For legacy and compatibility reasons I have to use an older version of the
Windows DDK to compile certain libraries, including OpenSSL. I am
compiling it with version 3790.1830.
In other words compiler version 13.x.
I spent the morning tracing a crash in BN_nist_mod_384 which I believe is
You make it sound like the fact that c_d is a stack array is an excuse
for doing wrong:-) I mean it's clearly a compiler bug and reasoning as
above does not make it understandable/justifiable/excusable. Formally
it's not OpenSSL bug and shouldn't be reported as one...
I thought I'd made it
I have couple of questions like,
1.What is FIPS standard OpenSSL 1.0.1 library following. CHANGES claims
the support for FIPS180-2?
What is the concern? That post-FIPS180-2 is not supported? Well, if you
can point out essential difference in specification for algorithms in
question in
You make it sound like the fact that c_d is a stack array is an excuse
for doing wrong:-) I mean it's clearly a compiler bug and reasoning as
above does not make it understandable/justifiable/excusable. Formally
it's not OpenSSL bug and shouldn't be reported as one...
I thought I'd made
Hi,
I have been trying to have ssl3_send_alert() send a warning alert without
terminating my TLS session, but with no luck.
I tried setting al to different values defined in tls1.h, and having
SSL3_AL_WARNING instead OF SSL3_AL_FATAL but I still get the session
terminated.
I appreciate if you
I am seeing a core dump in RSA_check_key() function. The backtrace is
as below.
What OS? Which OpenSSL version? Is it correct assumption that it's
custom/own program? Can you reproduce the problem with openssl utility,
with 'openssl rsa -in file.pem -check -noout')? Can you reproduce it
with
http://www.openssl.org/contrib/intel-accel-1.4.tar.gz
I'm attempting to use the libintel-accel-1.4 ENGINE with my OpenSSL
0.9.8x application.
I'm running into a few snags:
1) Why does the sha1_md structure in e_intel_accel.c (L268) set the
required_pkey_type to EVP_PKEY_NULL_method?
It works. The new assembler is:
LEA eax,[c_d]
MOV DWORD PTR [res],eax
MOV ecx,DWORD PTR [mask]
NOT ecx
AND ecx,DWORD PTR [res]
MOV edx,DWORD PTR [r_d]
AND edx,DWORD PTR [mask]
OR ecx,edx
MOV DWORD PTR [res],ecx
The addition of the LEA instruction gets the pointer value from c_d instead
of its
I am interested in adding partial support for RFC 5487 to a future official
OpenSSL release:
I would like to add the following cipher suites compatible with TLS 1.1:
CipherSuite TLS_PSK_WITH_AES_128_CBC_SHA256 = {0x00,0xAE};
CipherSuite TLS_PSK_WITH_AES_256_CBC_SHA384 =
I noticed that the Microsoft Assembler compiler support has gone,
however, I also found that ms\do_ms.bat does NOT use assembly (no-asm
flag is used), while ms\do_win64a.bat silently expects nasm compiler
No. 1.0.0 assumes ml64, while 1.0.1 *probes* if nasm is present, and if
not, falls down
Hi Andy,
Thanks for the reply. I am trying to understand whether FIPS 180-2 or FIPS
180-3 is supported in OpenSSL 1.0.1. CHANGES document in OpenSSL claims the
support for FIPS 180-2. However CH is defined in SHA-256 is #define Ch(x,y,z)
(((x) (y)) ^ ((~(x)) (z))) in SHA-256.c . This
Andy,
Thanks for explanation.
As answer on your question whether ml64.exe is existent: when setting Visual
Studio 2010 (SP1) x64 command line environment, ml64.exe is accessible via the
path (in c:\Program Files (x86)\Microsoft Visual Studio
10.0\VC\bin\amd64\ml64.exe).
Microsoft has
Thanks for the reply. I am trying to understand whether FIPS 180-2 or
FIPS 180-3 is supported in OpenSSL 1.0.1. CHANGES document in
OpenSSL claims the support for FIPS 180-2. However CH is defined in
SHA-256 is #define Ch(x,y,z) (((x) (y)) ^ ((~(x)) (z))) in
SHA-256.c . This is as
As answer on your question whether ml64.exe is existent: when setting
Visual Studio 2010 (SP1) x64 command line environment, ml64.exe is
accessible via the path (in c:\Program Files (x86)\Microsoft Visual
Studio 10.0\VC\bin\amd64\ml64.exe).
Just for the record. Even if ml64 is not
Hi Andy,
Thanks a lot for the quick reply. Sorry to interrupt you with one more
question. Is http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
this not the right document?
Regards
Jaya
-Original Message-
From: owner-openssl-...@openssl.org
It works.
In all subroutines? Could you double-check? The reason for being
overparticular is that when it comes to compiles bugs, one can expect
*anything*.
