On Sun, Jul 02, 2000 at 07:54:14PM -0700, Mark Maggelet wrote:
> Sorry if this isn't the best place to post this, but
openssl-users would have been the right place.
> in the INSTALL.W32 file that comes with openssl
> it says that it can be compiled w/ GNU C (Mingw32 or Cygwin32).
> It then goes
Ted Powell wrote:
> Besides the OpenSSL source code, and the file bio.doc
> from 0.6.6 (included in openssl-0.9.5a/doc/ssleay.txt),
> is there any other documentation for the BIO routines?
I don't think so.
__
OpenSSL Project
On Thu, Apr 13, 2000 at 04:25:30PM -0400, Brian Snyder wrote:
> a) Is this documentation correct? It seems to be a work in progress...
It says you can use EVP_sha1(), EVP_ripemd160() etc.
On Thu, Mar 30, 2000 at 03:49:55PM -0500, Brian wrote:
> _lrotl and _lrotr can be used. This is not case
> and consequently, the linker will complain vigourously.
Thanks for the report! (I wonder why the linker didn't complain when
I built the test programs?)
What is the macro to test for VC++?
On Fri, Mar 24, 2000 at 08:00:09AM -0600, Wilder, John wrote:
> I did try the link - unfortunately, it must not be ready yet.
> I'll keep checking.
The web server update has been restarted, the page is there now.
Sorry for the confusion.
__
On Fri, Mar 24, 2000 at 05:34:14PM -0500, [EMAIL PROTECTED] wrote:
> We are having problems compilingfirst we run the Configure script.
Thanks for the report.
Please try OpenSSL 0.9.5a-beta2 with the changes below (I assume the
Cygwin defines __CYGWIN32__; if it is something else, please ch
On Thu, Mar 23, 2000 at 10:09:35PM -0500, Dr. Frank Bucolo wrote:
I am using SuSE 6.3 and have installed OpenSSL with no difficulties.
I am not a Linux Guru, but pleased to report that SuSE 6.3 & OpenSSL
went OK.
There was a problem with OpenSSL 0.9.5 and SuSE Linux. If linker
errors o
On Tue, Mar 14, 2000 at 08:57:13PM -0800, Lingyun Wang wrote:
> I have made two dll files after successfully
> compilation. Then what's the next step?
What is your problem? If you need general info on how to use DLLs,
consult your compiler manual. If you're looking for info on the
OpenSSL API, r
On Thu, Mar 09, 2000 at 11:10:24AM +, Gerard Monsen wrote:
> Wow. I'm at a loss here. Does anyone know of any
> way that my (tiny) company can legally use SSL for
> commercial purposes in the US without paying an obscene
> amount of money to RSA or buying an obscenely expensive
> web s
On Thu, Mar 09, 2000 at 10:02:10AM -0500, Bob McConnell wrote:
> Looking at the source, it's obvious that it's not expecting to have MSDOS
> defined, the #IFDEF's only check for WIN32 and __ultrix.
You'll have to add the relevent #ifdefs for MSDOS, there's no way
around that. This is simple for
On Wed, Feb 23, 2000 at 09:13:28AM -0500, Richard Dykiel wrote:
> just to mention, the REQ part of the documentation is not accessible from
> the index page of the OpenSSL web site http://www.openssl.org/docs/
You can click through the openssl(1) page. "req" is an option to the
openssl command l
On Wed, Feb 23, 2000 at 03:13:28PM +0200, Elen Mägioja wrote:
> The code i managed to write is added below. It seems to work
> ok... no errors... the signature gets printed out... but what makes
> me wonder is the output format of the signature. That's not in the
> format I want to get... Shouldn
On Tue, Feb 22, 2000 at 03:01:02PM -0800, vijay karthik wrote:
> How do i specify the conf file path during
> runtime ? How do i get around this problem ?
http://www.openssl.org/docs/apps/req.html#ENVIRONMENT_VARIABLES
__
OpenSS
On Tue, Feb 08, 2000 at 09:46:07AM +, Marco Nardelli wrote:
> Does anyone know if RSA_Public_Encrypt encrypts a non-ASCII string?
http://www.openssl.org/docs/crypto/RSA_public_encrypt.html
__
OpenSSL Project
On Thu, Feb 03, 2000 at 05:42:19PM +0900, Srinivas, Ravi wrote:
> I have downloaded the openssl-0.9.4.How can I get a debug version of the
> openssl.
Try using "./config -d", as described in INSTALL. If that doesn't work
on your system, edit the configuration line for your platform in
./Configu
> the command perl util/mk1mf.pl 32 libeay
>
> produces
>
> BIO_number_read does not have a number assigned
> BIO_number_written does not have a number assigned
> X509_STORE_CTX_rget_chain does not have a number assigned
>
> this doesn't seem right to me.
