[EMAIL PROTECTED] wrote:
>
> levitte 20-Apr-2002 12:22:43
>
> Modified:crypto/engine tb_ecdsa.c
> Log:
> The callback must have (void) as argument list.
> Notified by Bernd Matthes <[EMAIL PROTECTED]>
Surely only in the prototype - its necessarily void in the actual
function if
Lutz Jaenicke wrote:
>
> On Fri, Apr 19, 2002 at 05:01:02AM -0600, James Yonan wrote:
> > The following program succeeds on 0.9.6 but
> > fails on 0.9.7. It tests the feature of
> > calling EVP_CipherInit once to build
> > a key schedule, then cycling through
> > calls to EVP_CipherInit, EVP_Cip
James Yonan wrote:
>
> Given that the EVP level is supposed to offer callers a cipher-independent
> interface, where the caller doesn't necessarily know the idiosyncracies of
> the underlying cipher, wouldn't it make sense for evp/e_des3.c to call
> des_set_key_checked() instead of des_set_key_un
Bill Pringlemeir wrote:
>
> In crypto/md5/md5_dgst.c, there is lots of code as follows,
>
> /* Round 0 */
> R0(A,B,C,D,X[ 0], 7,0xd76aa478L);
> R0(D,A,B,C,X[ 1],12,0xe8c7b756L);
> R0(C,D,A,B,X[ 2],17,0x242070dbL);
> R0(B,C,D,A,X[ 3],22,0xc1bdceeeL);
> ...
Adam Back wrote:
>
> It seems that if you enable ADH but disable MEDIUM ciphersuites, they
> get left on anyway.
>
> I guess not too many people enable ADH, but there are scenarios where
> it is useful, and so this seems like a security bug.
>
> What I did:
>
> % openssl s_server -stat
[EMAIL PROTECTED] wrote:
> 4. According to Theo and Beck (both OpenBSD folks), the current /dev/crypto
> engine doesn't work. It seems to be a adaptation of Theo's cryptodev demo,
> and should be thrown away.
> My opinion: I trust Theo and those guys to know what they talk about,
Dr S N Henson wrote:
>
> Ben Laurie wrote:
> >
> > Hmm. You did this with a different name from me (idx instead of index_)
> > - isn't that going to be irritating?
> >
>
> I hadn't realised someone else had come across this. It should be
> consis
Hmm. You did this with a different name from me (idx instead of index_)
- isn't that going to be irritating?
[EMAIL PROTECTED] wrote:
>
> steve 14-Feb-2002 19:46:16
>
> Modified:crypto/engine Tag: OpenSSL_0_9_7-stable hw_sureware.c
> Log:
> Fix warnings:
>
> #if out some unus
Bodo Moeller wrote:
>
> On Thu, Feb 14, 2002 at 02:42:36PM +0100, [EMAIL PROTECTED] wrote:
>
> > Log:
> > For some reason, getting the topmost error was done the same way as
> > getting the bottommost one. I hope I understood correctly how this
> > should be done. It seems to work when
Dr S N Henson wrote:
>
> Markus Friedl wrote:
> >
> > I think this change is needed if you want EVP_CipherInit() to have a
> > similar semantic as in OpenSSL 0.9.6.
> >
> > Index: evp/evp_enc.c
> > ===
> > RCS file: /cvs/openssl/cryp
"Clendenan, Dave" wrote:
>
> In bss_log.c, the '#includes' are still processed, even when compiled with
> -DNO_SYSLOG.
>
> I'm curious why, since the entire rest of the file is skipped...
So that we don't get into dependency wars in the CVS versions of the
Makefiles.
Cheers,
Ben.
--
http://w
Dr S N Henson wrote:
>
> Ben Laurie wrote:
> >
> > Dr S N Henson wrote:
> > >
> > >
> > > The self signed cert was only an example. There are other cases which
> > > could apply as well. An example would be explicit trust of an EE
> &g
Dr S N Henson wrote:
>
> Bear Giles wrote:
> >
> >
> > > If it only did an I+SN match then an attacker could readily generate a
> > > self-signed certificate using its own key with matching I+SN.
