El día sábado, mayo 29, 2021 a las 01:02:52a. m. -0400, Amber Shepherd escribió:
> Hi,
> Can you please let me know what I need to do in order to unsubscribe
> from this list?
Look into the header lines of the mails from the list for List-Unsubscribe:
matthias
--
Matthias Apitz, ✉
Hi,
Can you please let me know what I need to do in order to unsubscribe
from this list?
Thank you
Amber shepherd
On Wed, Oct 30, 2019 at 02:12:19PM -, Frederick Gotham wrote:
>
> It appears that OpenSSL will kick and scream and refuse to die not
> matter how hard you hit it. If I try to generate a random number like
> this:
>
> openssl rand -hex 8
>
> Then it seems it will try in this order:
>
Why not just change things so that if your module fails to load, the library
exits?
Don't change the RAND code, change the INIT code.
Frederick Gotham wrote:
> static int drbg_bytes(unsigned char *out, int count)
> {
> int const retval = drbg_bytes_REAL(out, count);
>
> /* Try to get a semi-unique value for the first byte */
> char unsigned rotating_value = (unsigned)out ^ ((unsigned)count <<
> 4u);
>
Frederick Gotham wrote:
>
> I will change the random number generator built into OpenSSL to always
> return sequential numbers, something like:
Here's what I have:
static int drbg_bytes(unsigned char *out, int count)
{
int const retval = drbg_bytes_REAL(out, count);
Frederick Gotham
wrote:
>
> And anyway this behaviour didn't come from deleting /dev/random, but
> rather from making the default generator inside OpenSSL always give 0
> for a random byte.
I will change the random number generator built into OpenSSL to always
return sequential numbers,
Frederick Gotham
wrote in
news:XnsAAF8BACC24C3Bfgotham@195.159.176.226:
> Jochen Bern
> wrote:
>
>> SSH logins from remote that fail
>
>
> This is my exact problem right now. My device has booted up and I
> can't SSH into it.But this doesn't entirely make sense since it should
> be getting
Jochen Bern wrote:
> SSH logins from remote that fail
This is my exact problem right now. My device has booted up and I can't SSH
into it.But this doesn't entirely make sense since it should be getting
random numbers from the TPM2 chip anyway.
On 10/30/2019 04:19 PM, openssl-users-requ...@openssl.org digested:
> From: Frederick Gotham
> To: openssl-users@openssl.org
>
> I even tried deleting /dev/random and /dev/urandom
... don't do that. The Linux kernel is both a provider and a consumer of
entropy, e.g., to randomize the TCP
Dmitry Belyavsky wrote:
> You should do in your engine the following:
Just so you know, I'm not a developer of the TPM2 engine for OpenSSL.
Of course though I can still go in and edit the code here and there.
> Implement the TPM-provided RAND_METHOD in the engine
> call ENGINE_set_RAND for
> >> wrote:
> >>
> >> >> You still have the OpenSSL built-in RNG.
> >>
> >>
> >>
> >> Is there a simple compiler flag to remove this?
> >>
> >> Or do I need to go into the source code and stick a "return -1
>
>>
>>
>> Is there a simple compiler flag to remove this?
>>
>> Or do I need to go into the source code and stick a "return -1;"
>> somewhere?
>>
>> No. Openssl will not work if you do not provide a valid RAND_METHOD
>> except
> a
On Wed, Oct 30, 2019 at 6:39 PM Frederick Gotham
wrote:
> Dmitry Belyavsky wrote:
>
> >> You still have the OpenSSL built-in RNG.
>
>
>
> Is there a simple compiler flag to remove this?
>
> Or do I need to go into the source code and stick a "return -1;&quo
Dmitry Belyavsky wrote:
>> You still have the OpenSSL built-in RNG.
Is there a simple compiler flag to remove this?
Or do I need to go into the source code and stick a "return -1;" somewhere?
my TPM2 engine fails to load, then OpenSSL will just use the
> 'rdrand' engine.
>
> So my defense agains this is to rebuild OpenSSL with the flag
> OPENSSL_NO_RDRAND.
>
It means that you've disabled the RDRAND engine.
> After I rebuild OpenSSL, I can then remove my TPM2 engine so tha
is to rebuild OpenSSL with the flag
OPENSSL_NO_RDRAND.
After I rebuild OpenSSL, I can then remove my TPM2 engine so that there's
no engine at all.
I tried running OpenSSL at my commandline just now, and here's what I got:
~# openssl
OpenSSL> engine
(dynamic) Dynamic engine loading suppo
On Wed, Oct 30, 2019 at 6:08 PM Frederick Gotham
wrote:
> Dmitry Belyavsky wrote:
>
>
> >> It can be done via the engine code and config.
