Hi, All!
Does openssl have an API to load certificate from engine module.
I've found ENGINE_load_private_key and ENGINE_load_public_key functions,
but they both return EVP_PKEY, not X509.
Problem is: There is hardware crypto device, say smartcard, which is
able to store both private key and
On 2007.03.09 at 09:09:44 +0800, ?? ?? wrote:
Hi,
I'm learning OpenSSL.
Now, I have some questions about OpenSSL that is:
1. Can I compile openssl-0.9.8e directly under microsoft windows
VC++ environment? How to do that?
You can. But if you are not familiar with
On 2007.04.19 at 11:59:39 -0700, David Schwartz wrote:
This is not nearly as simple as you might think. Are 'foo.txt' and 'Foo.txt'
the same file? What about 'directory/file.txt' and 'symlink/file.txt'?
I don't see how you can do this without making assumptions about the
semantics of the
On 2007.04.20 at 11:57:35 -0700, David Schwartz wrote:
On 2007.04.19 at 11:59:39 -0700, David Schwartz wrote:
This is not nearly as simple as you might think. Are 'foo.txt'
and 'Foo.txt' the same file? What about 'directory/file.txt' and
'symlink/file.txt'?
I don't see how you
On 2007.04.25 at 01:55:23 -0700, David Schwartz wrote:
For example, if we are running under Unix-style kernel, we can make
stat calls on both files. And if both st_dev and st_ino fields of
the resulting stat structures are same, we should consider files same.
Why? Suppose the
On 2007.05.16 at 14:20:45 +0200, Stephen Henson via RT wrote:
I've attempted to reuse the header files in s_client.c which have used
similar select() functionality for quite a while.
If this still doesn't work properly on all systems I'd suggest using
something similar to s_client.c,
On 2007.05.16 at 12:35:37 -0700, [EMAIL PROTECTED] wrote:
I'm running OpenSSL 0.9.8e. If I set up an ECDSA verify with
EC_KEY_new_by_curve_name(NID_X9_62_prime256v1) and call ECDSA_do_verify
with dgst (first arg) an array of all zeros and dgst=1 (second arg), the
call fails with
On 2007.05.19 at 20:20:14 +0200, Andy Polyakov via RT wrote:
In the revision 1.9 of file x86cpuid.pl there appeared block with
some setne instructions:
These instructions are translated under Solaris x86 into
setneb assembler instruction which causes Illegal mnemonic error with
On 2007.10.26 at 14:06:37 +0200, Dr. Stephen Henson wrote:
OpenSSL CVS Repository
http://cvs.openssl.org/
Modified files:
openssl CHANGES
openssl/appss_client.c
openssl/crypto/dsa dsa_pmeth.c
openssl/crypto/evp evp.h pmeth_fn.c
Static build of OpenSSL is still default one, even in 0.9.9 snapshots.
However, engine dynamic is built into it, and makes it possible to
load engine modules even into statically build applications.
However, engine API of OpenSSL requires any engine to call some
functions of libcrypto, such as
Hi there,
Is there somebody involved in development of mod_ssl module for Apache?
Question is - since support for GOST cryptography is added to OpenSSL
0.9.9, we are now going to implement support of GOST ciphersuites in the
Apache (because https is most frequent use of TLS with national
I was asked by one user if we are planning to provide PKCS#11 module,
based on OpenSSL (it was in the context of adding GOST algorithms
support to the Mozilla-based software).
I doubt is this solution is technically feasable.
As far as I know, most people do it other way around - write
On 2007.11.19 at 20:46:36 +1000, Peter Waltenberg wrote:
There are some things that are quite hard problems doing it the other way
round. FIPS certification with the OpenSSL engine plugin active is probably
the worst.
With PKCS#11 on top of OpenSSL you have an industry standard API, which
On 2007.11.19 at 14:51:16 -0600, Steven Bade wrote:
OpenCryptoki's Soft token based on openssl, was never intended to be a
FIPS capable function, its simply intended to be an example for those
who might wish to
a) test PKCS#11 applications without having to have a card
It is what I need.
