Hi Howard,
Howard Chu wrote:
Roumen Petrov wrote:
Howard Chu via openssl-dev wrote:
In OpenSSL 1.1 on Linux (at least) libcrypto now has a dependency on
libpthread but this is not reflected in the pkgconfig file. As a
result, tools like CMake fail to detect libcrypto properly when
linking
Howard Chu via openssl-dev wrote:
In OpenSSL 1.1 on Linux (at least) libcrypto now has a dependency on
libpthread but this is not reflected in the pkgconfig file. As a
result, tools like CMake fail to detect libcrypto properly when
linking against the static library. libpthread should be added
Hi Richard,
Richard Levitte wrote:
Hi,
I've some ponderings that I need to bounce a bit with you all.
Some have talked about replace the X509_LOOKUP_METHOD
X.509 lookup method could return certificate , revocation list or
EVP_KEY (structure x509_object_st).
Unfortunately functionality of
Rich Salz via RT wrote:
According to our records, your request has been resolved. If you have any
further questions or concerns, please respond to this message.
Resolved?
Hmm, how to implement X.509 lookup method with 1.1+ API?
Regards,
Roumen Petrov
--
openssl-dev mailing list
To
Hi Richard,
Richard Levitte wrote:
In message<20161206.223057.237264374331072901.levi...@openssl.org> on Tue, 06 Dec
2016 22:30:57 +0100 (CET), Richard Levitte said:
levitte> [SNIP]
The easiest was actually to rewrite PEM_read_bio_PrivateKey()
entirely, so it solely uses the internal store_
HI Richard,
Richard Levitte wrote:
In message<58472e4f.3010...@roumenpetrov.info> on Tue, 06 Dec 2016 23:31:59 +0200,
Roumen Petrov said:
openssl> Hi Richard,
openssl>
[SNIP]
openssl> > Check. My STORE branch is made to support that.
openssl> One URI could represe
Hi Richard,
Richard Levitte wrote:
[SNIP]
James.Bottomley>1. We agreed that usability is greatly enhanced if openssl
simply loads
James.Bottomley> a key when presented with the file/uri etc. without the
user having
James.Bottomley> to specify what the format of a key is
Check.
Salz, Rich wrote:
[SNIP]
I posted yesterday, what's your config. I standard config/make does
not do this for me.
For instance:
CONFIGURE_ARGS=--prefix=... -DOPENSSL_NO_BUF_FREELISTS shared no-ssl2
no-ssl3 zlib-dynamic enable-gost enable-unit-test linux-x86_64
Roumen
--
openssl-dev mailing l
means that the key_id is actually a bio
pointer.
I'm not sure that is good idea to pass pointers between loadable
modules. It could be used if there is no alternative. In this case URN
format for could inform engine how to load key.
[SNIP]
Regadrs,
Roumen Petrov
--
openssl-dev mailing li
This is an enhancement request.
OpenSSL 1.1 hides details of structures used to load X.509 certificates,
in particular - x509_lookup_method_st , x509_lookup_st and x509_object_st.
This impact non OpenSSL projects as external application has to
duplicated those structures.
Request is OpenSSL do
Stephen Henson via RT wrote:
> On Sat Jun 25 22:09:59 2016, open...@roumenpetrov.info wrote:
>> Above is reason the request to remove const from return argument of get0
>> methods.
> We had a discussion about this and the preference was to have get methods
> retain const for various reasons.
>
> In
d. Windows modification is similar.
Roumen
>From a7e0111eea1ef51d62a673e8511e9017945c2780 Mon Sep 17 00:00:00 2001
From: Roumen Petrov
Date: Sat, 21 May 2016 10:29:51 +0300
Subject: [PATCH 2/2] make templates: prepend path to source headers
---
Configurations/unix-Makefile
n argument of get0
methods.
The issue is not only for ECDSA but also for DSA_SIG and RSA, DSA, DH
keys where situation is similar.
Regards,
Roumen Petrov
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4590
Please log in as guest with password guest if prompted
--
openssl-d
Salz, Rich wrote:
Can you look at https://github.com/openssl/openssl/pull/1044 [SNIP ]
I pushed a new version that adds your feedback.
10x, it's fine by me.
