> On Sep 15, 2022, at 4:27 PM, Michael Wojcik via openssl-users
> wrote:
>
>> From: openssl-users On Behalf Of Philip
>> Prindeville
>> Sent: Thursday, 15 September, 2022 15:41
>
>> I was thinking of the case where the directory containing the keys (
> On Sep 13, 2022, at 8:10 PM, Shawn Heisey via openssl-users
> wrote:
>
> On 9/13/22 14:17, Philip Prindeville wrote:
>> But what happens when the file we encounter is a symlink? If the symlink is
>> owned by root but the target isn't, or the target permissions
, etc.
So... what's the Best Practices list for handling private key materials? Has
anyone fleshed this out?
The specific bug, if anyone is interested, is:
https://issues.asterisk.org/jira/browse/ASTERISK-30213
Thanks,
-Philip
But I just wanted to make sure.
Thanks,
-Philip
> On May 17, 2022, at 4:32 AM, Matt Caswell wrote:
>
>
>
> On 16/05/2022 23:48, Philip Prindeville wrote:
>> Sorry, I shouldn't have phrased that inartfully.
>> There is no EVP_CIPHER_CTX_get_padding(), so how does one achieve something
>> analogou
Sorry, I shouldn't have phrased that inartfully.
There is no EVP_CIPHER_CTX_get_padding(), so how does one achieve something
analogous?
> On May 16, 2022, at 1:00 PM, Philip Prindeville
> wrote:
>
> Thanks. That fixed the return value of EVP_CipherFinal().
>
> Is
led after the
> EVP_CipherInit() to have an effect.
>
> Also what is the AST_CRYPTO_AES_BLOCKSIZE value? Is it in bits (i.e,
> 128)?
>
> Also res should be initialized to -1 so you do not return uninitialized
> value on error.
>
> Tomas Mraz
>
> On Fri, 2022-05-1
sues" in Github, or were bugs tracked somewhere else? I
can't remember...
Thanks,
-Philip
Openssl already supports cross-compiles, since OpenWRT and Yocto/OpenEmbedded
use it as-is.
https://github.com/openwrt/openwrt/blob/master/package/libs/openssl/Makefile#L328..L357
> On May 6, 2022, at 6:25 AM, ~ Kunal Sharma ~ wrote:
>
> Hi friends,
>
> My objective is to compile OpenSSL
Here's a simple/stupid test program and its output, running on Ubuntu 20.04 LTS:
OpenSSL 1.1.1f 31 Mar 2020
EVP_CIPHER_CTX_new returns 0x5627171042a0
EVP_CipherInit returns 1
EVP_CipherUpdate returns 1, outlen = 0
buf: 'Mary had a littl'
EVP_CipherFinal returns 0, finallen = 0
buf: 'Mary had a
> On May 13, 2022, at 10:55 AM, Philip Prindeville
> wrote:
>
>
>
>> On May 13, 2022, at 10:34 AM, Matt Caswell wrote:
>>
>>
>>
>> On 13/05/2022 16:49, Philip Prindeville wrote:
>>> Hi,
>>> I'm trying to rewrite some legacy
> On May 13, 2022, at 10:34 AM, Matt Caswell wrote:
>
>
>
> On 13/05/2022 16:49, Philip Prindeville wrote:
>> Hi,
>> I'm trying to rewrite some legacy AES_* code to use EVP_CIPHER_* so it's
>> forward compatible into 3.x.
>> My code, i
tes
decrypted into "out" on success.
Thanks,
-Philip
ith RSA_PKCS1_PADDING.
>
> Tomas
>
> On Thu, 2022-05-05 at 10:35 -0600, Philip Prindeville wrote:
>> Bonjour. Et milles mercis.
>>
>> That was helpful.
>>
>> One more question: if I want to reproduce RSA_sign() (and
>> RSA_verify()) using evp_key_s
if that's the case)?
-Philip
> On May 4, 2022, at 3:45 AM, Erwann Abalea wrote:
>
> Bonjour,
>
> The ASN.1 structure (it's a DigestInfo) is part of the PKCS#1 v1.5 padding
> for signature operations.
