Re: Elliptic Curve Cryptography in OpenSSL
Deryck Henson wrote: Any ideas on the implementation of ECC into the OpenSSL releases any time soon? If so, when? Thanks, hmm, there's some ecc crypto in 0.9.8-dev. Nils __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Request Tracker - 403 Forbidden
Hi folks, I cannot reach the Request Tracker as listed on the support page ... http://www.aet.tu-cottbus.de/rt2/ returns 403 Forbidden, without even asking for credentials. Is it just me, or something happened with this location? Thanks, Gyorgy __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: [CVS] OpenSSL: openssl/crypto/ cryptlib.c
Hi Richard,
Is that a generic Itanium routine or
is that specifically for 32-bit? The only
reason I ask is that we compile for both
32 and 64-bit address pointers when putting
together our VMS kit.
Thanks,
Kevin.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Richard Levitte
Sent: Thursday, April 21, 2005 5:10 AM
To: [EMAIL PROTECTED]
Subject: [CVS] OpenSSL: openssl/crypto/ cryptlib.c
OpenSSL CVS Repository
http://cvs.openssl.org/
Server: cvs.openssl.org Name: Richard Levitte
Root: /e/openssl/cvs Email: [EMAIL PROTECTED]
Module: openssl Date: 21-Apr-2005 11:10:19
Branch: HEAD Handle: 2005042110101900
Modified files:
openssl/crypto cryptlib.c
Log:
Provide a default OPENSSL_ia32cap_loc for non-Intel platforms where
util/libeay.num is important when building shared libraries, like
VMS.
Summary:
RevisionChanges Path
1.58+2 -0 openssl/crypto/cryptlib.c
patch -p0 '@@ .'
Index: openssl/crypto/cryptlib.c
$ cvs diff -u -r1.57 -r1.58 cryptlib.c
--- openssl/crypto/cryptlib.c 13 Apr 2005 15:41:11 - 1.57
+++ openssl/crypto/cryptlib.c 21 Apr 2005 09:10:19 - 1.58
@@ -569,6 +569,8 @@
}
#endif
+#else
+unsigned long *OPENSSL_ia32cap_loc(void) { return NULL; }
#endif
#if !defined(OPENSSL_CPUID_SETUP)
void OPENSSL_cpuid_setup(void) {}
@@ .
__
OpenSSL Project http://www.openssl.org
CVS Repository Commit List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: Request Tracker - 403 Forbidden
On Fri, Apr 22, 2005 at 12:56:27PM +0200, Gyorgy Camaszotisz wrote: Hi folks, I cannot reach the Request Tracker as listed on the support page ... http://www.aet.tu-cottbus.de/rt2/ returns 403 Forbidden, without even asking for credentials. Is it just me, or something happened with this location? We had a hard disk problem that seems to be resolved now. Please excuse any inconvenience, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
openssl ca: generate subjectAltName from config
Hello,
is there a special reason that openssl ca has only
functionality to copy the emailAddress from the subject name
to the subjectAltName extension ?
Or would something like the attached patch acceptable ?
This patch extends the syntax of the subjectAltName entry
of the config file section with the extensions in the way
that the flags copy and move are recognized for all
names.
Additionally it allows to specify the name entry type
in the subject name that is moved/copied.
for example:
In my local openssl.cnf I have the entry:
subjectAltName = DNS:copy:commonName,DNS:mydyndnsorgdomain.dyndns.org
An issued certificate gets 2 subjectAltNames:
1. a copy of the common name (inserted as dnsDomain name)
2. the general dnsDomain name mydyndnsorgdomain.dyndns.org.
This allows me to access the host with the external and the internal
host name without the accessing program generating an error message
about a mismatching domain name.
