ECDH- NID_X9_62_prime256v1 - EVP_RAND_generate()

Hi, I am implementing ECDH- Group19 (NID_X9_62_prime256v1). I followed the below sequence. 1. ecdh_group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1); // NID_X9_62_prime256v1 or NID_secp256k1 2. ecdh_keys = EC_KEY_new(); 3. ret = EC_KEY_set_group(ecdh_keys, ecdh_group); 4.

ECDH- NID_X9_62_prime256v1 - EVP_RAND_instantiate()

Hi, I am implementing ECDH- Group19 (NID_X9_62_prime256v1). I followed the below sequence. 1. ecdh_group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1); // NID_X9_62_prime256v1 or NID_secp256k1 2. ecdh_keys = EC_KEY_new(); 3. ret = EC_KEY_set_group(ecdh_keys, ecdh_group); 4.

RE: compile openssl for Arm A9 & VxWorks - evp_rand_******_locked() API

. They are pointing to function pointers. How to find them? Do I need to implement Mutex lock here? Thanks & Regards, Damodhar. +91-7702191212 General From: openssl-users On Behalf Of Damodhar Boddukuri via openssl-users Sent: Friday, July 26, 2024 5:33 PM To: Neil Horman Cc: openssl-users@openssl

RE: compile openssl for Arm A9 & VxWorks

NFIG OPENSSL_NO_RDRAND OPENSSL_NO_PADLOCKENG OPENSSL_NO_AFALGENG OPENSSL_NO_STATIC_ENGINE Thanks & Regards, Damodhar. +91-7702191212 General From: Neil Horman Sent: Wednesday, July 24, 2024 11:04 PM To: Damodhar Boddukuri Cc: openssl-users@openssl.org Subject: Re: compile openssl for Arm A9 &

openSSL cross compilation for target "vxworks-armv7a" in Windows platform

Hi OpenSSL user, I am trying to compile "openSSL cross compilation for target "vxworks-armv7a" in Windows platform": The target compiler is ccarm.exe Approach-1: In Linux platform, Added the following target details in 10-main.conf file and ran the ./config . It generat

RE: compile openssl for Arm A9 & VxWorks

-ui-console no-whirlpool no-asm -DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT >nmake "ccarm" -g -fno-builtin -t7 -mfpu=vfp -mfloat-abi=softfp -ansi -fno-zero-initialized-in-bss -Wall -DCPU=_VX_ARMARCH7 -DTOOL_FAMILY=gnu -DTOOL=gnu -D_WRS_KERNEL -DARMEL -DCPU_CORTEXA8 -DARMMMU=

RE: compile openssl for Arm A9 & VxWorks

Hi, Thank you for the support. I am trying to compile “openSSL cross compilation for target "vxworks-armv7a" in Windows platform”: The target compiler is ccarm.exe Approach-1: In Linux platform, Added the following target details in 10-main.conf file and ran the ./config . It

Can I set the names of the DLLs/LIBs created during the build?

and LIBS for OpenSSL 1.1.1w and they were able to do it. I'm not sure what they did. I've looked in the doc, but haven't noticed anything. Thanks. Thom Bentley | Senior Software Engineer | Medidata, a Dassault Systèmes company<http://www.mdsol.com/> This email and any attac

RE: Building x32 libraries on x64 windows machine

Sorry. Friday afternoon brain. Forgot to do a `nmake clean` Thom Bentley | Senior Software Engineer | Medidata, a Dassault Systèmes company<http://www.mdsol.com/> From: BENTLEY Thom Sent: Friday, July 19, 2024 3:48 PM To: openssl-users@openssl.org Subject: Building x32 libraries

Building x32 libraries on x64 windows machine

Hi All, I trying to build openssl 3.0.8 to generate x32/win32 libraries and header files. I used the following steps: Opened the x86 Native Tools Command Prompt (Sets the environment to use 32-bit, x86-native tools to build 32-bit, x86-native code) perl Configure --debug --openssldir=&q

compile openssl for Arm A9 & VxWorks

Hi openSSL users, I would like to port openssl for Arm A9 & VxWorks Target. If someone can share the details, Its really helpful for me. Thanks in advance. Thanks & Regards, Damodhar. +91-7702191212 General