> >
> > But a self-signed cert is easily identified and could be flagged
> > for special handling. B
Rich Salz wrote:
>
> > currently. Also, IIRC, on most Unixen, linking with libcrypto.a
> > rather than -lcrypto makes the linker suck in everything from that
> > library, regardless of if they are needed or not, while -lcrypto makes
> > the linker select the needed object files. I may be wrong
Richard Levitte - VMS Whacker wrote:
>
> From: Lutz Jaenicke <[EMAIL PROTECTED]>
>
> Lutz.Jaenicke> On Wed, Jan 23, 2002 at 11:21:49AM -0800, Booker C. Bense wrote:
> Lutz.Jaenicke> > - I was afraid you'd say that... It defeats the whole
> Lutz.Jaenicke> > point of changing the names in the firs
[EMAIL PROTECTED] wrote:
>
> levitte 21-Jan-2002 18:55:41
>
> Modified:crypto/evp evptests.txt
> Log:
> Use FIPS-197 vectors for AES. The NIST vectors were constructed by
> reencrypting or redecrypting the ciphertext 1 times, which of
> course gives higly different results
Richard Levitte - VMS Whacker wrote:
>
> From: Simon Josefsson <[EMAIL PROTECTED]>
>
> jas> This patch that allows you to override the check for a valid self-signed
> jas> certificate when signing certs using 'x509 -CA'. I find this useful for
> jas> those times when you edit certs with M-x hex
[EMAIL PROTECTED] wrote:
> - libtool finally annoyed me too much, so I'm nuking it,
Huzzah!
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodr
Raghu wrote:
>
> Hi,
>
> Repost(from users list) with slight enhancements.
> I thought, probably, it is a developer question.
>
> I just recently joined the OpenSSL world
> to implement EAP-TLS, rfc2716, using OpenSSL libraries.
>
> I could not make any significant progress for the last one we
> The big question is: if we submit a patch to OpenSSL to add NetWare support, will it
>be accepted? Is anyone else
> interested in this work?
I don't see why not, so long as you follow the export guidelines, and it
patches against the current version.
Cheers,
Ben.
--
http://www.apache-ssl.or
Have you reported this to Sun?
Cheers,
Ben.
Eric Laroche wrote:
>
> Hi all,
>
> While performing performance tests on a Sun Crypto Accelerator I Board
> (also known as CryptoSwift) on sparc-sun-solaris architecture, I
> noticed a race condition between the libswift.so-hardware-I/O and the
> a
Ben Laurie wrote:
>
> francoise lacambre wrote:
> >
> > Don't you think, in the X509_STORE_get_by_subject function, that the following
> > line
> > vs->current_method=j;
> > would be replaced by :
> >
francoise lacambre wrote:
>
> Don't you think, in the X509_STORE_get_by_subject function, that the following
> line
> vs->current_method=j;
> would be replaced by :
> vs->current_method=i;
Yes!
Cheers,
Ben.
> in the case where j<
francoise lacambre wrote:
>
> Don't you think, in the X509_STORE_get_by_subject function, that the following
> line
> vs->current_method=j;
> would be replaced by :
> vs->current_method=i;
Yes!
Cheers,
Ben.
> in the case where j<
Richard Levitte - VMS Whacker wrote:
>
> From: Ben Laurie <[EMAIL PROTECTED]>
>
> ben> Bodo Moeller wrote:
> ben> >
> ben> > On Mon, Nov 05, 2001 at 12:32:56PM +0100, Richard Levitte - VMS Whacker wrote:
> ben> >
> ben> > >> If th
Rich Salz wrote:
>
> > The problem with that idea is it is incompatible with all the other
> > functions in OpenSSL. The functions that clash in Kerberos are all
> > (there aren't many) static, so there aren't actually many ramifications
> > to changing them in Kerberos.
>
> Are you saying that
Jeffrey Altman wrote:
>
> > ...I've just discovered that changing DES functions to be DES_* clashes
> > with Kerberos... for example:
> >
> > static void
> > DES_random_key(krb5_context context,
> > krb5_keyblock *key)
> >
> > - do we have any views on this?
> >
> > Cheers,
> >
> > B
...I've just discovered that changing DES functions to be DES_* clashes
with Kerberos... for example:
static void
DES_random_key(krb5_context context,
krb5_keyblock *key)
- do we have any views on this?
