Salz, Rich via open ssl-dev in gmane.comp.encryption.openssl.devel
(Fri, 19 Jan 2018 17:34:57 +):
>- New mailing list openssl-project for project discussions
For the lovers of NNTP: openssl-project has been added to news.gmane.org
as gmane.comp.encryption.openssl.project as reado
OpenSSL in gmane.comp.encryption.openssl.devel (Thu, 7 Dec 2017 13:55:43
+):
> OpenSSL version 1.0.2n released
I ran into a compiling issue with openssl-fips-2.0.16.
See https://github.com/openssl/openssl/issues/4864
--
Jan
--
openssl-dev mailing list
To unsubscribe: ht
/opt/openssl110
>
>Operating system: x86_64-whatever-linux2
>Configuring for linux-x86_64
>Configuring OpenSSL version 1.1.0f-dev (0x10100060L)
>* Unsupported options: no-fips
fips is not supported in OpenSSL 1.1 yet, so my best guess is that both
fips and no-fips are removed b
e[2]: *** [eng_cryptodev.o] Error 1
Kind regards,
Jan-Markus Pumpanen
Please note: This e-mail may contain confidential information
intended solely for the addressee. If you have received this
e-mail in error, please do not discl
land" are stuck with
"legacy" proxies for some time. It would be a shame if we cannot use
OpenSSL 1.1+ on the grid.
JM2CW,
JJK / Jan Just Keijser
PS I'm a co-worker of Mischa Salle
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
rmine which flags were set during certificate
verification?
thanks for any pointers or advice,
JJK / Jan Just Keijser
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4602
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
?
thanks for any pointers or advice,
JJK / Jan Just Keijser
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
is is off-topic for this list, but I cannot email you directly. You
could try reading up at
http://tldp.org/HOWTO/Bash-Prog-Intro-HOWTO-3.html
or any other hit that comes up when searching for "linux shell stderr
redirect"
HTH,
JJK
> -Original Message-
> From: Ja
for this list, but I cannot email you directly. You
could try reading up at
http://tldp.org/HOWTO/Bash-Prog-Intro-HOWTO-3.html
or any other hit that comes up when searching for "linux shell stderr
redirect"
HTH,
JJK
-Original Message-----
From: Jan Just Keijser via RT
Hi,
On 18/07/16 18:39, Lapprich, Harold via RT wrote:
> To Whom It May Concern,
>
> openssl version -a:
>
> OpenSSL 1.0.2a 19 Mar 2015
>
> built on: reproducible build, date unspecified
>
> platform: linux-ppc
>
> options: bn(64,32) rc4(ptr,char) des(idx,risc1,16,long) blowfish(idx)
Hi,
On 18/07/16 18:39, Lapprich, Harold via RT wrote:
To Whom It May Concern,
openssl version -a:
OpenSSL 1.0.2a 19 Mar 2015
built on: reproducible build, date unspecified
platform: linux-ppc
options: bn(64,32) rc4(ptr,char) des(idx,risc1,16,long) blowfish(idx)
compiler:
appearance of the check_issued callback is
worrisome, as that callback is crucial for verifying proxy certificates.
How should I modify my code so that it builds and links with openssl 1.1.0?
thx for any pointers,
JJK / Jan Just Keijser
$ gcc -I openssl-1.1.0-pre5/include -o grid-proxy-veri
r for my application were verified.
>
>
FWIW: I've downloaded and built openssl-1.0.1s on my EL 5.11 box in both
32bit and 64bit mode (I needed to hack ./Configure for that, BTW). The
resulting
openssl x509 -hash
command prints out the exact same hash for both the 32bit and 64b
on my EL 5.11 box in both
32bit and 64bit mode (I needed to hack ./Configure for that, BTW). The
resulting
openssl x509 -hash
command prints out the exact same hash for both the 32bit and 64bit
versions.
HTH,
JJK / Jan Just Keijser
Nikhef
Amsterdam
--
openssl-dev mailing list
.
regards,
JJK / Jan Just Keijser
Nikhef
Amsterdam
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
,
Singapore, a member of CAESAR comitee.
https://dl.dropboxusercontent.com/u/433404/DP_Zak_Jan_2015.pdf
I'd be really grateful for a feedback from any member of this mailing list.
Sincerely,
Jan Zak
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
I have updated Judson's patch to match with master branch. See GitHub PR
https://github.com/openssl/openssl/pull/570
Jan
On Mon, Jan 11, 2016 at 12:34 PM, Judson Wilson via RT <r...@openssl.org>
wrote:
> Here is an OpenSSL port of a patch in BoringSSL. It requires a call from
> the
It automatically opens a BIO for the keylogfile. Also if this patch is
merged, RT 3352 can be reverted because it covers only a special case in
the s_client app.