> PKCS#1v1.5 is rewritten in RFC2313.
>
> Using the command l
signing besides rsautl?
Thanks,
-Philip
and 3.0?
> On Apr 27, 2022, at 10:43 AM, Philip Prindeville
> wrote:
>
> Hi,
>
> I've been trying to rewrite the res_crypto.so support in Asterisk to use
> Openssl-1.1.x and the EVP_PKEY interface, rather than the AES_* and RSA_*
> stuff.
>
> The AES stuff uses
stion: how do other people deal with this?
Thanks,
-Philip
> On Mar 30, 2022, at 10:25 AM, William Roberts
> wrote:
>
> On Tue, Mar 29, 2022 at 3:40 PM Philip Prindeville
> wrote:
>>
>> Hi,
>>
>> I'm trying to develop a newer replacement module for Asterisk's res_crypto
>> that is (for now) 1.1.
.
Anyway, more eyes on the problem are always a good thing.
Thanks,
-Philip
Hi,
I was wondering if there was some sort of sentinel variable that tells us if
is exporting access to the bio_st structure, or not.
Thanks,
-Philip
*) into a EVP_PKEY
canonically in 1.1.0?
I can't find an example in the docs.
Thanks,
-Philip
I'm getting daily reports about static analysis failures:
https://github.com/pprindeville/openssl/runs/5060866030?check_suite_focus=true
Which says:
Run wget https://scan.coverity.com/download/linux64 \
wget https://scan.coverity.com/download/linux64 \
--post-data
remember how I
> figured it out, but I think I might have had to look at req.c rather than
> finding documentation.
>
Should supporting openssl.cnf be part of the library API, or externally handled
in the command-line utility where it then passes in the values extracted from
that file?
I'm inclined to KISS and going with the latter.
-Philip
nularity of
libraries.
Maybe even libasn1 being carved out as its own library, even if other things
like libssl and libx509 having dependencies on it.
-Philip
> On Dec 22, 2021, at 11:58 AM, Kyle Hamilton wrote:
>
> From a conceptual perspective, I think "creating a CSR
?
The latter would allow me to move the CSR code into a library and have the app
exercise that API.
The only downside I can see is that the self-signed certificate path might need
to duplicate some of the library code.
Is that acceptable?
Thanks,
-Philip
... Is this code even correct? What am I missing? Ditto for
X509_REQ_add_extensions().
Thanks,
-Philip
> On Apr 29, 2021, at 8:15 AM, Matt Caswell wrote:
>
>
> On 29/04/2021 15:04, Joe Eremita wrote:
>> datasig_len = i2d_X509_REQ_INFO( req->req_info, NULL );
>
> You can achieve this by instead doing:
>
> datasig_len = i2d_re_X509_REQ_tbs(req, NULL);
>
> See:
>
>
multi-valued RDNs if canmulti
> * and characters may be escaped by \
> */
> X509_NAME *parse_name(const char *cp, int chtype, int canmulti, const char
> *desc)
>
> Would be good to have such a function as part of the X.509 API.
>
> David
>
> On 23.07.
s in X509_NAME_oneline(3), x509(1), ... So a public API for
> that format may not be a good idea. Perhaps there could be parsers for
> the "rfc2253", "rfc2254" and "oneline" formats (or a single parser with
> flags to select the format).
>
> --
> Viktor.
>
And "rfc4514"... yeah, that would work too.
-Philip
multi-valued RDNs if canmulti
> * and characters may be escaped by \
> */
> X509_NAME *parse_name(const char *cp, int chtype, int canmulti, const char
> *desc)
>
> Would be good to have such a function as part of the X.509 API.
>
> David
>
> On 23.07.
Hi,
I'm wondering what the function is that takes a string and returns X509_NAME
with the attribute/value pairs of the parsed DN.
Thanks,
-Philip
Hi all,
Does anyone have any reference code for implementing server-side App Attest for
iOS clients?
Thanks,
-Philip
Did you ever get to the root of this?