On 2008.01.07 at 23:05:09 -0500, Thor Lancelot Simon wrote:
The engine interface operates at too low a layer to directly accellerate
HMAC. This is unfortunate since it means even on hosts with crypto
hardware that can do HMAC quite fast, it ends up using raw digest operations
and being
On 2008.05.13 at 22:10:12 +0300, Roumen Petrov wrote:
Shared build of OpenSSL for Windows platform involves executing of
file util/mkdef.pl to creates .def file for each shared library.
This file specifies what symbols are exported from the library.
Script mkdef.pl expects to receive some
On 2008.12.19 at 14:03:46 -0500, Patrick Patterson wrote:
Ok - if you are asking if there is a generic crypto layer in Linux - the
answer is no. Today, there is a mix of applications that use their own crypto
(eg: parts of KDE, Java, others), applications that use OpenSSL (Apache,
Postfix,
Recently I've discovered problem with our automated test script, which
creates several certificates using openssl ca command.
Script used to create two certificates with identical distinguished
name, but different public key algorithms (which seems to be a situation
which can occur in real world)
I've investigated lacks of documentation in the current OpenSSL
snapshot.
Method of investigation is quite simple
1. Run util/extract-names.pl on the all pod files in the doc/crypto and
doc/ssl and produce sorted list of all function names referenced in the
NAME sections.
2. Take lists of
I've investigated lacks of documentation in the current OpenSSL
snapshot.
Method of investigation is quite simple
1. Run util/extract-names.pl on the all pod files in the doc/crypto and
doc/ssl and produce sorted list of all function names referenced in the
NAME sections.
2. Take lists of
On 2009.05.21 at 11:34:12 +0200, Marc Rios Valles wrote:
I'm running the server as is indicated in the openssl web page:
openssl ocsp -index index_file.txt -CA ca-cert.pem -rsigner rsigner_cert
-rkey rsigner_key -port -text -out log.txt
If I send an ocsp petition to the
On 2009.05.27 at 12:16:53 +0530, Ashish Agrawal wrote:
Hi All,
I am luking for OCSP API interface support in openssl, can somebody guide
me to relevant information source or sample code.
Look into the source of ocsp command in openssl source distribution
(apps/ocsp.c). You can also
Documentation for openssl ts command says following:
Timestamp responce generation
...skip...
-policy object_id
The default policy to use for the response unless the client
explicitly requires a particular TSA policy. The OID can be speci-
fied either in dotted notation or
On 2009.05.28 at 10:40:24 -0700, Kyle Hamilton wrote:
default_policy is only mandated if you don't use -policy.
It is not quite clear from the documentation.
It would be much better, if documentation would contain line, quoted
above, than current (Optional)
On 2009.06.04 at 21:31:19 -0400, David Michael wrote:
Hi,
A certain daemon I am building requires root certificates to have
hash links in order to find them. My target OS provides a multi-cert
PEM with just about every common root cert out there, so I prefer to
have the hash links
On 2009.09.22 at 12:13:45 +0200, Ger Hobbelt via RT wrote:
Sorry for late reply; been under the weather lately, healthwise, so
this is my first 'on-line' experience in a while ;-)
As far as the brain is operational again... I'd say the quickest way
to fix this is to wrap the __try/__except
Hi,
I've found out that default lookup method X509_LOOKUP_hash_dir caches
certificates and CRLs very aggressively.
Really, it uses X509_load_cert_file and X509_load_crl_file from
X509_LOOKUP_file method, which always put object into memory cache, and
never frees anything from this cache.
From
On 2009.10.12 at 14:49:23 +0200, Dr. Stephen Henson wrote:
On Mon, Oct 12, 2009, Victor B. Wagner wrote:
BTW, it seems that most applications which actualy use CRLs, such as
Apache, openvpn and stunnel, do implement lookup of certicate in the CRL
in its own code, not relying
On 2009.10.12 at 14:49:23 +0200, Dr. Stephen Henson wrote:
On Mon, Oct 12, 2009, Victor B. Wagner wrote:
BTW, it seems that most applications which actualy use CRLs, such as
Apache, openvpn and stunnel, do implement lookup of certicate in the CRL
in its own code, not relying
On 2009.10.12 at 19:00:30 +0200, Dr. Stephen Henson wrote:
Well we are in the middle of a beta relase cycle so making incompatible
changes and/or major new functionality isn't an option.