On Tue, Jan 19, 2016 at 8:33 PM, Jan Žák <r...@openssl.org> wrote:
> I have updated Judson's patch to match with master br
Gisle Vanem in gmane.comp.encryption.openssl.devel (Sun, 17 Jan 2016
09:50:55 +0100):
>I think I have this "update 1" from the cl version:
> Microsoft (R) C/C++ Optimizing Compiler Version 19.00.23026 for x86
There is a newer one:
Microsoft (R) C/C++ Optimizing Compiler Ver
Is there any particiular reason, why AEAD ciphers are not supported in the
enc app? https://github.com/openssl/openssl/blob/700b4a4/apps/enc.c#L294
I have implemented it as a small part of my Master thesis, maybe I could
polish it and submit a PR.
Regards,
Jan Zak
This implementation is not enough, beacuse it works only for openssl
s_client app. However it should work for all apps using openssl as a
library (eg. curl, nginx).
SSLKEYLOGFILE env var is a good current standard, so I think openssl should
use it as well.
Regards,
Jan Zak
On Tue, Dec 29, 2015
link. Standard Windows decompressors do not recognize that. I
always use 'tar' from Cygwin:
c:\cygwin\bin\tar xvf openssl-1.0.2e.tar.gz
--
Jan
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
link. Standard Windows decompressors do not recognize that. I
always use 'tar' from Cygwin:
c:\cygwin\bin\tar xvf openssl-1.0.2e.tar.gz
--
Jan
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
n64a
>3) nmake -f ms\nt.mak
>...
>NMAKE : fatal error U1073: don't know how to make 'tmp32\applink.obj'
Start with nmake -f ms\ntdll.mak and copy tmp32dll\applink.obj to
tmp32\applink.obj to continue building.
--
Jan
___
openssl-dev mailing list
I had some patches here:
https://github.com/Jan-E/openssl-fips/commits/master
--
Jan
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
gt;nmake -f ms\ntdll.mak
>
>With no problems. I'd suggest you try that as a starting point and let me know
>of any errors you get. You will need to install nasm for that to work.
Did you do that with VS2015 aka VC14? The Apache and PHP world is moving
to VC14. PHP7 will
Jan Ehrhardt in gmane.comp.encryption.openssl.devel (Mon, 21 Sep 2015
22:42:17 +0200):
>Stephen Henson via RT in gmane.comp.encryption.openssl.devel (Sun, 20 Sep
>2015 22:51:21 +):
>>In more detail I just tried a build from sources. I did this:
>>
>>set FIPSDIR
main_dso.exe.
This is the solution, but it is not compliant either:
https://github.com/Jan-E/openssl-fips/commits/master
Jan
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Dr. Matthias St. Pierre in gmane.comp.encryption.openssl.devel (Sun, 16
Aug 2015 23:52:21 +0200):
>
>Am 14.08.2015 um 16:22 schrieb Jan Ehrhardt:
>> I guess there was a change from optional (in VC9/VC11) to required in
>> VC14, but only for the 1.0.2 branch. The PHP d
to
https://github.com/openssl/openssl/blob/master/e_os.h#L272
to make OpenSSL 1.0.1 compile with VS2015 aka VC14.
Jan
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Jan Ehrhardt in gmane.comp.encryption.openssl.devel (Fri, 14 Aug 2015
16:22:51 +0200):
I have a faint recollection that OpenSSL 1.0.2a still had FIPS support.
I checked that. OpenSSL 1.0.2a has the same problem and also does not
compile with FIPS enabled.
--
Jan
after migrating to VS2015 we started to have this problem.
True. But the Windows world is moving to VS2015/VC14, so OpenSSL has to
follow. I have a faint recollection that OpenSSL 1.0.2a still had FIPS
support. If that is the case, maybe you can track down where it went
wrong.
Jan
PS. We
engine_pkcs11). I have personal experience with
various usb hardware tokens from Feitian and Aladdin/SafeNet. The main
feature of such tokens is that indeed the private key cannot be exported
from the device.
hope this helps,
JJK / Jan Just Keijser
Jan Ehrhardt in gmane.comp.encryption.openssl.devel (Sat, 11 Jul 2015
18:08:58 +0200):
OPENSSL_Uplink(00CBB000,08): no OPENSSL_Applink
Get hash failure at \usr\local\ssl\fips-2.0\bin\fipslink.pl line 60.
