Hi Andrew,
Normally I'd just reply to this on the openssl-users list, but this may
actually be of interest (or at least mildly amusing) to OpenSSL developers
too ...
On Wed, 18 Oct 2000, Andrew Rickard wrote:
[snip]
> I've run into some symbol clashes with openssl v.0.9.5 and linking
> with
On Fri, 20 Oct 2000, Robert Sandilands wrote:
> I think I have completed incorporating Rijndael into OpenSSL upto
> integration with the EVP... functions. How would you prefer to receive
> the changes I made? diff -c??
diff -u please :-)
Cheers,
Geoff
Hi there,
On Mon, 23 Oct 2000, David Schwartz wrote:
>
> > Some of the difficulties that I'm having revolve around the
> > fact that the socket I/O code is
> > integrated into the protocol code.
>
> It really isn't. You can very easily use the SSL code just to do the SSL
> stuff and
Hi there,
On Mon, 23 Oct 2000, David Schwartz wrote:
> > This is not true. Session caching is independant of the IO mechanism you
> > choose to use.
>
> Then how does the client code know which session to reuse? It doesn't know
> what server it's talking to.
In the case of an SSL server,
Hey there,
On Thu, 26 Oct 2000, David Schwartz wrote:
> > The connection setup phase shouldn't need to be "special" - but of course
> > I don't know what interesting things you may be doing :-) If your model
> > requires that this is unique and otherwise you've got I/O logic built
> > around the
Hi there (again),
On Thu, 26 Oct 2000, David Schwartz wrote:
> > You have to include that BIO_write(bio_io, ...) in this loop!
>
> Why? I have to data to write. If I had data to write, I would have already
> written it before I entered the loop. If I get more data to write later,
> I'll e
On Sat, 28 Oct 2000, Dan Kegel wrote:
> I'm writing a server that will often have more than 1024
> file descriptors open. That means that any code using
> stdio might fail, since stdio.h can't handle any
> fd's higher than 1024 on some systems.
That only gives you a limit *per-process*. :-)
>
On Tue, 31 Oct 2000, Libor Krystek wrote:
> I'am creating new engine for other hardware. This hardware must be
> initialized before using but for its initialization I need input some
> parameters (e.g. hostname, username, password).
> Function ENGINE_init(ENGINE *e) call engine function init() an
On Tue, 31 Oct 2000, Ben Laurie wrote:
> > Yes, your answer is satisfactory.
> > If I understand then I can't use openssl.exe main application for
> > testing my new engine
> > (of course after compilation of openssl with new engine features).
>
> Exactly, and this is wrong and bad. We should fi
right up.
BTW: this'll probably be a bit of a marathon ...
On Wed, 1 Nov 2000, Ben Laurie wrote:
> Geoff Thorpe wrote:
> >
> > BTW: Right now, all the existing engine implementations typically work
> > immediately without any "setup" beyond what they work
Hi there,
On Fri, 3 Nov 2000, Dirk Vleugels wrote:
> i have a Netra-T1 running Solaris-2.8. A CryptoSwift-PCI card is
> installed and functional:
OK.
> I tested both openssl-0.96 and openssl-SNAP-20001102. All tests with
> hw support were started like this:
>
> OpenSSL> speed -engine cswift
On Tue, 7 Nov 2000, Richard Levitte - VMS Whacker wrote:
> Both these facts basically make RSAref as valuable as a removed appendix.
+1, I'm for killing it if no unforeseen problems are highlighted.
Idea: are there any people listening in from FreeBSD, OpenBSD, Redhat, etc
who currently bundle
Hi Ralf,
> Yes, good suggestion. I've changed Majordomo's configuration so that
> openssl-cvs mails now have a Reply-To: to openssl-dev instead of
> openssl-cvs.
Umm ... whatever you did is now causing commit messages themselves to go
to openssl-dev, rather than just replies to them. A crude fix
Hi again,
On Tue, 7 Nov 2000, Geoff Thorpe wrote:
> Umm ... whatever you did is now causing commit messages themselves to go
> to openssl-dev, rather than just replies to them. A crude fix would be to
> filter on the subject header perhaps? Replies or forwards typically have
> an &
Hi there,
I'm gonna spill my splein here because, just like Richard and Paul have
done now and in the past, I have suffered at the hands of a well-meaning
mission to constify parts of OpenSSL.
