Re: openssl and DSA q size doubt

Howdy, But  my question is why q is not 160 bits but instead 224 bits was used by openssl since the FIPS 186 standard clearly says to use q size 160 bits for p size 1024 bits? Can someone familiar with the topic, clarify my doubt please? Maybe I missed some fine points in the standard.

Re: compile openssl for Arm A9 & VxWorks

At this point you really are going to need to dig into the VxWorks documentation to figure out what compiler flags and include files you need to set to get this all to work. It may require some openssl code changes to use your compiler/build environment On Wed, Jul 24, 2024 at 12:51 PM Damodhar

RE: compile openssl for Arm A9 & VxWorks

Hi, Thank you for your support. I have tried with the following target. Now, its invoking the compiler. "vxworks-armv7a" => { inherit_from => [ "BASE_Windows" ], CC => "ccarm", cflags => '-g -fno-builtin -t7 -mfpu=vfp -mfloat-abi=softfp -ansi

openssl and DSA q size doubt

Hi, I am trying to learn how DSA works by reading the book "Understanding Cryptography" by Christof Paar and Jan Pelzl. I also understand that DSA is now deprecated as per FIPS 186-5 (Feb, 2023) and ECDSA is preferred. However just for learning purpose I was experimenting with DSA param

Re: compile openssl for Arm A9 & VxWorks

If you're trying to build on windows, you don't want to inherit from BASE_unix, you want to inherit from BASE_Windows On Tue, Jul 23, 2024 at 8:40 PM Damodhar Boddukuri < damodhar.bodduk...@non.se.com> wrote: > > > Hi, > > > > Thank you for the support. > > > > I am trying to compile “openSSL

OpenSSL New Governance Structure and Two New Projects

** *We are announcing changes to the OpenSSL governance structure to enhance community engagement and strengthen our commitment to our Mission and Values . These changes are part of our ongoing journey to empower and provide more opportunities and mechanisms for

Join Our Exclusive Webinar on Performance Tuning and Fetching with OpenSSL

* Secure communication is vital in today's digital world, but it sometimes slows down your applications. We invite you to an insightful webinar on optimizing application performance using OpenSSL. This session is designed for individuals seeking to enhance the security and efficiency of

RE: compile openssl for Arm A9 & VxWorks

Hi, Thank you for the support. I am trying to compile “openSSL cross compilation for target "vxworks-armv7a" in Windows platform”: The target compiler is ccarm.exe Approach-1: In Linux platform, Added the following target details in 10-main.conf file and ran the ./config . It generated the

Can I set the names of the DLLs/LIBs created during the build?

I want to have debug and optimized DLLs/LIBs for use by developers who need them to link their or open source code. I can manually rename the LIBs, but I can't rename the DLLs since the LIBs provide the original name of the DLLs. Any suggestions? I know that the DCMTK team built their own DLLs

Re: Own HW Supported RSA provider

On Fri, Jul 19, 2024 at 4:55 PM tomasz bartczak wrote: > If I use the crypto library I can provide desired properties like in > EVP_ASYM_CIPHER_fetch function. However when I use the ssl library, how to > make sure it calls the mentioned EVP_ASYM_CIPHER_fetch function with > properties required

Re: Building x32 libraries on x64 windows machine

This error: fatal error LNK1112: module machine type 'x64' conflicts with target machine type 'x86' says that you're set up for using x64 native tools, despite indicating you have opened the x86 native tool command Try running vcvarsall.bat x32 Which should force your environment to build in 32

RE: Building x32 libraries on x64 windows machine

Sorry. Friday afternoon brain. Forgot to do a `nmake clean` Thom Bentley | Senior Software Engineer | Medidata, a Dassault Systèmes company From: BENTLEY Thom Sent: Friday, July 19, 2024 3:48 PM To: openssl-users@openssl.org Subject: Building x32 libraries on x64

Building x32 libraries on x64 windows machine

Hi All, I trying to build openssl 3.0.8 to generate x32/win32 libraries and header files. I used the following steps: Opened the x86 Native Tools Command Prompt (Sets the environment to use 32-bit, x86-native tools to build 32-bit, x86-native code) perl Configure --debug