Is this (#2) a major new functionality, given that cache field in
X509_CTX is already here and
On 2009.10.13 at 14:12:22 +0200, Dr. Stephen Henson wrote:
On Tue, Oct 13, 2009, Victor B. Wagner wrote:
On 2009.10.12 at 19:00:30 +0200, Dr. Stephen Henson wrote:
Well we are in the middle of a beta relase cycle so making incompatible
changes and/or major new functionality
On 2009.10.13 at 14:30:50 +0200, Dr. Stephen Henson wrote:
On Mon, Oct 12, 2009, Victor B. Wagner wrote:
2. Make X509_LOOKUP_hash_dir lookup method honour cache field in the
X509_STORE structure. (I think that it is better to make this field
a bit mask and interpret constants
On 2009.10.13 at 18:20:12 +0200, Dr. Stephen Henson wrote:
There is some additional logic for CRLs though. In by_dir.c it stores the last
suffix value of a CRL so if you have CRL links:
This logic have to be clearly documented in the X509_LOOKUP_hash_dir
manual page. I'd write what I've
On 2009.10.13 at 15:25:19 +0200, Dr. Stephen Henson wrote:
X509_STORE_CTX, X509_VERIFY_PARAM and X509_LOOKUP_hash_dir/X509_LOOKUP_file
documents would follow.
OK thanks. I'll have a look at that.
I'll add some documentation for X509_VERIFY_PARAM myself when I have time (I'm
more
On 2009.10.15 at 22:02:54 +0200, Roumen Petrov via RT wrote:
May be is good to document that numbers in hash dir starts from zero.
May be.
But just now I think it is much more important to get ANY documentation
for these functions into CVS.
At least it is quite easy to find out what number
On 2009.10.25 at 00:05:36 +0200, Guenter via RT wrote:
Hi,
I checked with a recent snapshot 1.0.0-stable, and found that although
the openssl commandline supports now sha224, sha256, sha384, and sha512
message digests, it still only prints these:
Message Digest commands (see the `dgst'
Openssl 0.98-dev provides system to implement additional ciphers and
message digest algorithms using dynamically loadable engines,
but doesn't seem to provide equivalent way for digital signature and
key distribution algorithms.
But there are much more digital signature algorithms then DSA and
On 2004.11.09 at 12:36:56 +0100, Nils Larsch wrote:
b) A method which should be stored in the method field of DSA or RSA
structure. There are additional problems concerning the ec_key_st
structure which doesn't contain the method field and which is the same
for two algorithm types -
On 2004.11.10 at 11:40:12 +0100, Nils Larsch wrote:
please have a look at ec_key_meth_st in ec.h and how it's used in
ecdsa_data_st (in ecdsa.h). The type specific key attributes (including
a method pointer) are stored in a kind of derived structure
(ecdsa_data_st).
If you need more
On 2004.11.11 at 13:13:53 +0100, [EMAIL PROTECTED] via RT wrote:
i try to make a dgst of a 40Gb file, but when the openssl binary try to
fopen the file, it's fail ..
i think the problem was the fopen, maybe it's dont use the open (2) with
the option O_LARGEFILE..
can you fix it ?
On 2004.11.16 at 11:17:39 +0100, Nils Larsch wrote:
Hi Victor,
some first short notes:
Victor B. Wagner wrote:
...
--- /home/vitus/src/openssl-SNAP-20041105.orig/apps/req.c2004-11-09
12:35:42.0 +0300
+++ apps/req.c 2004-11-15 14:24:36.0 +0300
@@ -167,9
On 2004.12.04 at 00:45:45 -0500, Geoff Thorpe wrote:
On December 3, 2004 07:30 pm, Dr. Stephen Henson wrote:
On Fri, Dec 03, 2004, Dmitry Belyavsky wrote:
On Fri, 3 Dec 2004, Dmitry Belyavsky wrote:
I have custom dynamically-loaded engine implementing some
non-standard algorithms.
On 2004.12.06 at 15:54:16 +0100, Dr. Stephen Henson wrote:
I doubt its related to the NIDs and OBJ_create(). The NIDs and associated
objects duplicate strings for use in OpenSSLs internal tables and so there
shouldn't be any hanging references when a DLL unloads.