ECDH Algoritm (Group 19)

Hi OpenSSL users, We are planning to use ECDH Algorithm(Group 19) in an Embedded System Product for the shared secret key generation. When I go through the code, I understand that it requires engine libraries/files from the following folders: \openssl-3_1_3\crypto\engine\ \openssl-3_1_3

Non-Programmatic Deterministic Key Generation for ED25519 and ED448 Keys

I need a non-programmatic method for using seeds to generate ED25519 and ED448 (Goldilocks) key pairs. This means using only shell-accessible tools within OpenSSL rather than binding programmatically. While reading the documentation it seems that neither 'genpkey' nor 'pkeyutl' have a facility

ECDH - Group19 example code

Hi, I am looking for a example code for ECDH - Group19, There are many API's in the lib. If you could help me with a simple code with: 1. Initializing the context if any? 2. Selecting ECDH Group 19 3. Private/Public Key Generation 4. Shared secret Key Generation Or any other exact

Library and DLL names on Windows X64

d) This was required by the DCMTK team's CMake configuration steps. Without doing this the configuration failed to find the correct parts of OpenSSL. See: https://github.com/DCMTK/dcmtk/blob/59f75a8b50e50ae1bb1ff12098040c6327500740/INSTALL#L634 I noticed that their OpenSSL 1.1.1w zip file has DLLs w

Macro definitions

Hi OpenSSL, I am compiling OpenSSL 3.1.3 for ARM A9. It's unable get the following macro definitions. They are used in der_ec_sig.c ossl_der_oid_ecdsa_with_SHA1 ossl_der_oid_ecdsa_with_SHA224 ossl_der_oid_ecdsa_with_SHA256 ossl_der_oid_ecdsa_with_SHA384 ossl_der_oid_ecdsa_with_SHA512

RE: Can we provide --debug and --release on a single build?

Thanks for the confirmation. Thom Bentley | Senior Software Engineer | Medidata, a Dassault Systèmes company<http://www.mdsol.com/> From: Neil Horman Sent: Wednesday, July 10, 2024 1:56 PM To: BENTLEY Thom Cc: openssl-users@openssl.org Subject: Re: Can we provide --debug and --r

RE: Can we provide --debug and --release on a single build?

Thanks Neil. I just want to end up having a debug and release version of each library. I need to rename them for use with DCMTK to the following. openssl: "dcmtkcrypto_d.lib" - debug version "dcmtkcrypto_o.lib" - release version (optimized) "d

Can we provide --debug and --release on a single build?

Hi, I was wondering if the build scripts could handling providing -debug and -release for a build. Would this create release and debug libraries in a single build? Thanks. P.S. I know I could try it, but I thought others might want to know later too. Perhaps an update in the INSTALL.md file.

RE: Missing header file ts_local.h in install location.

rts(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs); Thom Bentley | Senior Software Engineer | Medidata, a Dassault Systèmes company<http://www.mdsol.com/> From: Tomas Mraz Sent: Monday, July 1, 2024 4:12 AM To: BENTLEY Thom ; Matt Caswell ; openssl-users@openssl.org Subject: Re: Missing he

ECDH Group 19 (256-bit Elliptic curve) key length

Hi OpenSSL, I am using group 19 which is ECDH elliptic curve group (NID_X9_62_prime256v1) and is giving 32 bytes/256 bit of shared secret key. I want to use it to work with AES-128 CBC encryption algorithm. As the key length generated by ECDH is 32 bytes, is there any way to generate the key

RE: Maximum encryption key length supported by AES-128 CBC

That answers my questions. Thanks Viktor. General -Original Message- From: openssl-users On Behalf Of Viktor Dukhovni Sent: Friday, July 5, 2024 08:01 AM To: openssl-users@openssl.org Subject: Re: Maximum encryption key length supported by AES-128 CBC [External email: Use caution

Maximum encryption key length supported by AES-128 CBC

Hi OpenSLL users, I want to know what length of encryption key does AES-128 CBC supports? I believe that it supports key length max upto 128 bits that is 16 bytes. What happens if I give the input key of more than 16 bytes? Will the AES-128 drop the remaining bytes and consider only first 16

Re: Certificate verification with cross signed CAs (James)

From: James To: mailto:openssl-users@openssl.org Subject: Re: Certificate verification with cross signed CAs Message-ID: Content-Type: text/plain; charset="utf-8" > The certificates are attached

RE: Missing header file ts_local.h in install location.