Roumen
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Hi Rich,
Salz, Rich wrote:
Can you look at https://github.com/openssl/openssl/pull/1044 and see if it
addresses the issues?
Yes.
May be with some definitions for backward compatibility. I mean for
renamed pre 1.1 functions - with inserted ..._CTX into name of :
- X509_STORE_get_by_subj
Roumen Petrov wrote:
[SNIP]
This is my request - to define:
- X509 *X509_STORE_get_X509_by_subject(X509_STORE_CTX *vs, X509_NAME
*name)
- X509_CRL *X509_STORE_get_X509_CRL_by_subject(X509_STORE_CTX *vs,
X509_NAME *name)
Perhaps X509_STORE_CTX_get... instead X509_STORE_get as first argument
is
Hi Rich,
Scope of my request is "use of a lookup method".
Salz, Rich wrote:
You need
(1)
I test port to current openssl code with following definitions
X509_OBJECT_new() and X509_OBJECT_get0_X509_CRL. :
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index ff64821..8547b0d 1
ween get0 and
set0 key methods.
For protocol "0009-sshkey.c-opaque-DSA-structure.patch" is practical
sample of an upgrade to 1.1 API. RSA is similar.
Cheers,
Richard
Roumen
>From 57d17bdf3ef9975b6f09a597557843943909b5b9 Mon Sep 17 00:00:00 2001
From: Roumen Petrov
Date: Su
umen
>From 32b59c4406581d9e0418ba9b61a1abe2044468ff Mon Sep 17 00:00:00 2001
From: Roumen Petrov
Date: Sat, 16 Apr 2016 19:10:19 +0300
Subject: [PATCH 4/4] remove defines X509_STORE_set_verify_... as context is
now opaque
---
include/openssl/x509_vfy.h | 3 ---
1 file changed, 3 deletions(-)
diff --git a/in
Hi Openssl developers,
Recent modification to X509... structures prevent external
implementation of X509_LOOKUP_METHOD.
Main issue that 1.1beta5 is not usable. A lot of X509... structures are
now opaque, but there is no access neither memory management functions.
I hop that soon will be provide
Hi,
Currently access to engine member is available for some keys:
$ grep -r get0_engine include/
include/openssl/dh.h:ENGINE *DH_get0_engine(DH *d);
include/openssl/dsa.h:ENGINE *DSA_get0_engine(DSA *d);
include/openssl/rsa.h:ENGINE *RSA_get0_engine(RSA *r);
Please add function for EC_KEY.
If
Hi
With current master "corrupted double-linked list" disappear but error
still exist, see below
Roumen Petrov wrote:
[SNIP]
Stack trace
*** Error in '/apps/openssl': corrupted double-linked list:
0x006de730 ***
^C
Program received signal SIGINT, Interrupt.
0
Hi,
Please see attached file
0003-build-with-defined-ENGINE_REF_COUNT_DEBUG.patch .
If ENGINE_REF_COUNT_DEBUG is defined build fail. Proposed patch resolve
issue.
Regards,
Roumen
>From 3db4a9eb01f6caf1c59c50d8f6a3f6ec73cc71df Mon Sep 17 00:00:00 2001
From: Roumen Petrov
Date: Sun, 13
Hello ,
Issue 4436 report only ECDSA_SIG_get0 but DSA is the same.
Perhaps DSA_SIG_get0 could use constant signature pointer.
Stephen Henson via RT wrote:
Fixed now. Closing ticket.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see:http
Hi Matt,
Matt Caswell wrote:
Hi Roumen
On 10/03/16 22:21, Roumen Petrov wrote:
Hello,
With new thread model in some configurations openssl hands on unload of
engine.
I just pushed commit 773fd0bad4 to master which should hopefully resolve
this issue.
It seems to me hang is resolved after
xit () from /lib64/libc.so.6
#11 0x0041cf5d in main (argc=, argv=out>) at apps/openssl.c:361
(gdb)
My build is based on commit 603358de576217812cb3d752e97c78e476cdc879
-plus remaining modifications from issue "#4207 engine key format in 1.1"
Regards,
Roumen Petrov
Roumen Petr
Hello ,
It seems to me unified build system work quite well with simultaneous
build jobs.
I would like to report a minor issue - I have to run make 3 times until
all decencies are resolved. Second make rebuild about 450 items. Third
time only speed is rebuild.