Re: Own HW Supported RSA provider

Hi Levitte,Thanks for your answer. Just follow up question.If I use the crypto library I can provide desired properties like in EVP_ASYM_CIPHER_fetch function. However when I use the ssl library, how to make sure it calls the mentioned EVP_ASYM_CIPHER_fetch function with properties required by

Re: Own HW Supported RSA provider

You can give your implementation the property "provider=myname" and for fetching, you can use the conditional property query string "?provider=myname". That will ensure that, for whatever the app is fetching, it will pick what your provider offers first, and fall back to using stuff from any

Own HW Supported RSA provider

Hi, I want to implement my own provider that enables RSA encryption using a HW chip. OpenSSL already comes with default provider that provides RSA implementation. Could you please explain to me how to add my own provider and make sure it is selected over the one from default provider and still

OpenSSL Mailing Lists Are Moving to Google Groups

We are announcing a change in how communication and collaboration will take place within the OpenSSL community. Effective August 1st, 2024, the OpenSSL mailing lists will migrate to Google Groups. This transition is designed to streamline communication channels and simplify our infrastructure. ##

Re: sqlog partial

On 7/18/24 10:04 AM, Tomas Mraz wrote: You could try calling fcloseall() before the exit() call. That doesn't help. In fact I have changed ssl/quic/qlog.c: static void qlog_event_epilogue(QLOG *qlog) { +int ret; ossl_json_object_end(>json); ossl_json_key(>json, "time"); @@

Re: sqlog partial

You could try calling fcloseall() before the exit() call. Tomas Mraz, OpenSSL On Wed, 2024-07-17 at 20:30 +0200, jean-frederic clere wrote: > Hi, > > I have built with enable-unstable-qlog, but when I exit (via exit(1)) > the sqlog files are truncated: > +++ >

Re: compile openssl for Arm A9 & VxWorks

There are already several targets defined for vxworks. First step I would think would be cloning one of those targets in Configurations/10-main.conf for your purposes and adjusting the settings accordingly: "vxworks-ppc60x" => {<= Change this to "vxworks-arm9' or some such

sqlog partial

Hi, I have built with enable-unstable-qlog, but when I exit (via exit(1)) the sqlog files are truncated: +++

compile openssl for Arm A9 & VxWorks

Hi openSSL users, I would like to port openssl for Arm A9 & VxWorks Target. If someone can share the details, Its really helpful for me. Thanks in advance. Thanks & Regards, Damodhar. +91-7702191212 General

ECDH Algoritm (Group 19)

Hi OpenSSL users, We are planning to use ECDH Algorithm(Group 19) in an Embedded System Product for the shared secret key generation. When I go through the code, I understand that it requires engine libraries/files from the following folders: \openssl-3_1_3\crypto\engine\

Re: Application segfaults after upgrade from 3.0.11 to 3.0.13

Please update to 3.0.14. The change that most likely caused this regression for you was reverted in that release by the following pull request: https://github.com/openssl/openssl/pull/23063 Tomas Mraz, OpenSSL On Wed, 2024-07-17 at 08:47 +0300, Victor Wagner wrote: > On Tue, 16 Jul 2024 14:40:59

Re: Application segfaults after upgrade from 3.0.11 to 3.0.13

On Tue, 16 Jul 2024 14:40:59 -0400 Neil Horman wrote: > Can you post the stack trace of the segv here? Sure: Core was generated by `osslsigncode sign -pkcs11module /usr/lib/librtpkcs11ecp.so -pkcs11cert pkcs11:o'. Program terminated with signal SIGSEGV, Segmentation fault. #0

Re: Application segfaults after upgrade from 3.0.11 to 3.0.13

Can you post the stack trace of the segv here? On Tue, Jul 16, 2024 at 12:43 PM Victor Wagner wrote: > Hi! > > I'm using osslsigncode application on Debian 12 system (amd64) to sign > stuff with RSA key stored on hardware token with PKCS11 interface. > > osslsigncode

Application segfaults after upgrade from 3.0.11 to 3.0.13

Hi! I'm using osslsigncode application on Debian 12 system (amd64) to sign stuff with RSA key stored on hardware token with PKCS11 interface. osslsigncode (https://github.com/mtrojnar/osslsigncode) seems to be well-behaved openssl application, which uses digest BIO and PKCS7 API, does no poking

