Hello folks,
there seems to be a minor bug
in the pasword getter:
Bye
Goetz
Index: apps/apps.c
===
RCS file: /usr/cvsroot/openssl/apps/apps.c,v
retrieving revision 1.73
diff -u -r1.73 apps.c
--- apps/apps.c 2003/10/29 14:25:50
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Hello David,
David Maurus wrote:
Goetz Babin-Ebell wrote:
The application specifies 4 datas:
1. a step size
2. a bit mask.
3. a (optional) pointer to a function that is called if the
step bits that are not in the bit mask:
4. a (optional) pointer to a function doing the counting;
> if (pCounter
Hello Richard,
Richard Levitte - VMS Whacker wrote:
In message <[EMAIL PROTECTED]>
on Thu, 26 Jun 2003 12:55:22 -0400, "Lee Dilkie" <[EMAIL PROTECTED]> said:
OK, I've been follownig this discussion for a while, and it's time I
ake action. Basically, to provide for all the current and future way
Hello,
[EMAIL PROTECTED] wrote:
64-bit vs 32-bit systems
It looks to me like a 64-bit client cant connect to a 32-bit server.
The ASN1 structures/headers have int's and longs scattered throughout
them (and probably in other parts of the openssl libraries). In fact,
the 32-bit server fails t
Hello Bodo,
Bodo Moeller wrote:
Server: cvs.openssl.org Name: Bodo Moeller
Root: /e/openssl/cvs Email: [EMAIL PROTECTED]
Module: openssl Date: 19-Mar-2003 19:58:56
Branch: OpenSSL_0_9_7-stable Handle: 200303191
Hello Seth,
Seth Robertson via RT wrote:
We use the following gcc flags for our internal programs
--
-Wmissing-prototypes -Wcomment -Wformat -Wimplicit -Wmain -Wmultichar
-Wswitch -Wshadow -Wtrigraphs -Werror -Wchar-subscripts
-W
Hello Bodo,
Bodo Moeller wrote:
Please test snapshot openssl-0.9.7-stable-SNAP-20030214.tar.gz
(or later), which will be available today around 8 p.m. GMT at
ftp://ftp.openssl.org/snapshot;type=d >.
OpenSSL 0.9.7a-dev XX xxx 2003
built on: Fri Feb 14 22:35:41 CET 2003
platform: debug-linux-pent
Hello Steve,
Stephen Henson via RT wrote:
> I've committed a fix to address this issue which will appear in the next
> dev and stable snapshot (i.e. so it will appear in 0.9.7a).
>
> Let me know of any problems ASAP.
I finally got around to do some quick tests.
Seems to be OK.
Could SSL_MODE_
Hello Steve,
Stephen Henson via RT wrote:
> [[EMAIL PROTECTED] - Mon Feb 10 20:02:40 2003]:
>>OK.
>>I should clarify myself:
>>It is to do it correctly, but not needed to fix the actual problem.
>>
>>>However option 4 easy to do and could be argued as being a "bug fix".
>>
>>OK.
>>
>>Perhaps som
Hello Steve,
Stephen Henson via RT wrote:
> [[EMAIL PROTECTED] - Mon Feb 10 16:53:48 2003]:
>>Stephen Henson via RT wrote:
>>
>>>[[EMAIL PROTECTED] - Fri Feb 7 14:09:28 2003]:
>>>It really needs replacing with something less horrible. For example it
>>>might:
>>>
>>>1. Build the chain using th
Hello Steve,
Stephen Henson via RT wrote:
> [[EMAIL PROTECTED] - Fri Feb 7 14:09:28 2003]:
>
>>But OpenSSL tries to complete the server CA list with the certificates
>>set in the client CA list.
>>
>>This can result in an invalid server CA list if the client CA list
>>contains a CA cert with a
Hello Steve,
Stephen Henson via RT wrote:
[[EMAIL PROTECTED] - Fri Feb 7 14:09:28 2003]:
But OpenSSL tries to complete the server CA list with the certificates
set in the client CA list.
This can result in an invalid server CA list if the client CA list
contains a CA cert with a DN that match
Hello Lutz,
Lutz Jaenicke wrote:
On Thu, Feb 06, 2003 at 07:42:39PM +0100, Götz Babin-Ebell wrote:
Hell folks,
there seems to be a strange behavior with CA certificates
in SSL server:
I create a SSL_CTX for a server,
set the certificate and the private key
and add some CA certificates for
According to RFC 2246 a server can omitt the root certificate:
[...]
certificate_list
This is a sequence (chain) of X.509v3 certificates. The sender's
certificate must come first in the list. Each following
certificate must directly certify the one preceding it. Becaus
Hell folks,
there seems to be a strange behavior with CA certificates
in SSL server:
I create a SSL_CTX for a server,
set the certificate and the private key
and add some CA certificates for client auth. with
SSL_CTX_add_client_CA().
(I don't set a server CA certificate,
but in the list of clien
Richard Levitte via RT wrote:
Hello Richard,
It's unfortunate that cryptoki.h is GPLd, or I would put it in our contribution area.
