Re: EVP_MD_CTX_free documentation

Matt On 30/07/2021 17:55, Ken Goldman wrote: It would be nice if the documentation would guarantee that this function is a no-op when the parameter is NULL - like the standard free() call. This would save coding (if not NULL) all the time. Same comment for all the _free functions. I know I can

Re: EVP_MD_CTX_free documentation

All our _free functions will accept NULL. We rely on this extensively *everywhere*. We perhaps could be better at documenting it, but you can rely on it. Matt On 30/07/2021 17:55, Ken Goldman wrote: It would be nice if the documentation would guarantee that this function is a no-op when the

EVP_MD_CTX_free documentation

It would be nice if the documentation would guarantee that this function is a no-op when the parameter is NULL - like the standard free() call. This would save coding (if not NULL) all the time. Same comment for all the _free functions. I know I can look at the code, but that doesn't pr

Documentation on openssl 1.0.2 / FIPS module version support for PPC LE

> From: "Bhadri Madapusi" > > Is there any documentation on which version of openssl are supported > on PPC LE. I am trying to figure out which version of 1.0.2 source > and FIPS module to use to compile my nginx with openssl and FIPS. Thank you. Not documentation,

Documentation on openssl 1.0.2 / FIPS module version support for PPC LE

Hi, Is there any documentation on which version of openssl are supported on PPC LE. I am trying to figure out which version of 1.0.2 source and FIPS module to use to compile my nginx with openssl and FIPS. Thank you. regards, Bhadri

Re: Lack of documentation for OPENSSL_ia32cap_P

On Thu, Jul 23, 2020 at 02:35:28AM +0200, Jakob Bohm via openssl-users wrote: > The OPENSSL_ia32cap_P variable, its bitfields and the code that sets > it (in assembler) seemto have no clear documentation. Have you seen the OPENSSL_ia32cap manpage? Kurt

Re: Lack of documentation for OPENSSL_ia32cap_P

On 2020-07-26 01:56, Jan Just Keijser wrote: On 23/07/20 02:35, Jakob Bohm via openssl-users wrote: The OPENSSL_ia32cap_P variable, its bitfields and the code that sets it (in assembler) seemto have no clear documentation. Thanks, I somehow missed that document as I was grepping the code

Re: Lack of documentation for OPENSSL_ia32cap_P

On 23/07/20 02:35, Jakob Bohm via openssl-users wrote: The OPENSSL_ia32cap_P variable, its bitfields and the code that sets it (in assembler) seemto have no clear documentation. Looking at x86_64cpuid.pl, I see jumps to ".Lintel" etc. being conditional on stuff other than the CP

Lack of documentation for OPENSSL_ia32cap_P

The OPENSSL_ia32cap_P variable, its bitfields and the code that sets it (in assembler) seemto have no clear documentation. Looking at x86_64cpuid.pl, I see jumps to ".Lintel" etc. being conditional on stuff other than the CPU being an Intel CPU, while the code in there is generally

Re: documentation on installation

On 05/08/2019 22:53, Dawn Cassara wrote: > Where would I find the easiest, most comprehensive installation instructions > for > Windows 2012 r2? I assume you mean installation of OpenSSL on that platform! Installation instructions are here: https://github.com/openssl/openssl/blob/master/INST

Re: documentation on installation

Perhaps not on an OpenSSL list?You might try stackoverflow.comCharlesSent from a mobile; please excuse the brevity. Original message From: Dawn Cassara Date: 8/5/19 5:53 PM (GMT-05:00) To: openssl-users@openssl.org Subject: documentation on installation Where would I find

documentation on installation

Where would I find the easiest, most comprehensive installation instructions for Windows 2012 r2? -- Dawn Cassara 832-224-6826 / 314-332-0279 Houston / St. Louis Reputation Management http://HoustonRepManagement.com http://StLouisRepManagement.com