Re: receiving fatal error from server

Server supports 1.3 If I do 127.0.1.1 in Firefox, I'm getting response. It's TLS 1.3 Regards. Lokesh. On Mon, Jul 15, 2024, 18:23 Alexandr Nedvedicky wrote: > Hello, > > I just took a look at the packet dump. The client hello > in packet dump is TLS 1.3 > > the alert sent by server is Alert

Re: receiving fatal error from server

Hello, I just took a look at the packet dump. The client hello in packet dump is TLS 1.3 the alert sent by server is Alert Message TLS 1.2 could it be that server does not support TLS 1.3? better chance to better understand what's going on is to get hands on the server and get some logs. may

Re: Non-Programmatic Deterministic Key Generation for ED25519 and ED448 Keys

Howdy, I notice that OpenSSL has the 'asn1parse' utility for reading PEM and DER formatted keys. Is there an analogue that allows to write back a new value for the secret integers in private keys? Or can I encode data with 'asn1parse' and then output it in PEM format to build a key? asn1parse

Re: Non-Programmatic Deterministic Key Generation for ED25519 and ED448 Keys

I've never tried, but you might try replacing /dev/random with a pipe that reads data from an input file to make the entropy fetch deterministic. Note that's probably dangerous, so I'd recommend doing this in a container to isolate it from your running system On Sat, Jul 13, 2024, 8:52 PM Syfer

Non-Programmatic Deterministic Key Generation for ED25519 and ED448 Keys

I need a non-programmatic method for using seeds to generate ED25519 and ED448 (Goldilocks) key pairs. This means using only shell-accessible tools within OpenSSL rather than binding programmatically. While reading the documentation it seems that neither 'genpkey' nor 'pkeyutl' have a facility

receiving fatal error from server

Hi, Please find the attached capture file. I'm trying to craft a minimal custom client hello packet. I'm seeing that the contents of the entire packet are proper. But it seems some more data is missing. Can someone help me understand why the apache2 server(Ubuntu platform) is sending fatal

ECDH - Group19 example code

Hi, I am looking for a example code for ECDH - Group19, There are many API's in the lib. If you could help me with a simple code with: 1. Initializing the context if any? 2. Selecting ECDH Group 19 3. Private/Public Key Generation 4. Shared secret Key Generation Or any other exact

Re: Library and DLL names on Windows X64

On Fri, Jul 12, 2024 at 9:03 AM BENTLEY Thom via openssl-users < openssl-users@openssl.org> wrote: > Hi All, > > > > I had to change the names of the .lib files to: >"dcmtkcrypto_d.lib" - debug version > >"dcmtkcrypto_o.lib" - release version (optimized) > >

Library and DLL names on Windows X64

Hi All, I had to change the names of the .lib files to: "dcmtkcrypto_d.lib" - debug version "dcmtkcrypto_o.lib" - release version (optimized) "dcmtkssl_d.lib"- debug version "dcmtkssl_o.lib"- release version (optimized) This was required by the DCMTK team's

Re: Macro definitions

They are generated, using providers/common/der/oids_to_c.pm, and template files like providers/common/der/der_ec_gen.c.in, where you can see the .asn1 files that are used as sources. Cheers, Richard Damodhar Boddukuri via openssl-users writes: > Hi OpenSSL, > > > > I am compiling OpenSSL

Macro definitions

Hi OpenSSL, I am compiling OpenSSL 3.1.3 for ARM A9. It's unable get the following macro definitions. They are used in der_ec_sig.c ossl_der_oid_ecdsa_with_SHA1 ossl_der_oid_ecdsa_with_SHA224 ossl_der_oid_ecdsa_with_SHA256 ossl_der_oid_ecdsa_with_SHA384 ossl_der_oid_ecdsa_with_SHA512

RE: Can we provide --debug and --release on a single build?

Thanks for the confirmation. Thom Bentley | Senior Software Engineer | Medidata, a Dassault Systèmes company From: Neil Horman Sent: Wednesday, July 10, 2024 1:56 PM To: BENTLEY Thom Cc: openssl-users@openssl.org Subject: Re: Can we provide --debug and --release on a

Re: Can we provide --debug and --release on a single build?

yeah, then you need to build twice, once with each set of compiler flags. Renaming is a manual process IIRC On Wed, Jul 10, 2024 at 1:43 PM BENTLEY Thom wrote: > Thanks Neil. > I just want to end up having a debug and release version of each library. > I need to rename them for use with DCMTK

RE: Can we provide --debug and --release on a single build?