-Philip
> On Oct 30, 2018, at 5:52 PM, Pietu Pohjalainen wrote:
>
> Dear all,
>
> I have been trying to verify hardware attestation certificates originating
> from different Android phones with the OpenSSL tool. There seems to
> On Aug 15, 2018, at 2:09 PM, Richard Weinberger wrote:
>
> Philip,
>
> Am Mittwoch, 15. August 2018, 21:36:30 CEST schrieben Sie:
>>
>>> [snip]
>>
>>
>> Have you tried using Libevent? It supports SSL/TLS/DTLS connections.
>
> C
ll hope I miss something.
> Can you please help me to figure what the correct approach for multiple
> clients is?
>
> Thanks,
> //richard
Have you tried using Libevent? It supports SSL/TLS/DTLS connections.
-Philip
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
wn can be implemented in
Libevent.
Thanks,
-Philip
> On Aug 1, 2018, at 1:46 PM, Alex H wrote:
>
> [...] The other party MUST respond with a close_notify alert of its own and
> close down the connection immediately, discarding any pending writes.
>
> I've read this befor
;copy through" the AKI into the request with -x509toreq?
Also attaching the script I’m using.
And yes, it’s a 1024-bit key… It’s probably worth scrapping the old key and
generating a new one, but before I do that I want to solve the AKI issue...
Thanks,
-Philip
example.crt
D
Well, since we will never go to 1.1, I guess we don't have to worry about it.
From: openssl-users on behalf of Kurt
Roeckx
Sent: Saturday, July 2, 2016 5:53:20 AM
To: openssl-users@openssl.org
Subject: Re:
Hello,
I am looking for the Changelog that explains the changes between
openssl-fips-2.0.9 and 2.0.12.
The README.FIPS that comes with 2.0.12 points here:
https://www.openssl.org/docs/fips but I cannot find the changes.
Any help would be most appreciated.
Thanks,
Phil
This was because one of my application makefiles wasnt updated to include
the crypto/modes/ folder in its INCLUDES definition.
On Thu, Feb 18, 2016 at 8:51 PM, Bobby Philip <bobbyphi...@gmail.com> wrote:
> Hi,
> I am trying to compile openssl 1.0.1r for android and statically
Hi,
I am trying to compile openssl 1.0.1r for android and statically link to
my application.
I am getting a compile error in the file
https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/crypto/evp/e_aes.c
at line 61 # include "modes_lcl.h"
This modes_lcl.h is present at
Hello,
In pursuit of FIPS validation using OpenSSL 1.0.2a/ FIPS 2.0.9, we are required
by our testing lab to perform KDF tests for TLS (see document NIST SP800-135,
Rev 1 section 4.2).
Could you please point us to where the source for the KDF TLS test(s) are
available.
Thank you,
Phil
One more item of note:
The code appears to be erroring out on the keyword SEED.
Looking at the source code there appears to be no provision to accept that
word, hence the parse error.
Hello,
We are testing our FIPS implementation which is based on openssl-1.0.2a and
openssl-fips-2.0.9.
Hello,
We are testing our FIPS implementation which is based on openssl-1.0.2a and
openssl-fips-2.0.9.
We are executing tests on the target machine (which doesn't support running
perl scripts so we cannot run fipsalgtest.pl)
that are included in the openssl-fips-2.0.9/fips directory, using
Hello,
We use OpenSSL-1.0.2a and FIPS 2.0.9 and have questions we need to answer in
conjunction with the FIPS validation
process.
One question is whether SHA1 accepts NULL (zero-length) messages? I couldn't
find anything on the OpenSSL
wiki so I thought I'd ask here.
Also, another questions is
Hello,
We use OpenSSL-1.0.2a and FIPS 2.0.9 and have questions we need to answer in
conjunction with the FIPS validation
process.
One question is whether SHA1 accepts NULL (zero-length) messages? I couldn't
find anything on the OpenSSL
wiki so I thought I'd ask here.
Also, another
Hello,
We are using Openssl-1.0.2a with FIPS 2.0.9 on Linux PPC environment. We have
code that we assume needs updating,
to avoid using low level routines in FIPS. For example, our snmp v3
implementation currently decrypts/encrypts using
AES_set_encrypt_key() and AES_cfb128_encrypt().