On Wed, 8 Nov 2000, Ben Laurie wrote:
> Richard Levitte - VMS Whacker wrote:
> >
> > From: "Paul D. S
Hey there,
On Tue, 14 Nov 2000, Dr S N Henson wrote:
> > adding support for non-blocking public key operations to SSL handshake
> > requires a lot of changes. first, one must add new states to SSL
> > statemachine for public key operations. then we need a non-blocking
> > interface for public ke
oops ...
On Mon, 13 Nov 2000, Geoff Thorpe wrote:
> RSA_ctrl(rsa, RSA_CTRL_ASYNC_ENABLE, ...);
> op_id = RSA_private_encrypt(rsa, );
>
> Where the RSA_CTRL_ASYNC_START command would fail if the async_ctrl
s/_START/_ENABLE/
gotta stop and think when I type.
C
On Tue, 14 Nov 2000, Dan Kegel wrote:
> I don't think we need nonblocking crypto; it would be enough to be able
> to shunt the crypto off into another thread. That's what my API proposal
> was about.
I think that misses the entire point of why a form of async public-key
crypto might be advantag
On Thu, 16 Nov 2000, Peter Gutmann wrote:
> Richard Levitte - VMS Whacker <[EMAIL PROTECTED]> writes:
>
> >One might wonder what the importance of this is, until you realise that a
> >realloc() most often has the same cost as malloc() and a free() put together,
> >especially when we you have gro
Hey there,
On Thu, 16 Nov 2000, Richard Levitte - VMS Whacker wrote:
> I was wrong, it doesn't a realloc(), it does a malloc followed later
> on by a free(). However, I found no place where the expansion zeroes
> the previous memory, not even before I made my changes in there.
>
> I will take
On Thu, 16 Nov 2000, Richard Levitte - VMS Whacker wrote:
> levitte> That sounds reasonable. However, I'd like it to be enabled by
> levitte> default, and give people the option to remove or replace at their
> levitte> leasure.
>
> Uhmm, when I come to think of it, that's a bad solution from a
Hey there,
Um this breaks compilation due to const problems.
On Thu, 16 Nov 2000 [EMAIL PROTECTED] wrote:
>/* tmp must have 2*n words */
> -void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp)
> +void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp)
Thi
Hey there,
On Wed, 15 Nov 2000, Dan Kegel wrote:
> Say, what do the existing crypto hardware devices provide in the
> way of interfaces and synchronization? Where's the best place to find out
> that kind of info? (The engine branch of OpenSSL will help, but it
> might not use all the hooks
Hey there,
On Fri, 17 Nov 2000, Bodo Moeller wrote:
> On Thu, Nov 16, 2000 at 01:45:44PM -0800, Geoff Thorpe wrote:
>
> [...]
> > Exploring that a bit further ... customised memory functions (or even
> > defaults) could also support the ability to alter the level of se
Hi y'all,
Quick question about RSA_new() I wanted to run by interested parties;
namely, RSA_new() does a bunch of initialisations of a new RSA structure
prior to calling the RSA_METHOD's "init()" handler to do any tweaking to
the new RSA structure that it may choose to do. However, the final few
On Fri, 24 Nov 2000, I wrote:
> Quick question about RSA_new() I wanted to run by interested parties;
> namely, RSA_new() does a bunch of initialisations of a new RSA structure
[snip]
um, make that RSA_new_method() of course; RSA_new() redirects to
RSA_new_method() anyhow so hopefully that wasn
On Sat, 25 Nov 2000, Dr S N Henson wrote:
> An application could always use the ex_data callback new_func() to do
> the initialization.
Not really, because you'd need to wait until the CRYPTO_EX_DATA structure
had actually been initialised (which is after init() gets called) before
setting the c
Hey there,
On Sat, 25 Nov 2000, Dr S N Henson wrote:
> Eh? I'm talking here about the new_func() callback set up with
> RSA_get_ex_new_index(). An application using ex_data would want a new
> unique index. new_func() would get called during the initialisation of
> the ex_data and would get passe
Hey there,
On Sun, 26 Nov 2000, Dr S N Henson wrote:
> You normally call the RSA_get_ex_new_index() at startup and then store
> the index somewhere static. Then use that for later access. It then ends
> up calling the various ex callbacks whenever RSA_new() and RSA_free()
> are called, the dup()
On Mon, 27 Nov 2000, Rafa [iso-8859-1] Marín López wrote:
> Hello, all.