GPL is not compatible with the OpenSSL license. Is it possible to get a different cryptoki.h?
Also, is conf.h really necssary?
conf.h is only incuded if HAVE_CON
Hello folks,
There seems to be a (potential) memory leak in PEM_bytes_read_bio()
(at least 0.9.7 (-b3 ? )
if the decrypt of the data fails, the "name" leaks...
(sorry could not check if it is allready fixed,
am not able to access www.openssl.org)
Bye
Goetz
Index: pem_lib.c
==
Hello folks,
Could anynody explain me the function CRYPTO_get_new_lockid() ?
Reading the source (0.9.6g engine) I only find that
there is a the name stored in a stack.
But no additional data for this ID is allocated.
So a later call to CRYPTO_lock with this ID results
in a access outside of the
Hello folks,
There seems to be a ressource leak in the chil engine:
Afer running 6 hours, apache stops to accept SSL requests:
> [Mon Aug 26 20:41:02 2002] [error] OpenSSL: error:26089076:engine
> routines:HWCRHK_MOD_EXP:request fallback
> [Mon Aug 26 20:41:02 2002] [error] OpenSSL: error:0D
Geoff Thorpe schrieb:
> (b) any/all "access information" (eg. control commands, authorisation
> data, the ENGINE "id" if necessary, etc) that you *want* to include
> in the key file should not go into the raw PEM format itself but
> instead should be embedded in the per-'nid'
Lutz Jaenicke schrieb:
> On Tue, Jul 30, 2002 at 09:35:40PM +0200, Götz Babin-Ebell wrote:
>>PLEASE: could these message be digitally signed ?
>
> We will update our release procedures.
Fine...
>>(A signature file for the 0.9.7e beta would be nice...)
> The signatur
Lutz Jaenicke schrieb:
Hello,
> The third beta release of OpenSSL 0.9.7 is now available from the
> OpenSSL FTP site ftp://ftp.openssl.org/source/>. Quite a lot
> of code changed between the 0.9.6 release and the 0.9.7 release, so
> a series of 3 or 4 beta releases is planned before the final re
[EMAIL PROTECTED] schrieb:
> levitte 16-Jul-2002 08:51:56
Hello Richard,
> Modified:apps Tag: OpenSSL_0_9_7-stable s_client.c s_server.c
> Log:
> Set up the engine before doing anything random-related, since engine randomness
> is only used for seeding and doing it in the wron
Hello folks,
Is there a easy way to convert a passphrase callback to a UI ?
meaning:
I have a pem_password_callback (and a pointer to additional data)
But the function wants an UI (ENGINE_load_privatekey())...
BTW:
there seems to be a bug in crypto/ui/ui_util.c:
(0.9.7 stable SN
afchine madjlessi wrote:
> You can find here the last updates for Trustway PKCS#11 engine.
>
> ChangeLog:
> - patch update for openssl-engine-0.9.6d
A patch for 0.9.7 ( / HEAD) would have a greater chance to be integrated...
> Work on a generic non-intrusive version of pkcs11 engine implementat
Geoff Thorpe via RT schrieb:
> Hi,
Hello Geoff,
[snip]
>>But in the code I checked the passed string is only referenced,
>>not copied...
> ahhh ... OK, right I'm with you now. So you see the problem is in the
> ENGINE implementations, not in the library code that passes the strings
> through to
Lutz Jaenicke schrieb:
> On Sat, Jun 15, 2002 at 07:38:40PM -0400, Geoff Thorpe wrote:
>
>>On Fri, 14 Jun 2002, [ISO-8859-15] Götz Babin-Ebell wrote:
>>
>>>In the ..._ctrl()-Function of the engines a passed string
>>>is only referenced and not copyed.
>>
Lutz Jaenicke schrieb:
> On Tue, Jun 18, 2002 at 01:38:45PM +0200, Götz Babin-Ebell wrote:
>
>>Building OpenSSL with debug (at least on linux)
>>will generate build lines like
>>gcc -I.. -I../.. -I../../include -DOPENSSL_THREADS -DOPENSSL_NO_KRB5
>>-DBN_
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Lutz Jaenicke schrieb:
> On Sat, Jun 15, 2002 at 01:01:08AM +0200, Richard Levitte - VMS Whacker wrote:
>
>>In message <[EMAIL PROTECTED]> on Fri, 14 Jun 2002
>20:59:59 +0200 (MET DST), [EMAIL PROTECTED] said:
>>
>>jaenicke> diff -u -r1.7.8.1 -r1.7.8.2
>>jaenicke> --- c_all.c 2002/02/2
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Hello folks,
There is a possible problem with the string param handling of ENGINE_ctrl():
(At least I will get a problem...)
In the ..._ctrl()-Function of the engines a passed string
is only referenced and not copyed.
This is bad if the buffer with the passed data is overwritten...
