Hi,
I was wondering if there was some sort of sentinel variable that tells us if
is exporting access to the bio_st structure, or not.
Thanks,
-Philip
The UTF8 type is a string and if its length is known, it doesn't need to
be '\0' terminated. So passing the address of a char works (it's a char
* after all).
Thanks for the other fix.
Pauli
On 26/3/22 10:43 am, Kory Hamzeh wrote:
Thanks, Paul. I noticed the type values matched the RFC, but
Thanks, Paul. I noticed the type values matched the RFC, but thought maybe it
should be a string if that was the case.
I did find another issue:
if (EVP_KDF_derive(kctx, out, , params) <= 0)
The actual value of ‘outlen’ should be passed, not the address.
Kory
> On Mar 25, 2022, at 4:01 PM,
It is correct, the KDF is expecting the characters 'A' through 'F'
here. This is what is specified in the RFC:
https://datatracker.ietf.org/doc/html/rfc4253#section-7.2
That line of code ought to have cast to (char *) or type defined simply
as char, but it is essentially correct.
Pauli
Thanks for the info.
You mean both libssl.a and libcrypto.a static, and then dynamically loaded
fips.so, correct? Unfortunately that gets away from the
single-binary-executable model and so is a somewhat major change.
-Original Message-
From: Matt Caswell
On 25/03/2022 18:33, Paul Spencer wrote:
Q: Is it possible to have a static (.a) OpenSSL 3 library with FIPS support?
This was possible with OpenSSL 1.0.2 and the FIPS 2.0.x module (and
special linking in the Makefile). However, with SSL3, if I go
Configure no-module enable-fips
then it
Q: Is it possible to have a static (.a) OpenSSL 3 library with FIPS support?
This was possible with OpenSSL 1.0.2 and the FIPS 2.0.x module (and special
linking in the Makefile). However, with SSL3, if I go
Configure no-module enable-fips
then it silently disables FIPS. Is there any way to do
Hi All,
If you look at the example SSH KDF code here:
https://www.openssl.org/docs/manmaster/man7/EVP_KDF-SSHKDF.html
Specifically, these lines:
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE,
, sizeof(type));
The variable ‘type’
0.9.8 and 1.0.2 versions are not binary compatible. So if your SSH
server is built against the 0.9.8 version and it expects to be loading
the libcrypto.so from that version it will not work against the
libcrypto.so from 1.0.2. The SSH server has to be built against the
1.0.2 version to work with
Hi,
I have build and installed 1.0.2u version but when I have change below softlink
point to 1.0.2u from 0.9.8, console from putty stopped connecting.
This is something related to openssl.cnf or we need new certs and private keys.
Please help on same or share any documentation on it.
Note -
On Thu, 2022-03-24 at 22:19 -0600, Philip Prindeville wrote:
> Hi,
>
> I'm incrementally trying to port asterisk to Openssl 3.0.
>
> First thing I'm trying to do is wean the code off of the RSA_*
> functions, and use generic EVP_PKEY_* functions instead.
>
> Most of it is fairly straightforward
11 matches
Mail list logo