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"There is no limit to w
"Romberg, Kathy" wrote:
>
> Folks,
>
> I am in the process building OpenSSL (0.9.6b) on the Tru64 Unix
> (Compaq/Digital Unix) platform and have a few questions for you
> regarding the 64-bit safeness of the product.
>
> There are two options that I use on the Compaq C compiler when checking
>
Richard Levitte - VMS Whacker wrote:
>
> I just gor a CSR (included below) that fails verification on Linux but
> where verification succeeds on VMS. In both cases, OpenSSL 0.9.6b is
> used:
>
> openssl req -in DaveJones.csr -noout -verify
>
> gives "verify failure" on my Linux laptop, and "ve
Rich Salz wrote:
>
> Good luck. I started, then gave up, and isolated all the problematic
> calls into a separate file with separate compilation flags. :) (We're
> using C++ so unprototyped function pointers were an actual error.) I
> believe the openssl core team would be interested in the pat
Michael Richardson wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
>
> > "Michael" == Michael Richardson <[EMAIL PROTECTED]> writes:
> Michael> My suggestion:
>
> Michael> change the typedef, (or probably, add a new one):
>
> Michael> struct des_ks_struct
> Michael>{
Olga Kornievskaia wrote:
>
> Hi,
>
> I work at the Center for Information Technology Integration (CITI)
> (affiliated with the University of Michigan) and in the past year I've
> been working on a project that makes use of openssl. The results are
> reflected in the August 2001 USENIX Se
Geoff Thorpe wrote:
>
> Hi there,
>
> Thanks!
>
> Of course, I'm wondering to myself, how the hell didn't "gcc" pick this up
> before now?
Because a function argument can only be a pointer to a function, I
presume.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"There is no limit to wh
Richard Levitte - VMS Whacker wrote:
> So, that's a name clash we really can't have. I propose changing the
> name to ossl_typ.h (thereby preserving the 8.3 file name format).
> What say you?
Fine by me.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"There is no limit to what a man can
Tom Biggs wrote:
>
> I'm trying to get a handle on how fast our crypto engine is,
> so I'm running 'openssl speed xxx -engine yyy'.
>
> Can someone explain the difference between normal timing and
> '-elapsed' timing? It's giving me wildly different results
> and I would like to understand why
Richard Levitte - VMS Whacker wrote:
>
> From: [EMAIL PROTECTED]
>
> Could you please put things like that inside a #ifdef BN_DEBUG..#endif
> or something similar?
When the code is fit for anything resembling production use, I certainly
will - note that currently there are only about six people
[EMAIL PROTECTED] wrote:
>
> bodo25-Sep-2001 12:30:17
>
> Modified:.STATUS
> Log:
> 'openssl speed' does not include AES support yet
It does if you use an EVP.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"There is no limit to what a man can do or how far he
[EMAIL PROTECTED] wrote:
>
> bodo10-Sep-2001 19:46:55
>
> Modified:crypto/engine enginetest.c
> Log:
> avoid warning ('const' discarded)
>
> Revision ChangesPath
> 1.11 +2 -2 openssl/crypto/engine/enginetest.c
>
> Index: enginetest.c
> =
Bodo Moeller wrote:
>
> On Thu, Sep 06, 2001 at 03:08:09PM +0100, Ben Laurie wrote:
> > [EMAIL PROTECTED] wrote:
>
> >> - free((char *)(ENGINE_get_id(block[loop])));
> >> - free((char *)(ENGINE_get_name(block[loop])));
> &
Ryan Hurst wrote:
>
> Ben --
> I do not understand; after reading the Cryptography research design
> review (http://www.cryptography.com/intelRNG.pdf ) and the Intel technical
> brief it sounds as if its design is solid, I do understand that the output
> received though the CryptoAPI inte
Ryan Hurst wrote:
>
> Granted; guess I should not have given such high praise to the
> quality/uniqueness of that this device produces since they do not provide
> information on its design nor state that it has been evaluated by any
> qualified independent reviewers. My assumption was and I guess
Ulf Möller wrote:
>
> On Fri, Sep 07, 2001 at 01:44:26PM +0200, [EMAIL PROTECTED] wrote:
>
> > ben 07-Sep-2001 13:44:25
> >
> > Modified:crypto/rand md_rand.c
> > Log:
> > Now need sha.h for some reason.
