Re: Don't build apps?
Hey Jeff, You might want to look at Arne Swabe's ics-openvpn. https://code.google.com/p/ics-openvpn/ If you are just looking for how to compile for various android chip arch's. He is using and Android.mk file which is a Make file that is specific to Android, but if you know one you can figure out the other. He also has pretty clean code on the JNI for linking (whichever you would need in an app) . Be sure to say thanks to him! Buy him a beer if its helpful! Stacy Wylie stacydevino.com Android and Mobile Design guru On Jun 11, 2014 1:02 AM, Jeffrey Walton noloa...@gmail.com wrote: Configuring with no-apps does not work either (even though it states its skipping the directory): $ ./config shared -no-ssl2 -no-ssl3 -no-comp -no-hw -no-engine -no-apps --openssldir=/usr/local/ssl/android-14/ Operating system: i686-whatever-android Configuring for android-x86 no-apps [option] OPENSSL_NO_APPS (skip dir) no-comp [option] OPENSSL_NO_COMP (skip dir) no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir) no-engine [option] OPENSSL_NO_ENGINE (skip dir) no-gmp [default] OPENSSL_NO_GMP (skip dir) no-hw [option] OPENSSL_NO_HW ... On Wed, Jun 11, 2014 at 1:49 AM, Jeffrey Walton noloa...@gmail.com wrote: I'm working with OpenSSL 1.0.1h. I'm configuring for android-x86. setenv-android.sh worked fine, and exported the following: export MACHINE=i686 export RELEASE=2.6.37 export SYSTEM=android export ARCH=x86 export CROSS_COMPILE=i686-linux-android- export ANDROID_DEV=$ANDROID_NDK_ROOT/platforms/$_ANDROID_API/$_ANDROID_ARCH/usr export HOSTCC=gcc $ echo $ANDROID_DEV /opt/android-ndk-r9/platforms/android-14/arch-x86/usr The configure looks like so: $ ./config shared -no-ssl2 -no-ssl3 -no-comp -no-hw -no-engine --openssldir=/usr/local/ssl/android-14/ However, compilation is failing because the programs are being compiled (more correctly, the missing comp.h): $ make i686-linux-android-gcc -DMONOLITH -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -mandroid -I/opt/android-ndk-r9/platforms/android-14/arch-x86/usr/include -B/opt/android-ndk-r9/platforms/android-14/arch-x86/usr/lib -O3 -fomit-frame-pointer -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c -o dhparam.o dhparam.c i686-linux-android-gcc -DMONOLITH -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -mandroid -I/opt/android-ndk-r9/platforms/android-14/arch-x86/usr/include -B/opt/android-ndk-r9/platforms/android-14/arch-x86/usr/lib -O3 -fomit-frame-pointer -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c -o enc.o enc.c enc.c:70:26: fatal error: openssl/comp.h: No such file or directory compilation terminated. make[1]: *** [enc.o] Error 1 make: *** [build_apps] Error 1 How do I stop the attempt to compile the programs? What change is made to stop building of programs during a cross-compile of, for example, Android (arm) and iOS (arm)? Thanks in advance. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: graphic arts help needed
I would be happy to do so and I sure there are several others who would as well. Do you have a specific upload location that you would like submissions to go? Stacy Wylie stacydevino.com Android and Mobile Design guru On May 8, 2014 8:03 AM, Steve Marquess marqu...@opensslfoundation.com wrote: We recently signed up our first ever Platinum sponsor (Nokia). One of the things we promised in return for that sponsorship was an OpenSSL supporter logo for their use. We don't have one and have never needed one before, now we do. If there are any artistically gifted volunteers who would like to see their creative genius immortalized in cyberspace, please drop me a line. I'm thinking of some sort of variation of our current logo, http://opensslfoundation.com/data/logo/openssl-logo.png, with Platinum sponsor lettering added. But, looks good is the only hard requirement :-) I have a PSD file of that logo too, but not the skill to use it. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com gpg/pgp key: http://openssl.com/docs/0xCE69424E.asc __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: graphic arts help needed
A contest is good. It gives you many options and personally, when I do logo design and such even internally, I do many incarnations to give maximum choice to my own brain. Sometimes even you don't know what you like best. You may want to also consider a new logo for OpenSSL that's a bit more modern and representative of what you guys do. Any bonus points for doing it all in GIMP or Inkscape? Funny enough... that's all I use now even though I have CS for interacting with what other people have done. On Thu, May 8, 2014 at 1:32 PM, Jeroen de Neef jeroe...@gmail.com wrote: I would do it for free if I could work with photoshop, because it would feel like an honor to do it, but sadly I can't. Kind regards, Jeroen de Neef -- pgp/gpg key: https://jeroendeneef.eu/publickeys/pubkey.4B074162EC3601F7.Jeroen_de_Neef.asc 2014-05-08 18:43 GMT+02:00 Mauricio Tavares raubvo...@gmail.com: On Thu, May 8, 2014 at 12:20 PM, Steve Marquess marqu...