>
>
> Do you mean
>
> /etc/ssl/openssl.cnf
>
> ?
>
Yes, or any custom.
But the engine must provide the RAND_METHOD and set it as default.
--
SY, Dmitry
Dmitry Belyavsky wrote:
>> It can be done via the engine code and config.
Do you mean
/etc/ssl/openssl.cnf
?
On Wed, Oct 30, 2019 at 6:00 PM Frederick Gotham
wrote:
> Dmitry Belyavsky wrote:
>
> > Did you try to create your own RAND_METHOD and set it as default on
> > loading the engine?
>
>
> No, I didn't try that.
>
> Note that I'm only using the OpenSSL binary, I'm not interfacing with an
> API.
>
>
Dmitry Belyavsky wrote:
> Did you try to create your own RAND_METHOD and set it as default on
> loading the engine?
No, I didn't try that.
Note that I'm only using the OpenSSL binary, I'm not interfacing with an
API.
Did you try to create your own RAND_METHOD and set it as default on loading
the engine?
On Wed, Oct 30, 2019 at 5:40 PM Frederick Gotham
wrote:
>
> I'm working on Linux with a x86-64 CPU.
>
> I have a TPM2 chip, and so I want OpenSSL to do all of its encryption
> and random number generation
I'm working on Linux with a x86-64 CPU.
I have a TPM2 chip, and so I want OpenSSL to do all of its encryption
and random number generation through the TPM2 chip.
In the event that the chip fails, I do NOT want there to be a backup
system. I do NOT want any kind of software psuedorandom
>Yes NetBSD cares about PARISC... We still build and run on it.
Thanks. The targets removed in that PR were for hpux-parisc.
I created a handful of PR’s to remove support for some platforms. The project
would like to hear from people about this. The pull requests are as follows:
Remove HP PARISC support https://github.com/openssl/openssl/pull/9210
Remove HP/MPE and Tru64 Unix support
https://github.com/openssl
On 09-02-17 10:58, PM Extra wrote:
Should I remove expired certificates from CRL?
No. The date of the revocation, which can be found in the CRL, is still
relevant for checking when older certificates were revoked, in case you
ever need to check signatures on older messages.
--
Wouter
If you remove expired certificates from the CRL, then CRL consumers have no way
of knowing whether a certificate was revoked before it expired, and thus no way
of knowing whether a timestamped signature made with the corresponding key is
valid.
This is a complex issue, because CRL bloat
On 09/02/2017 10:58, PM Extra wrote:
Should I remove expired certificates from CRL?
If so, how to do this?
Depends if any relying parties are checking old signatures "as of"
some securely recorded date of receiving the signature.
In that case, they will still need to be a
Should I remove expired certificates from CRL??
If so, how to do this?--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
the certs
to a file. Then I manually removed the private key.
*openssl pkcs12 -in file_name.pfx -out outputfile.txt –nodes*
Afterwards when I ran a test against it using ssllabs it said that my cert
contained an anchor. Does anyone know how to remove this anchor and leave
only the necessary certs
On 10-05-2013 21:24, Salz, Rich wrote:
Would there be any interest (and support) from the dev team for
patches that completely remove SSLv2 API’s?
/r$
Already there:
./Configure -no-ssl2
__
OpenSSL Project
I guess I was confused, expecting to see the ssl23 stuff removed as well, but
I guess it's okay to leave it.
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
__
OpenSSL Project
Would there be any interest (and support) from the dev team for patches that
completely remove SSLv2 API's?
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
On Fri, May 10, 2013, Salz, Rich wrote:
Would there be any interest (and support) from the dev team for patches that
completely remove SSLv2 API's?
What would the difference be between this and the no-ssl2 switch to Configure?
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer
: Tuesday, 08 January, 2013 08:34
X509_STORE_add_cert() would add a certificate to the list of trusted
certificates in the ctx. What is the way to remove a certificate from
this trusted store? Am not finding any function to remove the certificate.
Can anyone of you suggest a way to remove
Hi,
X509_STORE_add_cert() adds certificate to the trusted store. Is there a
function to remove this added certificate from this store? Can anybody
respond pls.