>
> Do we need all the message digest header files that I just removed,
>
[EMAIL PROTECTED] wrote:
> - free((char *)(ENGINE_get_id(block[loop])));
> - free((char *)(ENGINE_get_name(block[loop])));
> + OPENSSL_free((char *)(ENGINE_get_id(block[loop])));
> + OPENSSL_free((char *)(ENGINE_get_name(block[loop])));
Why
what errors?
Cheers,
Ben.
> How can I fix these so that I can compile properly.
>
> Thanks in Advance,
> Bhavin
>
> - Original Message -
> From: "Ben Laurie" <[EMAIL PROTECTED]>
> To: "OpenSSL Dev" <[EMAIL PROTECTED]>
> Sent: W
Jim Ellis wrote:
>
> Hi,
>
> I have been using BN_mod_exp for some time now with no problems, but I have
> found a set of values where the result of BN_mod_exp appears to be
> incorrect.
>
> I have created a modified version of exptest.c to demonstrate this bug case.
> I have included the c cod
We're thinking about moving towards a 0.9.7 release, once a few more
things have been ironed out. However, there is much new code that needs
thorough testing, particularly the ASN.1 rewrite. We'd be grateful if
people would start to work with current snapshots and report problems
they find.
Cheer
[EMAIL PROTECTED] wrote:
>
> ulf 01-Sep-2001 07:30:46
>
> Modified:crypto/evp evp_test.c
> Log:
>
>
> Revision ChangesPath
> 1.5 +1 -1 openssl/crypto/evp/evp_test.c
>
> Index: evp_test.c
>
[EMAIL PROTECTED] wrote:
>
> geoff 01-Sep-2001 20:37:20
>
> Modified:crypto/evp digest.c
> Log:
> Only OPENSSL_free() non-NULL pointers.
Why? Surely OPENSSL_free() follows the usual semantics and allows a NULL
to be freed?
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"
Brian Havard wrote:
>
> On Wed, 29 Aug 2001 15:19:24 +0200 (MET DST), Peter Sylvester wrote:
>
> >would it be possible to add something like the following
> >to evp/evp_test.c It is not a replacement for strsep but
> >a function that seems to work with the few calls in evp_test.c
> >
> >
> >sta
The bad news is that we fail AES tests! Guess our implementation is
screwed.
Cheers,
Ben.
[EMAIL PROTECTED] wrote:
>
> ben 18-Aug-2001 18:02:55
>
> Modified:crypto/evp evp_test.c evptests.txt
> Log:
> Add AES tests.
--
http://www.apache-ssl.org/ben.html
"There is no limit
Dr S N Henson wrote:
>
> Ben Laurie wrote:
> >
> > The alert will have noticed the work I've been doing on EVP_CIPHER and
> > EVP_MD stuff to allow them to be extended without having to patch
> > OpenSSL, as well as to improve the modularity of OpenSSL - I loo
Bodo Moeller wrote:
>
> On Tue, Jul 31, 2001 at 01:49:24PM -0400, Jeffrey Altman wrote:
>
> >>> Please be very careful with the changes that are made to DES. The DES
> >>> structures and functions from OpenSSL were originally designed by Eric
> >>> to be compatible with the MIT Kerberos DES imp
Jeffrey Altman wrote:
>
> > > Please be very careful with the changes that are made to DES. The DES
> > > structures and functions from OpenSSL were originally designed by Eric
> > > to be compatible with the MIT Kerberos DES implementation. This has
> > > allowed applications such as C-Kermit
Richard Levitte - VMS Whacker wrote:
>
> From: Ben Laurie <[EMAIL PROTECTED]>
>
> ben> Well, I guess I'm missing something - if they now use OpenSSL instead of
> ben> libdes, why do we need compatibility with libdes?
>
> As I said, libdes exists in seve
[EMAIL PROTECTED] wrote:
>
> levitte 31-Jul-2001 19:02:48
>
> Modified:util clean-depend.pl
> Log:
> Make sure the source file is included among the dependencies. This is
> the norm for 'gcc -M' but not for 'makedepend', and is merely
> introduced here to avoid commit wars
Richard Levitte - VMS Whacker wrote:
>
> From: Ben Laurie <[EMAIL PROTECTED]>
>
> ben> I find it hard to believe that the Kerberos data structures are as
> ben> broken as the OpenSSL ones were.