Does this Bing CoPilot response suggest that DCMTK’s CMake configuration should be searching for a different function name? The HAVE_OPENSSL_PROTOTYPE_TS_VERIFY_CTS_SET_CERTS is a macro that checks for the existence of the TS_VERIFY_CTS_set_certs function in OpenSSL<https://www.openssl.

Re: Missing header file ts_local.h in install location.

Hi Matt, Yeah, that’s what I thought too, but they claim they built it with openssl 3.0.8 in their INSTALL file. https://github.com/DCMTK/dcmtk/blob/59f75a8b50e50ae1bb1ff12098040c6327500740/INSTALL#L219 I have also posted on their discussion board. Thanks. -- Thom Bentley | Senior Software

RE: Missing header file ts_local.h in install location.

ned type 'TS_verify_ctx' 16:34:48:290 19>C:\repos\mmi-director-dcmtk-3.6.8\openssl-3.0.8\include\openssl\ts.h(405,16): 16:34:48:290 19>see declaration of 'TS_verify_ctx' dcmpstat: 16:36:48:689 34>C:\repos\mmi-director-dcmtk-3.6.8\openssl-3.0.8\include\openssl\types.h(104,30): error C2371:

RE: Missing header file ts_local.h in install location.

Here are the compile errors I’m getting. dcmdsig: 16:34:48:290 19>C:\repos\mmi-director-dcmtk-3.6.8\dcmtk-3.6.8\dcmsign\libsrc\sitstamp.cc(1342,5): error C2027: use of undefined type 'TS_verify_ctx' 16:34:48:290 19>C:\repos\mmi-director-dcmtk-3.6.8\openssl-3.0.8\include\openssl\ts.h(405,1

Missing header file ts_local.h in install location.

Hi All, I build and installed version 3.0.8 on Windows with Visual Studio using the instructions provided. I copied the bin, include, and lib directories to a location that would be found by the CMake for the DCMTK toolkit version 3.6.8. When I attempt to build the DCMTK toolkit, I see that the

Re: Issue with install after using `perl Configure` to set --prefix and --openssldir

, "openssl-users@openssl.org" Subject: Re: Issue with install after using `perl Configure` to set --prefix and --openssldir You seem to have space instead of = between --openssldir and the path. And yeah, try to experiment with the doublequotes if that does not help. I do not know the e

Re: Issue with install after using `perl Configure` to set --prefix and --openssldir

at 1:29 PM To: BENTLEY Thom , "openssl-users@openssl.org" Subject: Re: Issue with install after using `perl Configure` to set --prefix and --openssldir Hello, you have to use "--openssldir=C: \OpenSSLInstallDir\CommonFiles\SSL" Regards, Tomas Mraz, OpenSSL On Thu, 2024-0

Issue with install after using `perl Configure` to set --prefix and --openssldir

Hi All, I get an error running `perl Configure --openssldir "C:\OpenSSLInstallDir\CommonFiles\SSL" --prefix=C:\OpenSSLInstallDir VC-WIN64A` target already defined - C:\OpenSSLInstallDir\Common Files\SSL (offending arg: VC-WIN64A) If I remove --openssldir "C:\OpenSSLInstallDir\CommonFiles\SSL",

Syntax of OID values

:170D3234303930393131333635395A with these options all works ok. >openssl ca -config ca.conf -gencrl -crlexts crl_ext -out crl.pem but when I try anything like this: msCAversion = 1 msCAversion = INT:01 msCAversion = INTEGER:0x01 (and many other combinations) I'll got the same error: Using configuration f

RE: Issue building after configuring for VC-WIN64A (version 3.0.8)

:29 PM To: BENTLEY Thom Cc: openssl-users@openssl.org Subject: Re: Issue building after configuring for VC-WIN64A (version 3.0.8) You will almost certainly need to preform an nmake distclean (or just run git clean on your tree) prior to reconfiguring. nmake is really bad about getting

RE: Issue building after configuring for VC-WIN64A (version 3.0.8)