Thank-you,
Sri
From: owner-openssl-us...@openssl.org On Behalf Of Srivardhan Hebbar
Sent: Tuesday, 08 January, 2013 08:34
X509_STORE_add_cert() would add a certificate to the list of trusted
certificates in the ctx. What is the way to remove a certificate from
this trusted store? Am not finding any function
Hi,
X509_STORE_add_cert() would add a certificate to the list of trusted
certificates in the ctx. What is the way to remove a certificate from this
trusted store? Am not finding any function to remove the certificate. Can
anyone of you suggest a way to remove the certificate from this trusted
Hi,
X509_STORE_add_cert() would add a certificate to the list of trusted
certificates in the ctx. What is the way to remove a certificate from this
trusted store? Am not finding any function to remove the certificate. Can
anyone of you suggest a way to remove the certificate from this trusted
unsubscribe here: http://www.openssl.org/support/community.html
From: owner-openssl-us...@openssl.org on behalf of Anh Pham
Sent: Wed 9/7/2011 3:23 AM
To: openssl-users@openssl.org
Subject: REMOVE my address from your mailing list, please
Remove my address
--
Mayra
Sorry to use this list for this.
But I have tried every way I know to get off the list suggestions??
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Mounir IDRASSI
Sent: Friday, December 03, 2010 1:04 PM
To:
03, 2010 2:39 PM
To: openssl-users@openssl.org
Subject: Remove me please
Sorry to use this list for this.
But I have tried every way I know to get off the list suggestions??
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf
Hello,
I have OpenSSL installed on a Windows server, and a security vulnerability was
identified with v.0.9.8m, which I believe came with my Apache 2.2 installation.
Separate from Apache, I installed the v0.9.8n light binary version to generate
the key/cert files.
How can I uninstall v0.9.8m?
This communication is intended only for use by the addressee(s) named herein
and may contain business confidential and/or legally privileged information. If
you are not the intended recipient of this e-mail, you are hereby notified that
any dissemination, distribution, disclosure or copying
code 1
thus killing the make. I set it aside at that time, then came back to
it today. Even after doing the make config I continue to get the
fips-related errors.
I see from the FreeBSD ports Web site that there was in fact a Makefile
revision 1.161 yesterday to remove FIPS and SCTP support
to get the
fips-related errors.
I see from the FreeBSD ports Web site that there was in fact a Makefile
revision 1.161 yesterday to remove FIPS and SCTP support. So I'm guessing
that this is why I no longer see FIPS and SCTP as options. But it also
seems that make is holding on to my prior
Hello,
How can I remove RSA structure form EVP_PKEY previosly added to EPP_PKEY
with EVP_PKEY_assign_RSA function? I have one RSA object named rsa and
EVP_PKEY object named evp and their relation is :
rsa = evp-pkey.rsa
How to remove their bound and then delete EVP_PKEY (with EVP_PKEY_free
On Mon, Jan 11, 2010, rale77 wrote:
Hello,
How can I remove RSA structure form EVP_PKEY previosly added to EPP_PKEY
with EVP_PKEY_assign_RSA function? I have one RSA object named rsa and
EVP_PKEY object named evp and their relation is :
rsa = evp-pkey.rsa
How to remove their bound
rale77 wrote:
Hello,
How can I remove RSA structure form EVP_PKEY previosly added to EPP_PKEY
with EVP_PKEY_assign_RSA function? I have one RSA object named rsa and
EVP_PKEY object named evp and their relation is :
rsa = evp-pkey.rsa
How to remove their bound and then delete
Felipe Aramburu
Software Consultant
Oncology Consultants
Direct Line: 713 800-3270
E-mail faramb...@oncologyconsultants.com
mailto:swoid...@oncologyconsultants.com
Confidentiality Notice: This email message, including any attachments,
is for the sole use of the intended
We are currently using OpenSSL 0.9.8j and have a question related to
X509_LOOKUP_ctrl and X509_LOOKUP_load_file.
Basically, we are using one of the above functions to add the files to the
LOOKUP, however, under some conditions, it is required to remove the file.
Would there be any document
I use that function, and it does not remove padding.
1 - How would it even know what is padding and what is your data?
2 - Why do you think it removes the padding? The function does
not return a length.
Here's a really wild guess: Are you perhaps padding your data with
zeros
Hi,
Does AES_cbc_encrypt add or remove the padding, if I provide an un-padded
data in the multiples of 16 bytes? I wrote a piece code where I am manually
adding the padding but when I decrypt using AES_cbc_encrypt the padding is
automatically removed.
--
_/\_
With Regards
SB Angel Warrior
On Wed, May 06, 2009, AngelWarrior wrote:
Hi,
Does AES_cbc_encrypt add or remove the padding, if I provide an un-padded
data in the multiples of 16 bytes? I wrote a piece code where I am manually
adding the padding but when I decrypt using AES_cbc_encrypt the padding is
automatically
, Dr. Stephen Henson st...@openssl.orgwrote:
On Wed, May 06, 2009, AngelWarrior wrote:
Hi,
Does AES_cbc_encrypt add or remove the padding, if I provide an un-padded
data in the multiples of 16 bytes? I wrote a piece code where I am
manually
adding the padding but when I decrypt using
,NULL,passwd);
with file a File* containing the correct file, and passwd a char*.