Re: [openssl-users] Some documentation about key derivation and block padding

some questions: how many iteration of PBKDF must I do ? Must the result of the encryption be hashed with HMAC ? Kind regards, Alexis. Le ven. 1 févr. 2019 à 13:58, Alexis BRENON @OpenSSL a écrit : > > i everyone, > > I am looking for some documentation on how to pad and/or derive my

[openssl-users] Some documentation about key derivation and block padding

i everyone, I am looking for some documentation on how to pad and/or derive my message and my key (from simple password), to mimic AES 128 ECB en/decryption. For a decorative purpose (no security consideration in mind), I used openssl to encrypt a small message (less than 16 bytes) with a small

Re: [openssl-users] documentation for 1.1.0

On Fri, 15 Sep 2017 15:54:16 + "Salz, Rich via openssl-users" wrote: > Links across versions don’t really work since we moved from “crypto” “ssl” to > man3, etc. > Perhaps we should just take them down. One might suppose that it "failed" to a secure mode. Older files will remain secure

Re: [openssl-users] documentation for 1.1.0

Links across versions don’t really work since we moved from “crypto” “ssl” to man3, etc. Perhaps we should just take them down. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] documentation for 1.1.0

Many pages like: https://www.openssl.org/docs/man1.0.2/crypto/PEM_read_bio_PUBKEY.html will have a link on the right that says: "1.1.0" version, which I'd rather read because I'm using 1.1.0+, but it links to: https://www.openssl.org/docs/man1.1.0/crypto/pem.html which does not exist. Nor

Re: [openssl-users] Openssl 1.1 RSA_get0_key() documentation -> needs-cla

t; https://github.com/openssl/openssl/issues >> >> You'll need a github user id. >> >> > >> > I'd also be willing to help with documentation, if that's possible. >> >> It is possible. Make the relevant changes (file >> doc/ma

Re: [openssl-users] Openssl 1.1 RSA_get0_key() documentation -> needs-cla

ser id. > > > > > I'd also be willing to help with documentation, if that's possible. > > It is possible. Make the relevant changes (file > doc/man3/RSA_get0_key.pod) in a recent checkout of master and then > create a github pull request: > > https://gi

Re: [openssl-users] Openssl 1.1 RSA_get0_key() documentation

t;>> If this behavior is guaranteed, it would be nice if it was documented. >> >> Wanna open an issue to fix the doc? :) >> > > I'd be happy to, but I don't know how. Click "New Issue" on this page: https://github.com/openssl/openssl/issues You&

Re: [openssl-users] Openssl 1.1 RSA_get0_key() documentation

issue to fix the doc? :) I'd be happy to, but I don't know how. I'd also be willing to help with documentation, if that's possible. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Openssl 1.1 RSA_get0_key() documentation

> The __current__ code for this function returns values if the **BIGNUM is > not NULL. Thus, it appears safe to pass in NULL for values not needed. Yes. That's true for many "get" functions. > However, the documentation is silent on this behavior. > > If this be

[openssl-users] Openssl 1.1 RSA_get0_key() documentation

The __current__ code for this function returns values if the **BIGNUM is not NULL. Thus, it appears safe to pass in NULL for values not needed. However, the documentation is silent on this behavior. If this behavior is guaranteed, it would be nice if it was documented. If not, a comment in

Re: [openssl-users] Documentation for Integrating New Cipher Creation Request

Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -Original Message- From: Schmicker, Robert [mailto:rsc...@unh.newhaven.edu] Sent: Monday, 1 May 2017 1:08 PM To: openssl-users@openssl.org Subject: [openssl-users] Documentation for Integrat

Re: [openssl-users] Documentation for Integrating New Cipher Creation Request

> While the process is still fresh in my head, I was wondering if the community > would benefit in having some documentation on the process to follow and > issues that may arise? Possibly add this into the OpenSSL wiki? This would be a great idea. -- openssl-users mailing list To un

[openssl-users] Documentation for Integrating New Cipher Creation Request

libcrypto and libssl. While the process is still fresh in my head, I was wondering if the community would benefit in having some documentation on the process to follow and issues that may arise? Possibly add this into the OpenSSL wiki? I would love for this to be my first contribution to an open

[openssl-users] build.info documentation

Hello, Can anyone here point me in the direction to some documentation on build.info<http://build.info> files? For the most part I’m creating mine using examples from other crypto ciphers but could use some more in depth explanation of what is going on when it is being parsed.