The old
-boun...@openssl.org] On Behalf Of
Philip Bellino
Sent: Monday, April 06, 2015 8:03 AM
To: openssl-users@openssl.org
Subject: [openssl-users] FIPS wrapper to lock low level AES calls in FIPS mode
Hello,
We are using Openssl-1.0.2a with FIPS 2.0.9 on Linux PPC environment. We have
code that we assume
/index.php/EVP_Symmetric_Encryption_and_Decryption
Hope this helps,
Regards,
Michel.
De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de
Philip Bellino
Envoyé : jeudi 26 mars 2015 15:53
À : openssl-users@openssl.orgmailto:openssl-users@openssl.org
Objet : [openssl-users
I am using OpenSSL-1.0.2a EVP routines to encrypt and decrypt passwords
with cipher des_ede3_cbc as follows:
encrypt routines:
EVP_CIPHER_CTX_init
EVP_EncryptInit_ex
EVP_EncryptUpdate
EVP_EncryptFinal_ex
EVP_CIPHER_CTX_cleanup
decrypt routines:
EVP_CIPHER_CTX_init
EVP_DecryptInit_ex
Hello,
I am using the Openssl-1.0.2 with openssl-fips-2.0.9 and have a question?
If AES CBC Encryption is considered vulnerable to an attacker with the
capability to inject arbitrary traffic into the plain-text stream, then why is
it listed as an approved algorithm/option in table 4A on page 14
Hello,
I am using the Openssl-1.0.2 with openssl-fips-2.0.9 and have a question.
In the FIPS-198-1 document, Chapter 5 discusses truncation with MACs.
http://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf
I believe HMAC-SHA1-96 falls under this category, but I do not see its
Hello,
We built OpenSSL-1.0.1j (and OpenSSL-fips-2.0.7) within my PowerPC-target
build environment and have been using it successfully.
We now have upgraded to use OpenSSL-1.0.2 (and OpenSSL-fips-2.0.9).
It cannot successfully build because of the following error (which occurs
identically 16
Hello,
I apologize if this is not the correct forum for my questions, so here goes.
1. Are the RSA JSafeJCE and the IBM' IBMJESFIPS cryptographic modules
being used widely against Openssl in FIPS mode?
2. If so, have these modules kept pace with the latest Openssl FIPS
And that's back up and working, right? I've not seen any messages
today, but then again it's the holidays...
On 12/22/2014 08:56 AM, Steve Marquess wrote:
We've been experiencing some issues with the system that handles
@openssl.org E-mail and the mailing lists. The hardware vendor will be
is Bcc’d.
-Philip
___
openssl-users mailing list
openssl-users@openssl.org
https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
Did you ever get anywhere on this?
I’m also looking for a function to generate a fingerprint (either MD5 or SHA-1
digest) over a public key DER string.
Thanks.
On Aug 15, 2012, at 2:53 AM, Curt Sampson c...@cynic.net wrote:
I'm designing a protocol that requests certificates for specific
Hello,
I am currently using openssl-fips-2.0.7 and I noticed that 2.0.8 is available
on the website.
Neither distribution contain a changelog, so I was wondering what changes were
made to 2.0.8.
Thanks,
Phil
Phil Bellino
Principal Software Engineer | MRV Communications Inc.
300 Apollo Drive |
for something
more current.
Anyone have any recommendations?
Thanks,
-Philip
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated
not documented...
Can someone point me in the right direction to do this efficiently? Even
though I’m not passing a lot of data in these messages, I do need to keep the
latency from processing down.
Thanks,
-Philip
P.S. Back in May it sounded like Kevin Le Gouguec was trying to do something
Jeffrey,
May I ask why you included no-ssl2 as an option to config?
Is only adding no-ssl3 not sufficient enough to fully disable SSLv3?
Thanks,
Phil
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Jeffrey Walton
Sent:
Hello,
Using an FC core Linux 2.6.x i686 system.
In openssl-1.0.1h, we were able to build/execute the heartbeat_test as is.
In Openssl-1.0.1j, we are now required to add a Configure option
enable-unit-test to use the heartbeat_test.
