[openssl-dev] Default installation of OpenSSL

: No such file or directory $ ldd /usr/local/bin/openssl libssl.so.1.1 => not found libcrypto.so.1.1 => not found This behavior differs from the one for version 1.1.0b, where everything works fine. Is this changed behavior intended? Thank you! -- SY, Dmitry Belyavsky -- opens

Re: [openssl-dev] Blog post; changing in email, crypto policy, etc

notifications from the openssl > github project to notice them? that's really suboptimal > Totally agree. -- SY, Dmitry Belyavsky -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Speck Cipher Integration with OpenSSL

ct to to discuss the cipher and uses. > > With Regards, > Bill > > -- > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > -- SY, Dmitry Belyavsky -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Certificate Limitation Profile

n situation when an application becomes unsupported on a specific version of platform (e.g. stale version of Android/iOS). -- SY, Dmitry Belyavsky -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Certificate Limitation Profile

Dear Kurt, On Tue, Nov 28, 2017 at 3:25 PM, Kurt Roeckx <k...@roeckx.be> wrote: > On Mon, Nov 27, 2017 at 07:56:00PM +0300, Dmitry Belyavsky wrote: > > Here is the link to the draft: > > https://datatracker.ietf.org/doc/draft-belyavskiy- > certificate-limitation-policy/ &

[openssl-dev] Certificate Limitation Profile

enough. Any feedback is welcome. Thank you! -- SY, Dmitry Belyavsky -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Problems building openssl on Solaris

Hello, On Fri, Nov 17, 2017 at 2:21 PM, Richard Levitte wrote: > Ah, sorry, I didn't read the output properly. > > Regarding the STV_PROTECTED warnings, I don't know at all... I did a > bit of a search and saw that this has been discussed before, a little > more than a

Re: [openssl-dev] Problems building openssl on Solaris

e away gcc's complaint > about '-pthread'... I cannot say if that'll fix the rest, I don't > know Solaris enough. > > Cheers, > Richard > > In message <CADqLbzKeQXGaFWGGAz5GyrQP9XGEwjfj2fVTkLN9sRNReJ+kVw@mail. > gmail.com> on Fri, 17 Nov 2017 11:08:34 +0300, Dmitry Belyavsk

[openssl-dev] Problems building openssl on Solaris

sl collect2: ld returned 1 exit status *** Error code 1 What can we do to fix it? Thank you! -- SY, Dmitry Belyavsky -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] New crypto algorithms in openSSL engine

aven't accepted these patches. > > Do you still have them available? We might make a different choice now … > Well, as now there are separate structures for key exchange and auth, these patches seem to have almost no sense. -- SY, Dmitry Belyavsky -- openssl-dev mailing li

[openssl-dev] X509_cmp_time (possible) bug

than s2. It means (and have been met in practice) that X509_cmp_time() returns other values than 1/-1. So it seems reasonable to either update documentation or fix the behavior. Thank you! -- SY, Dmitry Belyavsky -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo

[openssl-dev] Compiler requirements

Hello, What is the minimal version of the compiler to build openssl? Is it still required C89 compatibility or C99 standard can be used? Unfortunately, I did not find these requirements in documentation. Thank you! -- SY, Dmitry Belyavsky -- openssl-dev mailing list To unsubscribe: https

Re: [openssl-dev] Work on a new RNG for OpenSSL

lowon. > > > > We welcome your input. > Will the new architecture still allow engine-defined RNG methods? It's a critical requirement for our products. Thank you! -- SY, Dmitry Belyavsky -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] Private key size in req output

. In such situations we have either hardcode number of bits for GOST algorithms or (and it seems better to me) print the information after the key generation when we have the EVP_PKEY object and can print the exact value. What do you think about it? Thank you! -- SY, Dmitry Belyavsky -- openssl-dev