Re: [openssl-users] Missing documentation

Thanks Frank, I assume that by "the SSL error handler" you mean that I can get the error by calling ERR_get_error() ? BR Joachim 2016-11-09 0:54 GMT+01:00 Frank Migge : > Hi Joachim, > > >> It seems like the documentation for SSL_set_tlsext_host_name is gone. > >

Re: [openssl-users] Missing documentation

Hi Joachim, >> It seems like the documentation for SSL_set_tlsext_host_name is gone. >> Does anyone know where I can find the documentation? I am interested in the return values right now. If I got it right: 1) ssl/tls1.h (line 334ff): # define SSL_set_tlsext_host_name(s

Re: [openssl-users] Missing documentation

On 11/08/2016 01:24 AM, Joachim Person wrote: > Hi, > > It seems like the documentation for SSL_set_tlsext_host_name is gone. > Does anyone know where I can find the documentation? I am interested > in the return values right now. > > https://www.openssl.

[openssl-users] Missing documentation

Hi, It seems like the documentation for SSL_set_tlsext_host_name is gone. Does anyone know where I can find the documentation? I am interested in the return values right now. https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_tlsext_host_name.html (Page not found) BR Joachim -- openssl-users

Re: [openssl-users] Wording in OpenSSL documentation for SSL_CTX_set_options

Hi all, Another thing: couldn't SSL_OP_CIPHER_SERVER_PREFERENCE be renamed (or aliased) to SSL_OP_SERVER_PREFERENCE in OpenSSL 1.1.0 because it applies to more objects than only cipher suites? -- Julien Message transféré Sujet : Wording in OpenSSL documentatio

[openssl-users] Wording in OpenSSL documentation for SSL_CTX_set_options

Hi, In a recent discussion in the news.software.nntp newsgroup, we discussed the use of SSL_OP_CIPHER_SERVER_PREFERENCE, and would like to point out a possible improvement in the wording of the documentation of SSL_CTX_set_options. Currently, there is in OpenSSL documentation: https

Re: [openssl-users] suggested enhancement documentation or warning for pkey command line tool

t de Jakob Bohm Envoyé : mardi 27 octobre 2015 02:21 À : openssl-users@openssl.org Objet : Re: [openssl-users] suggested enhancement documentation or warning for pkey command line tool On 26/10/2015 14:02, Viktor Dukhovni wrote: > On Mon, Oct 26, 2015 at 01:21:24PM +0100, Michel wrote: >

Re: [openssl-users] suggested enhancement documentation or warning for pkey command line tool

uld add consistent private key encryption options to all the affected apps, while keeping the historic defaults of each command. Documentation would encourage explicitly specifying the desired format even if it happens to be the current default. Then after a long transition period (to get all manne

Re: [openssl-users] suggested enhancement documentation or warning for pkey command line tool

On Tue, Oct 27, 2015 at 02:21:13AM +0100, Jakob Bohm wrote: > More specifically, the issue is that the currently > recommended command "openssl pkey", allegedly silently > omits the encryption when told not to Base64 encode the > encrypted key. I agree this is a bug, and needs to be fixed. A fat

Re: [openssl-users] suggested enhancement documentation or warning for pkey command line tool

On 26/10/2015 14:02, Viktor Dukhovni wrote: On Mon, Oct 26, 2015 at 01:21:24PM +0100, Michel wrote: I believe it might be usefull to remind in the documentation that the -cipher argment for openssl pkey command line tool is silently ignore when combined with -outform DER. May be it is worth