Did you do an "nmake clean" after switching to the correct compiler? You need to get rid of those 32-bit objects, or you'll continue to have a machine-type mismatch. -- Michael Wojcik Rocket Software Rocket Software, Inc. and subsidiaries ■ 77 Fourth Avenue,

Issue building after configuring for VC-WIN64A (version 3.0.8)

Hi All, I followed the instructions for building OpenSSL 3.0.8 at https://github.com/openssl/openssl/blob/openssl-3.0.8/NOTES-WINDOWS.md#native-builds-using-visual-c The nmake step failed with the following error: cmd /C ""cl" /Zs /showIncludes /Zi /Fdossl_static.pdb /

Re: 20240619 snapshots

On Wed, Jun 19, 2024 at 09:53:19AM +0200, Tomas Mraz wrote: > They are there. Maybe you've looked too soon before the CDN caches were > synchronized. > > > On Tue, 2024-06-18 at 21:12 -0600, The Doctor via openssl-users wrote: > > Where are they? > > -- > Tom

20240619 snapshots

Where are they? -- Member - Liberal International This is doc...@nk.ca Ici doc...@nk.ca Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising! Look at Psalms 14 and 53 on Atheism ; United Kingdom save the NAtion on 4 July 2024 vote Liberal Democrat

RE: [EXTERNAL] - 32-bit OpenSSL binary found in Suprema BioStar 2 door access system

On Wednesday, April 17th, 2024 at 6:57 AM, Michael Wojcik via openssl-users wrote: > > From: Turritopsis Dohrnii Teo En Ming teo.en.m...@protonmail.com > > Sent: Monday, 15 April, 2024 07:36 > > > > > > From: openssl-users openssl-users-boun...@openssl.org On

Re: [External] : Why do I get the following error `wrong signature length` when I try to validate a signed file using the c++ OpenSSL 3.1 library?

/LicenseValidator__;!!ACWV5N9M2RV99hQ!NbxXgIkXi0CHG7PAehmOM_k1dXimFAfepGUTqIqQlJDfvxHviaWiNf3Cq45qlpW8zwSBX6jMtdkdlo7VlA9bse82$> to validate a hypothetical |program license| using OpenSSL 3.1 Library <https://urldefense.com/v3/__https://wiki.openssl.org/index.php/OpenSS

Re: New OpenSSL Releases

On 5/30/24 11:15, Michael Wojcik via openssl-users wrote: From: openssl-users On Behalf Of Dennis Clarke via openssl-users Sent: Thursday, 30 May, 2024 07:29 OKay, thank you. I guess today is a good day to test on a few oddball system architectures. I suspect there are very very few people out

OpenSSL version 3.1.6 published

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL version 3.1.6 released == OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 3.1.6 of our open source

OpenSSL version 3.0.14 published

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL version 3.0.14 released === OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 3.0.14 of our open

OpenSSL version 3.3.1 published

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL version 3.3.1 released == OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 3.3.1 of our open source

OpenSSL version 3.2.2 published

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL version 3.2.2 released == OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 3.2.2 of our open source

RE: Issue in DH Algorithm Keys Generation in OpenSSL 3.3.0

General -Original Message- From: openssl-users On Behalf Of Viktor Dukhovni Sent: Friday, May 31, 2024 06:14 PM To: openssl-users@openssl.org Subject: Re: Issue in DH Algorithm Keys Generation in OpenSSL 3.3.0 [External email: Use caution with links and attachments

Re: Blocking on a non-blocking socket?

- Original Message - > From: "Wiebe Cazemier" > To: openssl-users@openssl.org > Sent: Thursday, 23 May, 2024 12:22:31 > Subject: Blocking on a non-blocking socket? > > Hi List, > > I have a very obscure problem with an application using O_NONBLOCK

RE: Issue in DH Algorithm Keys Generation in OpenSSL 3.3.0

Hi Viktor, Is there any way to make this prime number work by doing some modifications in the openssl source code. Like bypassing the OpenSSL DH prime check? Regards, Vishal General -Original Message- From: openssl-users On Behalf Of Viktor Dukhovni Sent: Friday, May 31, 2024 03:01