[openssl-dev] Internationalized Email Addresses in X.509 certificates

with the OpenSSL team to finalize this work and submit the patch to upstream? -- SY, Dmitry Belyavsky -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Add a new algorithm in "crypto" dir, how to add the source code into the build system

where you can do the work locally. Once you are happy, > push it back up to your forked Github repo, and then make a pull request > back to the OpenSSL repo. > > There are lots of places you can get information on git and Github; but > this list isn’t one of them. > -- > -Todd

Re: [openssl-dev] Typo in BUF_reverse manual

Sorry, my fault :( On Tue, Dec 13, 2016 at 12:11 PM, Matt Caswell <m...@openssl.org> wrote: > > > On 12/12/16 18:11, Dmitry Belyavsky wrote: > > Dear Matt, > > Shouldn't the fix also be applied to 1.1.0 branch? > > Err, it was? > > Matt > > > >

Re: [openssl-dev] Typo in BUF_reverse manual

Dear Matt, Shouldn't the fix also be applied to 1.1.0 branch? On Mon, Dec 12, 2016 at 3:44 PM, Dmitry Belyavsky <beld...@gmail.com> wrote: > Hello Matt, > > https://github.com/openssl/openssl/pull/2075 > > On Mon, Dec 12, 2016 at 3:17 PM, Matt Caswell <m...@openssl.or

Re: [openssl-dev] Typo in BUF_reverse manual

Hello Matt, https://github.com/openssl/openssl/pull/2075 On Mon, Dec 12, 2016 at 3:17 PM, Matt Caswell <m...@openssl.org> wrote: > Could you open that as an issue in GitHub? Or even better a PR to fix it > ;-) > > Thanks > > Matt > > > On 12/12/16 12:16,

[openssl-dev] Typo in BUF_reverse manual

. Thank you! -- SY, Dmitry Belyavsky -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] About Chinese crypto-algorithms

ed, the documentation gets > (a little) better, and so on. > > The best solution will be providing a skeleton engine (with a skeleton Makefile example). -- SY, Dmitry Belyavsky -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Linking with extra library

Dear Richard, On Thu, Sep 1, 2016 at 5:39 PM, Richard Levitte <levi...@openssl.org> wrote: > In message <CADqLbzJMH0U_851P+_oHbByyh-gBnNMmYvd7pqz45WHTz0njyw@mail. > gmail.com> on Thu, 1 Sep 2016 16:06:54 +0300, Dmitry Belyavsky < > beld...@gmail.com> said: >

[openssl-dev] Linking with extra library

? Thank you! -- SY, Dmitry Belyavsky -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] object.txt

Hello Richard, Thank you for clarification! On Tue, Aug 23, 2016 at 2:53 PM, Richard Levitte <levi...@openssl.org> wrote: > In message <CADqLbz+4v0zwnJTzenFtk8yYNqC4YuKinjfDY > z2_faqhkbj...@mail.gmail.com> on Tue, 23 Aug 2016 14:00:23 +0300, Dmitry > Belyavsky <

[openssl-dev] object.txt

to add new OIDs with new build system? Thank you! -- SY, Dmitry Belyavsky -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4655] Openssl req seems not to work with precreated key

gt; > -newkey rsa:2048 -keyout key.pem -out req.pem -nodes > > > > works ok. > > > > What's done wrong by me? > > > > > -- > Richard Levitte > levi...@openssl.org > > -- > Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4655 > Plea

Re: [openssl-dev] [openssl.org #4655] Openssl req seems not to work with precreated key

gt; > -newkey rsa:2048 -keyout key.pem -out req.pem -nodes > > > > works ok. > > > > What's done wrong by me? > > > > > -- > Richard Levitte > levi...@openssl.org > > -- > Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4655 > Please log in as guest with password guest if prompted > > -- SY, Dmitry Belyavsky -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4655] Openssl req seems not to work with precreated key

. The command line OPENSSL_CONF=apps/openssl.cnf LD_LIBRARY_PATH=. apps/openssl req -x509 -newkey rsa:2048 -keyout key.pem -out req.pem -nodes works ok. What's done wrong by me? -- SY, Dmitry Belyavsky -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4655 Please log in as guest with password