Also, the heartbeat_test executable in 1.0.1h was 14K in
system search paths. This will get the correct header files from the
source tree. If you do something like '-nostdinc -I${SYSROOT}/usr/include
-Ipath', then the reverse will happen. Ref
https://gcc.gnu.org/onlinedocs/cpp/Search-Path.html.
Jay
On 10/30/2014 12:40 PM, Philip Bellino wrote:
Hello
Hello,
I am running in the following issue when I do a make depend (after the
./config shared no-ssl3):
making depend in ssl...
make[3]: Entering directory '.../openssl-1.0.1j/ssl'
s3_lib.c:3370:4: #error Code needs update for SSLv23_method() support beyond
TLS1_2_VERSION.
Hello,
I am attempting to use the tests provided in the 'test' directory of the
openssl-fips-2.0.7 software. I am under the impression that I should be able to
build these tests, transport them to our target hardware and execute them in
order to test our port of the openssl and fips software.
Hello,
I am attempting to use the tests provided in the 'test' directory of the
openssl-1.0.1h software. I have successfully built and ran the tests on our
target hardware. There is one test in particular, ssltest, that appears to
have a multitude of optional arguments/options that could be
PM
To: openssl-users@openssl.org
Cc: Barone, Philip
Subject: Re: Make issue with openssl-1.0.0f and openssl-1.0.0j
The error message is all important.
ar: ../../libcrypto.a: cannot write: Bad address
Bad address is an invalid pointer, cannot write means some access or
system error
Hi,
I am having issues make'ing openssl-1.0.0j, f fails as well, on Solaris Patch
level 5.10 Generic_147440-13 sparc. It works fine at OS patch level 5.10
Generic_125100-10 sparc.
I am compiling this using solaris64-sparcv9-cc like I have always done.
It fails trying to create libcrypto.a,
, Barone, Philip wrote:
Hi,
I am having issues make'ing openssl-1.0.0j, f fails as well, on
Solaris Patch level 5.10 Generic_147440-13 sparc. It works fine at
OS patch level 5.10 Generic_125100-10 sparc.
I am compiling this using solaris64-sparcv9-cc like I have always
done.
It fails trying
remove
. The
encrypted file .txt is not readable(not alpha numeric) also when I add
-a it will output a blank .txt file.
Thank you for your help again.
Philip Landreth
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson
Sent
error if I use -nopad but does not decrypt the file. Also
no error with -des-ede-cfb. I am not all that familiar with java and don't know
how to finish the partial jumbled code that I was sent either. I would greatly
appreciate any help with openssl or the partial java code.
Philip Landreth
this, and could save me re-inventing
the wheel by sharing the steps they had done.
Thanks,
-Philip
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users
I have a key file that looks like:
BEGIN SSH2 PUBLIC KEY
Comment: rsa-key-20100318
...
END SSH2 PUBLIC KEY
How do I use openssl rsa ... to munge this into the format suitable
for ~/.ssh/authorized_keys ?
Thanks,
-Philip
Hello,
I have a question about the apache SSL,please help me.
Thanks.(httpd-2.2.15-win32-x86-openssl-0.9.8m-r2.msi)
Operation:
1、I made a SSL certification files by myself, and start the openssl s_server;
OpenSSL s_server -cert server.pem -key server_nokey.pem -accept -state
-debug
Hello,
I previously emailed this issue to the
([EMAIL PROTECTED]) and was told to email openssl
instead, so here goes:
Linux 2.6.22.9
Openssl-0.9.8e
Ipsec-tools-0.7
When I run the configure script for ipsec-tools-0.7 as follows:
./configure -with-openssl=/usr/local/ssl -enable-ipv6 produces
I am trying to use OpenSSL to secure communications between
2 little apps that I am writing myself. I am trying to use TLSv1, and have
tried many different approaches using ADH, as well as authenticating both ends
of the connection, but no matter what I try, I always seem to get the error:
I don't think you're wrong there Alok. The E(KDE)PUBK is
A random Des key taken as _data_ and encrypted asymmetrically
With the recipient's public key. Only the recipient will be
Able to decrypt it, with her private key.