> ben>
> ben> Are you saying that you use the same data struct
Jeffrey Altman wrote:
>
> > On Tue, Jul 31, 2001 at 12:41:45PM +0100, Ben Laurie wrote:
> >
> > >>> -typedef struct des_ks_struct
> > >>> +typedef struct des_ks
> > [...]
> >
> > >> Surely this deserves an entry in '
Bodo Moeller wrote:
>
> On Tue, Jul 31, 2001 at 12:41:45PM +0100, Ben Laurie wrote:
>
> >>> -typedef struct des_ks_struct
> >>> +typedef struct des_ks
> [...]
>
> >> Surely this deserves an entry in 'CHANGES'?
&g
Bodo Moeller wrote:
>
> On Mon, Jul 30, 2001 at 07:47:13PM +0200, [EMAIL PROTECTED] wrote:
>
> > Index: des.h
> > ===
> > RCS file: /e/openssl/cvs/openssl/crypto/des/des.h,v
> > retrieving revision 1.32
> > retrieving revi
...broke SSL:
test sslv2
Segmentation fault - core dumped
*** Error code 1
I can look at it later, but perhaps someone knows why already?
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." -
Bodo Moeller wrote:
>
> On Mon, Jun 25, 2001 at 04:01:01AM +0100, Ben Laurie wrote:
>
> > Sorry, I'd managed to forget about opensslconf.h! It does also solve the
> > problem and I have no problem with it.
>
> However, it would be safer if data strutures in expo
[EMAIL PROTECTED] wrote:
>
> jaenicke26-Jul-2001 11:03:46
>
> Modified:.Tag: OpenSSL_0_9_6-stable CHANGES
>crypto/dsa Tag: OpenSSL_0_9_6-stable dsa_lib.c
> Log:
> Fix problem occuring when used from OpenSSH on Solaris 8.
>
> Revision ChangesPath
>
"Henroid, Andrew D" wrote:
>
> > -Original Message-
> > From: Ben Laurie [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, July 18, 2001 6:03 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: Rijndael patch
>
> > But that aside, if you
"Henroid, Andrew D" wrote:
> Totally understood. OpenSSL should work well on all the
> platforms it supports. If compromise is necessary however,
> shouldn't OpenSSL be tuned to the platform that is in (by
> far) the widest use?
Do you know which platform is most widely used for high-speed crypt
; distribution.
>
> The distribution file names are:
>
> o openssl-0.9.6a.tar.gz [normal]
> o openssl-engine-0.9.6a.tar.gz [engine]
>
> Yours,
> The OpenSSL Project Team...
>
> Ma
Bodo Moeller wrote:
>
> On Fri, Mar 30, 2001 at 04:55:52PM +0200, [EMAIL PROTECTED] wrote:
>
> > Modified:apps s_server.c
> > Log:
> > this time *really* fix the /../ check ...
>
> Well, I guess this one was a little late ...
>
> The original implementation had the problem that i
"David E. Weekly" wrote:
>
> Please excuse this somewhat naive question.
>
> Would it make sense to integrate additional cryptography into OpenSSL's
> libcrypto? Would it be useful to have AES and Twofish, a TIGER hash, etc?
More crypto is always welcome. We do already have AES, however.
> Is
Geoff Thorpe wrote:
>
> Hi there,
>
> Richard's standard mail address is on sick-leave due to some server hardware
> failures. He's asked me to forward this to the list on his behalf (ie. the
> response is his, not mine, but I agree with what he's said anyhow).
>
> On Thu, 29 Mar 2001, [iso-885
Guillermo Maturana wrote:
>
> > /**
> > Set the given SSL_CTX's private key to the given PEM file, using the given
>passphrase.
> > @param ctx The ssl context to modify.
> > @param file The name of the PEM file containing the desired private key.
> > @param passphrase The nul-terminated
Per Winkvist wrote:
> It shouldn't dump core when not finding the config file right ?
Nothing should dump core ever.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
_
Geoff Thorpe wrote:
>
> Hey there,
>
> On Mon, 19 Feb 2001, tc lewis wrote:
>
> >
> > you know, these commit mails are really nice. seriously. any chance
> > someone could forward over the openssl cvs repository's loginfo file
> > (and/or whatever else may be involved)?