NMAKE : fatal error U1077: 'C:\Perl64\bin\perl.EXE' : return code '0x1'
It is time
Hi,
r...@openssl.org via RT wrote:
And linux-x86_64 won't work here, since it uses some instructions not
supported by MIC.
But all x86_64 modules feature run-time switch, when processor
capabilities are detected [with cpuid] and code that can't be executed
on any particular
Hi,
r...@openssl.org via RT wrote:
And linux-x86_64 won't work here, since it uses some instructions not supported by MIC.
But all x86_64 modules feature run-time switch, when processor
capabilities are detected [with cpuid] and code that can't be executed
on any particular processor
I haven't found good
place where to do such call.
Regards,
Jan Kaluza
diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
index 80444ff..ea3dd1b 100644
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -379,8 +379,10 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type
bad but if you need to debug
it or if you need to cross-compile then it is (IMHO) an absolute nightmare.
I'd consider it a step backwards if openssl moved in the direction of
cmake.
JM2CW,
JJK / Jan Just Keijser
__
OpenSSL
Hello,
yes, it was compiled with enable-sctp option enabled, it is not
default rhel6 distribution version.
Best regards
Jan
On 5.8.2014 14:40, Stephen Henson via RT wrote:
On Tue Aug 05 09:18:02 2014, jan.hy...@acision.com wrote:
Hello,
OpenSSL (1.0.1h and older) contains following
Hello,
yes, it was compiled with enable-sctp option enabled, it is not
default rhel6 distribution version.
Best regards
Jan
On 5.8.2014 14:40, Stephen Henson via RT wrote:
On Tue Aug 05 09:18:02 2014, jan.hy...@acision.com wrote:
Hello,
OpenSSL (1.0.1h and older) contains following
before it is #days, anything after
it is time in HH:MM format
if arg contains no hyphen and no colon then it's the number of days
if arg contains no hyphen but it does contain a colon then #days = 0 and
the entire argument is a time in HH:MM format
suggestions?
JJK / Jan Just Keijser
Nikhef
then anything before it is #days, anything after
it is time in HH:MM format
if arg contains no hyphen and no colon then it's the number of days
if arg contains no hyphen but it does contain a colon then #days = 0 and
the entire argument is a time in HH:MM format
suggestions?
JJK / Jan Just Keijser
Nikhef
'-valid' to '-duration' .
I'll get back on this in mid August.
cheers,
JJK / Jan Just Keijser
Nikhef
Amsterdam
__
OpenSSL Project http://www.openssl.org
Development Mailing List
hi ,
attached is a minor patch to apps/x509.c. The patch allows the user to
specify the validity of a certificate in hours and minutes (next to
days). This is esp useful when creating grid/RFC3820 proxies which
typically have a duration of 12 hours.
regards,
JJK / Jan Just Keijser
hi ,
attached is a minor patch to apps/x509.c. The patch allows the user to
specify the validity of a certificate in hours and minutes (next to
days). This is esp useful when creating grid/RFC3820 proxies which
typically have a duration of 12 hours.
regards,
JJK / Jan Just Keijser
in 1.0.0n-dev
Cheers
Jan
Am 28.06.2014 17:21, schrieb Clemmer, John J CIV via RT:
OpenSSL Development Team,
My attempts to compile OpenSSL v.1.0.0m on the day of its release as well as
last night both resulted in the same error, whereby INT_MAX is used before it
is declared in ssl/s3_pkt.c on line
So leave it in 0.9.8, and disable it by default in all newwr branches. In my
opinion it is a bad choice to enable ssl2 by default just to be able to speak
with insecure devices.
Cheers Jan
On 29. Juni 2014 00:17:59 MESZ, Salz, Rich rs...@akamai.com wrote:
We need to support embedded clients
This page isn't uptodate.
https://www.openssl.org/news/state.html
Cheers
Jan
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
\
-config ${CFG}
= 8 -
If you change $KEY_COUNTRY back to US (or anything else with a
length smaller than 3), openssl will work as expected.
Thanks,
Jan-Benedict
[1] https://github.com/OpenVPN/easy-rsa, tested with v2.2.2 .
--
Getslash GmbH
with a
length smaller than 3), openssl will work as expected.
Thanks,
Jan-Benedict
[1] https://github.com/OpenVPN/easy-rsa, tested with v2.2.2 .