RE: Issue in DH Algorithm Keys Generation in OpenSSL 3.3.0

Hi OpenSSL users, I am using OpenSSL source version 3.3.0 and facing an issue in key generation part of Diffie Hellman (DH) Algorithm. Below are the APIs I am using for generating Public and Private Keys: static unsigned char DH_PRIME_128[] = { /* 128 bit prime */ 0xff, 0xff, 0xff, 0xff

RE: New OpenSSL Releases

> From: openssl-users On Behalf Of Dennis > Clarke via openssl-users > Sent: Thursday, 30 May, 2024 07:29 > > OKay, thank you. I guess today is a good day to test on a few oddball > system architectures. I suspect there are very very few people out there > running actual

Re: New OpenSSL Releases

On 5/30/24 03:03, Tomas Mraz wrote: You can just test the HEAD commits in the respective branches (openssl- 3.0, openssl-3.1, openssl-3.2 and openssl-3.3) in git. The repository will be frozen today afternoon so there should be no further changes apart from eventual regression fixes

Re: New OpenSSL Releases

On 5/28/24 08:51, Tomas Mraz wrote: The OpenSSL project team would like to announce the upcoming release of OpenSSL versions 3.3.1, 3.2.2, 3.1.6 and 3.0.14. Will there be any release candidate tarballs for testing on various systems? Perhaps there already exists some commit or &quo

Re: Blocking on a non-blocking socket?

Hi Detlef, - Original Message - > From: "Detlef Vollmann" > To: openssl-users@openssl.org > Sent: Friday, 24 May, 2024 12:02:37 > Subject: Re: Blocking on a non-blocking socket? > > That's correct, but if I understand Matt correctly, thi

Re: Blocking on a non-blocking socket?

Hi Matt, - Original Message - > From: "Matt Caswell" > To: openssl-users@openssl.org > Sent: Friday, 24 May, 2024 00:26:28 > Subject: Re: Blocking on a non-blocking socket? > Not quite. > > When you call SSL_read() it is because you are hoping to read &

Re: Blocking on a non-blocking socket?

Hi Neil, - Original Message - > From: "Neil Horman" > To: "Wiebe Cazemier" > Cc: "udhayakumar" , openssl-users@openssl.org > Sent: Thursday, 23 May, 2024 23:42:18 > Subject: Re: Blocking on a non-blocking socket? > from

Re: Blocking on a non-blocking socket?

- Original Message - > From: "Neil Horman" > To: "udhayakumar" > Cc: "Wiebe Cazemier" , openssl-users@openssl.org > Sent: Thursday, 23 May, 2024 22:05:22 > Subject: Re: Blocking on a non-blocking socket? > do you have a stack trace of t

Blocking on a non-blocking socket?

calls to fcntl() that removes the O_NONBLOCK. My IO method is SSL_read() and SSL_write() with an SSL object given to SSL_set_fd(). The only SSL modes I change from the default is that I set SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER. There are two primary deployments of this application, one with OpenSSL

Trouble decoding key in provider

519ph_decoder.c - Decoder context free 0x5c304c5050c0 src/ed25519ph_decoder.c - Decoder context free 0x5c304c501a50 The first part is from openssl asn1parse to see if the key matches. After it is read correctly I get this "could not find private key of key from xxx" error. At the momen

Re: OpenSSL version 3.3.0 published

On 5/16/24 08:28, Neil Horman wrote: Glad its working a bit better for you. If you are inclined, please feel free to open a PR with your changes for review. Well, the changes are *really* trivial. Necessary and trivial. -- Dennis Clarke RISC-V/SPARC/PPC/ARM/CISC UNIX and Linux spoken

Re: OpenSSL version 3.3.0 published

r unadpoted platform list: https://www.openssl.org/policies/general-supplemental/platforms.html And while we endeavor to keep openssl building on as many platforms as possible, its not feasible to cover all the currently unmaintained platforms. You do have some agency here however. If you are wi

Re: OpenSSL version 3.3.0 published

ble to get a good result if I go with "no-quic" in the config : hubble $ $PERL ./Configure solaris64-sparcv9-cc \ > --prefix=/opt/bw no-asm no-engine shared zlib-dynamic \ > no-quic enable-weak-ssl-ciphers -DPEDANTIC 2>&1 Configuring OpenSSL version 3.3.0 for target solaris64-