>
> Why not just rsyn
"Henroid, Andrew D" wrote:
>
> We have recently begun a project to investigate
> peer-to-peer security. Our current code release
> builds on the OpenSSL Toolkit, specifically the crypto
> library, and is currently available on SourceForge
> (http://www.sourceforge.net/projects/ptptl)
>
> As par
Billy Cole wrote:
>
> >> changes/fixes into that branch? Obviously everyone's going to have something
> >> different about "their version" of OpenSSL and I'm wondering how to do
> >> that while at the same time take advantage of the OpenSSL developers'
> >> updates.
> >>
> >>
> >>Why is that
Billy Cole wrote:
>
> We are planning on an embedded SSL project and we're using OpenSSL
> as our "reference implementation". I have done the required to compile and
> run the 0.9.6 distribution on our target processor and all works well. While
> moving on to bigger and better thoughts, a number
Corinne Dive-Reclus wrote:
> So far, the current ENGINE seems good to me. Your choice to hook
> only asymmetric operations seems reasonnable for a SSL implementation.
OpenSSL is not an SSL implementation. That's one of the many things it
does. If your hardware does other stuff, then ideal
Richard Levitte - VMS Whacker wrote:
>
> From: Ben Laurie <[EMAIL PROTECTED]>
>
> ben> You mean binary compatibility, which we are well known not to have?
>
> True, but there have been maniacs out there building shared libraries
> anyway, and I suspect Eric kept
Richard Levitte - VMS Whacker wrote:
>
> From: Ben Laurie <[EMAIL PROTECTED]>
>
> ben> > For compatibility with older versions of libdes, I'm sure.
> ben>
> ben> Well, its defined in the header, so I can't see why you need it for
> ben> com
Ulf Moeller wrote:
>
> On Sun, Feb 04, 2001, [EMAIL PROTECTED] wrote:
>
> > Can't remember why this was needed?
>
> For compatibility with older versions of libdes, I'm sure.
Well, its defined in the header, so I can't see why you need it for
compatibility. What I meant was I couldn't remem
Lutz Jaenicke wrote:
>
> On Mon, Jan 22, 2001 at 04:41:41PM -0800, Nagaraj Bagepalli wrote:
> > Thanks for your response. If I understand this correctly, certificate
> > is stored in the session table so that application can retrieve it
> > in the resumed connections (in case it needs it), but fr
Bodo Moeller wrote:
>
> On Sun, Dec 17, 2000 at 03:09:16AM +, Dr S N Henson wrote:
>
> >> When mentioning features that don't exist in current releases of
> >> OpenSSL (such as the new undocumented '-prexit' option to s_client),
> >> the FAQ should point out that they don't: The FAQ is
Rich Salz wrote:
> I would recommend not using libtool right away.
libtool is the work of the devil.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
_
Rich Salz wrote:
>
> > autoconf/automake does not work on Windows
>
> I strongly agree with Geoff that the maintainers will probably find it easier
> to maintain three "native" build environments -- Win32, VMS, Posix-like --
> than the current scheme where things are shoe-horned into a really me
SSL Porter wrote:
>
> Hello all,
>
> As part of a company project I initiated an attempt to port OpenSSL to
> the Palm. About two months ago I completed stage 1 which was actually
> getting the source compiled and linked for the Palm. However, due to either
> the toolkit's or the PalmOS' l
Geoff Thorpe wrote:
>
> Hi there,
>
> On Sun, 3 Dec 2000, Ben Laurie wrote:
>
> > > -static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **);
> > > -static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **);
> > > -static IMPLEMEN
[EMAIL PROTECTED] wrote:
>
> ben 03-Dec-2000 11:04:23
>
> Modified:apps ca.c openssl.c
>ssl kssl.c
> Log:
> Fix warnings.
>
> Revision ChangesPath
> 1.71 +4 -4 openssl/apps/ca.c
> 1.32 +2 -2 openssl/apps/openssl.c
>
>
Jim Russell wrote:
>
> On or about Fri, Dec 01, 2000 at 01:19:32PM -0500, Jeffrey Altman wrote:
> > Notice that even after 20 years of RMS placing Kermit on the list of
> > things that must be done in a GPL manner he has never done so. I
> > doubt someone else is ever going to open source a comp
Eric Murray wrote:
>
> On Sat, Dec 02, 2000 at 01:28:02AM +0800, Ng Pheng Siong wrote:
> > On Thu, Nov 30, 2000 at 01:16:31PM -0800, Eric Murray wrote:
> > > Either don't connect from a non-SSL client, or connect and negotiate
> > > when to start SSL. The former is prefered.