The build is in a clean source tr
Brad House wrote:
It appears OpenSSL 1.0.2g introduced a regression when attempting to run
'make test' on a fips-enabled build on linux. When compiling without FIPS, the
tests pass as expected. However, with fips turned on, "make test" fails
when trying to use ssl2 it appears. Running 'make t
It is expected DH_free(DH_new()); to leaks memory. Usually XXX method
initialize "extra data".
Sample code is without code that clear library, at least
CRYPTO_cleanup_all_ex_data is missing.
Roumen
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2363
Please log in as guest wit
Hello,
I just finish tests with new initialization methods. Memory detection
tool report a number of memory leaks.
Startup code is:
OPENSSL_init_crypto(
OPENSSL_INIT_ENGINE_ALL_BUILTIN |
OPENSSL_INIT_ADD_ALL_CIPHERS |
OPENSSL_INIT_ADD_ALL_DIGESTS |
Hello,
The current master branch does not create shared libraries. Attached
patch restore build with gnu tools.
Regards,
Roumen Petrov
>From 2c3d122965a0a6a0b8b2ae3188b7c16658e5a57a Mon Sep 17 00:00:00 2001
From: Roumen Petrov
Date: Tue, 23 Feb 2016 21:34:16 +0200
Subject: [PATCH 13
d=4320
Please log in as guest with password guest if prompted
>From b359b5caf689583b247d825892ccd6dd42474de1 Mon Sep 17 00:00:00 2001
From: Roumen Petrov
Date: Thu, 18 Feb 2016 23:26:43 +0200
Subject: [PATCH 4/4] #4320 OpenSSL 1.1.0-pre3: "unable to load Key" error in
PEM_
Hello,
OPENSSL_config with NULL argument crash in master branch.
Please find attached file with proposed patch.
Regards,
Roumen
>From f6eee9281567e47ae23383c527845cc4a897d195 Mon Sep 17 00:00:00 2001
From: Roumen Petrov
Date: Fri, 12 Feb 2016 22:18:59 +0200
Subject: [PATCH 4/5] OPENSSL_con
Hello,
Function argument is pointer to ENGINE - please find attached patch
Regards,
Roumen Petrov
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4312
Please log in as guest with password guest if prompted
>From 2f2e1f210ec3c8452ecd041604fd14071a4b59ca Mon Sep 17 00:00:00 2
Hello,
Currently opt_next, opt_imax and opt_umax are declared more than once in
apps.h - see attached patch
Roumen
>From 1e44a45a2c38a16ba342355bf92af6f0fc7d15f6 Mon Sep 17 00:00:00 2001
From: Roumen Petrov
Date: Tue, 16 Feb 2016 21:30:27 +0200
Subject: [PATCH 5/5] redundant
Richard Levitte wrote:
That patch just got merged into master, commit
80926502986a97eed53afe1d85fc074e40829547
10x
It seems to me #4296 is second report.
Cheers,
Richard
In message <56b718f3.9070...@roumenpetrov.info> on Sun, 07 Feb 2016 12:14:11 +0200,
Roumen Petrov said:
openssl&
Hello,
With master branch my ssh ocsp tests start to fail again.
The program code call BIO_new_connect("127.0.01") and then parsing of
'name' crash.
Please find attached proposed patch.
Roumen
>From 65f29abcce374e3ceddc93f2854493f1839eb305 Mon Sep 17 00:00:00 2001
Fr
ons.
Regards
Roumen Petrov
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
flag EC_FLAG_FIPS_CHECKED but this flags is not used
in fips enabled openssl build. It seems to me is enough to set flag
ECDSA_FLAG_FIPS_METHOD to allow ECDSA method to work in fips mode.
Regards,
Roumen Petrov
>From 4e2150fb50fc07e1edd38938f3d3c32e8438 Mon Sep 17 00:00:00 2001
From:
Also patches for commands:
- pkey : "0017-pkey-cmd-restore-keys-from-engine.patch"
- req : "0018-req-cmd-restore-keys-from-engine.patch"
>From 0ea1c0b9b600977e93efed4545166ec4ae245bc9 Mon Sep 17 00:00:00 2001
From: Roumen Petrov
Date: Sat, 9 Jan 2016 14:52:14 +0200
Subj
Salz, Rich via RT wrote:
> So you're saying just close this ticket?