Re: [openssl-dev] [openssl.org #3940] Missing CRL checks in cms/smime cmdline utilities

Thank you very much! 19 авг. 2016 г. 6:47 PM пользователь "Rich Salz via RT" написал: > For now we just added a comment to master, 1.0.2, 1.0.1 in the cms.pod and > smime.pod files: > > Note that no revocation check is done for the recipient cert, so if that > key has been

Re: [openssl-dev] [openssl.org #3940] Missing CRL checks in cms/smime cmdline utilities

Thank you very much! 19 авг. 2016 г. 6:47 PM пользователь "Rich Salz via RT" написал: > For now we just added a comment to master, 1.0.2, 1.0.1 in the cms.pod and > smime.pod files: > > Note that no revocation check is done for the recipient cert, so if that > key has been

Re: [openssl-dev] [openssl.org #4545] Crash in crypto/rand/md_rand.c

Nothing in this email will operate to bind 1E to any order or other > contract. > > -- > Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4545 > Please log in as guest with password guest if prompted > > > -- > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > > -- SY, Dmitry Belyavsky -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4545] Crash in crypto/rand/md_rand.c

Nothing in this email will operate to bind 1E to any order or other > contract. > > -- > Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4545 > Please log in as guest with password guest if prompted > > > -- > openssl-dev mailing list > To unsubscribe: https://mta

Re: [openssl-dev] [openssl.org #4215] Results of regression for some apps

http://rt.openssl.org/Ticket/Display.html?id=4215 > Please log in as guest with password guest if prompted > > Thank you for clarification! -- SY, Dmitry Belyavsky -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4215 Please log in as guest with password guest if prompted -

Re: [openssl-dev] [openssl.org #4215] Results of regression for some apps

http://rt.openssl.org/Ticket/Display.html?id=4215 > Please log in as guest with password guest if prompted > > Thank you for clarification! -- SY, Dmitry Belyavsky -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4215] Resolved: Results of regression for some apps

have any > further questions or concerns, please respond to this message. > > -- > Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4215 > Please log in as guest with password guest if prompted > > -- SY, Dmitry Belyavsky -- Ticket here: http://rt.openssl.org/Ticket/D

Re: [openssl-dev] [openssl.org #4215] Results of regression for some apps

ion error:crypto/conf/conf_mod.c:221:module=engines, value=engine_section, retcode=-1 To prevent it, it seems to me that it's necessary to check whether the value of the variable 'template' does not match the variable 'default_config_file' as the config file specified in the default_config_file varia

Re: [openssl-dev] [openssl.org #4215] Results of regression for some apps

ion error:crypto/conf/conf_mod.c:221:module=engines, value=engine_section, retcode=-1 To prevent it, it seems to me that it's necessary to check whether the value of the variable 'template' does not match the variable 'default_config_file' as the config file specified in the default_config_file variable

Re: [openssl-dev] [openssl.org #4438] AutoReply: GOST ciphersuites and DTLS

--- > Hello OpenSSL team, > > The GOST ciphersuites currently defined are not DTLS-capable. > > So it should be fixed in the ssl/s3_lib.c file. > > Thank you! > > -- > SY, Dmitry Belyavsky > > > -------

Re: [openssl-dev] [openssl.org #4438] AutoReply: GOST ciphersuites and DTLS

--- > Hello OpenSSL team, > > The GOST ciphersuites currently defined are not DTLS-capable. > > So it should be fixed in the ssl/s3_lib.c file. > > Thank you! > > -- > SY, Dmitry Belyavsky > > > -------

[openssl-dev] cms -decrypt calls RAND_pseudo_bytes

to the EVP_CIPHER_CTX_rand_key function in case of decryption? It seems unnecessary for me here, but I am not sure I understand the whole situation. Thank you! -- SY, Dmitry Belyavsky -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Question about adding a new cipher [I am not asking the old question]