>
> I've a problem.
>
> In this instruction:
>
> RSA *rsa=RSA_generate_key((int)1024,RSA_F4,NULL,NULL);
>
> I have obtained NULL (rsa == NULL). Why?
If you're calling ERR_load_crypto_strings() (or SSL_load_error_str
On Mon, 27 Nov 2000, Rafa [iso-8859-1] Marín López wrote:
> I'm sorry, but this indication isn't shown (null string). So I don't know
> what error is ocurring.
Then please post some information then about what you *are* seeing. Eg.
the output from the ERR_print_errors_fp() command, the system an
On Wed, 29 Nov 2000, Richard Levitte - VMS Whacker wrote:
> From: Bodo Moeller <[EMAIL PROTECTED]>
>
> moeller> So should we delete the superfluous zeroing from those functions that
> moeller> currently do it theirselves, or should we remove zeroing from the
> moeller> expand function and move i
Hey there,
On Thu, 30 Nov 2000, Ben Laurie wrote:
> Bodo Moeller wrote:
> >
> > On Wed, Nov 29, 2000 at 11:30:03AM -0500, Tom Biggs wrote:
> >
> > > I guess my main question is, does anyone use it?
> >
> > Yes, but it does not work. The next release will contain a bugfix
> > (not yet written
Hey there,
On Thu, 30 Nov 2000, Bodo Moeller wrote:
> On Thu, Nov 30, 2000 at 09:37:29AM -0800, Geoff Thorpe wrote:
>
> > The more tricky issue is one of the SSL state itself ... in theory doing
> > an SSL_peek() should allow some data to be generated but with a guarantee
>
Hey there,
On Fri, 1 Dec 2000, Bodo Moeller wrote:
> But programs are not going to call SSL_peek() just because they don't
> have anything better to do, are they? When SSL_peek() is called, then
> usually because control flow depends on it; so SSL_peek() cannot just
> be omitted without further
Hey there,
On Thu, 30 Nov 2000, Tom Biggs wrote:
> I started to look over hw_cswift.c to get some idea of
> what I'll need to do for our engine. I got flummoxed
> right away by this comment inside ENGINE_cswift() -
>
> /* We know that the "PKCS1_SSLeay()" functions hook properly
> * to the c
Hi there,
On Sun, 3 Dec 2000, Ben Laurie wrote:
> > -static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **);
> > -static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **);
> > -static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **);
> > -static IMPLEMENT_LHASH_COMP_
Hey there,
On Sun, 3 Dec 2000 [EMAIL PROTECTED] wrote:
> ; gcc -c -ansi -pedantic a.c
> a.c:3: warning: ANSI C does not allow extra `;' outside of a function
:-) OK, I'm busted. hehe.
Fair enough, I guess ANSI is as good a reason as any! I'll remove any
other trailing semi-colons in the next b
Hey there,
On Sun, 3 Dec 2000, Ben Laurie wrote:
> > is equivalent to whether you can follow a function's closing brace with a
> > semi-colon.
>
> Which you can't in ANSI C.
Yup, ok. :-)
> > Another option would be using "inline" I guess, but I don't know how
> > effective that is. Feedback w
Hey there,
On Sun, 3 Dec 2000, Dr S N Henson wrote:
> I think the DECLARE and IMPLEMENT macros for most things don't have a
> semicolon anyway so it would be an idea to follow that for consistency.