Thanks Neil. I just want to end up having a debug and release version of each library. I need to rename them for use with DCMTK to the following. openssl: "dcmtkcrypto_d.lib" - debug version "dcmtkcrypto_o.lib" - release version (optimized) "dcmtkssl_d.lib"- debug

Can we provide --debug and --release on a single build?

Hi, I was wondering if the build scripts could handling providing -debug and -release for a build. Would this create release and debug libraries in a single build? Thanks. P.S. I know I could try it, but I thought others might want to know later too. Perhaps an update in the INSTALL.md file.

Using s_client to send additional (spurious) certificates

Hello, Can s_client be used to send additional certificates (i.e. certificates that are not part of the chain for the current connection) I am trying to do the following (pseudocode): s_client -key myclient.key -cert myclient.cer -verifyCAfile expectedserverCA -connect server:port

RE: Missing header file ts_local.h in install location.

Is it possible that OPENSSL_NO_DEPRECATED_3_0 is defined and that’s what’s causing the issue with DCMTK configuration? >From ts.h: # ifndef OPENSSL_NO_DEPRECATED_3_0 # define TS_VERIFY_CTS_set_certs(ctx, cert) TS_VERIFY_CTX_set_certs(ctx,cert) # endif STACK_OF(X509)

Re: ECDH Group 19 (256-bit Elliptic curve) key length

You should use some Key Derivation Function (KDF) to derive a key from this shared secret. For example TLS-1.3 uses HKDF for that. The best way would be to use TLS-1.3 (or some other standardized secure protocol) directly instead of inventing and implementing your own protocol though. Tomas

ECDH Group 19 (256-bit Elliptic curve) key length

Hi OpenSSL, I am using group 19 which is ECDH elliptic curve group (NID_X9_62_prime256v1) and is giving 32 bytes/256 bit of shared secret key. I want to use it to work with AES-128 CBC encryption algorithm. As the key length generated by ECDH is 32 bytes, is there any way to generate the key

FIPS with Openssl 3.1

Hi, I am working to package OpenSSL 3.1.x with my product. As I prefer to be FIPS complaint, I would like to use FIPS module from OpenSSL 3.0.9. 1) From the Documentation( https://github.com/openssl/openssl/blob/master/README-FIPS.md) , what I understood is, I need to build and

OpenSSL provider question

Hi,I want to develop a RSA provider that uses an external HW chip to do the RSA encryption/decryption. The HW chip supports several RSA keys. 1) How can pass information to the provider which key to use? How about information about which key public or private should be used?2) Asymmetrical

RE: Maximum encryption key length supported by AES-128 CBC

That answers my questions. Thanks Viktor. General -Original Message- From: openssl-users On Behalf Of Viktor Dukhovni Sent: Friday, July 5, 2024 08:01 AM To: openssl-users@openssl.org Subject: Re: Maximum encryption key length supported by AES-128 CBC [External email: Use caution

Re: Maximum encryption key length supported by AES-128 CBC

On Thu, Jul 04, 2024 at 06:20:25PM +, Vishal Kevat via openssl-users wrote: > I want to know what length of encryption key does AES-128 CBC supports? Exactly 128 bits, no more, no less. > I believe that it supports key length max upto 128 bits that is 16 bytes. It makes little sense to

openssl-enc: needs additional base64 garbage check?

Hello. #?1|kent:tmp$ x=U2FsdGVkX19hzr7eekkcCcfeydWYK7HAeLr2lRPThis [ ^ $? of last command] #?0|kent:tmp$ printf ${x}= | openssl enc -aes256 -k "dubidada" -a -A -pbkdf2 -d #?0|kent:tmp$ printf ${x}=t | openssl enc -aes256 -k "dubidada" -a -A -pbkdf2 -d #?0|kent:tmp$ printf ${x}=to |

Maximum encryption key length supported by AES-128 CBC

Hi OpenSLL users, I want to know what length of encryption key does AES-128 CBC supports? I believe that it supports key length max upto 128 bits that is 16 bytes. What happens if I give the input key of more than 16 bytes? Will the AES-128 drop the remaining bytes and consider only first 16