Dear John, On Mon, Mar 21, 2016 at 2:52 PM, John Hunter <zhjw...@gmail.com> wrote: > Hi Dmitry, > Thank you for you quick reply. > > On Mon, Mar 21, 2016 at 7:38 PM, Dmitry Belyavsky <beld...@gmail.com> > wrote: > > Hello John, > > > > On Mo

Re: [openssl-dev] Question about adding a new cipher [I am not asking the old question]

n7.nabble.com/add-a-new-cipher-to-OpenSSL-td22968.html In theory, you are able to register OID/NID via engine. In practice when we implemented the GOST algorithms we found that sometimes it causes memory problems. And anyway, if you provide cipher via an engine, it just allows to use it in so

[openssl-dev] [openssl.org #4438] GOST ciphersuites and DTLS

Hello OpenSSL team, The GOST ciphersuites currently defined are not DTLS-capable. So it should be fixed in the ssl/s3_lib.c file. Thank you! -- SY, Dmitry Belyavsky -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4438 Please log in as guest with password guest if prompted

Re: [openssl-dev] links to KDF functions from pkeyutl man are broken

Dear Stephen, On Fri, Mar 4, 2016 at 4:00 PM, Dr. Stephen Henson <st...@openssl.org> wrote: > On Fri, Mar 04, 2016, Dmitry Belyavsky wrote: > > > Dear Rich, > > > > Is it possible to add a command line option to select hash algorithm used > > in the PRF

Re: [openssl-dev] links to KDF functions from pkeyutl man are broken

t; Regards, > > > > Michel. > > -- > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > > -- SY, Dmitry Belyavsky -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4267] Missing accessor to the EVP_CIPHER_CTX member oiv

23 Jan 2016 kl. 09.40.19, skrev beld...@gmail.com: > > >> > > > > Hello, > > >> > > > > > > >> > > > > After making the EVP_CIPHER_CTX struct opaque I found that > there > > >> > > > > is a > > >> > > > > mi

Re: [openssl-dev] [openssl.org #4267] Missing accessor to the EVP_CIPHER_CTX member oiv

23 Jan 2016 kl. 09.40.19, skrev beld...@gmail.com: > > >> > > > > Hello, > > >> > > > > > > >> > > > > After making the EVP_CIPHER_CTX struct opaque I found that > there > > >> > > > > is a > > >> > > > > missin

[openssl-dev] [openssl.org #4344] Re: Missing accessor to the EVP_CIPHER_CTX member oiv

Dear Richard, The patch you suggested seems not to break at least self-compatibility for the smime -enc command. Is this enough or should I do some more tests? Thank you! On Fri, Feb 19, 2016 at 12:40 AM, Dmitry Belyavsky <beld...@gmail.com> wrote: > Dear Richard, > > Sorry for

[openssl-dev] [openssl.org #4321] Re: Missing accessor to the EVP_CIPHER_CTX member oiv

t is used in GOST > > > > > engine > > > > > when we set the cipher parameters from the ASN1 parameters. > > > > > > > > > > Thank you! > > > > > > > > > > > > > > > > > -- > > >

Re: [openssl-dev] [openssl.org #4267] Missing accessor to the EVP_CIPHER_CTX member oiv

u! > > > > > -- > Richard Levitte > levi...@openssl.org > > -- > Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4267 > Please log in as guest with password guest if prompted > > -- SY, Dmitry Belyavsky -- Ticket here: http://rt.openssl.