Bye
Goetz
--
DMCA: The greed of the few outweighs the freedom of the many
Index: crypto/x509v3/v3_alt.c
===
RCS file: /cvs/openssl/crypto/x509v3/v3_alt.c,v
retrieving revision 1.33
diff -u -r1.33 v3_alt.c
--- crypto/x509v3/v3_alt.c 27 Dec 2003 14:40:01 - 1.33
+++ crypto/x509v3/v3_alt.c 22 Apr 2005 13:52:11 -
@@ -63,7 +63,9 @@
static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
+static int copy_name(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+ GENERAL_NAMES *gens,
+ const char *type, const char *field, int move_p);
static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
@@ -304,6 +306,7 @@
{
GENERAL_NAMES *gens = NULL;
CONF_VALUE *cnf;
+ const char *value;
int i;
if(!(gens = sk_GENERAL_NAME_new_null())) {
X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
@@ -311,17 +314,23 @@
}
for(i = 0; i sk_CONF_VALUE_num(nval); i++) {
cnf = sk_CONF_VALUE_value(nval, i);
- if(!name_cmp(cnf-name, email) cnf-value
- !strcmp(cnf-value, copy)) {
- if(!copy_email(ctx, gens, 0)) goto err;
- } else if(!name_cmp(cnf-name, email) cnf-value
- !strcmp(cnf-value, move)) {
- if(!copy_email(ctx, gens, 1)) goto err;
- } else {
- GENERAL_NAME *gen;
- if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
- goto err;
- sk_GENERAL_NAME_push(gens, gen);
+ if (cnf-value cnf-value[0]) {
+ if (!name_cmp(cnf-value,copy)) {
+value = cnf-value+4;
+if (value[0] == '.' || value[0] == ':')value++;
+if(!copy_name(method,ctx,gens,cnf-name,value,0))
+ goto err;
+ } else if (!name_cmp(cnf-value,move)) {
+value = cnf-value+4;
+if (value[0] == '.') value++;
+if(!copy_name(method,ctx,gens,cnf-name,value,1))
+ goto err;
+ } else {
+GENERAL_NAME *gen;
+if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
+ goto err;
+sk_GENERAL_NAME_push(gens, gen);
+ }
}
}
return gens;
@@ -330,44 +339,76 @@
return NULL;
}
-/* Copy any email addresses in a certificate or request to
+/* Copy any fields of given type in a certificate or request to
* GENERAL_NAMES
*/
-static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
+static int copy_name(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+ GENERAL_NAMES *gens,
+ const char *type, const char *field, int move_p)
{
X509_NAME *nm;
- ASN1_IA5STRING *email = NULL;
X509_NAME_ENTRY *ne;
- GENERAL_NAME *gen = NULL;
+ CONF_VALUEcv = { NULL,(char*)type,NULL };
+ GENERAL_NAME *gen = NULL;
+ unsigned char*str = NULL;
+ int nid = 0;
+ int len;
int i;
if(ctx-flags == CTX_TEST) return 1;
- if(!ctx || (!ctx-subject_cert !ctx-subject_req)) {
+if(!ctx || (!ctx-subject_cert !ctx-subject_req)) {
X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_NO_SUBJECT_DETAILS);
goto err;
}
- /* Find the subject name */
+/* get the type of name entry to operate on in the DN */
+ if (field field[0]) {
+ nid = OBJ_txt2nid(field);
+ if (!nid) {
+ X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_INVALID_EXTENSION_STRING);
+ goto err;
+ }
+ }
+ if (!nid) {
+ if (!name_cmp(type, email)) nid = NID_pkcs9_emailAddress;
+#if 0
+ else if(!name_cmp(type, URI )) nid = NID_commonName;
+ else if(!name_cmp(name, DNS )) nid = NID_commonName;
+ else if(!name_cmp(name, RID )) nid = NID_commonName;
+ else if(!name_cmp(name, IP )) nid = NID_commonName;
+#endif
+ else nid = NID_commonName;
+ }
+if (!nid) {
+ X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_INVALID_OBJECT_IDENTIFIER );
+ goto err;
+}
+/* Find the subject name */
if(ctx-subject_cert) nm =
Re: [CVS] OpenSSL: openssl/apps/ engine.c s_server.c
Nils Larsch wrote:
OpenSSL CVS Repository
http://cvs.openssl.org/
Server: cvs.openssl.org Name: Nils Larsch
Root: /e/openssl/cvs Email: [EMAIL PROTECTED]
Module: openssl Date: 08-Apr-2005 00:48:33
Branch: HEAD Handle: 2005040723483300
Modified files:
openssl/appsengine.c s_server.c
Log:
const fixes
Summary:
RevisionChanges Path
1.28+1 -1 openssl/apps/engine.c
1.92+3 -3 openssl/apps/s_server.c
patch -p0 '@@ .'
Index: openssl/apps/engine.c
$ cvs diff -u -r1.27 -r1.28 engine.c
--- openssl/apps/engine.c 5 Apr 2005 19:11:18 - 1.27
+++ openssl/apps/engine.c 7 Apr 2005 22:48:33 - 1.28
@@ -344,7 +344,7 @@
int MAIN(int argc, char **argv)
{
int ret=1,i;
- char **pp;
+ const char **pp;
int verbose=0, list_cap=0, test_avail=0, test_avail_noise = 0;
ENGINE *e;
STACK *engines = sk_new_null();
@@ .
patch -p0 '@@ .'
Index: openssl/apps/s_server.c
$ cvs diff -u -r1.91 -r1.92 s_server.c
--- openssl/apps/s_server.c 5 Apr 2005 19:11:18 - 1.91
+++ openssl/apps/s_server.c 7 Apr 2005 22:48:33 - 1.92
@@ -180,7 +180,7 @@
static int generate_session_id(const SSL *ssl, unsigned char *id,
unsigned int *id_len);
#ifndef OPENSSL_NO_DH
-static DH *load_dh_param(char *dhfile);
+static DH *load_dh_param(const char *dhfile);
static DH *get_dh512(void);
#endif
@@ -1465,12 +1465,12 @@
}
#ifndef OPENSSL_NO_DH
-static DH *load_dh_param(char *dhfile)
+static DH *load_dh_param(const char *dhfile)
{
DH *ret=NULL;
BIO *bio;
- if ((bio=BIO_new_file(dhfile,r)) == NULL)
+ if ((bio=BIO_new_file((char *)dhfile,r)) == NULL)
Gah! Don't do this - clearly this parameter is also const. Fix that instead.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit. - Robert Woodruff
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