Re: [openssl-users] suggested enhancement documentation or warning for pkey command line tool

On Mon, Oct 26, 2015 at 01:21:24PM +0100, Michel wrote: > I believe it might be usefull to remind in the documentation that the > -cipher argment for openssl pkey command line tool is silently ignore when > combined with -outform DER. > > May be it is worth to add a warning to

[openssl-users] suggested enhancement documentation or warning for pkey command line tool

Hi, I believe it might be usefull to remind in the documentation that the -cipher argment for openssl pkey command line tool is silently ignore when combined with -outform DER. May be it is worth to add a warning too ? ___ openssl-users mailing list

Re: [openssl-users] minor documentation errors

2015-05-09 21:47 GMT+02:00 Salz, Rich : > >> After getting into building and especially configuring my own CA again I'm >> nearly at the end and I've noticed some errors in the documentation I want >> to report. > > I like the "again" :) Ye

Re: [openssl-users] minor documentation errors

> After getting into building and especially configuring my own CA again I'm > nearly at the end and I've noticed some errors in the documentation I want > to report. I like the "again" :) > 3) On https://www.openssl.org/docs/apps/req.html the option -subj i

[openssl-users] minor documentation errors

Hello list! After getting into building and especially configuring my own CA again I'm nearly at the end and I've noticed some errors in the documentation I want to report. 1) On https://www.openssl.org/docs/apps/ca.html for the -md option not all possible values (sha256, sha384, etc.

Re: [openssl-users] FIPS Linux kernel documentation ?

Steve Marquess writes: >> Are you certain? For a user-space component like OpenSSL, this is >> obviously true, but I think you could argue that a kernel module's >> "Operational Environment" has no relation to the Linux distro, only to >> the kernel it's loaded by and the hardware architecture (

Re: [openssl-users] FIPS Linux kernel documentation ?

On 03/27/2015 04:45 AM, Henrik Grindal Bakken wrote: > Steve Marquess > writes: > >>> If the CMVP bureaucracy insists on a specific kernel version >>> for the platform number, this should be one of the "Long Term >>> Support" kernel releases to maximize longevity (assuming that >>> regular OS pat

Re: [openssl-users] FIPS Linux kernel documentation ?

Steve Marquess writes: >> If the CMVP bureaucracy insists on a specific kernel version >> for the platform number, this should be one of the "Long Term >> Support" kernel releases to maximize longevity (assuming that >> regular OS patching within a version number is still accepted >> as "same pla

Re: [openssl-users] FIPS Linux kernel documentation ?

On 26/03/2015 22:29, Steve Marquess wrote: On 03/26/2015 01:41 PM, Jakob Bohm wrote: On 26/03/2015 16:56, Steve Marquess wrote: On 03/26/2015 11:30 AM, John Foley wrote: We looked at this very briefly a couple of years ago. In theory, there may be a way to achieve the goal as a loadable kerne

Re: [openssl-users] FIPS Linux kernel documentation ?

On 03/26/2015 01:41 PM, Jakob Bohm wrote: > On 26/03/2015 16:56, Steve Marquess wrote: >> On 03/26/2015 11:30 AM, John Foley wrote: >>> We looked at this very briefly a couple of years ago. In theory, there >>> may be a way to achieve the goal as a loadable kernel module (a.k.a. >>> device driver)

Re: [openssl-users] FIPS Linux kernel documentation ?

On 26/03/2015 16:56, Steve Marquess wrote: On 03/26/2015 11:30 AM, John Foley wrote: We looked at this very briefly a couple of years ago. In theory, there may be a way to achieve the goal as a loadable kernel module (a.k.a. device driver). The idea would be to have a kernel module that provid

Re: [openssl-users] FIPS Linux kernel documentation ?