Re: [openssl-dev] [openssl.org #4267] Missing accessor to the EVP_CIPHER_CTX member oiv

u! > > > > > -- > Richard Levitte > levi...@openssl.org > > -- > Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4267 > Please log in as guest with password guest if prompted > > -- SY, Dmitry Belyavsky -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl-users] OpenSSL version 1.1.0 pre release 3 published

Dear Rich, > Just to emphasize one important point: Our next release is planned to be > Beta-1, in about a month. After that, no new API's or features will be > added to OpenSSL 1.1 > > If so, could you take a look at RT#4267? Thank you! -- SY, Dmitry Belyavsky -- openssl-d

Re: [openssl-dev] Endianess info

on for why either of these > techniques can't be exercised in off-tree code. > The endianess information could be used in case of cross-compilation. -- SY, Dmitry Belyavsky -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Endianess info

LY > > +/* Big or little endian? */ > > +{- $config{lendian} eq "define" ? "#define" : "#undef" -} > OPENSSL_LITTLE_ENDIAN > > > > #undef OPENSSL_UNISTD > > #define OPENSSL_UNISTD {- $target{unistd} -} > > > > --

Re: [openssl-dev] Endianess info

f" -} I386_ONLY > > +/* Big or little endian? */ > > +{- $config{lendian} eq "define" ? "#define" : "#undef" -} > OPENSSL_LITTLE_ENDIAN > > > > #undef OPENSSL_UNISTD > > #define OPENSSL_UNISTD {- $target{unistd} -} > > > > --

[openssl-dev] Commit 17a723885e8a875fc19d5140f580f80a113ba78f

' label work correctly? Thank you! -- SY, Dmitry Belyavsky -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Commit 17a723885e8a875fc19d5140f580f80a113ba78f

rated code on > stone tablets -- used to be a little more efficient when you did that.) > Thank you! I was sure from the ancient times that the 'default' label should be the last one... -- SY, Dmitry Belyavsky -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Endianess info

openssl source tree can be found in the opensslconf.h file. > > No, but that's an excellent idea. Which #define do you need "moved" from > an existing header file? > I need the L_ENDIAN #define. Thank you! -- SY, Dmitry Belyavsky -- openssl-dev mailing list To unsubsc

[openssl-dev] Endianess info

Hello OpenSSL Team, Is the endianess information available in any of installed by the 1.1.0 version *.h files? All the other necessary for building an algorithms-providing engine outside of the openssl source tree can be found in the opensslconf.h file. Thank you! -- SY, Dmitry Belyavsky

Re: [openssl-dev] [openssl.org #4226] FIX: ADD IPv6 support for OCSP Responder

Dear Rich, On Mon, Jan 25, 2016 at 5:06 PM, Rich Salz via RT <r...@openssl.org> wrote: > We are working on full IPv6 support and it will appear in the next release. > Do you mean 1.1.0? Thank you! -- SY, Dmitry Belyavsky ___ openssl

Re: [openssl-dev] [openssl.org #4226] FIX: ADD IPv6 support for OCSP Responder

Dear Rich, On Mon, Jan 25, 2016 at 5:06 PM, Rich Salz via RT <r...@openssl.org> wrote: > We are working on full IPv6 support and it will appear in the next release. > Do you mean 1.1.0? Thank you! -- SY, Dmitry Belyavsky ___ openssl

[openssl-dev] [openssl.org #4267] Missing accessor to the EVP_CIPHER_CTX member oiv

Hello, After making the EVP_CIPHER_CTX struct opaque I found that there is a missing non-const accessor to the oiv member. It is used in GOST engine when we set the cipher parameters from the ASN1 parameters. Thank you! -- SY, Dmitry Belyavsky

[openssl-dev] [openssl.org #4215] Results of regression for some apps

this option to be processed as string, not as input. 3. The 'cms' and 'smime' utilities do not accept the '-inform smime' options. It may be a bug or not a bug (files in SMIME format are accepted) but it is definitely an incompatibility. Thank you! -- SY, Dmitry Belyavsky diff --git a/apps/req.c b

[openssl-dev] [openssl.org #4216] ocsp 1.1.0/1.0.2 incompatibility

-cert or -serial ocsp: Use -help for summary. This command line worked well in 1.0.2. Thank you! -- SY, Dmitry Belyavsky ___ openssl-bugs-mod mailing list openssl-bugs-...@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs

[openssl-dev] Regression: dgst command

have changed in 1.1.0. Is it a design decision (and I should fix tests) or misbehavior? Thank you! -- SY, Dmitry Belyavsky ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4213] Error defining ciphersuite 0x0300ff87

The patch is attached. Thank you! -- SY, Dmitry Belyavsky diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index e3e4fd3..50dbbc5 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3284,7 +3284,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_GOST12_256, SSL_TLSV1, SSL_S

Re: [openssl-dev] Variable length of digest

Dear Victor, On Thu, Dec 24, 2015 at 11:02 AM, Victor Wagner <vi...@wagner.pp.ru> wrote: > On Thu, 24 Dec 2015 10:45:37 +0300 > Dmitry Belyavsky <beld...@gmail.com> wrote: > > > > > > > > If there's a new construct whose output size depends on the inpu

[openssl-dev] Variable length of digest

providing such a solution be acceptable? Thank you! -- SY, Dmitry Belyavsky ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Variable length of digest

of functions to produce > fixed length (input data indepdendent) results. > > If there's a new construct whose output size depends on the input > data, that probably requires a new family of functions. > Well, the gost-mac is treated specially itself and may be it can be simplified i

[openssl-dev] [openssl.org #4181] Error building openssl with REF_PRINT

dirs] Error 1 make[1]: Leaving directory `/home/beldmit/openssl-1.0.2e/crypto' make: *** [build_crypto] Error 1 -- SY, Dmitry Belyavsky ___ openssl-bugs-mod mailing list openssl-bugs-...@openssl.org https://mta.openssl.org/mailman/l

[openssl-dev] [openssl.org #4158] GOST 2012 compatibility is broken by commit 28f4580c1e510ccf4278a20975c9bc3306f758d6

, what is a design policy in places when we have an enumeration of algorithms? I supposed that calling the implementation-provided callbacks is a right way (or at least better then case expressions or chain of ifs)... Thank you! -- SY, Dmitry Belyavsky index dcfb44f..0619507 100644 --- a/ssl

Re: [openssl-dev] [openssl.org #4158] GOST 2012 compatibility is broken by commit 28f4580c1e510ccf4278a20975c9bc3306f758d6

eaks > > GOST 2012 client auth processing. > > > > This should be fixed by commit aa430c7467bcb7aa0a88 > It works. Thank you very much! -- SY, Dmitry Belyavsky ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4158] GOST 2012 compatibility is broken by commit 28f4580c1e510ccf4278a20975c9bc3306f758d6

eaks > > GOST 2012 client auth processing. > > > > This should be fixed by commit aa430c7467bcb7aa0a88 > It works. Thank you very much! -- SY, Dmitry Belyavsky ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] PBE_UNICODE

ave the openssl code with 2 variants of such processing that can be switched by the PBE_UNICODE define. 3. We have a "Russian" variant of specification. I am interested mostly in compatibility between the openssl implementation and "Russian" one when the password contains ASCII or Cyrilli

Re: [openssl-dev] PBE_UNICODE

es with the value 0x00. As I understand the text herein before, there is no ultimate specification. So I would prefer a set of options be specified by the caller with a reasonable default value. But as I do not have enough PKCS#12 from real-life sources, I can't predict this default value. Currently

Re: [openssl-dev] PBE_UNICODE

ing zero byte and passed as the P element of the PBKDF2 algorithm" The test example was provide by the authors of specification. There are also examples in the document. May be it will be useful. -- SY, Dmitry Belyavsky ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] PBE_UNICODE

dows system default. But in fact the openssl being built without defining the PBE_UNICODE macros was able to parse the test PKCS12. Thank you! -- SY, Dmitry Belyavsky ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] PBE_UNICODE

the PBE_UNICODE is undefined and locale is set to ru_RU.utf8. Do I miss something or this variable and corresponding #ifdef may be eliminated? Thank you! -- SY, Dmitry Belyavsky ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman

Re: [openssl-dev] [openssl.org #4141] GOST ciphersuites

e > can > add SSL_TLSV1 to the GOST ciphersuites but that will change the behaviour > from > what it was before. > Usage of the GOST ciphersuites with the SSLv3 protocol is not specified, so the change should not affect the GOST-related behaviour. So I think it will be better for cl

Re: [openssl-dev] [openssl.org #4141] GOST ciphersuites

e > can > add SSL_TLSV1 to the GOST ciphersuites but that will change the behaviour > from > what it was before. > Usage of the GOST ciphersuites with the SSLv3 protocol is not specified, so the change should not affect the GOST-related behaviour. So I think it will be better for c

[openssl-dev] [openssl.org #4141] GOST ciphersuites

Hello! In the commit 5e3d21fef150f020e2d33439401da8f7e311aa24 you set the SSL_SSLV3 for the GOST ciphersuites. But the GOST ciphersuites are not usable with SSLv3, they require TLSv1. Could you turn the flag back for the GOST ciphersuites? Thank you! -- SY, Dmitry Belyavsky

Re: [openssl-dev] Improving OpenSSL default RNG

eave these options possible. -- SY, Dmitry Belyavsky ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4106] Bug in smime command in master

or directory The message does not match the documentation and the behavior of the command does not match the 1.0.2 version. -- SY, Dmitry Belyavsky ___ openssl-bugs-mod mailing list openssl-bugs-...@openssl.org https://mta.openssl.org/mailman/listinfo

[openssl-dev] [openssl.org #4104] A bug in the crl2pkc7 command in master

('-in','r') 140737354073768:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:178: The patch I attach fixes it. -- SY, Dmitry Belyavsky --- a/apps/crl2p7.c +++ b/apps/crl2p7.c @@ -138,7 +138,7 @@ int crl2pkcs7_main(int argc, char **argv) if ((certflst == NULL

[openssl-dev] [openssl.org #4099] Config is loaded twice in the openssl ts command line application

Hello, I found that the openssl ts command in master tries to load config file twice. To prevent it, the lines 323-324 should be removed. The patch is attached. Thank you! -- SY, Dmitry Belyavsky index 237dd01..222ca45 100644 --- a/apps/ts.c +++ b/apps/ts.c @@ -320,8 +320,6 @@ int ts_main

Re: [openssl-dev] [openssl.org #4093] AutoReply: Problem loading engine from config

; The gost engine I build is from the master. > > If I delete the lines > > engines = engine_section > [engine_section] > > I get another error: > > dgst: Unknown digest md_gost94 > dgst: Use -help for summary. > > The behavior seems to be chang

[openssl-dev] [openssl.org #4093] Problem loading engine from config

error: dgst: Unknown digest md_gost94 dgst: Use -help for summary. The behavior seems to be changed after the commit https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a0a82324f965bbcc4faed4e1ee3fcaf81ea52166 Thank you! -- SY, Dmitry Belyavsky

Re: [openssl-dev] [openssl.org #4073] Segfault in engine processing

ost -md_gost94 -mac hmac -macop > > key:123456901234567890123456789012 > > > > I assume this is on master? I can't reproduce this. Are you using your new > GOST > engine or the one currently in master? > Yes, it's on master. I think that I use the engine currently in

Re: [openssl-dev] [openssl.org #4073] Segfault in engine processing

ost -md_gost94 -mac hmac -macop > > key:123456901234567890123456789012 > > > > I assume this is on master? I can't reproduce this. Are you using your new > GOST > engine or the one currently in master? > Yes, it's on master. I think that I use the engine currently in

Re: [openssl-dev] [openssl.org #4073] Segfault in engine processing

Hello! Thank you, I can't reproduce it either. Please close the ticket. Sorry for disturbing. On Mon, Oct 12, 2015 at 12:39 PM, Dmitry Belyavsky via RT <r...@openssl.org> wrote: > Hello Matt, > > On Mon, Oct 12, 2015 at 12:08 PM, Matt Caswell via RT <r...@openssl.org> >