Re: OpenSSL version 3.3.0 published

there really is not any libatomic support. Well, there is sort of but it is a hack. Given how portable the code is there must be a configuration option somewhere to disable the need for those atomic ops. Meanwhile, OpenSSL 3.0.x builds and tests flawlessly but ... how long will that last

Re: OpenSSL version 3.3.0 published

On 4/9/24 08:56, OpenSSL wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL version 3.3.0 released == Trying to compile this on an old Solaris 10 machine and over and over and over I see these strange things as Undefined symbols

Re: goto out not working in tests

On Mon, May 06, 2024 at 11:34:59PM -0600, The Doctor via openssl-users wrote: > Using clang versino 18 > > and it is spewing at goto out > Line 417 and 434 of test/threadstest.c in openssl-3.3 daily -- Member - Liberal International This is doc...@nk.ca Ici doc...@nk.ca

goto out not working in tests

Using clang versino 18 and it is spewing at goto out -- Member - Liberal International This is doc...@nk.ca Ici doc...@nk.ca Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising! Look at Psalms 14 and 53 on Atheism ;

RE: Open SSL 1.1.1 and Vxworks 5.4.2 - Query on Entropy source

Users, An update here: See that we have OPENSSL_RAND_SEED_OS defined on our VxWorks based system. Would it be a trusted entropy source ? The default for VxWorks seems to be OPENSSL_RAND_SEED_NONE. Thanks, Prithvi From: Prithvi Raj R (Nokia) Sent: Tuesday, April 30, 2024 12:47 AM To: openssl

Invalid code generated by GCC on 32-bit x86 in gcm128.c

We recently debugged, and found a workaround for, a GCC [###version] code-generation error when compiling OpenSSL 3.0.8 for 32-bit on Intel x86. This error resulted in a use of a misaligned memory operand with a packed-quadword instruction, producing a SIGSEGV on RedHat 8. (I'm a bit surprised

Re: [External] : Re: BIO_read() crash

On Mon, Dec 05, 2022 at 11:31:18AM -0800, Thomas Dwyer III wrote: > Why does EVP_get_digestbyname("md4") return non-NULL if the legacy provider > isn't loaded? Similarly, why does it return non-NULL for "md5" after doing > EVP_set_default_properties(NULL, "fips=yes")? This seems unintuitive.

OpenSSL version 3.1.0-alpha1 published

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL version 3.1 alpha 1 released OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ OpenSSL 3.1 is currently in alpha. OpenSSL 3.1 alpha 1 has now been made available

Re: Upgrading OpenSSL on Windows 10

​​> From: Steven_M.irc > Sent: Thursday, November 24, 2022 21:21 > > This is not true in the general case. There are applications which are > > available on Linux which do not use the > > distribution's package manager. There are applications which use their own >

RE: Upgrading OpenSSL on Windows 10

, Job Cacka wrote: > Michael's point should be asked and answered first for your environment. > > To find all of the OpenSSL bits used on a windows system you would use > Powershell or a tool that flexes its use like PDQ Inventory. There is a > steep learning curve and it is pro

Re: Upgrading OpenSSL on Windows 10

their own OpenSSL build, possibly linked > statically or linked into one of their own shared objects or with the OpenSSL > shared objects renamed. Linux distributions have not magically solved the > problem of keeping all software on the system current. That's disheartening

Re: an oldie but a goodie .. ISO C90 does not support 'long long'

On 2022-11-15 21:36, Phillip Susi wrote: Jakob Bohm via openssl-users writes: Performance wise, using a newer compiler that implements int64_t etc. via frequent library calls, while technically correct, is going to run unnecessarily slow compared to having algorithms that actually use

Re: Upgrading OpenSSL on Windows 10

> From: openssl-users on behalf of > Steven_M.irc via openssl-users > Sent: Monday, November 21, 2022 15:56   > However, I am running Windows 10, and since (unlike Linux) every piece of > software outside of Windows itself > needs to be updated individually, I don't know

Upgrading OpenSSL on Windows 10

Hi All, A few weeks ago I sent this e-mail to the group: https://mta.openssl.org/pipermail/openssl-users/2022-November/015613.html I received a couple of replies, but sadly I have been too busy to respond to them. Regardless, I need a bit more information please. In one of the replies, Viktor

