.0.2r released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.0.2r of our open
: login (584) PC=0xb6e6ab00 Instr=0xe5951000
Address=0xd27cdc63 FSR 0x001
Kernel panic - not syncing: Attempted to kill init! exitcode=0x000b
that doesn't look like openssl problem at all, openssl may trigger it, but
only because it's using the system to its fullest potential, not because
(Resend from correct account)
On 15/02/2019 18:35, Salz, Rich via openssl-users wrote:
(as for "possibly not the FIPS provider", that's exactly right. That
one *will* be a loadable module and nothing else, and will only be
validated as such... meaning that noone can stop you fr
On 17/02/2019 14:26, Matt Caswell wrote:
On 16/02/2019 05:04, Sam Roberts wrote:
On Fri, Feb 15, 2019 at 3:35 PM Matt Caswell wrote:
On 15/02/2019 20:32, Viktor Dukhovni wrote:
On Feb 15, 2019, at 12:11 PM, Sam Roberts wrote:
OpenSSL could delay the actual shutdown until we're about
On 16/02/2019 00:02, Richard Levitte wrote:
On Fri, 15 Feb 2019 18:33:30 +0100, Lewis Rosenthal wrote:
...
I strongly encourage you to re-think this. Everyone else on this list
whose server has been properly configured to not trash legitimate
messages must now be inconvenienced by the needs of
t
invalid re FIPS)
To be pedantic: this is true only *if you are using the OpenSSL validation.*
If you are getting your own validation (such as using OpenSSL in an HSM device
or whatnot), this is not true.
> - If permitted by the CMVP rules, allow an option for
> a
On 15/02/2019 12:23, Matt Caswell wrote:
On 15/02/2019 03:55, Jakob Bohm via openssl-users wrote:
These comments are on the version of the specification released on
Monday 2019-02-11 at https://www.openssl.org/docs/OpenSSL300Design.html
General notes on this release:
- The release
extra decoration of the
messages, i.e. the list footer that's usually added and the subject
tag that indicates what list this is (I added the "openssl-users:"
that you see manually).
So IF you're filtering the messages to get list messages in a
different folder, based on the subject
These comments are on the version of the specification released on
Monday 2019-02-11 at https://www.openssl.org/docs/OpenSSL300Design.html
General notes on this release:
- The release was not announced on the openssl-users and
openssl-announce mailing lists. A related blog post was
announced
>Yes - I do expect you to be able to build just the validated source
independently of the rest of the tarball so that you could (for example)
run the
latest main OpenSSL version but with an older module.
Which means that this doesn't have to happen in the first release si
.0 code drop to start porting and a looming deadline for the
1.0.x API.
You get what you pay for. I can be harsh because I am not a member of the
OpenSSL project.
You can start by porting to 1.1.x now.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On 13/02/2019 20:12, Matt Caswell wrote:
On 13/02/2019 17:32, Jakob Bohm via openssl-users wrote:
On 13/02/2019 12:26, Matt Caswell wrote:
Please see my blog post for an OpenSSL 3.0 and FIPS Update:
https://www.openssl.org/blog/blog/2019/02/13/FIPS-update/
Matt
Given this announcement
On 13/02/2019 12:26, Matt Caswell wrote:
Please see my blog post for an OpenSSL 3.0 and FIPS Update:
https://www.openssl.org/blog/blog/2019/02/13/FIPS-update/
Matt
Given this announcement, a few questions arise:
- How will a FIPS provider in the main tarball ensure compliance
OpenSSL 1.1.1.
We really don't want to create a separate socket: we'd like to support
client requests on the same socket using either the old connection
method or TLS. We also want to support "pure" TLS, rather than some
kind of wrapped connection protocol. This means we need to
Hi all,
While trying to verify a client certificate using openssl verify with
-crl_check_all and –partial_chain options set , I get the following error:
error 8 at 1 depth lookup: CRL signature failure
error client1.pem: verification failed
Here is the command used:
openssl verify -crl_check
Hi all,
So, I found some hints on stack overflow
(https://stackoverflow.com/questions/6772465/is-there-any-c-api-in-openssl-to-derive-a-key-from-given-string)
and an implementation with pyCrypto
(https://gist.github.com/mimoo/11383475).
I still can't get the expected results but these raise some
i everyone,
I am looking for some documentation on how to pad and/or derive my
message and my key (from simple password), to mimic AES 128 ECB
en/decryption.
For a decorative purpose (no security consideration in mind), I used
openssl to encrypt a small message (less than 16 bytes) with a small
On 30/01/2019 00:11, Kurt Roeckx wrote:
On Tue, Jan 29, 2019 at 02:42:48PM -0500, Viktor Dukhovni wrote:
On Jan 29, 2019, at 2:23 PM, Rich Fought wrote:
The OpenSSL 1.1.1 ciphers manpage claims that some non-ephemeral DH ciphers are
supported:
TLS1.0:
DH-RSA-AES128-SHA
DH-RSA-AES256-SHA
Since this seems to be a certificate issue, would it be possible
to make the server log all the certificate checking steps and
errors with the failing certificates.
One obvious test would be to try connecting to the "openssl s_server"
utility with a similar configuration and lot
.
As explained above, most of that storage infrastructure is in
fact in place, but the major e-mail clients lack the code to use
it. For example the "openssl cms" command (used by some unix mail
clients, such as Mutt) doesn't have an option to specify the "as of"
date extracted from
> On Jan 7, 2019, at 11:52, Chris Fernando via openssl-users
> wrote:
>
>>
>> On Jan 7, 2019, at 09:20, Chris Fernando via openssl-users
>> wrote:
>>
>> I perused the list archives for all of 2018 and did not see anything current
>> relat
Look at the tricks openssl has to do in order to properly zeroized memory and
avoid having the compiler optimize it away.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
eed and open an issue on github? Yes, this
would be a bug-fix because "going opaque" made some things not possible.
Thanks.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
701 - 800 of 1693 matches
Mail list logo