On 03/26/2015 01:00 PM, Marcus Meissner wrote: > ... >> >> Unfortunately FIPS 140-2 validation conflicts rather violently with open >> source software (and with software engineering best practice in general, >> for that matter). Even if some benevolent benefactor ponied up the >> quarter megabuck i

Re: [openssl-users] FIPS Linux kernel documentation ?

On Thu, Mar 26, 2015 at 10:57:28AM -0400, Steve Marquess wrote: > On 03/25/2015 06:26 PM, jone...@teksavvy.com wrote: > > On Wed, 25 Mar 2015 17:03:04 -0400 > > Steve Marquess wrote: > > > >> I wasn't aware the Linux kernel (the real one, not proprietary > >> commercial derivatives) had a "FIPS"

Re: [openssl-users] FIPS Linux kernel documentation ?

On 03/26/2015 11:30 AM, John Foley wrote: > We looked at this very briefly a couple of years ago. In theory, there > may be a way to achieve the goal as a loadable kernel module (a.k.a. > device driver). The idea would be to have a kernel module that provides > crypto support. This kernel module

Re: [openssl-users] FIPS Linux kernel documentation ?

We looked at this very briefly a couple of years ago. In theory, there may be a way to achieve the goal as a loadable kernel module (a.k.a. device driver). The idea would be to have a kernel module that provides crypto support. This kernel module would be the FIPS object module, with the FIP

Re: [openssl-users] FIPS Linux kernel documentation ?

On 03/25/2015 06:26 PM, jone...@teksavvy.com wrote: > On Wed, 25 Mar 2015 17:03:04 -0400 > Steve Marquess wrote: > >> I wasn't aware the Linux kernel (the real one, not proprietary >> commercial derivatives) had a "FIPS" mode. Please enlighten me. > > It could very well be that the word 'mode' i

Re: [openssl-users] FIPS Linux kernel documentation ?

On Wed, 25 Mar 2015 17:03:04 -0400 Steve Marquess wrote: > I wasn't aware the Linux kernel (the real one, not proprietary > commercial derivatives) had a "FIPS" mode. Please enlighten me. It could very well be that the word 'mode' is not the right one. 'option' would perhaps be better. This art

Re: [openssl-users] FIPS Linux kernel documentation ?

On 03/25/2015 04:12 PM, jonetsu wrote: > Hello, > > This is not about OpenSSL, although from experience, maybe some know > the answer. Does anyone know if actual documentation exists for the > Linux kernel FIPS mode apart from the source itself ? There is > nothing in Doc

Re: [openssl-users] FIPS Linux kernel documentation ?

On Wed, Mar 25, 2015 at 4:12 PM, jonetsu wrote: > Hello, > > This is not about OpenSSL, although from experience, maybe some know the > answer. Does anyone know if actual documentation exists for the Linux kernel > FIPS mode apart from the source itself ? There is nothing i

[openssl-users] FIPS Linux kernel documentation ?

Hello,   This is not about OpenSSL, although from experience, maybe some know the answer. Does anyone know if actual documentation exists for the Linux kernel FIPS mode apart from the source itself ?  There is nothing in Documentation/ as per 3.18.2.  - thanks. Regards

RE: Documentation pointers

On 10/4/2013 at 9:52 PM Dave Thompson wrote: |> From: owner-openssl-us...@openssl.org On Behalf Of Mike. |> Sent: Friday, October 04, 2013 16:28 | |> I have just started to learn OpenSSL, and I am having troubles |> finding documentation that is helpful. |> |> www.openssl.org

RE: Documentation pointers

> From: owner-openssl-us...@openssl.org On Behalf Of Mike. > Sent: Friday, October 04, 2013 16:28 > I have just started to learn OpenSSL, and I am having troubles > finding documentation that is helpful. > > www.openssl.org seems to have lots of reference documentation, but

Documentation pointers

I have just started to learn OpenSSL, and I am having troubles finding documentation that is helpful. www.openssl.org seems to have lots of reference documentation, but not too much in usage documentation, e.g., what are the typical contents expected in the SAN for a CA cert vs. those of a

OpenSSL 1.0.1c and configuring without documentation?

