Re: [openssl-users] 'makedepend' in openssl builds: clarify need and correct usage

On 03/10/2016 03:52 PM, PGNet Dev wrote: I'm building openssl 1.0.2g on linux64. After ./configure ... Did you mean "./config ..."? I'm prompted Since you've disabled or enabled at least one algorithm, you need to do the following before building: make depend Exec'

Re: [openssl-users] 'makedepend' in openssl builds: clarify need and correct usage

On 03/14/2016 08:24 AM, lists wrote: Did you mean "./config ..."? yep. Must use it, (1) https://wiki.openssl.org/index.php/Compilation_and_Installation Dependencies If you are prompted to run make depend, then you must do so. Which I currently attempt to do, but get th

Re: [openssl-users] 'makedepend' in openssl builds: clarify need and correct usage

On 03/14/2016 08:26 AM, PGNet Dev wrote: Which I currently attempt to do, but get the reported errors about not finding the stddef.h include etc. Specifically, cd test rm -rf * wget https://www.openssl.org/source/openssl-1.0.2g.tar.gz tar zxvf openssl-1.0.2g.tar.gz cd openssl-1.0.2g ./config

Re: [openssl-users] 'makedepend' in openssl builds: clarify need and correct usage

On 03/14/2016 08:58 AM, PGNet Dev wrote: On 03/14/2016 08:26 AM, PGNet Dev wrote: Which I currently attempt to do, but get the reported errors about not finding the stddef.h include etc. Here, https://rt.openssl.org/Ticket/Display.html?id=4169&user=guest&pass=guest it simply says "fixed

[openssl-users] Build of 1.0.1g fails

Greetings. I'm having problems building OpenSSL, starting with 1.0.1g. The scenario is as follows. I'm not sure when the problem was introduced; however, with the compiling-out of SSLv2 *by default* in -1.0.2g, that change has exacerbated this problem. (That is, instead of affecting only those

[openssl-users] Building 1.0.1g with "no-idea"

I have another question that was encountered at the same time as my previous one, but I believe it is two separate issues, so I created a different thread. When building 1.0.2g and attempting to remove some ciphers at build time ("no-idea"), I discovered that the Make scripting was attempting to

Re: [openssl-users] [Question] What are the current secure Configure Parameter?

Am 10.03.2016 um 14:49 schrieb Wall, Stephen: > >> -Original Message- >> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of >> Oliver Niebuhr >> >> The Qt Wiki says, the following Parameters are minimum recommended: >> no-ssl2 no-ssl3 no-idea no-mdc2 no-rc5 >> >>

Re: [openssl-users] [Question] What are the current secure Configure Parameter?

On 10 March 2016 at 04:42, Oliver Niebuhr wrote: > Hello. > > I am using OpenSSL from within the Qt Project / QtWebEngine. > > The Qt Wiki says, the following Parameters are minimum recommended: > no-ssl2 no-ssl3 no-idea no-mdc2 no-rc5 > ​Please could you provide a link since these options are a

Re: [openssl-users] [Question] What are the current secure Configure Parameter?

Am 14.03.2016 um 21:43 schrieb Richard Moore: > > > On 10 March 2016 at 04:42, Oliver Niebuhr > wrote: > > Hello. > > I am using OpenSSL from within the Qt Project / QtWebEngine. > > The Qt Wiki says, the following Parameters are minimum recom

Re: [openssl-users] [Question] What are the current secure Configure Parameter?

On 14 March 2016 at 21:19, Oliver Niebuhr wrote: > Am 14.03.2016 um 21:43 schrieb Richard Moore: > > On 10 March 2016 at 04:42, Oliver Niebuhr > > wrote: > ​​ > > I am using OpenSSL from within the Qt Project / QtWebEngine. > > > > The Qt Wiki says,

[openssl-users] Verifying the sha1 of fipscanister.o with what is embedded in libcrypto.so

Hello, I have a simple problem I am trying to solve. I have built a fips capable openssl shared object (.so). I also have the sha1 hash of the fipscanister.o in a file called fipscanister.o.sha1. I also have the sha1 hash of fips_premain.c in a file called fips_premain.c.sha1. In order to make

Re: [openssl-users] Verifying the sha1 of fipscanister.o with what is embedded in libcrypto.so

Is there a reason why you cannot build it from a controlled build environment and record the hash of the final .so? It seems that it would be pretty non-trivial if not impossible to pull a .o file from a .so in the exact same format that it went in, such that you could check the hash. Being able t

Re: [openssl-users] Verifying the sha1 of fipscanister.o with what is embedded in libcrypto.so

Hello Ethan, I am tweaking the centos rpmspec to use my fips object module. That seems to be downloading source tar ball, patching etc. Please note that the sha1 of the so is not so interesting as the embedded sha1 check inside so (when one calls FIPS_mode_set). Essentially if I can get the e

Re: [openssl-users] Verifying the sha1 of fipscanister.o with what is embedded in libcrypto.so

During the final linking stage, when the shared object is built, the compiler is free to insert functions from compiled object files anywhere it sees fit in the final shared object's code segment. The object file is fundamentally transformed by this process; information which was present in the or

Re: [openssl-users] Verifying the sha1 of fipscanister.o with what is embedded in libcrypto.so

Let me explain this a bit more clearly: The fipscanister.o file (like any other .o file) contains two things: 1. The actual code and constant data (if any) that needs to go in the final .so or program file. This is what will eventually be hashed to produce the embedded sha1 check. 2. Rel