In this case : passwd = NULL;
If I load a private key which need a passphrase, the function ask me the
pass phrase (in konsole). I would like to remove this feature.
How can i have a NULL value as return instead
a char*.
In this case : passwd = NULL;
If I load a private key which need a passphrase, the function ask me the
pass phrase (in konsole). I would like to remove this feature.
How can i have a NULL value as return instead of typing the required
pass phrase ?
Thank's in advance,
Have a nice
a char*.
In this case : passwd = NULL;
If I load a private key which need a passphrase, the function ask me the
pass phrase (in konsole). I would like to remove this feature.
How can i have a NULL value as return instead of typing the required
pass phrase ?
Thank's in advance,
Have a nice
Remove
To: openssl-users@openssl.org
Subject: Please Remove [EMAIL PROTECTED]
Too many emails for me. Please take me off
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of KOLLURU SURESH
Sent: Tuesday, December 25, 2007 6:08 AM
To: openssl-users@openssl.org
Subject:
Hi
Of Carrie
Sent: Wednesday, January 02, 2008 4:03 PM
To: openssl-users@openssl.org
Subject: RE: Please Remove [EMAIL PROTECTED]
I beg your pardon. Can you redirect you request to [EMAIL PROTECTED] or
[EMAIL PROTECTED]
Thank you kindly
Carrie Schlagenhauser
3-D Graphics and Web Design
[EMAIL
Triguy, remove yourself here.
HYPERLINK http://www.openssl.org/support/http://www.openssl.org/support/
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Carrie
Sent: Thursday, 3 January 2008 8:17 AM
To: openssl-users@openssl.org
Subject: RE: Please Remove [EMAIL PROTECTED
Too many emails for me. Please take me off
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of KOLLURU SURESH
Sent: Tuesday, December 25, 2007 6:08 AM
To: openssl-users@openssl.org
Subject:
Hi
Please remove from the mailing list
K. Suresh
K
Remove
--
Robert J. Denis
Services Account Manager
U.S. Support Services
Sun Microsystems, Inc.
550 West Cypress Creek Road
Suite 500
Ft. Lauderdale, FL 33309
Phone: (954) 882-1676
[EMAIL PROTECTED]
begin:vcard
fn:Robert Denis
n:Denis;Robert
org:U.S. Support Services;SUN SVCS, GCS
adr:Suite
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Hi,
Are there ways to remove the -BEGIN PUBLIC KEY/ END PUBLIC KEY-
heading from a public key?
I have a public key that I extracted from my x509 certificate, but it gave
me BEGIN PUBLIC KEY/ END PUBLIC KEY
in the public key, I want to remove it and have the encoded base64 text all
Hello,
Are there ways to remove the -BEGIN PUBLIC KEY/ END PUBLIC
KEY- heading from a public key?
I have a public key that I extracted from my x509 certificate, but it
gave me BEGIN PUBLIC KEY/ END PUBLIC KEY
in the public key, I want to remove it and have the encoded base64
text
Thanks! This works.
On 5/23/07, Marek Marcola [EMAIL PROTECTED] wrote:
Hello,
Are there ways to remove the -BEGIN PUBLIC KEY/ END PUBLIC
KEY- heading from a public key?
I have a public key that I extracted from my x509 certificate, but it
gave me BEGIN PUBLIC KEY/ END PUBLIC KEY
Ion Buicliu
Systems Integration Specialist
BC Vital Statistics Agency
Knowledge Management and Technology Division
Voice Mail: (250) 952-2410
mailto:[EMAIL PROTECTED]
Unless otherwise agreed expressly in writing by the author, this
communication is to be treated as confidential and the
remove
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
proper padding on encryption
yourself and remove padding after decryption.
This functions should take properly padded data rounded to
16 bytes.
Best regards,
--
Marek Marcola [EMAIL PROTECTED]
__
OpenSSL Project
Hello,
Please can any one tell me how do I remove the pad bytes during
AES decyrption using AES_cbc_encryption.
Provided that block_size is size of encryption algorithm block
size and last block is in dst you may use something like that:
.
.
pad = dst[block_size - 1
Sent: Monday, September 18, 2006 3:39 PM
To: openssl-users@openssl.org
Subject: Re: How do I remove padding during AES decryption
Hello,
Please can any one tell me how do I remove the pad bytes during AES
decyrption using AES_cbc_encryption.