--
Getslash GmbH, Bahnhofstraße 16, 59302 Oelde
Tel: +49-2522-834349-5Fax: +49-2522-834349-1
http://www.getslash.deMobil: +49-152-33822499
This can closed again in rt.
On 29. April 2014 11:24:57 MESZ, Tim Hudson via RT r...@openssl.org wrote:
On Tue Mar 04 16:03:58 2014, dominik.stras...@onespin-solutions.com
wrote:
Hi all,
the top level Makefile has a small with quoting when CC has an
argument.
The attached mini-patch fixes the
+1
On 1. Mai 2014 13:35:19 MESZ, Hanno Böck ha...@hboeck.de wrote:
On Thu, 1 May 2014 13:26:48 +0200
Stephen Henson via RT r...@openssl.org wrote:
Ironically it was added as a workaround for another bug. The padding
extension was believed to have no side effects... obviously that
isn't true
The same for #3232 ? Regards Jan
On 29. April 2014 11:24:57 MESZ, Tim Hudson via RT r...@openssl.org wrote:
On Tue Mar 04 16:03:58 2014, dominik.stras...@onespin-solutions.com
wrote:
Hi all,
the top level Makefile has a small with quoting when CC has an
argument.
The attached mini-patch fixes
The same for #3232 ? Regards Jan
On 29. April 2014 11:24:57 MESZ, Tim Hudson via RT r...@openssl.org wrote:
On Tue Mar 04 16:03:58 2014, dominik.stras...@onespin-solutions.com
wrote:
Hi all,
the top level Makefile has a small with quoting when CC has an
argument.
The attached mini-patch fixes
On 24/04/14 01:46, Peter Waltenberg wrote:
rpm -q --changelog openssl | grep CVE
AFAIU RedHat backports CVE's to the version of openssl included in RHEL5
(0.9.8e)
FWIW: this is the changelog from a Scientific Linux 5 box:
rpm -q --changelog openssl | grep CVE
- fix for CVE-2013-0169 - SSL/TLS
Hi Ralf,
Ralf Skyper Kaiser wrote:
Hi,
OpenSSL 1.0.1e 11 Feb 2013
$ grep bits openssl.cnf
default_bits= 4096
= Note that the default_bits are set to 4096.
$ openssl req -config openssl.cnf -nodes -newkey rsa -keyout
testkey.pem -keyform PEM -out testreq.pem -outform PEM
Perrow, Graeme wrote:
I'd like to add the ability for my (client) application to use the
Windows certificate store to verify a server's certificate during an
SSL handshake. I've created a callback and set it using
SSL_CTX_set_verify( ctx, SSL_VERIFY_PEER, mycallback ). Inside that
callback,
Hi,
Costas Stasimos wrote:
Hi Jan
By applying the cryptodev patch in openssl, all the applications that
use openssl (postfix, tomcat etc) are automatically executed at hardware.
As far as it concerns the openssl speed, we can avoid the hardware
acceleration by using the evp parameter.
My
Hi Costas,
Costas Stasimos wrote:
Hello!
I'm currently using the cryptodev framework-engine with openssl-1.0.1e.
By run the command
# openssl engine -t
(cryptodev) cryptodev engine
[ available ]
(dynamic) Dynamic engine loading support
[ unavailable ]
we can see that the cryptodev
Hi,
saurav barik wrote:
Hello,
I am trying to implement TLS security (in the client side) over a UDP
connection. I have a parallel TCP connection(to the same server) over
which TLS is already done and it works fine. In the same session of my
application I am creating a UDP connection to the
patch-1.829645.14k68659.05k 119742.60k 169329.66k 183457.25k
For all 4 platforms the 11/5/2012 patch was the fastest.
I don't have an Atom based box to test it on.
share and enjoy,
JJK / Jan Just Keijser
150106.58k 183705.94k
197330.99k
version 1.8:
sha256 33560.42k73153.83k 121472.43k 167948.67k
180955.23k
all my tests were done using 'openssl speed sha256' , I'm unsure how you
did your testing.
cheers,
JJK / Jan Just Keijser
Jan Just Keijser wrote:
Andy Polyakov wrote:
I
modified the 'Configure' script to allow the compilation of a 32bit
version of openssl *with* the assembly routines.
What does it mean? Configure supports 32-bit builds *with* assembly as
it is. To build 32-bit version on 64-bit Linux, run
the sha256 patch be applied to the 64bit code base?
cheers,
JJK / Jan Just Keijser
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
, as done in the s_server.c code?