@opensslfoundation.com wrote: On 05/08/2014 11:21 AM, Jeroen de Neef wrote: Maybe there can be multiple entries, and have Nokia, you or the mailing list decide which they like. Well, that's fine but it wasn't really my intention to create a contest and ask people to contribute labor that wouldn't be used. So what? Other groups -- CentOS and Ubuntu come to mind -- do that. Competition is not bad; it can be very fun. And if you (permanently) place the contenders' artwork somewhere online, they will all get something back. They will be able to say -- and show -- they were in this contest. That is really the best you can do for all participants IMHO. But if we do get a choice of several I will ask the sponsor, the team, and possibly others for an opinion. We certainly don't want to depend on my artistic judgment! Get the community involved too while you were at it. On 05/08/2014 11:55 AM, Jeroen de Neef wrote: I also have a few questions. Are these volunteers allowed to display the work on their site and claim that they made it? Certainly. And this is why I suggested a permanent location for all the entries. Each volunteer would then be able to link it to, say, openssl.org/artwork/competition/2014/, and say hey, I was there! I did that I am also asking what you are willing to give these designers for a professional logo, because I know a guy that could make one for a bit of money. Maybe you can make a prize for the chosen logo. For a bit of money we could do many things :-), which is why I asked for volunteers willing to bask in the warm glow of accomplishment and gratitude in lieu of any tangible remuneration. Going back to what I mentioned earlier, I *think* (scary verb this is) most of the artwork used in, say, ubuntu is all donated by the community down to icons and wallpapers. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com gpg/pgp key: http://openssl.com/docs/0xCE69424E.asc __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Stacy Devino StacyDevino.com KF5NQI Mobile, Web, Audio, Hardware
Re: comment on donations
It is well deserved. You must look at how much of the internet and our existing computing architecture relies on the good will of others. It is almost all of it. Progress cannot happen without openness and honesty, which you all have shown in spades. Everyone everywhere has come together to quickly and efficiently address the issue. No blame, no outrage, just good will. Its one of the biggest items to bring the community together across backgrounds and understanding that information security has ever seen. Very encouraging indeed! Also, just kind of a case in point when it comes to software development in generalnothing is perfect. As pretty much everyone knows who has ever worked in software or hardware development knows, bulletproof /iceproof / dustproof/waterproof/ etc. just does not exist. Personally, I am so glad for you guys getting what is deserved and a pat on the back for doing the right thing. The value of open source has never been higher. Stacy Wylie stacydevino.com Android and Mobile Design guru On Apr 11, 2014 10:19 AM, Steve Marquess marqu...@opensslfoundation.com wrote: In a typical year the OpenSSL project receives about US$2000 in donations. This week we have received roughly 200 donations totaling nearly US$3000. Amounts have ranged between $0.02 and $300, and I notice that some individuals have made multiple contributions. For the larger donations and multiple contributors I like to send a personal note in addition to the canned response message. I apologize for not doing that this week due to the unusually large volume of E-mail correspondence (donations and otherwise). Please know that these contributions are greatly appreciated, as much for the show of support as the monetary value. 100% of all donations (minus the hefty PayPal fees) will go directly to OpenSSL team members. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com gpg/pgp key: http://openssl.com/docs/0xCE69424E.asc __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Cross compiling 1.2.2 for the Analog Devices Blackfin -- FIPS_text_start()/FIPS_text_end() returns 0 on the target
Are you compiling for the uclinux distro or something similar? Are you using the 16 or 32-bit arch? Are you utilizing the DSP or trying to? It might be nice to know more about the parameters you are passing to the compiler and what compiler that you are using. My area is in primarily ARM devices, but these kinds of questions would get you are bit farther than what is provided. On Fri, Jan 17, 2014 at 9:00 AM, Mike Crowe drmikecr...@gmail.com wrote: Hi folks, I'm almost out of my depth, and really need help on the next step. I've that the in-system fingerprint comparison fails with a FINGERPRINT_premain: FIPS_signature mismatch error incore DEBUG=1 output gives: = TARGET: elf32-bfinfdpic FIPS_rodata_end=000D5374 FIPS_rodata_start=000D00A0 FIPS_signature=00107F34 FIPS_text_end=000622F4 FIPS_text_start=0003CD28 FINGERPRINT_ascii_value=000D5D68 DOTrodata=000D00A0 DOTrodata_OFF=000D00A0 DOTtext=0003CAF0 DOTtext_OFF=0003CAF0 TSTART 568 TLEN 153036 TOFF 249132 INCORE_ADJUST 4 RSTART 0 RLEN 21204 ROFF 852128 FSTART 23752 FLEN 40 FOFF 875880 Signature is: 9b51309edb5d373a6f1e5b0c3cc8e554317539ae = I've created a test file to examine the various parameters. On the device, it shows: = Computed: c1133792c1ced10fadfe2ab6eb7946d79bfec490 HMAC_SHA1_SIG: 9b51309edb5d373a6f1e5b0c3cc8e554317539ae FIPS_text_start(): 0 FIPS_text_end()=0 FIPS_rodata_start=48038048 (0x2DD00A0) FIPS_rodata_end=48059252 (0x2DD5374) = So, I see these issues: 1) FIPS_text_start()/FIPS_text_end() returns 0 2) rodata start/end both offset by 0x2D0 Can anybody help point me to my next steps? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Stacy Devino StacyDevino.com KF5NQI Mobile, Web, Audio, Hardware