Hi All, Is it possible to configure a build that does not include documentations? I'm working on Mac OSX, and I have three targets under /usr/local/ssl/ (iphoneos, iphonesimulator, and macosx). There's no reason to install the documentation over top itself multiple ti

RE: Documentation for TXT_DB errors?

y, October 04, 2012 11:43 AM To: openssl-users@openssl.org Subject: Re: Documentation for TXT_DB errors? On 10/03/2012 05:49 AM, Dave Thompson wrote: >> I deleted index.txt and reset serial.txt to 00 and that >> solved the problem. >> >> Hope that was not a terrible idea. I

Re: Documentation for TXT_DB errors?

On 10/03/2012 05:49 AM, Dave Thompson wrote: >> I deleted index.txt and reset serial.txt to 00 and that >> solved the problem. >> >> Hope that was not a terrible idea. In my opinion, reusing serials is a *very bad* idea in general. It is definitely deprecated and maybe forbidden in some legal cont

RE: Documentation for TXT_DB errors?

nation (cf Sherlock Holmes). But I suggest keeping track of what you do, so if the problem does recur you can post a complete scenario for us (maybe but not necessarily me) to look at. > Charles > > -----Original Message- > From: Charles Mills [mailto:charl...@mcn.org] &

RE: Documentation for TXT_DB errors?

charl...@mcn.org] Sent: Tuesday, October 02, 2012 9:03 AM To: 'openssl-users@openssl.org' Subject: RE: Documentation for TXT_DB errors? Dave, as always, thanks. > Unlike most(?) other modules in openssl, txt_db does NOT use the ERR_ module with its error strings I love OpenSSL and I&#

RE: Documentation for TXT_DB errors?

Dave, as always, thanks. > Unlike most(?) other modules in openssl, txt_db does NOT use the ERR_ module with its error strings I love OpenSSL and I'm not going to tell you how to run your organization but better documentation would probably mean both wider acceptance and fewer dumb q

RE: Documentation for TXT_DB errors?

> From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills > Sent: Monday, 01 October, 2012 10:12 > Is there specific documentation anywhere for TXT_DB errors? > AFAIK only $sourcetree/crypto/txt_db/txt_db.h Unlike most(?) other modules in openssl, txt_db does NOT use the

Documentation for TXT_DB errors?

Is there specific documentation anywhere for TXT_DB errors? I'm not a total newbie at this but I am not an expert. I have issued server certificates before but now I am stuck on a TXT_DB error 2. serial.txt exists and contains 1C. index.txt exists and contains 17 (decimal) lines. Unless

Re: Why is the OpenSSL documentation incomplete?

red) log in page. Do you have a link >> to the actual documentation? >> >> -- >> Ken Goldman kgold...@us.ibm.com >> 914-945-2415 (862-2415) >> >> >> >> >> From: >> To:openssl-users@openssl.org, >> Date:

Re: Why is the OpenSSL documentation incomplete?

Username is guest, password is guest. Matt On 12 September 2012 14:12, Kenneth Goldman wrote: > All I get is an (ironically unsecured) log in page. Do you have a link to > the actual documentation? > > -- > Ken Goldman kgold...@us.ibm.com > 914-945-2415 (862-2415) &g

Re: Why is the OpenSSL documentation incomplete?

On Wed, 2012-09-12 at 00:28 +0300, farmdve data.bg wrote: > I have seen a lot of applications that utilize the OpenSSL library, > however I see that the majority of the documentation is incomplete. > > > In particular, I need some documentation for the EC package in the > 

Re: Why is the OpenSSL documentation incomplete?

On Wed, 2012-09-12 at 00:28 +0300, farmdve data.bg wrote: > I have seen a lot of applications that utilize the OpenSSL library, > however I see that the majority of the documentation is incomplete. > > > In particular, I need some documentation for the EC package in the > 

Why is the OpenSSL documentation incomplete?