>
> If you really want the semicolon then I suppose you could just include a
> superfluous protot
On Sat, 9 Dec 2000, Dr S N Henson wrote:
> Richard Levitte - VMS Whacker wrote:
> >
> >
> > I would actually be quite positive to autoconf if it wasn't for two
> > things in it that I view as flaws:
> >
> > 1) really heavy (to the level of magic) on sh features, making it
> > really dif
On Fri, 8 Dec 2000, Lenny Foner wrote:
> Date: Fri, 08 Dec 2000 14:14:03 -0800
> From: Michael Sierchio <[EMAIL PROTECTED]>
>
> Richard Levitte - VMS Whacker wrote:
>
> > Oh well, I've been thinking of doing a Makefile haul-over for some
> > time, perhaps that time is now (o
On Thu, 14 Dec 2000, Richard Levitte - VMS Whacker wrote:
> From: "Reddie, Steven" <[EMAIL PROTECTED]>
>
> Steven.Reddie> I've come across four race conditions in the following
> Steven.Reddie> functions in rsa_eay.c:
> Steven.Reddie>RSA_public_encrypt
> Steven.Reddie>RSA_public_
Hi there,
On Thu, 14 Dec 2000, Tom Biggs wrote:
> Ah, what I wouldn't give to strap a profiler to a really busy
> Apache/mod_ssl commerce server, to see exactly what
> gets heavily used and what is hardly touched. This is
> just one of the many questions I have which could be
> answered by such
Hi there,
On Thu, 14 Dec 2000, [iso-8859-1] dilip kumar wrote:
[snip]
> i am running a daeomon using stunnel version 3.8p4
> ,but give the following output with some in generating
> random numbers
[snip]
> i also tried to generate random number file with open
> ssl with rand command . this c
Hi Bodo (and anyone else interested),
Just a thought I was having about locking and things. Rather than us
worrying so much about how to do per-object locking (as opposed to our
current per-class locking), I wonder if it's worth considering how to
minimize the number and complexity of operations
Hi,
On Wed, 20 Dec 2000, Reddie, Steven wrote:
> The problem with only locking during the assignment is that potentially
> mutliple threads will be doing [extensive] work that will be thrown away
> when they discover that another thread beat them to it. The result could be
> that the lock is he
Hi,
On Wed, 20 Dec 2000, Richard Levitte - VMS Whacker wrote:
> From: Bodo Moeller <[EMAIL PROTECTED]>
>
> moeller> On Tue, Dec 19, 2000 at 09:02:45PM +0100, Ulf Moeller wrote:
> moeller>
> moeller> > Is it really a good idea to put this into the stable branch?
> moeller>
> moeller> In the la
Hi there,
On Fri, 22 Dec 2000, Martin Szotkowski wrote:
> int BN_bn2bin(const BIGNUM *a, unsigned char *to)
>
> Not cardinal bug, but I used this function for get size for malloc buffer,
> but this function don't verify 'to' parameter for NULL.
> please put this line (or some else) into this fu
Hi there,
On Thu, 11 Jan 2001, adrien mistretta wrote:
> Thanks, it works fine, but now i got another problem, some errors on the
> speed test, and the time test seems to be false
if you read the errors you'll see what the problem is;
> Doing 4096 bit private rsa's for 10s: 64 4096 bit priva
On Tue, 23 Jan 2001, Ben Laurie wrote:
> IIRC the client certificate is _not_ stored in the session (at least, it
> used not to be - Apache-SSL has to work around this in its own caching).
I believe it is ... when I wrote the shmcb cache I noticed that things
behaved very differently in client-a
Hi there,
On Thu, 8 Feb 2001, Michael [iso-8859-1] Ströder wrote:
> Richard Levitte - VMS Whacker wrote:
> >
> > CDive> Even if the hardware is capable of symmetric operations, it is
> > CDive> probably to slow to go down to it to perform the operation.
> >
> > Depends. If it takes load away
Hi there,
On Thu, 8 Feb 2001, Dr S N Henson wrote:
> Personally I'd like to see symmetric support at some point. I like the
> idea of being able to increase security by not keeping secret keys in
> memory but only references to them. Unfortunately that's a bit tricky
> with OpenSSLs current EVP
Hey there,
On Mon, 19 Feb 2001, tc lewis wrote:
>
> you know, these commit mails are really nice. seriously. any chance
> someone could forward over the openssl cvs repository's loginfo file
> (and/or whatever else may be involved)?
Why not just rsync the CVS repository? Something like;
rsy
Hey there,
On Tue, 20 Feb 2001, Bodo Moeller wrote:
> On Tue, Feb 20, 2001 at 09:37:19AM +, Ben Laurie wrote:
> > Geoff Thorpe wrote:
> >> BTW: This is a *large* data transfer (around 80Mb at last count) - but after
> >> it's done the first time, updates te
Hi there,
Um, actually this isn't right ...
On Tue, 20 Feb 2001 [EMAIL PROTECTED] wrote:
[snip]
> Modified:crypto/objects o_names.c
[snip]
> @@ -67,8 +67,8 @@
> {
> MemCheck_off();
> name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS));
> -
Ah ...
