<div dir="rtl"><div dir="ltr">Hi,</div><div dir="ltr"><br></div><div dir="ltr">- Why are you trying to build OpenSSL?</div><div dir="ltr">My objective is to sign an 'image.bin' with RSA2048 and verify the signature.</div><div dir="ltr">I managed to build OpenSSL on linux and test the signature and verification with RSA2048 (private & public keys).</div><div dir="ltr">Now, I would like to port it to vxWorks 7. </div><div dir="ltr"><br>- Why did you clone the GitHub repository rather than downloading one of the released source tarballs? Did you read the instructions on <a href="http://www.openssl.org/" rel="noreferrer" target="_blank">www.openssl.org</a> on how to download OpenSSL source releases?</div><div dir="ltr">git clone <a href="https://github.com/openssl/openssl.git">https://github.com/openssl/openssl.git</a></div><div dir="ltr">A: If there an l'ibOpenssl.a' static library for vxWorks, then there would be no reason to build the OpenSSL. Is there? <br>A: If there was on option to use Only the verify signature module, then I would just compile this module and not the entire OpenSSL. Is there an option?</div><div dir="ltr"><br></div><div dir="ltr">- What platform do you want to build OpenSSL for?</div><div dir="ltr">A: vxWorks-7, the toolchain is windows exe files (gcc,ar,ld), thus the only option I had in mind to build the OpenSSL is cygwin.</div><div dir="ltr"><br>- What toolchain do you want to use, and if that's not the default toolchain for that platform, why aren't you using the default?</div><div dir="ltr">A: I have vxWorks toolchain, on windows platform. (It definitely be easier if I had the vxWorks toochain on Linux, but I don't)</div><div dir="ltr"><br>- Have you read the text files in the top-level directory of the OpenSSL source distribution?</div><div dir="ltr">Please direct me to the relevant README on "how to build OpenSSL on vxWorks" (or similar platform, in which all is needed is to inject the relevant toochain</div><div dir="ltr">i.e. perl Configure VxWorks)<br><br>There may well be an easier way to accomplish whatever your goal is. OpenSSL may not even be a particularly good solution for you. You haven't given us enough information to go on.<br></div><div dir="ltr">A: For the long run, I consider to use OpenSSL features on Linux and VxWorks</div></div><br><div class="gmail_quote"><div dir="rtl" class="gmail_attr">בתאריך יום ה׳, 20 באוק׳ 2022 ב-8:27 מאת <<a href="mailto:openssl-users-request@openssl.org">openssl-users-request@openssl.org</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Send openssl-users mailing list submissions to<br>
<a href="mailto:openssl-users@openssl.org" target="_blank">openssl-users@openssl.org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/mailman/listinfo/openssl-users</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:openssl-users-request@openssl.org" target="_blank">openssl-users-request@openssl.org</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:openssl-users-owner@openssl.org" target="_blank">openssl-users-owner@openssl.org</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of openssl-users digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. RE: openssl-users Digest, Vol 95, Issue 24 (Michael Wojcik)<br>
2. OpenSSL 1.1.1 Windows dependencies (David Harris)<br>
3. libproviders.so file not found (Gahlot, Ashish Kumar)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Wed, 19 Oct 2022 20:30:07 +0000<br>
From: Michael Wojcik <<a href="mailto:Michael.Wojcik@microfocus.com" target="_blank">Michael.Wojcik@microfocus.com</a>><br>
To: "<a href="mailto:openssl-users@openssl.org" target="_blank">openssl-users@openssl.org</a>" <<a href="mailto:openssl-users@openssl.org" target="_blank">openssl-users@openssl.org</a>><br>
Subject: RE: openssl-users Digest, Vol 95, Issue 24<br>
Message-ID:<br>
