Hello,
I'm trying to use the AES algorithm of 0.9.7beta in my own program.
For setting the key schedule there are 2 apis:
AES_set_encrypt_key()
and
AES_set_decrypt_key()
Initially I used both of the fxns and set the same userkey to 2 different
schedules, one for encrypting and the other for d
[jaenicke - Wed Jun 12 22:19:22 2002]:
> The manual page about
SSL_CTX_set_client_cert_cb was simply wrong.
> What in hell did I smoke when
writing it? Or was it simply too late
> at night??
>
> Anyway, I have just checked in
a new version:
> If a certificate was already set, the client_cert
[guest - Thu Jun 13 10:52:54 2002]:
> if this callback is
> called only once, how can we assure TLS compliance ? I thought that it
>should be possible
> to react to a servers request by dynamically choosing from the list of
>acceptable CA's
> it attaches ?
The certificate (and private k
Hi,
I'm doing some experiment on openssl-0.9.7-stable-SNAP-20020421.
I replaced the AES code (the original AES code) with
Brian Gladman's AES code (with some modification).
(http://fp.gladman.plus.com/cryptography_technology/rijndael/)
Then, I measure my new implementation's speed using
'opens
[[EMAIL PROTECTED] - Fri Jun 7 14:22:15 2002]:
> even though Netscape still works, this should be considered a bug
since
> IE is now broken when in the past it worked fine
It is a bug in IE, not in OpenSSL. Note that the problem is avoided
when using RC4 ciphersuites, and these are typically
On Sat, Jun 01, 2002 at 01:18:35PM +0100, Ben Laurie wrote:
> Also, the "thread id" may be used elsewhere - is there any point if its
> actually the PID?
Applications that are actually multi-threaded should (and indeed, on
most platforms, must) use CRYPTO_set_id_callback() so that OpenSSL can
u
-BEGIN PGP SIGNED MESSAGE-
Thanks for the insights. I'm looking forward to the next versions... :-)
Best regards,
Erik
- -Original Message-
From: Lutz Jaenicke via RT [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 13, 2002 11:03 AM
To: Sohns Erik
Cc: [EMAIL PROTECTED]
Subject:
Lutz,
I will create a patch against openssl-0.9.7-STABLE-snap-020612 with the gcc
change
and the __LP__ check for 64bit HPUX. If I get time I may look at dynamic
linking.
Cheers,
Ross
-
Ross Alexander
[[EMAIL PROTECTED] - Thu Jun 6 18:39:34 2002]:
[...]
> It appears the openssl guys goofed in 0.97beta. The prototype for the
> d2i_RSAPrivateKey function in 0.9.6c, which I use, is like this:
>
> d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length);
>
> ie., without a cons
[levitte - Wed Jun 5 15:31:44 2002]:
> A little more analysis seems to indicate that X509_EXTENSION isn't
> properly coded, since freeing it requires a dive into the
> OCTET_STRING (or whatever that translates to) and free whatever
> that's pointing to.
>
> The code in question is crypto/as
[jaenicke - Mon Jun 10 17:42:40 2002]:
> I have made some further modifications: I did not like the direct use
> of
> 2 23 42 for SET (even though correct of course) but wanted to build
> the
> tree from the root.
> While doing this I noted, that the CCITT has long since been renamed
> to ITU-T.
If you run 's_client' with the '-debug' option, you will see that
this server (ebmx.extra.daimlerchrysler.com:443) sends a cleartext
string starting with 'HTTP/' when it is supposed to send SSL 3.0
encrypted data. This is where the 'wrong version number' error
message comes from -- 0x54 0x54 (AS
>If you run 's_client' with the '-debug' option, you will see that
>this server (ebmx.extra.daimlerchrysler.com:443) sends a cleartext
>string starting with 'HTTP/' when it is supposed to send SSL 3.0
>encrypted data. This is where the 'wrong version number' error
>message comes from -- 0x54 0x5
Lutz,
Here is the patch for config. I'm not sure if the 32bit/64bit gcc test is
really in the right place, but its not too bad.
(See attached file: config.diff)
Cheers,
Ross
-
Ross Alexander
On Thu, 13 Jun 2002, Lutz Jaenicke via RT wrote:
>
> [[EMAIL PROTECTED] - Thu Jun 13 08:34:54 2002]:
>
> > The "config" script needs to use "gcc -dumpversion"
> > instead of "gcc --version" to determine the gcc version.
> > gcc-3.1 outputs a bunch of text with "--version", but
> > just the number
Satria Bakti (13297096) wrote:
> Hi,
>
> I'm doing some experiment on openssl-0.9.7-stable-SNAP-20020421.
> I replaced the AES code (the original AES code) with
> Brian Gladman's AES code (with some modification).
> (http://fp.gladman.plus.com/cryptography_technology/rijndael/)
>
> Then, I meas
[[EMAIL PROTECTED] - Mon Jun 10 12:25:27 2002]:
>
> It seems that in the latest snapshots in crypto/x509v3/ext_dat.h,
> the table standard_exts ist not sorted correctly.
>
> crl_hold should be after sinfo.