>
No. My request is to restore flexible engine command line and optionally
help string.
I only disagree with proposed partial correction for command line.
___
openssl-dev mailing list
Salz, Rich via RT wrote:
> Tweaked, sigh.
> ; ./util/opensslwrap.sh engine - dynamic -pre
> engine: Cannot mix flags and engine names.
> engine: Use -help for summary.
> exit 1
>
If engine name cannot be at any position then please keep it as is. i.e.
at last position. In this ca
Salz, Rich via RT wrote:
> Please see this:
>
> https://github.com/openssl/openssl/compare/master...richsalz:rt4194?expand=1
>
It should fail with openssl engine - dynamic -pre
SO_PATH:/lib/libfoo.so
Help string looks good.
Roumen
___
Rich Salz via RT wrote:
> [SNIP]
> out = dup_bio_out(FORMAT_TEXT);
> - prog = opt_init(argc, argv, engine_options);
> if (!engines || !pre_cmds || !post_cmds)
> goto end;
> + while ((argv1 = argv[1]) != NULL && *argv1 != '-') {
> + sk_OPENSSL_STRING_push(engines, *argv1);
> + argc--;
> + argv++;
>
samples first is engine name then commands.
Just search in internet for samples - expect some recent openssl
tutorial almost all other samples use name before options.
Request is only for engine. It is not for speed command for example.
This is reason to call issue regression.
Regard
8b710caaa96de224384c5f8832 Mon Sep 17 00:00:00 2001
From: Roumen Petrov
Date: Sun, 15 Nov 2015 11:00:00 +0200
Subject: [PATCH 03/15] dgst cmd: restore keys from engine
---
apps/dgst.c | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/apps/dgst.c b/apps/dgst.c
in
eth);
pkey_rsa->engine = eng;
ENGINE_up_ref(eng);
Let me know how to proceed with this request.
Roumen Petrov
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
al API and just
> use the standard crypto_ex_data stuff. Want to make a more complete patch as
> a github pull request? :) Otherwise I'll get to it soon.
>
>From 07ad1979667aeb2ba99a8ed88f679fb684b8cf1c Mon Sep 17 00:00:00 2001
From: Roumen Petrov
Date: Thu, 24 Dec 2015 09:5
EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
current:
X509_CERT_PAIR_it 35341_1_0 NOEXIST::FUNCTION:
X509_CERT_PAIR_it 35341_1_0 NOEXIST::FUNCTION:
Proposed patch removes duplicates.
Regards,
Roumen Petrov
>From 992be79410a3c909f4b1d2f492423aaf2c8a8454 Mon Sep 17 00:00
:00 2001
From: Roumen Petrov
Date: Thu, 3 Dec 2015 23:43:24 +0200
Subject: [PATCH 01/15] __STDC_VERSION__ is not defined for c89 compilers
---
include/openssl/e_os2.h | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/include/openssl/e_os2.h b/include/openssl/e_os2.h
index 236
patch" - note that index
CRYPTO_EX_INDEX is with gap in numbering but I would like patch to be
minimal.
I would like to request external applications to be able to change
method - see attached patch "0009-access-EC_KEY-method-property.patch".
Regards,
Hello,
After modification OPENSSL_strlcpy is declared twice.
Regards,
Roumen
>From 5f5b81e162eae025dcc40a7074a973621c7dac33 Mon Sep 17 00:00:00 2001
From: Roumen Petrov
Date: Mon, 21 Dec 2015 18:45:06 +0200
Subject: [PATCH 02/15] redundant redeclaration of 'OPENSSL_strlcpy'
options. This is regression introduced by new common "
option-parsing".
Also new summary lack information for engine name as command line argument.
Regards,
Roumen Petrov
___
openssl-bugs-mod mailing list
openssl-bugs-...@openssl
Dr. Stephen Henson wrote:
On Sat, Oct 17, 2015, Roumen Petrov wrote:
Hello,
After embed some attributes OCSP in master stop to work.
The current status is the client comment report "Cert Status:
unknown" and "Nonce Verify error" for X.509 certificates used in my
ssh reg
n version to work is
"47c9a1b5096be684c18335137284f0dfcefd12d6 : embed support for ASN1_STRING"
(optionally with "Appease gcc's Wmaybe-uninitialized" if build fail due
to pedantic compiler flags).