<<a href="mailto:DM6PR18MB2700C12C0C4C8A7778312669F92B9@DM6PR18MB2700.namprd18.prod.outlook.com" target="_blank">DM6PR18MB2700C12C0C4C8A7778312669F92B9@DM6PR18MB2700.namprd18.prod.outlook.com</a>><br>
<br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
> From: openssl-users <<a href="mailto:openssl-users-bounces@openssl.org" target="_blank">openssl-users-bounces@openssl.org</a>> On Behalf Of ???? ???<br>
> Sent: Tuesday, 18 October, 2022 11:58<br>
<br>
> I have downloaded perl strawberry, but I have no clue how to get rid of the<br>
> built-in perl that comes in cygwin, and point cygwin to use the strawberry perl.<br>
<br>
You don't have to remove the Cygwin version of perl, just change your PATH. This is basic both to the various shells available under Cygwin and to the Windows command line, so I'm getting the impression that you're not very familiar with your operating environment. That's not an ideal place to start from when trying to build, much less use, OpenSSL.<br>
<br>
I can't be more detailed because at this point I frankly don't understand what you're trying to do. I suggest you try asking the right question, in a useful manner. (See <a href="https://catb.org/esr/faqs/smart-questions" rel="noreferrer" target="_blank">https://catb.org/esr/faqs/smart-questions</a> for advice in how to ask the right question.)<br>
<br>
In particular:<br>
<br>
- Why are you trying to build OpenSSL?<br>
- Why did you clone the GitHub repository rather than downloading one of the released source tarballs? Did you read the instructions on <a href="http://www.openssl.org" rel="noreferrer" target="_blank">www.openssl.org</a> on how to download OpenSSL source releases?<br>
- What platform do you want to build OpenSSL for?<br>
- What toolchain do you want to use, and if that's not the default toolchain for that platform, why aren't you using the default?<br>
- Have you read the text files in the top-level directory of the OpenSSL source distribution?<br>
<br>
There may well be an easier way to accomplish whatever your goal is. OpenSSL may not even be a particularly good solution for you. You haven't given us enough information to go on.<br>
<br>
-- <br>
Michael Wojcik<br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Thu, 20 Oct 2022 13:54:19 +1300<br>
From: "David Harris" <<a href="mailto:openssl@pmail.gen.nz" target="_blank">openssl@pmail.gen.nz</a>><br>
To: <a href="mailto:Openssl-users@openssl.org" target="_blank">Openssl-users@openssl.org</a><br>
Subject: OpenSSL 1.1.1 Windows dependencies<br>
Message-ID: <<a href="mailto:63509C3B.16160.7FF0516A@openssl.pmail.gen.nz" target="_blank">63509C3B.16160.7FF0516A@openssl.pmail.gen.nz</a>><br>
Content-Type: text/plain; charset=US-ASCII<br>
<br>
Up front, I'd like to apologize if this is an FAQ or has been answered elsewhere <br>
on this list: my workload means that I simply can't keep as up-to-date as I would <br>
like.<br>
<br>
I have a situation where my application fails to accept an incoming SSL <br>
handshake on Windows Server 2012, but the identical software running on <br>
Server 2019 accepts the same connection from the same remote client without <br>
a problem. Other types of client software (such as Thunderbird) connect to <br>
either system without any problems. The connecting client is a Windows Cash <br>
Register using Window's built-in crypto facilities. If I downgrade my app to <br>
OpenSSL 1.1.1g or earlier, the problem doesn't happen. With 1.1.1k or 1.1.1q, I <br>
get the error (I haven't built any versions of OpenSSL between k and q). In case <br>
it helps, the connection is an incoming SMTP connection on port 587, and <br>
STARTTLS is used to begin SSL negotiation.<br>
<br>
SSL_accept returns -1, with an extended error of "SSL_ERROR_SYSCALL" (5), <br>
which I understand to be largely what it returns when it doesn't have a clear idea <br>
of what's gone wrong. The error queue is completely empty in this situation. The <br>
cert is a LetsEncrypt cert that loads without errors and works fine with other <br>