Programmatic way to get x509 to be signed digest

I have an X509 object with the usual public components filled in (subject validity issuer algorithm public key), I want to serialize the data to be hashed and signed. Is i2d_X509() the proper way? It doesn't seem to work. I sign and add the signature to the x509 object, but it doesn't verify. I

Re: Certificate verification with cross signed CAs (James)

Certificates below server_cert.pem -BEGIN CERTIFICATE- MIICFzCCAb2gAwIBAgIUFo8PqHmoZGe0LnNc3eRT4awebw8wCgYIKoZIzj0EAwIw RzELMAkGA1UEBhMCR0IxDTALBgNVBAoMBEFjbWUxDzANBgNVBAcMBkxvbmRvbjEY MBYGA1UEAwwPSW50ZXJtZWRpYXRlIENBMB4XDTI0MDcwMjA5MDIyN1oXDTI0MDgw

Re: Certificate verification with cross signed CAs (James)

From: James To: mailto:openssl-users@openssl.org Subject: Re: Certificate verification with cross signed CAs Message-ID: Content-Type: text/plain; charset="utf-8" > The certificates are attached

Re: Certificate verification with cross signed CAs

The certificates are attached below.The use case is client A only has ta_primary_cert.pem and client B only has ta_secondary_cert.pemI’m trying to build a chain that the server can use (in the server hello) so that both client A and client B can successfully connect.Since openssl verify -trusted

Re: Certificate verification with cross signed CAs

On Mon, Jul 01, 2024 at 03:54:46PM +0100, James Chapman wrote: > I’ve been using openssl verify to check some certificate chains: > > server -> ca -> roota > server -> alt_ca-> rootb > > Certificates ca and alt_ca have the same subject and public key and different > issuers. > > openssl

Certificate verification with cross signed CAs

I’ve been using openssl verify to check some certificate chains: server -> ca -> roota server -> alt_ca-> rootb Certificates ca and alt_ca have the same subject and public key and different issuers. openssl verify -trusted roota.pem -untrusted ca.pem server.pem openssl verify -trusted

Re: Missing header file ts_local.h in install location.

Yes, they should search for TS_VERIFY_CTX_set_certs or TS_VERIFY_CTX_set_flags (that would work for 1.1.1 as well). Tomas Mraz, OpenSS On Fri, 2024-06-28 at 20:04 +, BENTLEY Thom wrote: > > > > Does this Bing CoPilot response suggest that DCMTK’s CMake > configuration should be searching

RE: Missing header file ts_local.h in install location.

Does this Bing CoPilot response suggest that DCMTK’s CMake configuration should be searching for a different function name? The HAVE_OPENSSL_PROTOTYPE_TS_VERIFY_CTS_SET_CERTS is a macro that checks for the existence of the TS_VERIFY_CTS_set_certs function in

Re: Missing header file ts_local.h in install location.

Hi Matt, Yeah, that’s what I thought too, but they claim they built it with openssl 3.0.8 in their INSTALL file. https://github.com/DCMTK/dcmtk/blob/59f75a8b50e50ae1bb1ff12098040c6327500740/INSTALL#L219 I have also posted on their discussion board. Thanks. -- Thom Bentley | Senior Software

Re: Missing header file ts_local.h in install location.

On 28/06/2024 16:29, BENTLEY Thom via openssl-users wrote: Thanks.  Yes, I saw that they became opaque. The code I’m building works fine with 1.1.1w but we need to move to 3.0.8 at least. Here are the errors I see. dcmdsig: 16:34:48:290

RE: Missing header file ts_local.h in install location.

Thanks. Yes, I saw that they became opaque. The code I’m building works fine with 1.1.1w but we need to move to 3.0.8 at least. Here are the errors I see. dcmdsig: 16:34:48:290 19>C:\repos\mmi-director-dcmtk-3.6.8\dcmtk-3.6.8\dcmsign\libsrc\sitstamp.cc(1342,5): error C2027: use of undefined

RE: Missing header file ts_local.h in install location.