Here is trace of our
On 2005.01.19 at 15:26:25 +0100, Nils Larsch wrote:
Roger Boden wrote:
Hello,
are there any plans to support eliptic curve MQV key agreements in openssl?
afaik no, btw: have a look at [1]
Cheers,
Nils
[1] http://marc.theaimsgroup.com/?l=openssl-usersm=105308047218590w=2
It seems
On 2005.01.19 at 22:50:25 +, Ben Laurie wrote:
Victor B. Wagner wrote:
On 2005.01.19 at 15:26:25 +0100, Nils Larsch wrote:
Roger Boden wrote:
Hello,
It should be obvois next step when we get this infrastructure working.
Why would we want to assist patent holders?
1
On 2005.05.23 at 18:50:44 +0400, eugeny gladkih wrote:
Victor B. Wagner [EMAIL PROTECTED] writes:
I'm testing my application with 0penssl-0.9.8 stable snapshot on several
platforms. And encounter some problems on most architectures except
Linux.
do you have troubles only with 0.9.8
On 2005.05.23 at 17:30:04 +0200, Andy Polyakov wrote:
./config shared zlib no-sse2 -L/usr/local/lib -R/usr/local/lib
uname -a, ld -V, as -V.
Sorry, I' forgot to attach output of make report
OpenSSL self-test report:
OpenSSL version: 0.9.8-beta2-dev
Last change: Add attribute
On 2005.05.23 at 17:30:04 +0200, Andy Polyakov wrote:
Buf if you issue disassemble command at debugger prompt, you should see
that you're in _init and if you follow to failing address you're most
likely to spot mov (%eax),%al, right?
You are right:
Dump of assembler code for function
On 2005.05.25 at 23:53:13 +0200, Andy Polyakov wrote:
I guess it was erroneously omitted in some
newer release. Try to patch your run-time environment by executing
http://www.openssl.org/~appro/values.c and report back. The patch is
designed to work with both old and new GCC releases. A.
I've investigated various ways of building OpenSSL (release 0.9.8) for
Win32 with gcc.
There are at least three ways to do this
1. Using mingw32 compiler (from http://www.mingw.org)
2. Using cygwin compiler with -mno-cygwin switch to create executables
which do not depend on cygwin.dll
3. Using
On 2005.10.13 at 12:42:34 -0700, Howard Chu wrote:
We already build using the mingw32 compiler under msys. I've been a bit
lax about sending back patches lately, but as I recall there were only a
few small tweaks to Configure needed. IMO the Cygwin environment is
worthless; it is several
On 2005.10.13 at 13:27:47 -0700, Howard Chu wrote:
Disregard that comment, I was lost. I don't interchange MSVC / gcc dll's
on the fly. I was just thinking about the import libraries; a
gcc-compiled DLL will work with an MSVC app if it's linked with the
gcc-specific import library, and
On 2005.10.26 at 04:17:21 +0100, upinder singh wrote:
I have newly atrted working on the ssl.I do not know
much about the way it works and its design also.I want
to integrate my own crypto routines with the ssl.
There is a lot of documentation bundled with OpenSSL. Just libcrypto
On 2005.10.26 at 19:37:34 +0100, upinder singh wrote:
2) I have my own C implementation of the AES(rijndael) algo as also of
the SHA-256 hash fn,UMAC,RSA and a PRBG to generate symmetric keys.All
these are software implementations only.
3)I want to plug in these and use
On 2006.09.28 at 23:33:53 +0200, Heiko J Schick wrote:
Hello,
I'm looking into the OpenSSL engine support which was introduced in
OpenSSL version 0.9.6 (or 0.9.7). Is there an official engine
specification or HOWTO available? The only document I have found so
far is [1]. As a first
On 2006.10.17 at 19:40:05 +0200, Alon Bar-Lev wrote:
Hello,
I tried to compile OpenSSL using MinGW on Linux, but I could not do
this.
I've tried to modify configurations, converting ms/mingw.bat to
ms/mingw.sh, removing the translation of / into \, and more...
Before I making too much
On 2006.10.20 at 08:44:14 +0200, Andy Polyakov wrote:
Before I making too much modifications,
Have anyone succeeded in doing so?
I do it routinely.