A more general question is where we can read up on all this :) ?
many thanks in advance,
JJK / Jan Just Keijser
__
OpenSSL Project http://www.openssl.org
Development
activated.
From my point of view, it should be made configurable, ideally by using
SSL_CTX_set_options() and friends.
Does anyone know if this is planned for a future release and does anyone
consider this to be a sensible solution?
Thank you and best regards
Jan
be found by using ::dis on each address,
thus rebuilding the stack.
--
Jan Pechanec
http://blogs.sun.com/janp
__
OpenSSL Project http://www.openssl.org
Development Mailing List
think we should file a bug in the RT. Is there anything else
we should provide?
thanks, Jan.
--
Jan Pechanec
http://blogs.sun.com/janp
/*
* Demo for the SSL memory corruption bug. The problem is if libssl is
* dlopen()ed, SSL error strings loaded, and the library is dlclose()d
on Linux as well.
thanks, Jan.
--
Jan Pechanec
http://blogs.sun.com/janp
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
this stop function, I believe we may end up in a similar
situation and crash again.
Jan.
--
Jan Pechanec
http://blogs.sun.com/janp
__
OpenSSL Project http://www.openssl.org
Development
in the RT. Is there anything else
we should provide?
thanks, Jan.
--
Jan Pechanec
http://blogs.sun.com/janp
/*
* Demo for the SSL memory corruption bug. The problem is if libssl is
* dlopen()ed, SSL error strings loaded, and the library is dlclose()d then. The
* hash string table built
On Wednesday 2010-06-30 16:04, Andy Polyakov wrote:
Since the inclusion of sparcv9a-mont.s/.pl, I get a SIGBUS error when
running bntest. Package is openssl 1.0.0 with sparcv9a on Linux 2.6.34
with a sparcv9 environment (64-bit kernel, 32-bit userspace/v8/v8plus)
on a sun4v US T1 CPU. I am
On Thursday 2010-07-01 10:09, Andy Polyakov wrote:
SIGBUS normally denotes unaligned access, but instruction in qustion
pulls 16-bit value and effective address is 16-bit aligned...
I just tried a test .S file with
ldda[%sp+0+16]%asi, %f0
ldda[%sp+0+8]%asi, %f0
On Thursday 2010-07-01 11:31, Andy Polyakov wrote:
SIGBUS normally denotes unaligned access, but instruction in qustion
pulls 16-bit value and effective address is 16-bit aligned...
I just tried a test .S file with
ldda[%sp+0+16]%asi, %f0
ldda[%sp+0+8]%asi, %f0
Hi,
openssl 0.9.8m was fine, but with 1.0.0 I get:
sha256-sparcv9.s: Assembler messages:
sha256-sparcv9.s:1849: Error: unaligned opcodes detected in executable
segment
I look around and noticed
http://rt.openssl.org/Ticket/Display.html?id=2190user=guestpass=guest
subsequently I came up with
Hi,
Since the inclusion of sparcv9a-mont.s/.pl, I get a SIGBUS error when
running bntest. Package is openssl 1.0.0 with sparcv9a on Linux 2.6.34
with a sparcv9 environment (64-bit kernel, 32-bit userspace/v8/v8plus)
on a sun4v US T1 CPU. I am aware of the FPU implications - openssl just
and reconfigure/rebuild. Or,
just put #define HAVE_FORK 1 after the endif and rebuild. J.
--
Jan Pechanec
http://blogs.sun.com/janp
__
OpenSSL Project http://www.openssl.org
Development Mailing List
, fixing it in speed.c
could bring the problem back again, just for yet another architecture
not specified in the #ifdef.
cheers, Jan.
--
Jan Pechanec
http://blogs.sun.com/janp
__
OpenSSL Project
ok great. That's the solution I've also used and I'm glad that it's
confirmed and patched now.
Cheers,
Jan
On Mon, Mar 1, 2010 at 3:43 PM, Dr. Stephen Henson st...@openssl.org wrote:
On Mon, Mar 01, 2010, Jan C. wrote:
Hello,
I have an engine which implements the rsa_generate_key method
is generated correctly in the engine.
What am I doing wrong ?
Thanks for your help,
Jan.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev
On Tue, 8 Dec 2009, Jan Pechanec wrote:
sorry, forgot to include a link to the OpenSolaris bugster:
http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6441083
with an explanation of a person who reported the problem.
J.
hi,
there are some places
-gate/usr/src/common/openssl/crypto/engine/hw_pk11.c
--
Jan Pechanec
Hello,
EVP_EncryptInit.pod includes an example for General encryption,
decryption function example using FILE I/O and RC2. The code doesn't
compile right away, though, (a few variables are not prototyped or
declared) and needs a few minor tweaks (see attached).