First regression is from "af170194a88d6127d447bea826845c23ca192727 :
embed OCSP_CER
structure, may require own set of "get"-methods
It seems to me for attributes name, flags and depth access is complete.
Please finish declaration of X509_VERIFY_PARAM as opaque structure with
definition of "get"-methods.
Regards,
Roumen Petrov
__
Mike Frysinger via RT wrote:
> atm, the windres code in openssl is only usable via the cross-compile prefix
> option unlike all the other build tools. So add support for the standard $RC
> / $WINDRES env vars as well.
> ---
> [SNIP]
> else{
> s/^CC=.*$/CC= $cc/;
>
script.
[SNIP]
OPENSSL_NO_STORE
Also removing the code?
Regards,
Roumen Petrov
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
neline or own set of flags as 'separator' is required.
Pages x509 and X509_NAME_print_ex could be updated to detail that
'separator' flag is required.
Regards,
Roumen Petrov
__
OpenSSL Project
Rich Salz via RT wrote:
> SO_REUSEADDR is done.
It is not activated in ocsp.c .
The rest is fixed in 1.+
[SNIP]
__
OpenSSL Project http://www.openssl.org
Development Mailing List
lookup:unable to get local issuer certificate
2
===
There is extra error with code 20. This may break external applications
with custom verification callback.
For historic reasons exit code of openssl verify command is not used and
to me this is not so important.
Regards,
Roumen Petrov
Hello,
According the current version scheme 1.0.2 retain binary compatibility.
In this case is expected external application linked 1.0.1 to work with
1.0.2 without modification.
It seems to me now FIPS build retain binary but lost functional
compatibility. For instance EVP_dss1 could be use
tion tests cannot be executed as makefile lack suffix for dependent
executables . Please find attached proposed fix
"0001-use-EXE_EXT-in-dependecies.patch.gz" .
Regards,
Roumen Petrov
0001-use-EXE_EXT-in-dependecies.patch.gz
Description: GNU Zip compressed data
0002-use-ULL
Hi,
FIPS enabled build fail at same line.
Brad House wrote:
It appears there is a major regression with OpenSSL 1.0.1d over
1.0.1c. I've narrowed it down to setting a custom cipher
list I think as if I do not set a cipher list, the issue does
not occur.
I have reproduced the issue with the op
Stephen Henson via RT wrote:
> I've finally had time to look into this. Please see if this fixes the issue:
May be is not related, but this engine lack call of
ENGINE_register_pkey_asn1_meths . It seems to me without this
registration initialization is different . If engine configuration is
wit
Stephen Henson via RT wrote:
I've finally had time to look into this. Please see if this fixes the issue:
May be is not related, but this engine lack call of
ENGINE_register_pkey_asn1_meths . It seems to me without this
registration initialization is different . If engine configuration is
wit
Hello OpenSSL developers.
I could not understand "*Check-in [22619]* Reduce version skew" in
openssl 1.0.1 stable branch. May be this version adds some useful
improvements but FIPS build(compile) is broken. I wonder what is policy
to update 1.0.1 "stable" branch.
After remove of #include s
Dr. Stephen Henson wrote:
On Wed, Apr 18, 2012, Erik Tkal wrote:
Any takers? Should I be able to build a FIPS-capable OpenSSL and have some of
the implementation be provided via an ENGINE (e.g. let's say I have a hardware
module to perform AES) but some by the OpenSSL FIPS canister? Or is i
Leandro Santiago via RT wrote:
> I'm trying to compile openssl 1.0.1 (but I also tested the 1.0.0) on
> mingw-w64 (gcc 4.7), but I'm having errors.
> I tested in three configurations: Ubuntu 11.04 32-bit, Kubuntu 11.10
> 64-bit and Windows 7 32-bit having the same errors.
>
> The command line I use
Leandro Santiago via RT wrote:
I'm trying to compile openssl 1.0.1 (but I also tested the 1.0.0) on
mingw-w64 (gcc 4.7), but I'm having errors.
I tested in three configurations: Ubuntu 11.04 32-bit, Kubuntu 11.10
64-bit and Windows 7 32-bit having the same errors.