1. Modify Configure script, adding target
mingw-cross
(this all should go into one line)
mingw-cross, i586-mingw32msvc-gcc:-mno-cygwin
On 2006.10.20 at 12:05:11 +0400, Victor B. Wagner wrote:
Can you test if './Configure mingw' followed by 'make
CC=i586-mingw32msvc-gcc RANLIB=i586-mingw32msvc-ranlib' works? I mean
It seems to work. Although when I start make test on real win32 system
Oh, it was with our modified
On 2006.10.20 at 10:56:35 +0200, Andy Polyakov wrote:
It is not perfect to, because it assumes that if one uses mingw32
target, there is always some Unix emulation environment (i.e. cygwin,
msys or real Unix in case of cross-builds).
As implied earlier I'd actually prefer this, i.e. mingw
On 2006.10.20 at 11:49:39 +0200, Corinna Vinschen wrote:
I'm not an expert on Win32 tcpip history and cannot tell whether it is
problem of my mingw32 runtime headers or something also.
ws2tcpip.h is incompatible with winsock.h since winsock.h is only meant
for supporting old Winsock 1.1
On 2006.10.20 at 13:33:37 +0400, Victor B. Wagner wrote:
NM=i586-mingw32msvc-nm
(i've patched Makefile.shared to support NM overriding),
I get following results:
shared library cryptoeay-0.9.8.dll (why not 0.9.9?) is created,
but it exports no symbols. So build of ssleay-0.9.8.dll fails
On 2006.10.20 at 13:01:01 +0200, Corinna Vinschen wrote:
So, use IPV6 on native windows requires considerable changes anyway?
I wouldn't say it's considerable. Just a tweak to the loading of
getaddrinfo/freeaddrinfo in crypto/bio/b_sock.c, AFAICS.
Implementing of dynamic loading by hand
Now I've managed to cross-compile current CVS tree with
Mingw32 crosscompiler both in static and shared version.
Following changes are needed to the source tree:
1. Configure
1.1. Add -Wl,--export-all to the shared library linker command line
1.2. Add -lws2_32 to list of
On 2006.10.20 at 15:41:35 +0400, Victor B. Wagner wrote:
I was to quick to send previous patch. Two additional changes
are required: changing order of
#include openssl/engine.h
and #include apps.h in apps/apps.c
and order of openssl/rand.h and ../e_os.h in test/randtest.c
Updated patch attached
On 2006.10.20 at 13:01:01 +0200, Corinna Vinschen wrote:
On Oct 20 14:28, Victor B. Wagner wrote:
On 2006.10.20 at 11:49:39 +0200, Corinna Vinschen wrote:
ws2tcpip.h is incompatible with winsock.h since winsock.h is only meant
for supporting old Winsock 1.1 applications. A modern
On 2006.10.20 at 13:51:47 +0200, Andy Polyakov wrote:
Keep in mind that mingw defines _WIN32_WINNT=0x333, i.e. the intention
was to target all NT versions [note that 0x333 actually covers even for
Windows 9x, which has at least all 0x333 stubs, so that application can
actually start]. As
On 2006.10.20 at 14:12:44 +0200, Andy Polyakov wrote:
2. Makefile.shared
Define NM variable to hold name of nm program (which also differs
from just nm when cross-compiling)
Replace explicit call to nm by reference to this variable.
Haven't you yourself mentioned
On 2006.10.20 at 12:05:11 +0400, Victor B. Wagner wrote:
Second problem with cross build is that make does certificate
rehash, using freshly compiled c_rehash program. It doesn't lead to make
failure, but it would be nice to be able to redefine c_rehash as well,
and use one from host system
I've tested current CVS state of OpenSSL with mingw32-cross compiler
and found out following:
1. Everything compiles without error
2. make rehash is omitted during build
When testing on real Win32 platform with MSYS installed
1. make rehash is omitted again, but shouldn't.
2. attempt to start
On 2006.10.23 at 11:21:26 +0200, Andy Polyakov wrote:
Care to figure out and tell how to do it with windres and ld? I mean
It is quite simple. When I finish solving current dll name problem
(I.e. manage to do make and make test without manual dll renaming)
i'll do this.