Since in the
Richard Levitte - VMS Whacker wrote:
>
> From: Jani Taskinen <[EMAIL PROTECTED]>
>
> sniper> >From CHANGES:
> sniper>
> sniper> *) Rename 'des_encrypt' to 'des_encrypt1'. This avoids the clashes
> sniper> with des_encrypt() defined on some operating systems, like Solaris
> s
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Hello folks,
Building openssl (openssl-0.9.7-stable-SNAP-20020528) with debug
for linux, I get some warnings (that turned into errors)
about some missing prototypes.
Bye
Goetz
--
Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49
"Götz Babin-Ebell via RT" wrote:
Oups.
It seems I didn't mention the OpenSSL version:
0.9.6c / 0.9.7 (snap from 28.05.2002)
Sorry...
> Hello folks,
>
> there seems to be a bug in pkcs12/p12_kiss.c:
>
> PKCS12_parse():
>
> if you enter the function
"Götz Babin-Ebell via RT" wrote:
Oups.
It seems I didn't mention the OpenSSL version:
0.9.6c / 0.9.7 (snap from 28.05.2002)
Sorry...
> Hello folks,
>
> there seems to be a bug in pkcs12/p12_kiss.c:
>
> PKCS12_parse():
>
> if you enter the function with a
Hello folks,
there seems to be a bug in pkcs12/p12_kiss.c:
PKCS12_parse():
if you enter the function with an allocated
ca stack and the parse fails,
the ca stack will be deallocated and the pointer not cleared.
this is bad because the stack was external allocated and
ist normally would be the
Hello folks,
there seems to be a bug in pkcs12/p12_kiss.c:
PKCS12_parse():
if you enter the function with an allocated
ca stack and the parse fails,
the ca stack will be deallocated and the pointer not cleared.
this is bad because the stack was external allocated and
ist normally would be the
"Ralf S. Engelschall" wrote:
>
> In article <[EMAIL PROTECTED]> you wrote:
> > On Tue, Apr 23, 2002 at 10:24:23PM -0600, Kurt Seifried wrote:
> >
> > [...]
> > I cannot comment on the OpenSSL-Announce list. Only the core members
> > should be allowed to send via this list.
> > Probably the list s
John Cebasek wrote:
>
> Hi All;
Hello John,
> I need some comments.
>
> We've been creating some 'black boxes' for other developers in our company
> to work with. One of the black boxes is opensll. We want to distribute to
> our developers just 'enough'. So they'll be getting the libraries,
Hello,
is there a way to ask the random engine about how much randomness
it contains ?
RAND_status() returns 1 if the random pool contains at least
20 bytes (ENTROPY_NEEDED in rand_lcl.h).
That is OK for SSL handshake, but for asymetric key generation
we need a lot of more entropy.
Something li
from e_os.h:
#if defined(THREADS) || defined(sun)
^^^
#ifndef _REENTRANT
#define _REENTRANT
#endif
#endif
why ?
and why is it exported ?
Bye
Goetz
--
Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.
Dave Barter wrote:
>
> I hope I have the right list for this, my apologies if I don't.
>
> I would like to modify the openssl genrsa program to "quietly" generate
> keys, ie. Not print the '.' and '+' characters to STDOUT when generation
> occurs. Basically I would like to add the flag -quiet to
[EMAIL PROTECTED] wrote:
> Index: mem_dbg.c
> ===
> if (mh == NULL) return;
> + /* Need to turn off memory checking when allocated BIOs ... especially
> + * as we're creating them at a time when we're trying
Richard Levitte - VMS Whacker wrote:
>
> From: Jani Taskinen <[EMAIL PROTECTED]>
>
> sniper> >From CHANGES:
> sniper>
> sniper> *) Rename 'des_encrypt' to 'des_encrypt1'. This avoids the clashes
> sniper> with des_encrypt() defined on some operating systems, like Solaris
> sn
Richard Levitte wrote:
Hello Richard,
> As a few people noticed, not only was the announcement of OpenSSL 0.9.6b sent
> more than once (due to, eh, technical error...), but the version number was
> 0.9.6a everywhere in the message body!
Shit happens...
> OpenSSL version 0.9.6b released
> =
Andy Brown wrote:
> I believe I've found a bug with the UNIX command-line "openssl enc"
It's not a bug, it's a feature... ;-)
> utility. If you specify the hex key (with -K) on the command line, the IV
> is some randomish garbage, probably whatever happens to be in memory.
> Shouldn't the defau
[EMAIL PROTECTED] wrote:
>
> levitte 29-Mar-2001 09:45:09
>
> Modified:crypto/des Tag: OpenSSL_0_9_6-stable xcbc_enc.c speed.c
> pcbc_enc.c ofb_enc.c ofb64enc.c ncbc_enc.c
> ede_cbcm_enc.c ecb_enc.c des_opts.c des_enc.c des.h
>
Hallo,
has the EVP interface (sign/verify) a way to specify
the padding for the signed data ?
And I would like to add a way to support other padding types
(something like
RSA_add_padding(..., int adding, int (*fct)(unsigned char *to,
int tlen, unsigned char *from,int flen))
)
By
Goetz
--
52 matches
Mail list logo