The command line I used was:
.
request is only for ssh related numbers but obejct.txt could be
updated to list more. As example on page http://www.imc.org
/ietf-pkix/pkix-oid.asn last extended key usage is with number 29.
Regards,
Roumen Petrov
__
OpenS
Kevin Vargo via RT wrote:
> Some minor updates to the openssl.spec: wrapping ifarch around the various
> lib dirs to get the right files in the right places.
>
> See attached diff
>
Configure script and spec are not consistent regarding multilib. It
seems to me spec file should use libdir script
Kevin Vargo via RT wrote:
Some minor updates to the openssl.spec: wrapping ifarch around the various lib
dirs to get the right files in the right places.
See attached diff
Configure script and spec are not consistent regarding multilib. It
seems to me spec file should use libdir script para
Hi Dmitry,
Dmitry Belyavsky wrote:
Greetings!
What is the correct way to get the ENGINESDIR value& It is defined in
opensslconf.h but it is not enough to include opensslconf.h to get it
defined.
Why engine directory for openssl configuration is so important ?
Engine installation may depend f
ould you confirm that during the build GCC 4.6.1 warn user for
bad cast and that application will terminate it code is reached.
I note this on 64-bit platform with gcc 4.5.2 and as Steve suggest I
switch to 0.9.8x fips build.
R
the build GCC 4.6.1 warn user for
bad cast and that application will terminate it code is reached.
I note this on 64-bit platform with gcc 4.5.2 and as Steve suggest I
switch to 0.9.8x fips build.
Regards,
Roumen Petrov
Dr. Stephen Henson wrote:
[SNIP]
Should be fixed now, see:
http://cvs.openssl.org/chngview?cn=22124
to make OpenSSL understand both formats when verifying and:
http://cvs.openssl.org/chngview?cn=22126
to use the same format as older versions of OpenSSL when creating signatures.
10x . I confirm t
Dr. Stephen Henson wrote:
On Wed, Feb 01, 2012, Roumen Petrov wrote:
[SNIP]
Looking into this there is a long standing incompatibility between
various functions that use mdc2 for signatures. Since SSLeay the
function RSA_sign() using mdc2 as an argument uses a DigestInfo
structure whereas
verified only with 1.0.1 and verification fail with earlier version.
Issue with certificates apply to CRLs
Regards,
Roumen Petrov
P.S. high level log with test case failure:
=== entering .../origin+x509-7.1x-0.9.8t/...
... testing with OpenSSL 0.9.8t 18 Jan 2012 ...
testid_rsa-rsa_mdc2.crt
One of recent changes is "Add DTLS-SRTP negotiation from RFC 5764."
After update build fail for HEAD . The simple solution is to move
function declarations from "srtp.h" to "tls1.h"
int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
int SSL_set_tlsext_use_srtp(SSL *ctx,
Hi,
One of the changes is past week is to not enable ... sorry I remove
diffs files and I cannot remember exact change (file, date, etc)...
Result is that now regression test in head fail with :
...:error:04075070:rsa routines:RSA_sign:digest too big for rsa
key:rsa_sign.c:119:
...:error:140
Dmitry Belyavsky wrote:
Greetings!
On Thu, Sep 22, 2011 at 3:00 AM, Roumen Petrov
wrote:
[SNIP]
What is result if register__gost methotds are moved from bind to init ?
Double-free occurs too.
The
openssl speed -engine gost -evp gost89
is successful,
but the
openssl engine gost
Nick Lewis via RT wrote:
> Roumen
>
> Thank you for looking at the patch
[SNIP]
> + if (issuer_num&& (issuer_num< x_num))
>
> Please find a corrected version below
>
> Best Regards
> Nick
>
[SNIP]
With update version i confirm that regression test of a software now
pass with Op
Nick Lewis via RT wrote:
Roumen
Thank you for looking at the patch
[SNIP]
+ if (issuer_num&& (issuer_num< x_num))
Please find a corrected version below
Best Regards
Nick
[SNIP]
With update version i confirm that regression test of a software now
pass with OpenSSL HEAD v
Hi Dmitry,
Dmitry Belyavsky wrote:
Greetings!
During the 1.x version the current scheme of
algorithms providing through engines was implemented.
Debugging our (Cryptocom LTD) engines, I’ve found some troubles in the
way it works, please tell me
where I’m mistaken.