Re: [openssl-dev] [openssl.org #4073] Segfault in engine processing

Hello! Thank you, I can't reproduce it either. Please close the ticket. Sorry for disturbing. On Mon, Oct 12, 2015 at 12:39 PM, Dmitry Belyavsky via RT <r...@openssl.org> wrote: > Hello Matt, > > On Mon, Oct 12, 2015 at 12:08 PM, Matt Caswell via RT <r...@openssl.org> >

Re: [openssl-dev] [openssl.org #4089] NULL ciphersuites do not work in master

Dear Kurt, On Sun, Oct 11, 2015 at 9:13 PM, Kurt Roeckx via RT <r...@openssl.org> wrote: > On Sun, Oct 11, 2015 at 05:54:16PM +0000, Dmitry Belyavsky via RT wrote: > > Hello! > > > > When I debug, I see that the cipher is forbidden by > > the ssl_security_

[openssl-dev] [openssl.org #4089] NULL ciphersuites do not work in master

by the ssl_security_default_callback function because of not enough security bits. Is it a bug or feature? -- SY, Dmitry Belyavsky ___ openssl-bugs-mod mailing list openssl-bugs-...@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs

Re: [openssl-dev] [openssl.org #4089] NULL ciphersuites do not work in master

Dear Kurt, On Sun, Oct 11, 2015 at 9:13 PM, Kurt Roeckx via RT <r...@openssl.org> wrote: > On Sun, Oct 11, 2015 at 05:54:16PM +0000, Dmitry Belyavsky via RT wrote: > > Hello! > > > > When I debug, I see that the cipher is forbidden by > > the ssl_security_

[openssl-dev] [openssl.org #4085] Bug in genpkey in master

the options loop. I think this can be used in all cmdline utilities accepting algorithm name from options. Thank you! -- SY, Dmitry Belyavsky ___ openssl-bugs-mod mailing list openssl-bugs-...@openssl.org https://mta.openssl.org/mailman/listinfo/openssl

[openssl-dev] [openssl.org #4086] s_server bug in master

of available ciphersuites. In case of engine-provided algorithms some ciphersuites will be disabled because the engine providing algorithms is not loaded yet. The list of ciphersuites is not rebuilded after loading engines. So the engine-dependent ciphersuites are not available. -- SY, Dmitry Belyavsky

Re: [openssl-dev] Adding async support

Dear Matt, I have some questions. On Thu, Oct 8, 2015 at 12:32 AM, Matt Caswell <m...@openssl.org> wrote: > > > On 07/10/15 21:44, Dmitry Belyavsky wrote: > > Dear Matt, > > > > On Wed, Oct 7, 2015 at 4:43 PM, Matt Caswell <m...@openssl.org

Re: [openssl-dev] Adding async support

er(void * args) { ... } static ASYNC_JOB *offload (void *args) { ASYNC_JOB *pjob = NULL; int funcret; size_t size = 0; int ret = ASYNC_start_job(, , async_wrapper, args, *args, size); if (ret != ASYNC_PAUSE) return NULL; return pjob; } ? Thank you! -- SY, Dmitry Belyavsky ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Adding async support

ifferent > solution for different hardware. These patches do not provide a solution > to that problem. > So I do not understand what you mean by "offload" :-( I understand that it's an engine-dependent, but I can't imagine a corresponding pseudo code. -- SY, Dmitry Bel

Re: [openssl-dev] Adding async support

Dear Matt, On Thu, Oct 8, 2015 at 10:06 PM, Matt Caswell <m...@openssl.org> wrote: > > > On 08/10/15 18:56, Dmitry Belyavsky wrote: > > > The second problem is entirely engine dependant. It will be a > different > > solution for different hardw

  1   2   3   >