Here are the compile errors I’m getting. dcmdsig: 16:34:48:290 19>C:\repos\mmi-director-dcmtk-3.6.8\dcmtk-3.6.8\dcmsign\libsrc\sitstamp.cc(1342,5): error C2027: use of undefined type 'TS_verify_ctx' 16:34:48:290 19>C:\repos\mmi-director-dcmtk-3.6.8\openssl-3.0.8\include\openssl\ts.h(405,16):

Re: Missing header file ts_local.h in install location.

On 28/06/2024 15:09, BENTLEY Thom via openssl-users wrote: Hi All, I build and installed version 3.0.8 on Windows with Visual Studio using the instructions provided. I copied the bin, include, and lib directories to a location that would be found by the CMake for the DCMTK toolkit

Re: Missing header file ts_local.h in install location.

TS_VERIFY_CTX is an opaque structure since version 1.1.0. You may not access its members directly. To set them you need to use the various TS_VERIFY_CTX_set* functions. If there are any particular accessors missing, please report that as a bug to https://github.com/openssl/openssl Tomas Mraz,

Missing header file ts_local.h in install location.

Hi All, I build and installed version 3.0.8 on Windows with Visual Studio using the instructions provided. I copied the bin, include, and lib directories to a location that would be found by the CMake for the DCMTK toolkit version 3.6.8. When I attempt to build the DCMTK toolkit, I see that the

Re: Issue with install after using `perl Configure` to set --prefix and --openssldir

Thanks for that. I am so used to using options in that form -option optionvalue instad of -option=optionvalue -- Thom Bentley | Senior Software Engineer |Medidata, a Dassault Systèmes company thom.bent...@3ds.com From: Tomas Mraz Date: Thursday, June 27, 2024 at 1:48 PM To: BENTLEY Thom ,

Re: Issue with install after using `perl Configure` to set --prefix and --openssldir

You seem to have space instead of = between --openssldir and the path. And yeah, try to experiment with the doublequotes if that does not help. I do not know the exact rules for these in the Windows shell. Tomas Mraz, OpenSSL On Thu, 2024-06-27 at 17:46 +, BENTLEY Thom wrote: > > > >

Re: Issue with install after using `perl Configure` to set --prefix and --openssldir

Thanks Tomas. I tried that but got the error I specified in my post. Unless you are saying I need quotes around the entire –openssldir option. -- Thom Bentley | Senior Software Engineer |Medidata, a Dassault Systèmes company thom.bent...@3ds.com From: Tomas Mraz Date: Thursday, June 27, 2024

Re: Issue with install after using `perl Configure` to set --prefix and --openssldir

Hello, you have to use "--openssldir=C:\OpenSSLInstallDir\CommonFiles\SSL" Regards, Tomas Mraz, OpenSSL On Thu, 2024-06-27 at 16:50 +, BENTLEY Thom via openssl-users wrote: > > > > Hi All, >   > I get an error running `perl Configure --openssldir >

Issue with install after using `perl Configure` to set --prefix and --openssldir

Hi All, I get an error running `perl Configure --openssldir "C:\OpenSSLInstallDir\CommonFiles\SSL" --prefix=C:\OpenSSLInstallDir VC-WIN64A` target already defined - C:\OpenSSLInstallDir\Common Files\SSL (offending arg: VC-WIN64A) If I remove --openssldir "C:\OpenSSLInstallDir\CommonFiles\SSL",

Re: Syntax of OID values

I believe the oid_file key in the config is used by the ca and req applets and is meant to be a value rather than a section (i.e. oid_file = /path/to/oid/file/name) To do what I believe you are trying to do above, you need to follow the directions here:

OpenSSL Security Advisory

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL Security Advisory [27th June 2024] == SSL_select_next_proto buffer overread (CVE-2024-5535) = Severity: Low Issue summary: Calling the OpenSSL API

Syntax of OID values

I want to make my own tiny rootca. There are problem with supporting OIDS. I found in documentation about oid_file, but can not decode syntax of values. DER: works fine, but I want to use more readeable format. All I can find is the same docs without a tiny working example how to use my defined

RE: Issue building after configuring for VC-WIN64A (version 3.0.8)

Thanks Neil. Realized that shortly after posting. I did a `nmake clean`. I haven’t cloned the repo so I couldn’t use git clean I’m running `nmake test` now. I’m back to C++/C coding on Windows after not doing any for about 15-20 years. Last was a little to build code to be wrapped for use in

