Re: [openssl-users] calloc vs kssl_calloc

On 09/30/2016 09:29, "Salz, Rich" wrote: > > > Is there something more I should do on this issue?  I recall the > OpenSSL terms of use strongly discouraged people from the US from > helping, due to US export restrictions. > > That's kinda outdated. That didn't answer my

Re: [openssl-users] calloc vs kssl_calloc

On Mon, Sep 26, 2016 at 12:11 PM, Benjamin Kaduk wrote: > On 09/26/2016 11:01 AM, Salz, Rich wrote: > > Kssl_calloc calls openssl_malloc which means the data must be free'd with > openssl_free. And in debug builds any non-free'd data is a leak and reported. > Ton line 875

Re: [openssl-users] calloc vs kssl_calloc

On 09/26/2016 12:11, Benjamin Kaduk wrote: > > On 09/26/2016 11:01 AM, Salz, Rich wrote: > > Kssl_calloc calls openssl_malloc which means the data must be > free'd with openssl_free. And in debug builds any non-free'd data is > a leak and reported. Ton line 875 the data is

[openssl-users] calloc vs kssl_calloc

Hi - In kssl.c around line 747, there's a definition of kssl_calloc. Why, then, on line 875, is there a call to just "calloc" ? Also line 1230,1262, 2058. (This is in openssl-1.0.2j) Thanks. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] integral size mismatch in EVP_DecodeInit

age_header() in ssl\d1_lib.c: the declaration for unsigned char *dtls1_set_message_header() says the second argument is unsigned char mt, but in static void dtls1_set_handshake_header(SSL *s, int htype, unsigned long len) the "int htype" is passed as the second argument. -Geoffrey -- openss

Re: OPENSSL_cleanse()

On Tue, Oct 28, 2014 at 5:16 PM, Wim Lewis w...@omnigroup.com wrote: On Oct 23, 2014, at 10:17 PM, Vladimir Zatsepin vladimir.zatse...@gmail.com wrote: Does somebody know how OPENSSL_cleanse() works? I don't understand what this [17, 63, 0xF] values means. Why such values were chosen?

Re: OpenSSL on arm-elf architecture

On Aug 31, 2014 9:28 PM, Michael Cantrell michael.cantr...@gmail.com wrote: Hi, I'm trying to run OpenSSL on an ARM922T processor running uClinux, and I'm having trouble. I'm able to cross compile the binary and libraries using the manufacturer's toolchain. ./Configure linux-generic32

Re: Advisory on CVE 2014-0195 not listed on main vulnerabilities page

Hi Jakob, Thanks - I think this has now been corrected, the website should sync within an hour or so. Please let me know if you see anything amiss. Cheers, Geoff On Mon, Jun 23, 2014 at 8:15 AM, Jakob Bohm jb-open...@wisemo.com wrote: Dear OpenSSL web page subteam, CVE 2014-0195 is listed

Re: OpenSSL Security Advisory

The redhat podcast with Mark (Cox) probably answers this best; http://bit.ly/Th64oP On Thu, Jun 5, 2014 at 12:04 PM, Juha Saarinen j...@saarinen.org wrote: Hi Steve, That’s quite a few in one go - is this due to greater testing of OpenSSL and more scrutiny of the code by the community?

Re: Platinum Sponsorship by Huawei

at 4:22 PM, Jakob Bohm jb-open...@wisemo.com wrote: On 5/30/2014 12:24 AM, Geoffrey Thorpe wrote: ... The only way to to avoid any political overtones in such a situation (if that really is your intention, because doing the right thing is not an apolitical notion) is to blindly accept all

Re: Platinum Sponsorship by Huawei

I am curious how you would reconcile your two insinuations; 1. that it is a political act to accept donations form a party that has a particular nationality (or with this or that underlying ownership), even if that party does so with explicit knowledge that a fundamental condition of acceptance

Re: Windows CE (VC-CE) Compilation problem !

able to build a hello, world program for WinCE? I remember one issue I had with wcecompat was that the configure script didn't get the include paths right, particularly for paths that included spaces. -Geoffrey On 04/28/2014 08:58, karan.reddy karan.ti...@gmail.com wrote: Hi, I am very new

Re: comment on donations

On 04/11/2014 23:50, Kyle Hamilton aerow...@gmail.com wrote: Teach me to ask a question without reading the entire thread. At what point would the break-even cost make sense to form a non-profit entity? -Kyle H It costs $500-$750 to file for tax-exempt status (501c3); then you have to