Re: X52219/X448 export public key coordinates

Thanks for the explanation, that probably makes sense. Thank you Matt From: Kyle Hamilton Date: Monday, 21 November 2022 12:46 To: ORNEST Matej - Contractor Cc: openssl-users Subject: Re: X52219/X448 export public key coordinates The reason has to do with the type of curve representation

Re: X52219/X448 export public key coordinates

implemented outside the context of EC. It’s not clear to me why but I believe there’s a good reason for it. Anyway, thanks for your answer! Regards Matt On 18. 11. 2022, at 17:13, Kyle Hamilton wrote:  X25519? On Mon, Nov 14, 2022, 05:23 ORNEST Matej - Contractor via openssl-users mailto:openssl

X52219/X448 export public key coordinates

rt those key types in desired format? I’m using OpenSSL version 1.1.1q. Thank you very much for any hint Matt

Fw:OpenSSL AES Decryption fails randomly C++

: "WuJinze" <294843...@qq.com; Date:Sat, Nov 12, 2022 06:17 PM To:"openssl-users"

OpenSSL AES Decryption fails randomly C++

Dear OpenSSL Group, Greetings. I was working on writing simple aes encrypt/decrypt wrapper function in c++ and running into a strange problem. The minimal reproducible examples in gist seems working fine but when i uncomment lines 90-92, it will fail to decrypt randomly. Can someone help me

Re: an oldie but a goodie .. ISO C90 does not support 'long long'

On 2022-11-06 23:14, raf via openssl-users wrote: On Sat, Nov 05, 2022 at 02:22:55PM +, Michael Wojcik wrote: From: openssl-users On Behalf Of raf via openssl-users Sent: Friday, 4 November, 2022 18:54 On Wed, Nov 02, 2022 at 06:29:45PM +, Michael Wojcik via openssl-users wrote

Re: an oldie but a goodie .. ISO C90 does not support 'long long'

On Sat, Nov 05, 2022 at 02:22:55PM +, Michael Wojcik wrote: > > From: openssl-users On Behalf Of raf > > via > > openssl-users > > Sent: Friday, 4 November, 2022 18:54 > > > > On Wed, Nov 02, 2022 at 06:29:45PM +, Michael Wojcik via openssl-us

Re: TLS 1.3 Early data

On Sat, Nov 05, 2022 at 11:50:18AM +0100, Dirk Menstermann wrote: > Hello, > > I did few experiments with early data but was not successful in solving my > exotic use case: "Using early data dependent on the SNI" > > I control the server (linux, supports http2) b

RE: an oldie but a goodie .. ISO C90 does not support 'long long'

> From: openssl-users On Behalf Of raf via > openssl-users > Sent: Friday, 4 November, 2022 18:54 > > On Wed, Nov 02, 2022 at 06:29:45PM +, Michael Wojcik via openssl-users > wrote: > > > > > I'm inclined to agree. While there's an argument fo

Re: an oldie but a goodie .. ISO C90 does not support 'long long'

On Wed, Nov 02, 2022 at 06:29:45PM +, Michael Wojcik via openssl-users wrote: > > From: openssl-users On Behalf Of Phillip > > Susi > > Sent: Wednesday, 2 November, 2022 11:45 > > > > The only thing to fix is don't put your compiler in strict C90 mode. >

RE: OpenSSL 3.0.7 make failure on Debian 10 (buster)

> From: openssl-users On Behalf Of Matt > Caswell > Sent: Friday, 4 November, 2022 06:43 > > This looks like something environmental rather than a problem with > OpenSSL itself. /usr/lib/gcc/x86_64-linux-gnu/8/include-fixed/limits.h > is clearly a system include file, t

Re: Output buffer length in EVP_EncryptUpdate for ECB mode

! The context I asked is that the rust-openssl wrapper always requires the output buffer to be at least as big as the input buffer + the cipher's block size [0] (assuming pessimistic case). That is even if I always feed the EVP_EncryptUpdate with blocks exactly 16 bytes long the wrapper requires 32

RE: SSL_read empty -> close?