On Tue, 20 Feb 2001, Geoff Thorpe wrote:
> > @@ -67,8 +67,8 @@
> > {
> > MemCheck_off();
> > name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS));
> > - name_funcs->hash_func = lh_strhash;
> >
Hey there,
On Thu, 22 Feb 2001, Bodo Moeller wrote:
> On Wed, Feb 21, 2001 at 07:06:29PM +0100, [EMAIL PROTECTED] wrote:
>
> > Log:
> > This change allows a callback to be used to override the generation of
> > SSL/TLS session IDs in a server. According to RFC2246, the session ID is an
>
Hi there,
On Thu, 22 Feb 2001, Bodo Moeller wrote:
> On Thu, Feb 22, 2001 at 06:41:32AM -0800, Geoff Thorpe wrote:
>
> [...]
> > However, the problem remains that if external session caching is being used,
> > even if the race in the "local" cache is r
Hi,
On Fri, 23 Feb 2001, Ulf Moeller wrote:
> On Thu, Feb 22, 2001, Lenny Foner wrote:
>
> > It just boggles my mind that OpenSSL is somehow so special that it
> > can't use the same system used by hundreds of other packages.
>
> The OpenSSL readme explains quite clearly that patches are welco
Hi there,
On Fri, 23 Feb 2001, Richard Levitte - VMS Whacker wrote:
> From: Corinne Dive-Reclus <[EMAIL PROTECTED]>
>
> CDive>Because the job has been already done for nCipher, Rainbow and
> CDive> Atalla, I thought perhaps you have a ready-to-use engine test
> CDive> suite.
>
> Hmm, t
Hi there,
On Fri, 23 Feb 2001, Verdon R. Walker wrote:
> I need to get OpenSSL working with a different set of crypto libs (in large
> part because we already have the export license agreements worked out for our
> existing crypto libs). Is there any general information about the best way to
> a
Hey there,
On Sun, 25 Mar 2001, Larry Rosenman wrote:
> * Richard Levitte - VMS Whacker <[EMAIL PROTECTED]> [010325 14:41]:
> > From: Larry Rosenman <[EMAIL PROTECTED]>
> >
> > ler> * Justin Clift <[EMAIL PROTECTED]> [010325 07:34]:
> > ler> > Hi Peter,
> > ler> >
> > ler> > Can't this be at l
Hi there,
Richard's standard mail address is on sick-leave due to some server hardware
failures. He's asked me to forward this to the list on his behalf (ie. the
response is his, not mine, but I agree with what he's said anyhow).
On Thu, 29 Mar 2001, [iso-8859-1] Götz Babin-Ebell wrote:
> [EMAI
This time it really is my reply and not Richard's :-)
On Thu, 29 Mar 2001, Ben Laurie wrote:
> I think you have some weird kind of aesthetics. A change is a change,
> and it may was well be a clear one - adding a 1 on the end doesn't make
> it clear why a non-standard name was used. Prepending a
Hi there,
On Sat, 31 Mar 2001, Bob Tanner wrote:
> Quoting Bob Tanner ([EMAIL PROTECTED]):
> > Ok, here are some patches that get everything to build right under Sparc
> > Linux.
> >
> > There is a patch for linux-sparcv9 and linux-sparcv7. I tested v9 on an ULTRA2
> > and v7 on sparc20.
> >
>
Hi there,
Ahh ... there was an error on my part, I hadn't noticed it was libcrypto.so in
your error output, so I had been assuming this was with libcrypto.a. If you
build openldap with the static OpenSSL libraries, what happens?
Yeah - the shared library form of libcrypto should have been linked
On Mon, 23 Apr 2001 [EMAIL PROTECTED] wrote:
> Is anyone working on adding DES support to the engine code?
Um, sorta kinda. There's a few fundamental things being done that will,
hopefully, make it easier to get to a point where arbitrary ciphers, digests,
etc can be hooked. There's some EV
Hey there,
On Mon, 23 Apr 2001, Bade wrote:
> On Mon, Apr 23, 2001 at 07:17:13AM -0700, Geoff Thorpe wrote:
> >
> > Although support for symmetric ciphers and digests is obviously the next major
> > goal of the ENGINE work - IMHO it's not an urgent priority just ye
Hi there,
On Mon, 23 Apr 2001, Schoenwaelder Oliver wrote:
> Hi,
>
> for use with openssh I tried to build openssl. It fails due to undefined
> symbol problems, but not the ones listed in README.