>
> &v3_crl_hold :
>#define NID_hold_instruction_code 430
>
> &v3_sinfo
[[EMAIL PROTECTED] - Thu Jun 6 08:59:53 2002]:
> The doc says :
>
> "Create an OCSP request and write it to a file:
>
> openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem -reqout
req.der
> "
>
> In my test, I try to do exactly that with :
> openssl ocsp -issuer ocsp_ca.pem -cert ocs
Ok, I have checked in your changes with some minor adjustments.
Best regards,
Lutz
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Bodo Moeller wrote:
> On Sat, Jun 01, 2002 at 01:18:35PM +0100, Ben Laurie wrote:
>
>
>>Also, the "thread id" may be used elsewhere - is there any point if its
>>actually the PID?
>
>
> Applications that are actually multi-threaded should (and indeed, on
> most platforms, must) use CRYPTO_set
In message <[EMAIL PROTECTED]> on Sun, 9 Jun
2002 18:51:25 -0700 (PDT), Doug Kaufman <[EMAIL PROTECTED]> said:
dkaufman> On 6 June 2002, Richard Levitte wrote:
dkaufman> > [...]
dkaufman> > > @@ -1226,6 +1230,50 @@
dkaufman> > > close(IN);
dkaufman> > > close(OUT);
dkaufman> > >
dkaufman> > >
In message <[EMAIL PROTECTED]> on Thu, 13 Jun 2002
21:08:37 +0200 (CEST), Richard Levitte - VMS Whacker <[EMAIL PROTECTED]> said:
levitte> dkaufman> The one problem I still see is with point.sh. It works for
levitte> dkaufman> DJGPP, but won't work for other systems without symbolic
levitte> dka
In message <[EMAIL PROTECTED]> on Thu, 13 Jun 2002
21:08:37 +0200 (CEST), Richard Levitte - VMS Whacker <[EMAIL PROTECTED]> said:
Apropos point.sh, does the ln command exist at all in the DJGPP
environment? And if it exists, would it be possible to test that it
works properly with the -s switch
I finally committed most of your changes. Please download the next
snapshot of 0.9.7 and check that it works as intended.
I'm keeping this ticket open until you have confirmed that it works
(perhaps after further changes).
--
Richard Levitte
[EMAIL PROTECTED]
___
I went for a different solution. Since the problem was the sed that
takes away all the crap before the version number, I changed it to
have the dash be part of the character set to remove instead of
having it as a mandatory character after said set. That should
resolve this ticket. Reopen
I've just added the changes you suggested, and made a tentative
addition in 0.9.7 as well, where I mimic the way Cygwin is configured.
Please download the next snapshot of both 0.9.6 and 0.9.7 and test
them.
--
Richard Levitte
[EMAIL PROTECTED]
___
Greetings,
I'm not being successful in compiling openssl-0.9.6d on solaris 9 with
gcc 3.1.
I have gcc3.1 for solaris 8 installed in /usr/local and gcc3.1 natively
compiled for solaris 9 in /usr/local/gcc-3.1. here's my env:
when I try to compile using gcc for solaris 9:
LD_LIBRARY_PATH=/usr/loc
On Thu, 13 Jun 2002, Richard Levitte - VMS Whacker wrote:
> The maintainance problem comes if there is anything special that needs
> to be done, because the change will be done in the above code as well
> as somewhere in the chain of calls to point.sh and mklink.pl. And
> honestly, I prefer the
On Thu, 13 Jun 2002, Richard Levitte via RT wrote:
> I finally committed most of your changes. Please download the next
> snapshot of 0.9.7 and check that it works as intended.
>
> I'm keeping this ticket open until you have confirmed that it works
> (perhaps after further changes).
Thanks.
Thus spake Ben Laurie:
> Satria Bakti (13297096) wrote:
> > Hi,
> >
> > I'm doing some experiment on openssl-0.9.7-stable-SNAP-20020421.
> > I replaced the AES code (the original AES code) with
> > Brian Gladman's AES code (with some modification).
> > (http://fp.gladman.plus.com/cryptography_te
On Thu, 13 Jun 2002, Richard Levitte - VMS Whacker wrote:
> Apropos point.sh, does the ln command exist at all in the DJGPP
> environment? And if it exists, would it be possible to test that it
> works properly with the -s switch, say in terms of exit codes?
> Something like this could be possib
This problem described here:
http://marc.theaimsgroup.com/?l=openssl-dev&m=99720385817987&w=2
Still exists in 0.9.6d release..when can this be expected to be fixed?
--Jani
__
OpenSSL Project
On Thu, 13 Jun 2002, Doug Kaufman wrote:
> On Thu, 13 Jun 2002, Richard Levitte - VMS Whacker wrote:
>
[snip]
> > Is it '-fR' that you're refering to? I agree... Would it be possible
> > to reimplement the recursive part in terms of sh (removes the need for
> > -R), and then use rm to remove ea
The CFB mode only uses the encryption function; AES_set_decrypt_key()
is needed for other modes, such as ECB.
S
Thus spake Louis Lam:
> Hello,
>
> I'm trying to use the AES algorithm of 0.9.7beta in my own program.
>
> For setting the key schedule there are 2 apis:
>
> AES_set_encrypt_key()
34 matches
Mail list logo