Philip Painter
Hewlett-Packard Company
07747456508
http://ecardfile.com/id
Lutz Jaenicke wrote:
On Wed, Dec 17, 2003 at 03:37:19PM +, Philip L Smith wrote:
I connect fine from one process, display it's details using a version of
SSL_SESSION_print(out,x)
(taken from sess_id.c), then save the session in use to a file
...
This is the output from
Hi Lutz
Have run with ssldump, there doesn't seem to be any session_id being
sent from the client.
I presume it would show up something like session_id[32]=... under the
CS Handshake section.
What else might I be doing wrong, or have not set ?
In overview this is what I do:
--- startup
This may not be the problem but that PEM stuff looks decidedly dodgy. Just do:
s = PEM_read_SSL_SESSION(filePtr, NULL, NULL, NULL);
Hi Steve
This was it ! Not sure where I got it from anyway.
All is now running fine with the client sending the session_id in the
resume string.
I'm having a problem with a client reusing an ssl session between processes.
I connect fine from one process, display it's details using a version of
SSL_SESSION_print(out,x)
(taken from sess_id.c), then save the session in use to a file
===
// save the session to disk
FILE* filePtr;
char
I have to do to generate random number under Tandem. It works under Windows, but not under tamdem.
Anyone can help??
Thanks :(
Philip St-Pierre
Programme IRIS - Atelier Logiciel
Loto-Québec
1801 McGill Collège, 10 ième étage
H3A 2N4
Tel: 514-987-2057 ext. 5072
Title: Error code?
Hi,
I wrote the following lines:
if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1)
{
errCode = ERR_get_error();
ERR_error_string(errCode, errString);
printf(RAND_bytes Error: %s\n, errString);
And here is what i get from the printf:
RAND_bytes Error:
, hence it cannot be bound to
the substitution operator.
Philip Shanks
[EMAIL PROTECTED]
-
If you find a solution and become attached to it,
the solution may become your next problem.
(more wisdom from /usr/games/fortune)
__
OpenSSL
result.
Any help would greatly help the migraine I'm experiencing!
Philip J. Zaleski
Software Engineer
ITT Industries - Advanced Engineering Sciences
775 Daedalian Drive
Rome, NY 13441
Phone: (315) 330-2560
DSN: 587-2560
Email: [EMAIL PROTECTED
Title: problem run test after installing ssleay 0.8.1b
Hi,
I am new to openssl and
I install ssleay 0.8.1b on to NT4,
the compiler is VC++6.
Following is what I encounter.
perl Confirure VC-WIN32
nmake -f ms\ntdll.mak
(everything is fine so far)
cd ms
test
and get the following error:
that.
Basically, I want to save a SSL session in such a way that I can continue it
from within another process and the documentation says that this is the way
to do that.
Any help will be greatly appreciated.
Sincerely,
Philip Stoev
Yes! You may need to use a file "$HOME/.rnd" and stick some random data in
it, but it does work.
Philip Chase
Senior Technical Specialist
DST Canada Inc.
(416
Hi:
Do you know how to write a client program with certification? I don't
know how to setup my client program to use a pem file and let the server
side get the certification.
In one words, how to write a client program to let the
SSL_get_peer_certificate() function call on server side not
on server side.
Philip F. Qi
- Original Message -
From: "Marcos Rogerio" [EMAIL PROTECTED]
To: "Philip F. Qi" [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, June 02, 2000 7:46 AM
Subject: Re:How to write a client to let the SSL_get_peer_certificate call
on server side
: OpenSSL 0.9.3a 29 May 1999
+ SSL library type: installed package (stand-alone)
Error: Cannot find OpenSSL's RSAglue library under /usr/local/ssl/lib
%
I would appreciate any help I can get. Thanks a ton!
-Philip
__
OpenSSL
basically just want
to use ssleay as a lynx client. Never thought it would be this difficult.
Regards,
Philip
Ulf Möller wrote:
The CVS contained an assembler file that should not have been there.
Please remove crypto/bf/asm/bx86unix.cpp and run "make&q
94 matches
Mail list logo