> I made "make clean ; ./Configure unixware-2.1 ; ./Configure gcc ; make"
> What's wrong?
As Lynn
On Mon, 23 Apr 2001, Bade wrote:
> On Mon, Apr 23, 2001 at 11:40:14AM -0700, Geoff Thorpe wrote:
> >
> > Um, could you be more specific, because in various ways and forms this already
> > *does* exist and is being used by a number of people. In fact, this doesn't eve
Hi there,
On Thu, 26 Apr 2001, Richard Levitte - VMS Whacker wrote:
> It was noted, not long ago, that the engine code doesn't look at
> OPENSSL_NO_* macros, and therefore fails to compile if any of the
> algorithms RSA, DSA or DH have been disabled.
>
> So, checking for those macros and disabl
Hi there,
If you're on the commit mail list you'll probably be aware why I haven't had a
chance to answer your posts until now. :-) Thanks for the contributions w.r.t.
standardising the use of EVP ... it's the kind of thing that needs doing and
soon (see below #3) it will be even more important.
mething about having
> > implemented PKCS#11 support for some level of tokens. The one I can
> > remember was from Eracom
> > On Thu, Jun 28, 2001 at 09:33:44AM -0700, Geoff Thorpe wrote:
> > > Hi there,
> > >
> > > On Thu, 28 Jun 2001, Ra
On Wed, 8 Aug 2001, [iso-8859-1] Götz Babin-Ebell wrote:
> Richard Levitte - VMS Whacker wrote:
> >
> > Hmm, it feels like it's really time for a rename (basically, change
> > "des" to "DES" in all names, and thereby follow the "convention" used
> > everywhere else in OpenSSL), or this becomes a
Hi there,
On Tue, 28 Aug 2001, [iso-8859-1] Götz Babin-Ebell wrote:
> > + MemCheck_off();
> > if ((b=BIO_new(BIO_s_file())) == NULL)
> > return;
> > + MemCheck_on();
>
> Um.
> If BIO_new(BIO_s_file()) fails, you yust turned mem checking of...
:-) Indeed I di
On Tue, 28 Aug 2001, Rich Salz wrote:
> Unfortunately, the OpenSSL wrapper around gethostbyname cache's lookup
> results forever, so you'll need to restart your application. I know you
> said you can't do that. Good luck figuring out how to address this.
>
> Infinite caching of gethostbyname()
Hi there,
On Mon, 10 Sep 2001, Ben Laurie wrote:
> Bodo Moeller wrote:
> >
> > I simply replaced free() by OPENSSL_free() without even looking at the
> > arguments, so the question goes back to you. ('free', just like
> > 'OPENSSL_free', is 'void (*)(void *ptr)'.)
>
> I don't see why it goes
Hi,
On Tue, 25 Sep 2001, Richard Levitte - VMS Whacker wrote:
> From: Geoff Thorpe <[EMAIL PROTECTED]>
>
> geoff> Any preferences for a fix? or should I just go in there and blitz
> geoff> whatever seems most obvious.
>
> Please do *not* do that without think
Hi there,
Please post mod_ssl questions to the mod_ssl list. mod_ssl is a glue module
to put OpenSSL-based https support inside Apache. So a problem, when
running the three together, is more likely to interest those on the modssl
list than those who perhaps use openssl without modssl/apache at al
Hi there,
Thanks!
Of course, I'm wondering to myself, how the hell didn't "gcc" pick this up
before now?
Cheers,
Geoff
On Monday 08 October 2001 09:39, Martin Szotkowski wrote:
> in file /crypto/engine/eng_table.c
> on line 137 missing pointer before cleanup!
>
> wrong:
> int engine_table_reg
Hi there,
On Monday 08 October 2001 11:21, Martin Szotkowski wrote:
> Geoff,
> more bugs are in engine code.
>
> 1. When I compile openssl on Windows (W2k), errors are on lines where is
> return engine_table_register(&XXX_table,
> &engine_unregister_all_XXX, e, &dummy_nid, 1, 0);
> second p
Hello,
On Monday 08 October 2001 11:54, Martin Szotkowski wrote:
> all are tested on W2k with VC++ 7.0 (maybe this is problem (:->))
>
> 1)
> in /crypto/evp/makefile
> on line 23 are wrong:
> TEST=evp_test.c evptests.txt
> but this create in global makefile with evptests.txt.c!