Re: comment on donations

On 04/11/2014 14:46, Ted Byers r.ted.by...@gmail.com wrote: And guess what I just found. ;-) Amazon has special discounts for icropayments and nonproft organizations. I do not know if you're a 501(c)3 non-profit, but if you are, then your rate would be 2.2%, along with the $0.30 per

Re: OpenSSL version 1.0.1g fails to link on Win32

Thanks, Thomas; I had found the calls in the crypto/ source files, but I didn't search at the right level to find the #defines. After updating e_os.h, I am now able to compile link the original source code for 1.0.1g. Sorry for the false alarm. On 04/10/2014 03:52, Thomas J. Hruska

Re: OpenSSL version 1.0.1g fails to link on Win32

On 04/10/2014 05:31, Mike Bonnain mikebonn...@gmail.com wrote: Hi Geoffrey, It's defined in e_os.h because it's been deprecated in Win8. Microsoft wants you to use GetVersionEx() or VerifyVersionInfo(). Part of their plot to convince us old-timers that the world is no longer flat

Re: OpenSSL version 1.0.1g fails to link on Win32

Actually, I tried Google, and it split check_winnt into check winnt because I didn't put the quotes around it, and hence found lots of unrelated pages. I had only extracted crypto/ and ssl/ from the source tarball, so my search from Windows Explorer didn't find it. My own fault in both cases.

OpenSSL version 1.0.1g fails to link on Win32

changed it back. This seems to work for me, but I thought I should mention it for other users. -Geoffrey __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl

Re: OpenSSL version 1.0.1g fails to link on Win32

/ and ssl/ I suppose if check_winnt() is in a different directory, that would be my problem (and my fault for not re-running perl Configure). -Geoffrey On 04/09/2014 21:58, Steven Kneizys sknei...@ferrilli.com wrote: I just compiled 32 bit with ntdll.mak with nasm 2.11.02 and Visual Studio

Re: Windows CE (VC-CE) Compilation problem !

I have compiled up to 0.9.8x for Windows CE, using MS Visual C++ 6.0. (The site you mentioned was working with 0.9.8k, I think.) I was unable to compile 1.0.1 for WCE, as I recall I had some issues with FIPS, and I did not spend the time to resolve it. I start with this: perl Configure no-rc5

Re: Openssl build for ce6 on ARM

I was never able to compile any of the 1.x.y series for WinCE; I'm still using the 0.9.8 series. On 05/17/2013 05:50, Abhijit Ray Chaudhury abhijit.ray.chaudh...@gmail.com wrote: Hi, Is there anybody tried Openssl build on wince ce6 ? I am trying to compile openssl-1.0.1-c on ce6 after

Re: Building openssl-1.0.1c

On 06/27/2012 12:13, Alexandru Geana a...@alegen.net wrote: Hello! I keep getting an error while trying to build openssl and am hoping someone can help me with this. I am trying to build on windows with VC++ and the steps that I take are as follows: 1) perl Configure VC-WIN32

closing off the .pem file

I have a pretty simple, probably newbie question. My app works great, no trouble there. But I'm having some trouble with cleanup when I have some test cases. I'm calling SSL_CTX_use_certificate_chain_file(ctx, certificateFile); That works fine. However, at the very end of my test, I want to

RE: closing off the .pem file

Never mind. Stupid user error. Got it. Thanks for anyone who looked. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Greene, Geoffrey N Sent: Thursday, April 21, 2011 12:59 PM To: openssl-users@openssl.org Subject: closing off the .pem file I have

Status of FIPS 1.2

Hello Everyone, Is there any update on when openssl-fips-1.2.0 certification will be complete? Geoff

Problem switching between FIPS and non FIPS mode

Hello, I'm testing with Fips 1.2 and FIPS 1.1.2 and I am having a problem switching between FIPS-mode and non FIPS-mode. I can enable FIPS mode initially using FIPS_mode_set(1) but after that if it's disabled (with FIPS_mode_set(0)) then re-enabled the library fails with a selftest error. We

Problem testing with openssl-fips-test-1.2.0

Hello, I've been testing with the Fips 1.2 drop with no problem. Now I've discovered that I can't switch back and forth between FIPS and non-FIPS mode. We use a FIPS enabled library with a client that must be able to switch between modes. This works with openssl-fips-1.1.1. Is there any way