-Jan
diff -burN openssl
.
The call stack is:
SSL_accept
ssl23_accept
ssl23_get_client_hello
SSL_accept
ssl3_accept
ssl3_send_server_hello
ssl3_do_write
ssl3_finish_mac (s3_enc.c, line 578)
Bye
Jan
__
OpenSSL Project http
On Jun 7, 2008, at 9:10 AM, Dr. Stephen Henson wrote:
On Tue, Jun 03, 2008, Jan Vilhuber wrote:
I've run into an question I've traced to pkcs7_verify.
I use this for non-MIME-specific content (and hence the certs don't
necessarily have 'smime-sig' as a key usage (or extended or
whatever
Anyone have an opinion on this? Should I be posting this to openssl-
users instead (forgive me if I chose the wrong list)?
jan
On Jun 3, 2008, at 6:43 PM, Jan Vilhuber wrote:
I've run into an question I've traced to pkcs7_verify.
I use this for non-MIME-specific content (and hence the certs
to modify OpenSSL at all.
aha, thanks, that's a good idea. It seems to me that I can't use
OBJ_create() without providing an OID but ASN1_OBJECT_create() +
OBJ_add_object() is OK for me and no phony OIDs are used then.
J.
--
Jan Pechanec
bits
long counter for AES counter mode so that's why OpenSSH can work with its
own EVP functions for this mode. However, above mentioned changes are needed
so that CTR mode can be offloaded to the engine.
thanks, Jan.
--
Jan Pechanec
, from reading the code this is not really usable.
correct, not with the current bits in Solaris (I guess we talk about
accesing tokens). We plan to work on that but it's not top priority for now.
cheers, Jan.
--
Jan Pechanec
it to printf, or to replace it with printf right away, or something
different. After the fix the module builds fine. For more information about
echo's in Solaris, see:
man -M /usr/man echo
regards, Jan.
--
Jan Pechanec
to deallocate memory in the token allocated in
C_DigestInit() is to call C_DigestFinal(), which means unless app calls
EVP_DigestFinal() there is a leak.
Jan.
--
Jan Pechanec
__
OpenSSL Project
would like to fix it the same way as in OpenSSL - if you
decide to fix it of course. Having separate patches is too painful.
thanks, Jan.
--
Jan Pechanec
__
OpenSSL Project http
and hours e.g.
openssl x509 -valid 4:00
We use this patch to x509 to generate grid proxies from an Aladdin
eToken, using the openssl engine support.
regards,
Jan Just Keijser
System Integrator
Nikhef
Amsterdam
--- openssl-0.9.8d/apps/x509.c 2005-07-16 13:13:03.0 +0200
+++ openssl-0.9.8d
)?' ':'\n'); }
printf(pre-master\n);
{ int z; for (z=0; zs-session-master_key_length; z++)
printf(%02X%c,s-session-master_key[z],((z+1)%16)?' ':'\n'); }
#endif
which uses pre-master\n in printf(). However,
s-session-master_key is a master key.
Jan.
--
Jan Pechanec
.
Jan.
--
Jan Pechanec
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL
0.9.8e, s3_srvr.c claims this in a comment:
* s-tmp.new_cipher- the new cipher to use.
it should read s-s3-tmp.new_cipher ...
Jan.
--
Jan Pechanec
__
OpenSSL Project
as per $subj:
* The word 'cryptographic' can be left out if the rouines from the library
it seems to be everywhere:
janp:ananke:/export/openssl$ ggrep -e rouines -R openssl-0.9.8e/* | wc -l
541
--
Jan Pechanec
these backslashes are unnecessary, and they're a maintenance hazard.
If somebody puts non-null text on the following line, it will get sucked
into the macro.
thanks, Jan.
--
Jan Pechanec
Software Engineer
Security Technologies | OS Hardening
-DJS_TWOPIPE_VERBOSE, which automatically adds -DJS_TWOPIPE as well.
I've tested it with 0.9.7a, 0.9.7d, 0.9.7j, and the current CVS release.
If you've any comments please mail me.
Regards, Jan
__
OpenSSL Project
not an expert in
hyper threading, maybe this behavior is expected for homogeneous
workload like encrypting?
Sincerely,
Jan Schmidt
__
OpenSSL Project http://www.openssl.org
Development Mailing List
1 - 100 of 141 matches
Mail list logo