I have seen a lot of applications that utilize the OpenSSL library, however I see that the majority of the documentation is incomplete. In particular, I need some documentation for the EC package in the 'crypto' sub-folder, I mean, it's not possible for application developers to ge

openssl evp_key.c documentation

any documentation for them.. Has anyone used them or has any idea about them and can you please guide me as in how to use them in my code to take user password input or is there any better function in openssl using which i can achieve what i intend to do in first place. Many thanks Abhiroop

RE: SSL documentation

> From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm > Sent: Wednesday, 19 October, 2011 06:04 > On 10/19/2011 6:10 AM, Mohan Radhakrishnan wrote: > > > > Hi, > > > > Is there any material available that shows flows of one-way/two-ssl > > and different types of CA architectures ? We us

Re: SSL documentation

On 10/19/2011 6:10 AM, Mohan Radhakrishnan wrote: Hi, Is there any material available that shows flows of one-way/two-ssl and different types of CA architectures ? We use two-way SSL and generate CSR’s and update expired certificates and we are aware of the basic points. I am not sure wha

SSL documentation

Hi, Is there any material available that shows flows of one-way/two-ssl and different types of CA architectures ? We use two-way SSL and generate CSR's and update expired certificates and we are aware of the basic points. I have browsed the NIST website. Thanks, Mohan DISCLAIMER

FYI openssl documentation

FYI: I've been using http://www.openssl.org/docs/crypto/crypto.html as a starting point for openssl man pages. Today, I stumbled upon http://www.openssl.org/docs/crypto/ which is much more complete. Is there someone I should email to request an update to the publically visible

Documentation (was: contribution)

ranch/branches you are targeting (0.9.8x, 1.0.0x or 1.0.1x). > I hope this will help you enrich OpenSSL with this interesting engine. A comment on code contributions. The pace at which OpenSSL's code has evolved has far outstipped the evolution of the documentation. I think this needs to stop.

Engine API documentation

Hi. I'm trying to implement an Engine to use my decoder with openssl. However, I find the API lacking documentation. This far I only seen comments in source code headers. How shall I go about implementing my engine? (AES cipher initially) Have searched alot and read many source files.

RSA_generate_key_ex documentation

I've been looking all over for this, and I can't find it. Background - I'm trying to build stunnel on a platform that doesn't include RSA_generate_key, so I need to modify it to use the newer API. At the very least, I need to know how to check the return value of the new API. Thanks! -- ===

Re: RSA_generate_key_ex documentation

On Mon, Jul 12, 2010 at 3:29 PM, Ian Pilcher wrote: > > the whole shebang bundled in a 7z for minimum transfer size. > > That's what I needed. (It did take me a while to figure out how to deal > with a "7z" file.) > Sorry, been spreading 7zip through my environment for so long I sometimes forge

Re: RSA_generate_key_ex documentation

On 07/11/2010 08:58 PM, Ger Hobbelt wrote: > The new API is called RSA_generate_key_ex() and has a different interface. That much I know. The problem is finding the documentation for the new interface. > the whole shebang bundled in a 7z for minimum transfer size. That's what I n

Re: RSA_generate_key_ex documentation

there iff you need that thing. - documentation in doc/crypto/RSA_ .pod files; for some odd reason there's the old http://www.openssl.org/docs/crypto/RSA_generate_key.html but not the new http://www.openssl.org/docs/crypto/RSA_generate_key_ex.html doc on-line yet. the who

RSA_generate_key_ex documentation

I've been looking all over for this, and I can't find it. Background - I'm trying to build stunnel on a platform that doesn't include RSA_generate_key, so I need to modify it to use the newer API. At the very least, I need to know how to check the return value of the new API. Thanks! -- ===