On 2006.10.23 at 13:35:39 +0400, Victor B. Wagner wrote:
I've tested current CVS state of OpenSSL with mingw32-cross compiler
and found out following:
1. Everything compiles without error
2. make rehash is omitted during build
When testing on real Win32 platform with MSYS installed
1
On 2006.10.23 at 11:21:26 +0200, Andy Polyakov wrote:
But there is another problem which Unix-style Configure doesn't solve
now:
dll can include VERSION_INFO resource. Now Configure creates .rc file
only if IsMK1MF is set. I think that if we want to have native Win32
dll, we should
On 2006.10.23 at 13:54:55 +0100, Martin Simmons wrote:
1. DLL name issue is not permanentely settled. MSVC build creates
libeay32.dll and ssleay32.dll, and Mingw build crypto32.dll and
ssl32.dll. Patch includes code to support this difference, but I'm
not absolutely sure it
On 2006.10.25 at 13:36:11 +0200, Andy Polyakov wrote:
So we have to decide on unified naming convention for both MSC and
mingw. Suggestion is to embed version number into name, but remaining
questions are:
- do we still stick to 8.3 naming?
Really I think that time to forget 8.3 naming
I've encountered following problem with current CVS state of
Openssl-dev:
When I build OpenSSL with MingW32 cross-compiler on Linux and run
make test on various vversions of Windows, on Win2003 server and WinXP
it works, but on Windows 2000 attempt to run OpenSSL.exe or any of test
programs in
I've found that some tests for ccgost engine segfaults on Solaris/Sparc.
Investigation shows that segfault happen wnen i2d_PrivateKey function
calls function, pointed by old_priv_encode field in ASN1_METHOD
structure
This field is commented in the crypto/asn1/asn1/asn1_locl.h as
/* Legacy
Recently, (08-Nov) #ifdef ENGINE_DYNAMIC_SUPPORT
was added around IMPLEMENT_DYNAMIC_BIND function
in engines/ccgost/gost_eng.c (in CVS HEAD)
By default, this macro is not enabled, even if shared option is passed
to configure. This renders compiled shared library unusable, at least
without proper
On 2006.11.14 at 10:59:41 +, Ben Laurie wrote:
cvs log doesn't tell anything but Fix various warnings
If you compile with -Wall -Wmissing-prototypes -Wstrict-prototypes
-Wmissing-declarations -Werror then you'll see the errors I'm fixing.
If people always did that before submitting
On 2006.11.15 at 15:47:40 +1000, Simon McMahon wrote:
Hi,
Using MSVC++ 6.0
I followed all the instructions in install.w32 including:
perl util\mkdef.pl crypto ssl update
to get the things not having numbers assigned error to go away. Then:
ms\do_ms
worked ok. Then:
nmake -f
On 2006.12.22 at 10:21:41 +0100, Nils Larsch via RT wrote:
patch applied, please test a recent snapshot.
Our tests passed, at least on Linux platform.
__
OpenSSL Project http://www.openssl.org
I've encountered following problem yesterday our automated
tests for ccgost engine begin to fail on all x86 platforms, but work
flawlessly on SPARC and AMD64.
Result is same on half of dozen different linux distributions, which use
various 3.x or 4.x versions of gcc and three FreeBSD (4.x, 5.x
On 2006.12.27 at 09:57:30 +0100, Andy Polyakov wrote:
turns to be culprit, then note that there are two code pathes, sse2 and
integer-only, the latter has separate squaring procedure, and we have to
figure out which one fails... To switch off squaring procedure, comment
out 'jz
On 2006.12.27 at 09:57:30 +0100, Andy Polyakov wrote:
line #248 still reads as 'if(0)'. I'll have alook at the code, but there
might be need for test case, so could you provide sequence of commands
to reproduce the problem [or program if it was one].
Here small test programm is attached.
Now tests pass on my workstation. Next morning we'll see results on all
other platforms.
For reference. In order to test integer-only code paths on sse2 capable
system you can run test suite with OPENSSL_ia32cap environment variable
set to 0. In other words it's not necessary to have both
On 2007.01.04 at 16:57:35 +0100, Gisle Vanem wrote:
There is a problem building OpenSSL on a 8+3 filesystem like
DOS due to the files:
engines/ccgost/gost2001.c
engines/ccgost/gost2001_keyx.c
Sorry, when I named files I haven't thought than anybody still use real
DOS with no long names
On 2007.01.05 at 17:11:50 +0100, Gisle Vanem wrote:
Victor B. Wagner [EMAIL PROTECTED] wrote:
It'll be interesting to see if ccgost engine can work at all under DOS -
we never intended it to be used on the platform without dynamic loading,
and OpenSSL doesn't support dynamic loading
We've found out that ccgost Engine doesn't support one of parameter sets
for GOST 28147-89 listed in RFC 4357. Actually S-Boxes for this
parameter set present in gost89.c, but are not linked to appropriate
OID. Attached patch fixes this problem and allows to use
Gost28147_89_TestParamSet
ocsp.c (as of CVS state of May 15), revision 1.42 doesn't compile
for Win32 target either with native MINGW32 or with Linux-hosted
cross-compiler.