Re: Issue building after configuring for VC-WIN64A (version 3.0.8)

You will almost certainly need to preform an nmake distclean (or just run git clean on your tree) prior to reconfiguring. nmake is really bad about getting lost in dependency resolution. Its quite likely that there is a remaining object file somewhere that didn't get rebuilt for x64 when you ran

RE: Issue building after configuring for VC-WIN64A (version 3.0.8)

Did you do an "nmake clean" after switching to the correct compiler? You need to get rid of those 32-bit objects, or you'll continue to have a machine-type mismatch. -- Michael Wojcik Rocket Software Rocket Software, Inc. and subsidiaries ■ 77 Fourth Avenue,

Issue building after configuring for VC-WIN64A (version 3.0.8)

Hi All, I followed the instructions for building OpenSSL 3.0.8 at https://github.com/openssl/openssl/blob/openssl-3.0.8/NOTES-WINDOWS.md#native-builds-using-visual-c The nmake step failed with the following error: cmd /C ""cl" /Zs /showIncludes /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD

Re: secp256r1 65 byte key size in packet capture

Is there a way to have all those man pages installed in my system. I'm using Ubuntu 24. On Wed, Jun 19, 2024, 17:49 Matt Caswell wrote: > > > On 19/06/2024 12:14, Lokesh Chakka wrote: > > Now I need to explore C APIs for getting those keys as hex array. > > Could you please suggest any good

Re: 20240619 snapshots

The Doctor via openssl-users writes: > On Wed, Jun 19, 2024 at 09:53:19AM +0200, Tomas Mraz wrote: >> They are there. Maybe you've looked too soon before the CDN caches were >> synchronized. >> >> >> On Tue, 2024-06-18 at 21:12 -0600, The Doctor via openssl-users wrote: >> > Where are they? >>

Re: secp256r1 65 byte key size in packet capture

On 19/06/2024 12:14, Lokesh Chakka wrote: Now I need to explore C APIs for getting those keys as hex array. Could you please suggest any good references for beginners. You would need to first load the key from the file to create an EVP_PKEY object. For example you could use the

Re: 20240619 snapshots

On Wed, Jun 19, 2024 at 09:53:19AM +0200, Tomas Mraz wrote: > They are there. Maybe you've looked too soon before the CDN caches were > synchronized. > > > On Tue, 2024-06-18 at 21:12 -0600, The Doctor via openssl-users wrote: > > Where are they? > > -- > Tom Mr??z, OpenSSL > I use lynx

Re: secp256r1 65 byte key size in packet capture

Hi Matt, I'm trying to craft a client hello packet using a C program. I'm learning about these keys, openssl, TLS etc. So openssl ecparam -name secp256r1 -genkey -out pvtkey.pem openssl ec -in pvtkey.pem -pubout -out pubkey.pem openssl pkey -in pubkey.pem -pubin -noout -text will give me the

Re: secp256r1 65 byte key size in packet capture

On 19/06/2024 09:15, Lokesh Chakka wrote: hello, I'm trying to generate public/private keys with following commands: openssl ecparam -name secp256r1 -genkey -out pvtkey.pem openssl ec -in pvtkey.pem -pubout I'm seeing the sizeof private key as 164 bytes and public key as 124 bytes. In a

Re: secp256r1 65 byte key size in packet capture

Understood. Thanks alot. But I'm still Not able to understand why it is 65 bytes in the key value. Thanks & Regards -- Lokesh Chakka. On Wed, Jun 19, 2024 at 3:03 PM Tomas Mraz wrote: > You need to do base64 decoding to find out the real size of the ASN.1 > encoded data. > > Tomas Mraz,

Re: secp256r1 65 byte key size in packet capture

You need to do base64 decoding to find out the real size of the ASN.1 encoded data. Tomas Mraz, OpenSSL On Wed, 2024-06-19 at 14:58 +0530, Lokesh Chakka wrote: > hi, > > please check the following : > > = >

Re: secp256r1 65 byte key size in packet capture

hi, please check the following : == $ openssl ecparam -name secp256r1 -genkey -out pvtkey.pem using curve name prime256v1 instead of secp256r1 $ cat pvtkey.pem -BEGIN EC PARAMETERS- BggqhkjOPQMBBw==