> correct:
> TEST=
Hi there,
> I'm currently having some problems compiling the OpenSSL libraries into my
> project. I'm using VC++ V6 on NT4 to produce an ATL COM project. However,
> there seems to be some conflicts between the OpenSSL libraries and those
> supplied by Microsoft.
> Firstly there appears to be so
ms require
different versions of OpenSSL shared libraries). Perhaps this is already
the case?
> Then there's COM, but I think that's beyond the scope here...
[;-)
Cheers,
Geoff
--
Geof
appreciate any thoughts on how this should work. Mark was happy to
commit this change but I'd appreciate some feedback first.
Cheers,
Geoff
----------
Geoff ThorpeEmail: [EMAIL PROTECTED]
Cr
Thanks for the pointer - I'll take a look. BTW: Had anyone else noticed
SSL_CTX_load_verify_locations failing when only loading a CA file?? I'd
traced back through the snapshots and the change has (or appears to have)
been there since Oct-27.
Cheers,
ME
------
e sure what I should be doing with these and what the intended
behaviour of the reference mechanisms are - it would certainly appear that
they don't function correctly whatever the intention. Any thoughts?
Thanks in advance,
Geoff
-----
pto/bio/bio.h about line
415. I can't understand why it's done this way and I know if I carelessly
wade in there trying to change it I will unleash the dominos. The fact
that this jumps around between ssl/ and crypto/bio so much is enough of a
deterrent in itself ...
Cheers,
Geoff
s temporarily broken, and then we'd
have some hope of being able to keep OpenSSL's memory management stable
and usable without fork()s and exit()s (or ugly code).
Thoughts?
Cheers,
ME
--
Geoff ThorpeEmail: [EMAIL PROTECTED]
Cryptographic Softwar
Someone once did that with a draft of SSL didn't they?
:-)
Cheers,
Geoff
PS: I agree with your point completely.
------
Geoff ThorpeEmail: [EMAIL PROTECTED]
Cryptographic Software Engineer
essions are being resumed and other cache information.
Cheers,
Geoff
------
Geoff ThorpeEmail: [EMAIL PROTECTED]
Cryptographic Software Engineer, C2Net Europehttp://www.int.c2.net
--
e other thread; not the pointer to the SSL
> structure.
This approach baffles me ... why should any one thread own an SSL
structure at all? If each thread that is interested obtains a reference,
and then dutifully frees its own reference when done, then the SSL
structure will silently and politely be cle
cture (lots of little "workers" holding an SSL
each and one "master" keeping a watchful eye on all of them as well as the
SSL_CTX for gathering statistics and logging) - no synchronisation
required, just diligent handling of reference counts.
Does it behave properly with multip
t see why from the above.
"./config" should be setting things up fine and I've had no trouble doing
this myself on a solaris-sparc box.
Cheers,
Geoff
--
Geoff ThorpeEmail: [EMAIL PROTECTE
(or even something else) but I don't
think that would qualify as a "known problem" either way ...
Cheers,
Geoff
------
Geoff ThorpeEmail: [EMAIL P
Hi there,
On Sun, 28 Nov 1999, Ben Laurie wrote:
> Geoff Thorpe wrote:
> >
> > I can't recall whether the prime number generation uses sequential
> > candidates or an arithmetic sequence (or even something else) but I don't
> > think that would qu
Hi,
I should have clarified a touch ...
On Sun, 28 Nov 1999, Geoff Thorpe wrote:
> to begin right on top of it. An arithmetic search increases the "fair
> play" by skipping across intervals plucking candidates out every 'k' odd
> numbers. Provided no ground-br
r his
reaction. Only 1 in 2^78 OpenSSL-generated primes are actually prime ...
that's a very interesting theory ... so the astronomical part now is to
find an RSA key out there that actually has real primes in it. :-)
Cheers,
Geoff
--
Geoff ThorpeEmai
... and if the answer is "badly", is there an alternative we
could pull in rather than leaving this as-is or having to code something
from scratch?
cheers,
Geoff
--
Geoff Thorpe
201 - 300 of 368 matches
Mail list logo
