On 2006.09.28 at 23:33:53 +0200, Heiko J Schick wrote:
Hello,
I'm looking into the OpenSSL engine support which was introduced in
OpenSSL version 0.9.6 (or 0.9.7). Is there an official engine
specification or HOWTO available? The only document I have found so
far is [1]. As a first
I'm quite new to openssl and this mailing list, so, I might be wrong, but I
think there is a small issue in
crypto\ecdsa\ecs_ossl.c (openssl-0.9.8d and earlier versions, say,
openssl-0.9.8b), function
static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
The security advisory only has 3 security issues referenced within it,
though it mentions 4 security fixes. Is the fourth one the RSA
signature with modulus 3 forgery issue fixed in 0.9.8c and 0.9.7k?
Thanks!
-Kyle H
On 9/28/06, Mark J Cox [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED
The security advisory only has 3 security issues referenced within it,
though it mentions 4 security fixes. Is the fourth one the RSA
signature with modulus 3 forgery issue fixed in 0.9.8c and 0.9.7k?
No, look closer, the first one (ASN.1 Denial of Service Attacks [yes,
plural]), has two
This bug can be closed. The buggy return value is gone since that
entire check has been removed as of yesterday's releases (0.9.8d and
0.9.7l).
-Ivan
__
OpenSSL Project http://www.openssl.org
Ah, this is what I get for not examining the headings more closely.
Hey, Dr. Steve, have you run the ASN.1 test suite against CryptoAPI?
I remember there was a buffer overrun problem in the ASN.1 code
therein about a year ago...
(I'm also curious, do you know if NISCC's planning on making that
It's probability the same issue.
There is also message at found at
http://groups.google.com/group/mailing.openssl.dev/browse_thread/thread/984bdb1f224d55f3/f3d5d65994f0886e?lnk=gstq=dtlsrnum=26#f3d5d65994f0886e
that references a fix for this from nagendra modadugu. It seems that the
fix may be
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
The fix for the issue that I referenced (-verify 2 on s_client
coredump/segv) was already integrated into CVS, and should have been
part of the snapshot that you downloaded... thus, it might not be the
same issue.
I notice that there was a patch in the message that you linked to. Is
that code
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
Hello everyone,
I have a problem with openssl-0.9.7k and 0.9.7l;
I am not using FIPS (and the default also is to disable it).
On some platforms, I build the static libs only, and not the shared libs.
At least on these platforms I had problems when doing make install
in the to-level directory,
On Fri, Sep 29, 2006, Martin Kraemer wrote:
Am I the only user who observes this problem?
No. I've applied a similar patch locally. It would be nice to have
it in the next release.
__
OpenSSL Project
I simply work around it by using gmake instead of the native make on
the relevant platforms.
Truthfully though, I'd like to see OpenSSL use something better than
the current kludge of build scripts, and would be willing to dedicate
time to it... Personally I'd prefer something truly
(I've attempted to break long lines below so mail/news readers won't.)
I'm attempting to build openssl 0.9.8d on SCO Openserver 507 w/MP5.
I've tried using both gcc 2.95.3 and the SCO native compiler. With gcc,
make fails when compiling ui_openssl.c:
gcc -I.. -I../.. -I../../include -fPIC
Hi,
Awhile ago I mentioned wanting to get proxy support (RFC 3280, yes it's
expired, but in use) into openssl as simply as possible.
I've built the attached module, that does what I wanted. What's the best way
to try and get this integrated into the standard distribution?
Thanks,
--Ivan
/*
First off, you need to get rid of the all rights reserved copyright
clause. Changing it so that it states you grant usage and
distribution rights with OpenSSL under its license would be a good
start. (Licensing, licensing, we all have to worry about it. :( )
Next, create a diff -c (contextual
First off, you need to get rid of the all rights reserved
copyright clause. Changing it so that it states you grant
usage and distribution rights with OpenSSL under its license
would be a good start. (Licensing, licensing, we all have to
worry about it. :( )
Not a problem; is there
In message [EMAIL PROTECTED] on Fri, 29 Sep 2006 13:18:36 -0400, Brad House
[EMAIL PROTECTED] said:
brad Personally I'd prefer something truly cross-platform like CMake.
I wholeheartedly agree, and would be willing to spend time
implementing that, together with others.
Cheers,
Richard
-
On Fri, Sep 29, 2006, Brad House wrote:
time to it... Personally I'd prefer something truly cross-platform like
CMake. It would actually allow a Windows x64 fips build (which is
cmake isn't exactly native on the platforms where I compile
OpenSSL. Currently OpenSSL builts out of the box on
time to it... Personally I'd prefer something truly cross-platform like
CMake. It would actually allow a Windows x64 fips build (which is
cmake isn't exactly native on the platforms where I compile
OpenSSL. Currently OpenSSL builts out of the box on all of them
without having to install some
Ah, again, I should read stuff more carefully before I spout off at
the lip -- this is a utility to create proxy certificates, not
actually validate them.
I think it's a good thing to have as a standard utility, myself, and I
can't see much reason not to include it.
-Kyle H
On 9/29/06, Ivan R.
Is there even an official list outside of the Config program of
supported platforms?
-Kyle H
On 9/29/06, Brad House [EMAIL PROTECTED] wrote:
time to it... Personally I'd prefer something truly cross-platform like
CMake. It would actually allow a Windows x64 fips build (which is
cmake
I modified what I found in x509.c to look like this, would this work:
--Ivan
PS -- I'll generate the diffs asap, and get them emailed too.
/* Copyright (C) 2006 Ivan R. Judson ([EMAIL PROTECTED])
* All rights reserved.
*
* This library is free for commercial and non-commercial use as long
Attached is an email I sent to the openssl-users list about 2 weeks ago
on the same issue.
Glad to see I'm not the only one.
Tige
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Martin Kraemer
Sent: Friday, September 29, 2006 12:53 PM
To:
I have an IRIX n32 problem with similar symptoms. IRIX -64 works fine.
I extended Mr. Tucker's changes to bntest.c to also demonstrate the
IRIX problem.
Replace Mr. Tucker's test_bn2dec with:
int test_bn2dec(BIO *bp, BN_CTX *ctx)
{
BIGNUM *a;
char buf[1024], *buf2;
[guest - Sat Sep 30 01:38:47 2006]:
/* these gyrations attempt to test an particular corner case
w/o */
/* breaking every other architecture */
for ( bnlong=1; bnlong = 1000ULL;
bnlong+=bnlong) {
This for loop works better on other architectures if:
On Fri, 29 Sep 2006, Kyle Hamilton wrote:
Next, create a diff -c (contextual diff) against the current CVS,
including changes to the makefiles.
diff -u is even better.
--
Tim RiceMultitalents(707) 887-1469
[EMAIL PROTECTED]
On 9/30/06, Roger Cornelius [EMAIL PROTECTED] wrote:
[...]
Has anyone successfully built openssl 0.9.8x, passing all tests, on SCO
Openserver 5? What are the ramifications of using the openssl libs even
though the sh512t test failed?
SCO used to provide OpenSSL on OSR and UW; are you using
28 matches
Mail list logo