Re: secp256r1 65 byte key size in packet capture

Hi Lokesh, I am not sure how do you count the sizes of 164 bytes and 124 bytes for the pem files. If I use -outform DER (and use -noout with the ecparam to avoid outputting the params because the private key already contains info about the params used) I see the following sizes for the DER

secp256r1 65 byte key size in packet capture

hello, I'm trying to generate public/private keys with following commands: openssl ecparam -name secp256r1 -genkey -out pvtkey.pem openssl ec -in pvtkey.pem -pubout I'm seeing the sizeof private key as 164 bytes and public key as 124 bytes. In a wireshark capture( attached ), I'm seeing key

Re: 20240619 snapshots

They are there. Maybe you've looked too soon before the CDN caches were synchronized. On Tue, 2024-06-18 at 21:12 -0600, The Doctor via openssl-users wrote: > Where are they? -- Tomáš Mráz, OpenSSL

20240619 snapshots

Where are they? -- Member - Liberal International This is doc...@nk.ca Ici doc...@nk.ca Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising! Look at Psalms 14 and 53 on Atheism ; United Kingdom save the NAtion on 4 July 2024 vote Liberal Democrat

RE: [EXTERNAL] - 32-bit OpenSSL binary found in Suprema BioStar 2 door access system

On Wednesday, April 17th, 2024 at 6:57 AM, Michael Wojcik via openssl-users wrote: > > From: Turritopsis Dohrnii Teo En Ming teo.en.m...@protonmail.com > > Sent: Monday, 15 April, 2024 07:36 > > > > > > From: openssl-users openssl-users-boun...@openssl.org On Behalf Of > > > > Turritopsis

Re: New OpenSSL Releases

On 09/06/2024 19:59, Dennis Clarke via openssl-users wrote: On 5/30/24 11:15, Michael Wojcik via openssl-users wrote: From: openssl-users On Behalf Of Dennis Clarke via openssl-users Sent: Thursday, 30 May, 2024 07:29 OKay, thank you. I guess today is a good day to test on a few oddball

OpenSSL 3 support for status_request_v2

Hi, I have a requirement to support the TLS status_request_v2 extension for TLS 1.2 (rfc6961) using OpenSSL 3.x... Looking at the API I've successfully used SSL_CTX_add_custom_ext() to add the extension to the client hello, my server code is also picking this and generating the extension in the

Re: [External] : Why do I get the following error `wrong signature length` when I try to validate a signed file using the c++ OpenSSL 3.1 library?

Hi Thomas, Thank you very much, Understood. I created a new branch with the change I created two versions: 1. one more c++ style ( https://github.com/christiangda/LicenseValidator/blob/c988c226e3e998aebe840386525a364273f41807/src/License.cpp#L80 ) 2. with the change you proposed (

Re: [External] : Why do I get the following error `wrong signature length` when I try to validate a signed file using the c++ OpenSSL 3.1 library?

|if (EVP_PKEY_verify(ctx, licenseSignature, sizeof(licenseSignature), licenseContent, sizeof(licenseContent)) <= 0)| The sizeof operator is not doing what you think it's doing. It's computing the sizes of the pointers (typically 4 or 8 bytes depending on your architecture) and not the sizes

Why do I get the following error `wrong signature length` when I try to validate a signed file using the c++ OpenSSL 3.1 library?

I posted this on https://stackoverflow.com/questions/78604338/why-do-i-get-the-following-error-wrong-signature-length-when-i-try-to-validate I'm writing an c++ program LicenseValidator -> https://github.com/christiangda/LicenseValidator to

Re: openssl hmac and key on the command line

On Sat, Jun 08, 2024 at 08:12:57AM -0400, Neil Horman wrote: > > I see someone at > > https://github.com/openssl/openssl/issues/13382#issuecomment-1181577183 > > with a similar concern suggested -macopt keyfile:file The requested feature (explicit keyfile option) makes sense to me. Is there a

Re: New OpenSSL Releases

On 5/30/24 11:15, Michael Wojcik via openssl-users wrote: From: openssl-users On Behalf Of Dennis Clarke via openssl-users Sent: Thursday, 30 May, 2024 07:29 OKay, thank you. I guess today is a good day to test on a few oddball system architectures. I suspect there are very very few people out

  1   2   3   4   5   6   7   8   9   10   >