Problem is that include file sys/select.h included on line 71,
doesn't exist under Windows.
BTW, this file uses macro OPENSSL_SYS_VMS, but doesn't
In the revision 1.9 of file x86cpuid.pl there appeared block with
some setne instructions:
--
xor(eax,eax);
cpuid ();
xor(eax,eax);
cmp(ebx,0x756e6547); # Genu
setne (LB(eax));
mov(ebp,eax);
cmp
Recently (with commit of Jan 15 2009) MD5 hash function in
X509_NAME_hash was replaced by SHA1.
However local variable to hold computed hash value is still 16 bytes
(when 20 is required).
This causes stack corruption and segmentation faults on some platforms
(detected on Debian Linux 4.0 amd64)
We've found some typos and omissions in the openssl utility documentation
(either builtin messages and pod pages). Following patch fixes some of
these problems. We haven't thoroughly reviewed all the manual pages in
the docs/app, concentrating on those commands which can use GOST
algorithmns via
Hello,
I've found following problem with compilation of OpenSSL on Solaris x86
platform:
I use gcc 3.3 from www.sunfreeware.com, which is configured to use Sun
native assembler.
It seems that Sun assembler doesn't know anything about SSE2
instruction, and compilation of assembler file
Hello.
When trying to build openssl with some cipher algorithms disabled I've
encountered following result:
making all in crypto/engine...
gcc -I.. -I../.. -I../../include -fPIC -DOPENSSL_PIC -DZLIB
-DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN
-DHAVE_DLFCN_H -DL_ENDIAN
Hello,
I've found out that OpenSSL fails to build correctly on FreeBSD
5.3-RELEASE machine, producing cryptic assembler messages.
Further investingation shows that Openssl is configured for
BSD-x86 (a.out) architecture instead of BSD-x86-elf
problem is that elf/a.out test in config looks like
Attempt to build Openssl-0.9.8-stable-SNAP-20050530 on Solaris 8 sparc
using 64-bit mode (solaris64-sparcv9-gcc target) results in error in
RIEMD160 tests.
If test_rmd target is excluded from the tests, all other tests pass
correctly
-- output of make test
../util/shlib_wrap.sh ./rmdtest
On 2005.05.31 at 14:40:46 +0200, Andy Polyakov via RT wrote:
Hello
According to our records, your request has been resolved. If you have any
further questions or concerns, please respond to this message.
Bug 1084 was resolved with following diagnositics
Not OpenSSL problem. Explicitly
openssl s_server command outputs to stdout messages, indicating current
state of server, such as ACCEPT, DONE, ERROR.
When s_server is run interactively, these messages appear on the console
in time, and user can see it.
But, when s_server is run from some other process via pipe, standard
In the current OpenSSL 0.9.9 CVS
EVP_PKEY_asn1_new() function doesn't initialize fields
old_priv_encode and old_priv_decode in the EVP_PKEY_ASN1_METHOD
structure.
This causes segfaults and bus error on Solaris/Sparc due to call to
bogus pointers as functions.
File gost_eng.c contains macros IMPLEMENT_DYNAMIG_BIND_FN
and IMPLEMENT_DYNAMIC_CHECK_FN, which should be expanded when
engine is compiled as shared library, i.e. during default build
of OpenSSL after ./config shared
However, these macros are under
#ifdef DYNAMIC_ENGINE_SUPPORT, and this macro
I've encountered following problem in OpenSSL 0.9.8d on Linux platform:
When partition where database of my CA resides is full,
Openssl ca command fails without reporting cause of problem.
Output looks like:
openssl ca -config /var/www/openssl-ca//rsa/ca.conf -notext -batch
1 - 100 of 101 matches
Mail list logo