> From: Felipe Gasper > Sent: Thursday, 3 November, 2022 10:43 > > > > And your description looks wrong anyway: shutdown(SHUT_RD) has > > implementation-defined behavior for TCP sockets (because TCP does not > > announce the read side of half-close to the peer), and on Linux causes > > blocked

RE: SSL_read empty -> close?

in thing. It's obscure in the sense that a great many people trying to use TLS get much more basic things wrong. More generally, the OpenSSL documentation mostly covers the OpenSSL APIs, and leaves networking up to the OpenSSL consumer to figure out. The OpenSSL wiki covers topics that people have w

Output buffer length in EVP_EncryptUpdate for ECB mode

for additional block is needed in this case ("(inl + cipher_block_size) bytes")? I'm trying to understand the differences between OpenSSL and other cryptographic backends in an OpenPGP library [1]. Thank you for your time and help! Kind regards, Wiktor [1]: https://gitlab.com/sequoia-pgp/sequoia/-/merge_requests/1361#note_1150958453

RE: SSL_read empty -> close?

xhaustively > familiar with it, but I don’t remember having seen such.) I doubt it. I don't see anything on the wiki, and this is a pretty obscure issue, all things considered. > It almost seems like, given that TLS notify-close then TCP close() (i.e., > without awaiting the peer’s TLS notify-clos

RE: Worried about the vulnerabilities recently found in OpenSSL versions 3.0.0 - 3.0.6.

> From: openssl-users On Behalf Of > Steven_M.irc via openssl-users > Sent: Wednesday, 2 November, 2022 17:18 > > I'm really worried about the vulnerabilities recently found in OpenSSL > versions 3.0.0 - 3.0.6. Why? What's your threat model? > If I understand things cor

How to upgrade openssl from 3.0.2 to 3.0.7

Hi Team, I want to upgrade the openssl version from 3.0.2 to 3.0.7. My OS version is Ubuntu 22.04.1 LTS (Jammy Jellyfish). Please help .It is urgent. Regards, Anupam

自动回复: Re: Worried about the vulnerabilities recently found in OpenSSLversions 3.0.0 - 3.0.6.

这是一封自动回复邮件。已经收到您的来信，我会尽快回复。

Worried about the vulnerabilities recently found in OpenSSL versions 3.0.0 - 3.0.6.

Hi All, I'm really worried about the vulnerabilities recently found in OpenSSL versions 3.0.0 - 3.0.6. If I understand things correctly (and please do correct me if I'm wrong), it doesn't matter which version of OpenSSL clients are running, only which version of OpenSSL *servers* are running

RE: SSL_read empty -> close?

o seems like EPIPE is a > “fact of life” here. Yeah. That's because an OpenSSL "read" operation can do sends under the covers, and an OpenSSL "send" can do receives, in order to satisfy the requirements of TLS. Depending on the TLS version and cipher suite being used, it

Re: an oldie but a goodie .. ISO C90 does not support 'long long'

On 11/2/22 18:29, Michael Wojcik via openssl-users wrote: From: openssl-users On Behalf Of Phillip Susi Sent: Wednesday, 2 November, 2022 11:45 The only thing to fix is don't put your compiler in strict C90 mode. I'm inclined to agree. While there's an argument for backward compatibility

RE: an oldie but a goodie .. ISO C90 does not support 'long long'

> From: openssl-users On Behalf Of Phillip > Susi > Sent: Wednesday, 2 November, 2022 11:45 > > The only thing to fix is don't put your compiler in strict C90 mode. I'm inclined to agree. While there's an argument for backward compatibility, C99 was standardized nearly a quart

Re: an oldie but a goodie .. ISO C90 does not support 'long long'

Mraz, OpenSSL So fix it? Feels like we are just going around and around in circles here : Strict C90 CFLAGS results in sha.h:91 ISO C90 does not support long long https://github.com/openssl/openssl/issues/10547 OPENSSL_strnlen SIGSEGV in o_str.c line 76 https://github.com

RE: ungrade openssl 3.0.2 to 3.0.7

Anupam, please don’t attempt to install an openssl version which you built yourself to your Linux system, it might brake your applications. Your Linux distribution (Ubuntu) installs their own compiled versions which you can upgrade using its package manager (apt) Regards, Matthias From

  1   2   3   4   5   6   7   8   9   10   >