They'll get numbers assigned the next
Toni Andjelkovic wrote:
> appears to work well except on redhat 6.1, where the
> "send" part will dump core.
It works all right on Debian Linux. I'd recommend to set a breakpoint
in BF_cfb64_encrypt and single-step through it, but it may well be a
RedHat bug.
> i don't know if this is related to openssl, but every time
> i run the following code on redhat 6.1 it will receive a SEGV.
Please post compilable source code and specify which OpenSSL version
you are using.
__
OpenSSL Project
On Thu, Dec 09, 1999 at 06:10:51PM +, Andrew Cooke wrote:
> - Ichange NSTALL.W32 to mention this. Something like "If you use any of
> the -no-XXX options in Configure to exclude ciphers you will have to
> remove entries from libeay32.def and ssleay32.def in the ms directory
> before link wil
> I committed a patch to that effect to our RSAREF wrapper functions.
Well, I just undid the change. SSLeay or OpenSSL-based applications
are not vulnerable to the buffer overrun error.
The alleged problem is:
"Providing a suitable modulus length to RSAPrivateDecrypt() it is
possible to force N
> That said -- to the extent that RSAREF is still being used as a
> crypto library for SSLeay/OpenSSL and SSHv.1 "testbed implementations," in
> the US and elsewhere (?!) -- would not it be easier and safer to address
> this sort of potential problem with a wrapper which checks for appropr
> It compiled without errors and warnings but when
> testing it with "make test" the test aborts at the
> BN (big number) test. I installed it, hoping that
> it would work anyway.
That error might also come from problems with bc, but in your case it
looks like the bignum math does go wrong. You m
> The seed generation *is* the RNG. What happens later is a PRNG, not an RNG.
> An RNG with a poor seed is always a poor RNG.
OpenSSL does not contain a "RNG". It uses a cryptographic PRNG, which
you as the application programmer have to initialize by calling
RAND_seed() with appropriate input.
> When i try to make openssl (nmake -f ms/nt.mak) i get an error because
> the file
> obj_dat.h didn't exist.
The Configure script should generate that file, but there were
problems with some version of Perl. This should be fixed in the
current snapshot.
_
> Hello, I am not in USA. I want to use openssl for
> commercial purpose. Are there some legal problem
> I must be cautioned ? I have used DSA instead of
> RSA , but my browser(netscape 4.5) did not support.
You are allowed to use OpenSSL commercially as long as you attribute
it to the authors (
> On Sun, Jul 11, 1999 at 11:48:27AM +0200, Ulf Möller wrote:
> >I called RSA once, not too long ago. Their licenses start at $50K.
I did not write that.
> According to the package, the Redhat Linux "extra" bundle currently on
> the shelves of your local compute
>Here is a test data that does not work with rsa_oaep_test.c
>Can someone tell me what could be wrong?
You've got an invalid value for iqmp. You can set it like this:
BN_mod_inverse(key->iqmp, key->q, key->p, ctx);
int RSA_check(RSA *key)
{
BIGNUM *i, *j, *k;
BN_CTX *ctx;
int r
>/usr/local/ssl/include/openssl/des.h:96: #error "_ is defined, but some
>strange definition the DES library cannot handle that."
>/usr/local/ssl/include/openssl/des.h:98: warning: `_' redefined
You can simply remove the #error and the #define _ in des.h. Now
fixed.
>> Most CAs will have some requirements on the lengths of the public keys they
>> will sign. Currently the CA has to manually check the key length once a
>> certificate request arrives since "openssl ca" gives no indication about
>> the key length. I think it would be a good idea if the CA could u
>If your assembler only knows 386 opcodes, you'll probably have to use
>the "386" option to "./config". (bswapl does not exist on the 386.)
In the SHA assembler code, bswapl is given as its numeric value, so
this problem would not occur. The problem is that Configure only
defines the macro SHA1_
> I have just uploaded the beta1 tarball to the FTP server. Please test it
> and give us any feedback. This is as much a test of the release process
> as it is of the code.
Looks all right, except there is CVS stuff left in the top level
directory.
>Any change we can get this put into the README or FAQ somewhere???
That is going to be fixed in 0.9.3.
But you probably won't be able to use the bignum stuff on IRIX
machines as of yet.
__
OpenSSL Project
> Unresolved:
> bn_div_words
> ./rsa_oaep_test
> Encryption failed!
Both are known problems in the 0.9.2b setup, and are fixed in the
current development version. There also is a patch available on
www.openssl.org to get rid of the "Encryption failed!" message.
__
>Dose OpenSSL allow such change? If dose, what're the key steps and
>things need to be watched out?