> >
> > Eh? I'd imag
Bodo Moeller wrote:
>
> Peter Gutmann <[EMAIL PROTECTED]>:
> > Mats Nilsson <[EMAIL PROTECTED]>:
>
> >> Should a self-signed root certificate ever need to be revoked, shall it list
> >> itself in its usual CRL(s), as the last thing it does before it is thrown
> >> away, or is it sufficient (from
[EMAIL PROTECTED] wrote:
>
> ulf 01-Dec-2000 03:47:52
>
> Modified:.FAQ
> Log:
> GPL FAQ.
>
> I hope this adequately summarizes the results of all those disussions.
>
> Revision ChangesPath
> 1.37 +19 -0 openssl/FAQ
>
> Index: FAQ
> ==
Geoff Thorpe wrote:
>
> Hey there,
>
> On Thu, 30 Nov 2000, Ben Laurie wrote:
>
> > Bodo Moeller wrote:
> > >
> > > On Wed, Nov 29, 2000 at 11:30:03AM -0500, Tom Biggs wrote:
> > >
> > > > I guess my main question is, does anyone use
[EMAIL PROTECTED] wrote:
>
> bodo30-Nov-2000 21:03:27
>
> Modified:crypto/bn bntest.c
> Log:
> BN_mod_exp(r,a,p,m,ctx) should not be called with r == p.
If it shouldn't then shouldn't it test for that condition and return an
error (or die?).
Cheers,
Ben.
--
http://www.apach
Bodo Moeller wrote:
>
> On Wed, Nov 29, 2000 at 11:30:03AM -0500, Tom Biggs wrote:
>
> > I guess my main question is, does anyone use it?
>
> Yes, but it does not work. The next release will contain a bugfix
> (not yet written). What SSL_peek is supposed to do is behave like
> SSL_read, excep
Richard Levitte - VMS Whacker wrote:
>
> From: Bodo Moeller <[EMAIL PROTECTED]>
>
> moeller> So should we delete the superfluous zeroing from those functions that
> moeller> currently do it theirselves, or should we remove zeroing from the
> moeller> expand function and move it to those function
Jeffrey Altman wrote:
>
> > Jeffrey Altman wrote:
> > > My guess at the moment is that the easist place is in the functions
> > > that convert stacks of ciphers to/from byte streams of ciphers since
> > > those functions must be called in all of the appropriate places.
> >
> > OK, but this seems
Jeffrey Altman wrote:
> My guess at the moment is that the easist place is in the functions
> that convert stacks of ciphers to/from byte streams of ciphers since
> those functions must be called in all of the appropriate places.
OK, but this seems like a nasty hack to me. Unfortunately I haven't
Maxim Masiutin wrote:
>
> Hello Ben!
>
> BL> AES is on its way in to OpenSSL.
>
> I've found RINJDAEL in the latest OpenSSL shanpshot.
>
> However, what about CBC (etc...) wrappers? I would like to use
> RINJDAEL-CBC in my S/MIME implementation.
Its on my list. Feel free to pre-empt me.
I ha
Lutz Jaenicke wrote:
>
> On Tue, Nov 28, 2000 at 09:39:17AM +0000, Ben Laurie wrote:
> > > What OpenSSL does not offer is a server-side "cipher choice" callback.
> > > The client sends a list of ciphers and an openssl server will always choose
> > &g
Lutz Jaenicke wrote:
>
> On Mon, Nov 27, 2000 at 04:11:31PM -0500, Jeffrey Altman wrote:
> > The way I see it, the KRB5 ciphers need to be filtered out at the
> > location where the Client Hello message is both constructed in the
> > client and processed in the server. That is why I am looking a
Jeffrey Altman wrote:
>
> Ben wrote:
> >
> > Jeffrey Altman wrote:
> > >
> > > For the Kerberos 5 ciphers, I want to filter the allowed ciphers based
> > > upon whether or not there is a keytab file on the server side; or
> > > client credentials on the client side. Could some one point out to m
301 - 400 of 835 matches
Mail list logo