Creating shared libraries for FIPS compliance

Hey Guys, I'm upgrading a set of shared libraries to be FIPS compliant. I haven't been able to link with the FIPS crypto library on Solaris. Is there any way to build shared libraries with a FIPS crypto library? Thanks, Geoff

RE: RSA Key exchange and FIPS compliance

, Geoffrey wrote: Hello, We use OpenSSL for encryption within our application. I am now enhancing our application to become FIPS compliant. The OpenSSL FIPS Security Policy lists RSA key wrapping and key establishment as non-approved. But the policy states that it is included when 80 to 150

RSA Key exchange and FIPS compliance

Hello, We use OpenSSL for encryption within our application. I am now enhancing our application to become FIPS compliant. The OpenSSL FIPS Security Policy lists RSA key wrapping and key establishment as non-approved. But the policy states that it is included when 80 to 150 bits of encryption

configure --export?

controversial algorighthms: perl Configure no-rc5 no-idea no-ec VC-CE Thanks. -Geoffrey __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org

Re: Can openssl-0.9.8e be compiled and used under microsoft windows?

On 03/09/2007 04:19, LiPing [EMAIL PROTECTED] wrote: Building OpenSSL for Windows CE requires the following external tools: * Microsoft eMbedded Visual C++ 3.0 * wcecompat compatibility library (www.essemer.com.au) * Optionally ceutils for running automated tests (www.essemer.com.au)

Re: Can openssl-0.9.8e be compiled and used under microsoft windows?

So, I have successfully compiled 0.9.8d under Windows CE 2.11 for ARM, MIPS, and SH4 (haven't tried SH3). I'm using them for nPOP/nPOPuk, and e-mail client, so I configured it this way: perl Configure no-rc5 no-idea no-ec VC-CE I would like to make these available for other users, but it

Best way to convert a DER-encoded DN?

Hi there, What's the best way to encoded a DER-encoded DN string to human readable format? Thanks, -g __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL

Re: Best way to convert a DER-encoded DN?

Great -- that's what I gleaned from the documentation, but I wanted to be sure. Thanks, -g Dr. Stephen Henson wrote: On Fri, Sep 10, 2004, Geoffrey Huang wrote: Hi there, What's the best way to encoded a DER-encoded DN string to human readable format? Convert from DER to X509_NAME structure

Re: Intermittent crash in DH_free

Richard Levitte - VMS Whacker wrote: In message [EMAIL PROTECTED] on Mon, 26 Apr 2004 11:56:01 -0700, Geoffrey Huang [EMAIL PROTECTED] said: geoff I'm experiencing an intermittent crash in one of my geoff application's unit tests. When it crashes, it does so at geoff DH_free(). The call stack

Feeling like a moron!!! (Making a passphraseless cert)

come up with the magic set of arguments to openssl to get my cert to work. Feel free to beat me senseless with cluebats. Thanks. geoffrey -- ++ This space intentionally left non-blank

Re: Novell Spam

Here's a procmail recipe that works! :0: * ^From:.*[EMAIL PROTECTED] { :0 ! [EMAIL PROTECTED] } :0: * ^From:.*[EMAIL PROTECTED] /dev/null It also tosses the emails so you don't see them. I've been forwarding the crap back to djohnson most of the day! geoffrey

Re: Sign a certificate request ?

or on its server.crt? Thanks again for all the help. geoffrey +++ Santa Claus, the Tooth Fairy, Windows 2000 ... Some things you just outgrow. ++ Key fingerprint === E8E2 1EC4 6640 1F9A 5A09 0DB6 FC5E BDAA D9CB 6F04 Public key available

Help! I wish for a CA HOWTO ...

* detailed HOWTO would help. Thanks, geoffrey +++ Santa Claus, the Tooth Fairy, Windows 2000 ... Some things you just outgrow. ++ Key fingerprint === E8E2 1EC4 6640 1F9A 5A09 0DB6 FC5E BDAA D9CB 6F04 Public key available upon request

Re: Help! I wish for a CA HOWTO ...

, if you please. Do I need to do anything else to newcert.pem, or can this be installed on the webserver as the certificate? The webserver in question, if this matters, is Website Pro on an NT box --- not mine, happily. Thanks again. geoffrey +++ Santa Claus, the Tooth

RE:

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 26 Aug 1999, Wade L. Scholine wrote: anybody somebody everybody? nobody. - --- When you take that bus ... You get there. ___ public key available upon request. Key fingerprint ===