Removing ciphers is easy. For example if you want to use OpenSSL
without RC5 (which requires a patent license in many countries), run
"./config no-rc5; rm -Rf crypto/rc5" and make sure that "no-rc
> This *looks* like a typo (should be "syslog.h" ?). I searched my entire
Fixed. Thanks.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Aut
> I am trying to build OpenSSL (to be followed by mod_ssl and Apache) on an
> Ultrix 4.4 system, for the first time. I have followed the installation
> instructions as far as I can see, but the build is failing due to the names
> LOG_CONS and LOG_DAEMON being undefined, as follows :
That was fixe
> Is there a flag or something that needs to be set?
Yes. You should configure OpenSSL with the flag "no-asm", or download
the current snaphot.
__
OpenSSL Project http://www.openssl.org
User Suppor
> I have been struggling with this for a week on my
>386 DX/40. I found the answer last night. There is a
>option to the config script for openssl that solved the
>problem for me. I believe it's "-no_asm"
The current development version of OpenSSL does support 386 assembler.
But I just
> After fixing problems within 'sparcv8.s' file during 'make',
> now error detected during 'make test':
> ./rsa_oaep_test
> Decryption failed!
> Decryption failed!
> Decryption failed!
That would be Andy's assembler implementation, but still the old verion
of rsa_oaep_test? Please run the test a
>Is there any docement describing how one should use OpenSSL completely
>legally?
>
>btw, how do commercial Web sites based on Apache deal with the RSA
>patent (or perhaps they don't use RSA at all)?
If you are in the US, you need to get a license from RSADSI or buy a
licensed server (available f
> Did anybody succeeded to compile it with djgpp?
You can use djgpp if you only need libcrypto. It should work with
configuring it as linux-aout.
If you want to use libssl, you must build a Windows program
(DOS programs can use Winsock only with evil tricks). You can do
that with the djgpp if
> As a quickfix you could do something like
>
> mkdir perlbin
> ln -s /usr/bin/perl5 perlbin/perl
> setenv PATH perlbin:$PATH
That's what I did for building on BSD, but I would like the config
script to take care of that problem automatically.
___
> So, whatever we call the next one, the string version must come after
> "0.9.2b" (intuitively) and the hex version must be > 0x0922.
Name the next "major" release 1.0 with hex code 0x01, then go on
with 1.1 == 0x010100, etc., and all of a sudden the problem is vanished.
Right?
>OpenSSL version 0.9.2b released
May I ask, why "b"?
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager
> Please help (or simply be more specific),
www.openssl.org has a link to the openssl-users archive at
www.mail-archive.com. Enter the word "mingw32" in the search
form of that archive, and click the "search" button.
Specific enough? ;)
__
> How to make OpenSSL with MINGW32 on Win32 platform?
Unfortunately it is not yet supported in OpenSSL, but Niklas Höglund
posted a description a while ago. Check the openssl-users archive.
__
OpenSSL Project
>Of course you need to have a compiler to use it, and if you plan to
>produce something to run with Windows, you'd better have a Visual C++
For many purposes Mingw32 (a port of GNU C++ which uses the Microsoft
C runtime system that is shipped with each copy of Windows) is at
least as good as Visu
Ulf Möller wrote:
>
> Here's a list of open issues with OpenSSL. Perhaps someone can add
> it to the STATUS file?
Hm. I forgot an entry about code that would properly initialize the PRNG
in the absence
> I'll take a look - what exactly is the problem?
I get an illegal instruction in sha1_block called from SHA1_Final.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
>Here's my an update client & server sides that will establish a connection
>with a certificate & key called 'dummy_cert.pem' and 'key.pem':
Your code doesn't initialize the PRNG.
__
OpenSSL Project
> Who in the Universe uses 5.001, and why?
Well, I'm not the only one on the OpenSSL list for whom the Configure
script doesn't work, so it seems plausible that others will have the
same problem. Actually I don't care about myself (I figured out how to
run it anyway), but about the users of my Op
>My version is 5.004_02 and it has no problems with this.
My version is 5.001, and it has the same problems (and, in addition to
Tom's fix, it needs a "no strict" before the last-but-one line).
In my opinion, it would be a *very* bad idea to require that every OpenSSL
user must have perl 5.004,
>[BTW, there is a bug in SSLeay and the released version of OpenSSL
>(which has been corrected at www.openssl.org)
I have to correct myself: The bug does not occur in SSLeay, only in
OpenSSL. (When I saw the diff I assumed that the invalid fopen
attribute "br" must have been the old version, but
Some well known applications use SSLeay with an uninitialized random
number generator. SSLeay interally adds data such as the time and pid
to the PRNG. Unless the machine in question happens to have /dev/random,
that results in a ridiculously insecure system -- as everybody should
know since Netsc
54 matches
Mail list logo