Re: [openssl-users] Can I rename the OpenSSL shared objects for FIPS?

I actually submitted a patch set that renames library files during the build process once upon a time... but it was summarily rejected without any real attention paid to it. My change was specific to building dynamic libraries for Windows/WinCE... but the same idea would apply to other target

Re: [openssl-users] Generate ECC key with password protection

> On Jan 12, 2017, at 5:34 PM, Ken Goldman wrote: > >>> Is there a openssl command that can generate an ECC key pair where the >>> output file is password protected? >> openssl genpkey > > My latest attempt is this. It gives me a usage error. Any hints? > > openssl

Re: [openssl-users] Generate ECC key with password protection

On 7/20/2016 10:26 AM, Jakob Bohm wrote: On 20/07/2016 16:21, Ken Goldman wrote: From these web pages: https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations https://www.openssl.org/docs/manmaster/apps/ecparam.html the "openssl ecparam -genkey" command does not accept a

Re: [openssl-users] Can I rename the OpenSSL shared objects for FIPS?

On 01/12/2017 02:10 PM, Perrow, Graeme wrote: > > We are shipping OpenSSL (1.0.2j) shared objects built with FIPS, > which are automatically loaded when the application starts. But if our > software directory is in the path (or LD_LIBRARY_PATH or platform > equivalent) earlier than the system

[openssl-users] Can I rename the OpenSSL shared objects for FIPS?

We are shipping OpenSSL (1.0.2j) shared objects built with FIPS, which are automatically loaded when the application starts. But if our software directory is in the path (or LD_LIBRARY_PATH or platform equivalent) earlier than the system directories, then other applications that load OpenSSL

Re: [openssl-users] ECDSA_SIG_new and ECDSA_SIG_free details

On 12/01/2017 12:19, Salz, Rich wrote: It was a mix of what was done, and then a conscious decision to do things that way. As for the PR, well, maybe... We'd need to know details of which machine "test/sanitytest.c" fails on, and how popular it is to see if it's worthwhile. That would be

Re: [openssl-users] ECDSA_SIG_new and ECDSA_SIG_free details

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Stephan Mühlstrasser > Sent: Thursday, January 12, 2017 07:50 > > I think IBM iSeries is affected by this, but I still have to verify this. It's been years since I worked on the iSeries (in fact, it was mostly prior

Re: [openssl-users] ECDSA_SIG_new and ECDSA_SIG_free details

Am 12.01.17 um 13:19 schrieb Salz, Rich: My question was meant to ask why the pointers are initialized with memset() instead of initializing them by an assignment with NULL or 0. Was this a deliberate decision for some reason, or did it just creep in and no one cares now to fix it? Would the

Re: [openssl-users] ECDSA_SIG_new and ECDSA_SIG_free details

> My question was meant to ask why the pointers are initialized with > memset() instead of initializing them by an assignment with NULL or 0. > Was this a deliberate decision for some reason, or did it just creep in and no > one cares now to fix it? Would the OpenSSL team accept pull requests that

Re: [openssl-users] ECDSA_SIG_new and ECDSA_SIG_free details

Am 11.01.17 um 17:09 schrieb Salz, Rich: OpenSSL does not support platforms where the memory representation of the NULL pointer contains non-zero bytes. IIRC there are even tests for this. Could someone from the OpenSSL team please explain the rationale for this decision? What is the problem