clients.<br>
<br>
Do recent versions of OpenSSL 1.1.1 have dependencies on some Windows <br>
facility (winsock and wincrypt seem likely candidates) that might work on Server <br>
2019 but fail on Server 2012?<br>
<br>
The version of my application that is in public release uses 1.1.1g, so isn't <br>
affected by this issue, but I'm slightly worried that I'm going to see an uptick in <br>
this type of problem if I release builds based on later versions of 1.1.1.<br>
<br>
Does this ring any bells with anyone? Again, apologies if this is answered <br>
elsewhere - I *did* spend some time in Google but couldn't find anything that <br>
seemed relevant.<br>
<br>
Thanks in advance for any advice.<br>
<br>
Cheers!<br>
<br>
-- David --<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 3<br>
Date: Thu, 20 Oct 2022 05:26:44 +0000<br>
From: "Gahlot, Ashish Kumar" <<a href="mailto:Ashish-Kumar.Gahlot@rbbn.com" target="_blank">Ashish-Kumar.Gahlot@rbbn.com</a>><br>
To: "<a href="mailto:openssl-users@openssl.org" target="_blank">openssl-users@openssl.org</a>" <<a href="mailto:openssl-users@openssl.org" target="_blank">openssl-users@openssl.org</a>><br>
Subject: libproviders.so file not found<br>
Message-ID:<br>
<<a href="mailto:PH0PR03MB635059BBC134956637C23831DB2A9@PH0PR03MB6350.namprd03.prod.outlook.com" target="_blank">PH0PR03MB635059BBC134956637C23831DB2A9@PH0PR03MB6350.namprd03.prod.outlook.com</a>><br>
<br>
Content-Type: text/plain; charset="iso-8859-1"<br>
<br>
Hi everyone,<br>
<br>
I'm trying to enable fips provider in openssl3 by writing the following lines into openssl.cnf file:<br>
<br>
openssl_conf = openssl_init<br>
<br>
.include fipsmodule.cnf<br>
<br>
[openssl_init]<br>
providers = provider_sect<br>
<br>
[provider_sect]<br>
fips = fips_sect<br>
base = base_sect<br>
<br>
[base_sect]<br>
activate = 1<br>
<br>
Now when it is enabled, there is an error in syslog that libproviders.so file not found:<br>
<br>
DSO support routines:dlfcn_load:could not load the shared library:crypto/dso/dso_dlfcn.c:118:filename(libproviders.so): libproviders.so: cannot open shared object file: No such file or directory<br>
140666570000192:error:25070067:DSO support routines:DSO_load:could not load the shared library:crypto/dso/dso_lib.c:162:<br>
140666570000192:error:0E07506E:configuration file routines:module_load_dso:error loading dso:crypto/conf/conf_mod.c:224:module=providers, path=providers<br>
140666570000192:error:0E076071:configuration file routines:module_run:unknown module name:crypto/conf/conf_mod.c:165:module=providers<br>
<br>
And this seems to be a common issue in openssl3. I have seen solutions like commenting out provider_sect but I think I would need it to enable fips provider. Is there any working solution for this?<br>
<br>
Thank you,<br>
Ashish<br>
<br>
Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. and its Affiliates that is confidential and/or proprietary for the sole use of the intended recipient. Any review, disclosure, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please notify the sender immediately and then delete all copies, including any attachments.<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="https://mta.openssl.org/pipermail/openssl-users/attachments/20221020/7e2aa763/attachment.htm" rel="noreferrer" target="_blank">https://mta.openssl.org/pipermail/openssl-users/attachments/20221020/7e2aa763/attachment.htm</a>><br>
<br>
------------------------------<br>
<br>
Subject: Digest Footer<br>
<br>
_______________________________________________<br>
openssl-users mailing list<br>
<a href="mailto:openssl-users@openssl.org" target="_blank">openssl-users@openssl.org</a><br>
<a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/mailman/listinfo/openssl-users</a><br>
<br>
<br>
------------------------------<br>
<br>
End of openssl-users Digest, Vol 95, Issue 27<br>
*********************************************<br>
</blockquote></div>