RE: finding documentation/man pages

I can not find any mention of these in documentation or man pages > Can someone point me to where I might find them > As far as I can see they are not documented on their own. They are the core of a base64 BIO created by BIO_f_base64(), which does have a (brief) manpage, but they are expos

finding documentation/man pages

I bought a copy of Network Security with OpenSSL from a friend In chapter 7 section Secure HTTP Cookies the examples use functions EVP_EncodeBlock and EVP_DecodeBlock I can not find any mention of these in documentation or man pages Can someone point me to where I might find them Thanks Richard

Re: Error stack documentation

On Sat February 13 2010, John L Veazey wrote: > On Sat, Feb 13, 2010 at 1:04 AM, Patrick M. Rutkowski > wrote: > > From the SSL_get_error() man page: > > > > > > The current thread's error queue must be empty before the TLS/SSL I/O > > opera

Re: Error stack documentation

I was just reading that. I believe my original answer was quite wrong. Let me step out of the way and let someone else answer this question. Sorry. On Sat, Feb 13, 2010 at 1:04 AM, Patrick M. Rutkowski wrote: > From the SSL_get_error() man page: > >

Re: Error stack documentation

>From the SSL_get_error() man page: The current thread's error queue must be empty before the TLS/SSL I/O operation is attempted, or SSL_get_error() will not work reliably. And don't

Re: Error stack documentation

When dealing with the high level SSL_* functions, stick with SSL_get_error() as per s_client.c and s_server.c. If you are doing things on a lower level, you may need to deal with the error stack yourself; but for people new to OpenSSL, just stick with functions starting with SSL_* or BIO_* On Fri

Re: Error stack documentation

I should have mentioned ERR_get_error() in my question, that's what's most heavily on my mind. The question is if you have to call clear the error stack with ERR_get_error() after every failed SSL call, even failures that are often "not really failures." For example, my code considered SSL_read() r

Re: Error stack documentation

Patrick, I believe the "sane state" implied here is that if you call SSL_get_error() some of the time and not all of the time, you may be getting information about errors that happened any time in the past for that SSL*. It won't necessarily prevent OpenSSL from working correctly, just your perce

Error stack documentation

As an OpenSSL newbie, I'm trouble that the man pages for SSL_write() and SSL_read() don't stress that you should clear the error stack upon a failed call. They suggest you check SSL_get_error(), but they make no mention of clearing the error stack afterward, and I hear that clearing the error stack

RE: General question about documentation

llos I want to send -- is that in scope or not? Implemented yet, or not? If you give me something that is received, I'd like to be able to send that same something) I am not suggesting that this has to be implemented to satisfy my need. But, it is not clear from the documentation in

Re: General question about documentation

is really has nothing to do with OpenSSL - or at least, only tangentially - If you don't understand the basics of how the IETF and ITU have defined X.509 and the Internet profiles, then no amount of OpenSSL documentation is going to save you. If you read the specifications, you can very easil

RE: General question about documentation

That works for *future* documentation for *new* code, but it doesn't address the existing gaps. Perhaps examining where the existing gaps are biggest would be productive. For me, two areas have always been confusing: 1) What objects are dynamically allocated, appropriately reference co

Re: General question about documentation

. > My sense is that this thread is no longer productive. Perhaps we can stop. FWIW, the Postfix project strives to avoid documentation gaps, by not accepting code contributions that are not *fully* documented at the time the code is contributed. The first step towards improving OpenSSL docs,

RE: General question about documentation

ugh to satisfy you, you are out of luck. Often the designer, programmer, and documentation writer are one and the same person, and the proper global design (and thus documentation) goals are not clear until some attempt at implementation. Agile development trumps waterfall design because you can neve

RE: General question about documentation

Not quite. The docs may not indicate whether a returned reference is dynamically allocated, statically allocated, reference counted, how to deallocate, etc. The API will still be correct as far as a reference being returned, but the documentation will be incomplete. Often the library

  1   2   3   >