Openssl is configured with s
Nick Lewis via RT wrote:
> The path loop detection in crypto/x509/x509_vfy.c:check_issued() does not
> work correctly for some combinations of ctx->chain, x and issuer. For example
> when the cert x is in the chain at a location other than the top, a path loop
> is incorrectly declared. Also if
Nick Lewis via RT wrote:
The path loop detection in crypto/x509/x509_vfy.c:check_issued() does not work
correctly for some combinations of ctx->chain, x and issuer. For example when
the cert x is in the chain at a location other than the top, a path loop is
incorrectly declared. Also if the ce
Marc Wäckerlin via RT wrote:
> Hi OpenSSL
>
> I managed to Cross Compile OpenSSL on Linux so that I can develop OpenSSL
> applications that run on Windows entireliy inside a Linux build environment.
>
> It even builds the executables and the DLLs on Linux.
>
> Please add my changes to the official
Marc Wäckerlin via RT wrote:
Hi OpenSSL
I managed to Cross Compile OpenSSL on Linux so that I can develop OpenSSL
applications that run on Windows entireliy inside a Linux build environment.
It even builds the executables and the DLLs on Linux.
Please add my changes to the official "Configure
Steve Marquess wrote:
The ongoing effort to obtain a new FIPS 140-2 validation for an OpenSSL
based cryptographic module has committed enough source code to
permit general review and feedback. If you have an interest in this
upcoming validated module please feel free to examine the current resul
Darryl Miles wrote:
Roumen Petrov wrote:
[SNIP]
I have tried using "perl Configure mingw ..." manually but I have not
been able to find a combination that works to produce a usable
Makefile that mingw32-make.exe (a version of GNU Make) can use.
May be issue is to find working versio
Darryl Miles wrote:
[SNIP]
Tried using:
ms\mingw32.bat
[SNIP]
Try with ./Configure mingw .
Roumen
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Andrey Kulikov via RT wrote:
Hello,
Please find file attached: server_cert_from_engine4.patch
This is a patch to allow loading server SSL certificate by ENGINE.
[SNIP]
After applying this patch s_server will accept "-certform ENGINE" option.
This patch supplied by Stonesoft Corporation, who g
Andrey Kulikov via RT wrote:
> Hello,
>
> Please find file attached: server_cert_from_engine4.patch
> This is a patch to allow loading server SSL certificate by ENGINE.
>
> [SNIP]
>
> After applying this patch s_server will accept "-certform ENGINE" option.
>
> This patch supplied by Stonesoft Corp
See attached file with patch for openssl dsa command: print
-pubin/-pubout options.
Also -engine flags is moved at same position as for rsa command.
Roumen
Index: apps/dsa.c
===
RCS file: /work/repo/mirror/openssl/openssl/apps/dsa.c
Obsolete code prevent dsa command to use keys stored into engine.
The attached patch remove open of input file and left all to load_xxx
functions.
See for reference rsa command that work fine.
Roumen
Index: apps/dsa.c
===
RCS file:
Dr. Stephen Henson wrote:
> [snip]
> I've updated the sources so they are now avaiable outside FIPS mode.
>
> Steve.
>
10x solved, please close.
Roumen
__
OpenSSL Project http://www.openssl.or
Stephen Henson via RT wrote:
[open...@roumenpetrov.info - Thu Feb 03 16:36:58 2011]:
The mingw cross-build of current HEAD(2011-01-31) fail :
WARNING: mkdef.pl doesn't know the following algorithms:
NEXTPROTONEG
Creating library file: libcrypto.dll.a
Cannot export FIPS_dh_free: symbol
The mingw cross-build of current HEAD(2011-01-31) fail :
WARNING: mkdef.pl doesn't know the following algorithms:
NEXTPROTONEG
Creating library file: libcrypto.dll.a
Cannot export FIPS_dh_free: symbol not defined
.
Cannot export RSA_X931_generate_key_ex: symbol not defined
collect2: ld
Hello All,
The OpenSSL "STORE" is marked as experimental in 1.x branches but it is
installed in 0.9.8x.
So what is the real status ?
Roumen
__
OpenSSL Project http://www.openssl.org
Developme
1 - 100 of 168 matches
Mail list logo