Note that you forgot to add it to the BN_nist_mod_521() function, probably
because the variable is named t_d in that function instead of
It is indeed the quoting of the perl command interpreter issue.
I also work often on *nix platforms, and tested with \$^X\, which worked. But
I can’t guarantee that too for all *nix flavors... It may be worth trying it
(unless someone else complains).
If you are unsure for a certain *nix
I was just able to open the link below and the entire document looked okay.
Paul
_
Paul A. Suhler, PhD | Firmware Engineer | Quantum Corporation | Office:
949.856.7748 | paul.suh...@quantum.com
I was just able to open the link below and the entire document looked okay.
I observe spaces in places where ~ should be in Ch(), not only in
SHA256, but in all of them. And Figure 1 on page 3 is mostly empty...
__
OpenSSL
Hi Andy,
Once again thank you. I tested 2 sample test explained in the FIPS 180-2 and
180-3 documents with OpenSSL 1.0.1 document and test output matched in both the
cases. But the CH was different in FIPS 180-2 than FIPS 180-3. So I was
wondering how output can be same irrespective of CH
It is indeed the quoting of the perl command interpreter issue.
I also work often on *nix platforms, and tested with \$^X\, which
worked. But I can’t guarantee that too for all *nix flavors... It may
be worth trying it (unless someone else complains). If you are unsure
for a certain *nix
Same here.
Also with
http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf
http://csrc.nist.gov/publications/fips/fips180-3/fips180-3_final.pdf and
http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf are OK.
--
Erwann ABALEA
-
nocticonsiliophorisme:
Hi Andy,
I will check if I can get a right copy. Do you have any link that directs me
to correct copy?
Regards
Jaya
-Original Message-
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On
Behalf Of Andy Polyakov
Sent: Tuesday, June 26, 2012 9:19 PM
To:
Hi Andy,
One more question CHANGES document in OpenSSL 1.0.1 stats SHA-224 supported as
per FIPS 180-2, but SHA-224 appears to be available only in FIPS 180-3. So
shouldn’t it be as per FIPS 180-3 standard?
Regards
Jaya
-Original Message-
From: owner-openssl-...@openssl.org
I tested 2 sample test explained in the FIPS
180-2 and 180-3 documents with OpenSSL 1.0.1 document and test output
matched in both the cases. But the CH was different in FIPS 180-2
than FIPS 180-3. So I was wondering how output can be same
irrespective of CH difference.
There is no way for
Le 26/06/2012 18:24, Bhat, Jayalakshmi Manjunath a écrit :
One more question CHANGES document in OpenSSL 1.0.1 stats SHA-224 supported as
per FIPS 180-2, but SHA-224 appears to be available only in FIPS 180-3. So
shouldn’t it be as per FIPS 180-3 standard?
Hi,
both the FIPS module and OpenSSL use the -pthreads option for gcc when
building a *BSD/x86 target. With our cross-compiler, -pthreads results in
-lpthread, although on our target we actually use libc_r for thread
support. While sorting out how I can resolve this in the config/Configure
Andy,
Thanks for explanation.
As answer on your question whether ml64.exe is existent: when setting Visual
Studio 2010 (SP1) x64 command line environment, ml64.exe is accessible via the
path (in c:\Program Files (x86)\Microsoft Visual Studio
10.0\VC\bin\amd64\ml64.exe).
Microsoft has already
It is indeed the quoting of the perl command interpreter issue.
I also work often on *nix platforms, and tested with \$^X\, which worked. But
I can’t guarantee that too for all *nix flavors... It may be worth trying it
(unless someone else complains).
If you are unsure for a certain *nix
FYI:
When building OpenSSL, using the solaris64-sparcv9-cc config, then RANLIB uses
ar -rs as RANLIB command. Solaris 10 on UltraSparc (in my case a V440 system)
suffers from a bug in:
/usr/ccs/bin/ar:
SunOS 5.10 Generic 144500-19 Jul 2011
/etc/release:
Oracle
Hi Erwann ABALEA
Thanks a lot.
Regards
Jaya
-Original Message-
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On
Behalf Of Erwann Abalea
Sent: Tuesday, June 26, 2012 9:40 PM
To: openssl-dev@openssl.org
Cc: Andy Polyakov
Subject: Re: [openssl-dev] Re: SHA-256
Hi All,
Thanks everyone, now I have the right documents.
Regards
Jaya
-Original Message-
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On
Behalf Of Erwann Abalea
Sent: Tuesday, June 26, 2012 9:40 PM
To: openssl-dev@openssl.org
Cc: Andy Polyakov
Subject:
Bhat,
Like Andy, I had an older copy that appears to be correct. I'll mail it to you.
I've notified the NIST webmaster about the bad file. We'll see how long it
takes to get a response.
Paul
-Original Message-
From: owner-openssl-...@openssl.org
33 matches
Mail list logo