Re: Implementing TLSv1.2 protocol
What are you using to access the OpenSSL libs? You can do some special code changes in OpenVPN to force TLS 1.2 on the control and data channels. You also define it in the access of your application On Fri, Aug 30, 2013 at 8:46 AM, The Phoenix feellikephoe...@gmail.comwrote: Hi, I am newbee to openssl stuff. My application just need to run only on TLSv1.2 protocol. Which one is the correct way of implementing it: First Way: context = SSL_CTX_new(TLSv1_2_method()); Second way: context = SSL_CTX_new( SSLv23_method() ); SSL_CTX_set_options( context, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1); Any help would be really appreciated. Thanks, VS -- Stacy Devino StacyDevino.com KF5NQI Mobile, Web, Audio, Hardware
Re: GoldBug.sf.net - Secure Instant Messenger
It does not specifically say what levels of these algorithms it is using. You can likely assume it is similar to 128bit AES with RSA, which is what many standard VPNs do. On Wed, Jul 31, 2013 at 2:33 PM, Randolph D. rdohm...@gmail.com wrote: GoldBug.sf.net - Secure Instant Messenger http://goldbug.sourceforge.net/ Please evaluate the OpenSSL implemntation Any comments, is it really secure? as it implements the new echo chat protocol, which is designed for only non-plaintext chat. Regards Randolph -- Stacy Devino StacyDevino.com KF5NQI Mobile, Web, Audio, Hardware
Re: Issue with compiling FIPS 2.0.5 with openssl 1.0.1e
I figured it out late last night. The instructions on the documentation area of the site were a bit lacking. (I have made my notes and instruction augmentations). On Wed, Jul 24, 2013 at 7:12 AM, Dr. Stephen Henson st...@openssl.orgwrote: On Tue, Jul 23, 2013, Stacy Devino wrote: Hello All, I modified the exports to build the FIPS module correctly. Using Android NDK 8e, building for API14 using the arm-linux-androideabi It builds the FIPs modules correctly and places them in my Home Directory, which is where I told it to Export in the make install INSTALLTOP No issue there. Then when Transferring to the Openssl1.0.1e dir: ./config fips shared --with-fipsdir=/home/stacy/AndroBuild/../fips ^ With or with the -t results in the same issues listed below It recognizes everything correctly and config's without issue (same exports - android. Operating system: armv7l-whatever-android Then, I run the make depend No problems there. The Issue is when I run the final make with the FIPS module (running make without the FIPS runs no issue). This is what I receive as the output: /home/stacy/AndroBuild/../fips/lib/fipscanister.o: file not recognized: File format not recognized collect2: ld returned 1 exit status make[2]: *** [fips_premain_dso] Error 1 make[2]: Leaving directory `/home/stacy/AndroBuild/openssl-1.0.1e' make[1]: *** [shared] Error 2 make[1]: Leaving directory `/home/stacy/AndroBuild/openssl-1.0.1e/crypto' make: *** [build_crypto] Error 1 Can anyone help with with what is going wrong here? Sounds like you haven't set the FIPS_SIG environment variable. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Stacy Devino StacyDevino.com KF5NQI Mobile, Web, Audio, Hardware
Issue with compiling FIPS 2.0.5 with openssl 1.0.1e
Hello All, I modified the exports to build the FIPS module correctly. Using Android NDK 8e, building for API14 using the arm-linux-androideabi It builds the FIPs modules correctly and places them in my Home Directory, which is where I told it to Export in the make install INSTALLTOP No issue there. Then when Transferring to the Openssl1.0.1e dir: ./config fips shared --with-fipsdir=/home/stacy/AndroBuild/../fips ^ With or with the -t results in the same issues listed below It recognizes everything correctly and config's without issue (same exports - android. Operating system: armv7l-whatever-android Then, I run the make depend No problems there. The Issue is when I run the final make with the FIPS module (running make without the FIPS runs no issue). This is what I receive as the output: /home/stacy/AndroBuild/../fips/lib/fipscanister.o: file not recognized: File format not recognized collect2: ld returned 1 exit status make[2]: *** [fips_premain_dso] Error 1 make[2]: Leaving directory `/home/stacy/AndroBuild/openssl-1.0.1e' make[1]: *** [shared] Error 2 make[1]: Leaving directory `/home/stacy/AndroBuild/openssl-1.0.1e/crypto' make: *** [build_crypto] Error 1 Can anyone help with with what is going wrong here? -- Stacy Devino StacyDevino.com KF5NQI Mobile, Web, Audio, Hardware