Provided that block_size is size of encryption
Hi All,
Thanks for the reply. But I am aware of using EVP API's.
Cant I remove the padding without using EVP API's.
Regards,
Jaya.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of k b
Sent: Saturday, September 16, 2006 10:22 PM
To: openssl-users
Hi ,
Thanks a lot for th reply. But cant I remove the padding without
using EVP API's. I want to use AES_cbc_encryption, directly for
encryption/decryption.
How do I remove padding here.
Regards,
Jaya.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED
Hi all
Please can any one tell me how do I remove the pad bytes during
AES decyrption using AES_cbc_encryption.
Regards,
Jaya.
__
OpenSSL Project http://www.openssl.org
User Support Mailing
Jaya,
You would have to use the EVP api that would do it for you.
see
http://www.openssl.org/docs/crypto/EVP_EncryptInit.html
-kbisla
From: Bhat, Jayalakshmi Manjunath [EMAIL PROTECTED]
Reply-To: openssl-users@openssl.org
To: openssl-users@openssl.org
Subject: How do I remove padding during
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Could you remove my email adress from the mailing list please
Thanks
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated
On Sun, May 21, 2006 at 09:57:10PM +, Emile Georges wrote:
Could you remove my email adress from the mailing list please
Automated List Manager [EMAIL PROTECTED]
For help with a majordomo list:
mailto:[EMAIL PROTECTED]body=help
One of the help items is how
kloomis wrote:
At 11:17 PM 3/6/2006 -0700, you wrote:
The practical upshot of this is, yes, your apache configuration needs
the privkey.pem file in order to do SSL/TLS at all.
I have myServer.csr, myServer.cert and myServer.key located in
ssl.csr, ssl.crt, and ssl.key respectively. The
Hello:
I have some directions on how to build a self-signed certificate which
consists of 5 steps.
1) create a key and a request
2) Remove the passphrase from the key (optional)
3) sign the certificate
4) install the cert and the key
5) set the SSLConf to point to the cert and the key.
My
kloomis wrote:
Hello:
I have some directions on how to build a self-signed certificate which
consists of 5 steps.
1) create a key and a request
2) Remove the passphrase from the key (optional)
3) sign the certificate
4) install the cert and the key
5) set the SSLConf to point to the cert
At 11:24 PM 3/6/2006 +0100, you wrote:
Also, does anything
in the process need the privkey.pem file that is created once the cert
and key are created?
privkey.pem is not needed by the process of
certificate generation once the request is generate, but you'll need it
once you want to use this
Please see comments inline with the questions.
On 3/6/06, kloomis [EMAIL PROTECTED] wrote:
Hello:
I have some directions on how to build a self-signed certificate which
consists of 5 steps.
1) create a key and a request
2) Remove the passphrase from the key (optional)
3) sign
SSLPrivateKeyFile filename
At least that's what it was on older versions of Apache; check the
documentation on mod_ssl for more information.
-Kyle H
On 3/6/06, kloomis [EMAIL PROTECTED] wrote:
At 11:24 PM 3/6/2006 +0100, you wrote:
Also, does anything in the process need the privkey.pem
At 11:17 PM 3/6/2006 -0700, you wrote:
The practical upshot of this is, yes, your
apache configuration needs
the privkey.pem file in order to do SSL/TLS at
all.
I have myServer.csr, myServer.cert and myServer.key located in ssl.csr,
ssl.crt, and ssl.key respectively. The ssl.conf points to the
- Original Message -
From: Marco GRELLA [EMAIL PROTECTED]
Date: Monday, February 27, 2006 2:29 pm
Subject: Problems with OpenSSL Engine and hashing.
Hello everybody, I have a problem in making our OpenSSL Engine that drives our HW accelerator work fine for hash (SHA1 in particular).
Thanks,
John
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Hi,
I have a p12 file in which the private key is password protected. I want to
remove the private key password.
Is there any option in openssl to change/remove the p12's private key
password ?
Thanks
__
OpenSSL Project
On Wed, Jan 12, 2005, Jaleel P.A wrote:
Hi,
I have a p12 file in which the private key is password protected. I want to
remove the private key password.
Is there any option in openssl to change/remove the p12's private key
password ?
Currently you have to parse and recreate the PKCS
REMOVE
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, August 04, 2004 11:03 AM
Subject: Remove
REMOVE
Thanks,
GuruGnanam Subramanian,
iNautix Technologies, Chennai, India
Tel: 91-44-2254 6000 Ext: 1099
---
When in doubt, use brute force.
--Ken Thompson
~~~
__
OpenSSL Project http://www.openssl.org
User Support
1 - 100 of 218 matches
Mail list logo