Hi *,
I've got a short question: Is it possible to include macros
'#define EVP_PKEY_get0_EC_KEY(a) ((a)-pkey.eckey)' etc. in
evp.h ?
Regards,
Nils
PS: In case there are no objections, here's a patch:
--- openssl-SNAP-2002/crypto/evp/evp.h Mon Aug 12 11:01:02 2002
+++
Jeffrey Altman via RT wrote:
What is the appropriate size for 'buf' in DSA_size()?
4 bytes is certainly not correct.
Hi Jeffry,
I think it's correct :-)
int DSA_size(const DSA *r)
{
int ret,i;
ASN1_INTEGER bs;
unsigned
Jeffrey Altman wrote:
The code is the same in both 0.9.6- and 0.9.7-beta4. in 0.9.7-b4
there is an assertion added that is being triggered because the buf
size is considered too small. However, tracing through the calls
shows that even with a 160bit input only the first byte is ever
Eric Cronin via RT wrote:
At one point in time, RSA_PKCS1_PADDING was evidently #defined as '11',
the size in bytes of the extra room needed for PKCS1 padding in an RSA
block. In the current CVS version of OpenSSL it is #defined to 1 and
is just used as a selector in switch statements.
Ivan D Nestlerode via RT wrote:
I sent this to openssl-dev previously, but I think it got lost in
the noise there (since it didn't go through rt).
In OpenSSL 0.9.6h, there are a couple of BN_init() bugs in
crypto/dsa/dsa_ossl.c. The BN_init() calls in question are in the functions:
Hi,
would it be possible to implement a slightly more general
X500 name compare in OpenSSL ? Currently OpenSSL accepts only
strings with the same encoding type (i.e. OpenSSL compares
only PRINTABLE with PRINTABLE and not PRINTABLE with T61STRING,
although every PRINTABLE string is also a
Reza Roodsari via RT wrote:
but they add up quickly :-)
Recently I started using a packaged called gSoap
(http://www.cs.fsu.edu/~engelen/soap.html) and using one of their sample
apps I noticed some leaks in it. I verified the memory leaks using purify
and communicated them to Robert van
Daniel Brahneborg via RT wrote:
Hi,
I'm using Valgrind to debug a program that uses the OpenSSL
libraries, and got warnings about uninitialized data in the
function RSA_padding_add_PKCS1_type_2(), on the line with
} while (*p == '\0'); (line 171 in version 0.9.7a). The
following patch
Hi,
I think there is a typo in crypto/asn1/asn1.h: as far as I known
T61STRING == TELETEXSTRING != VIDEOTEXSTRING (at least I conclude
this from the V_ASN1_* definitions in asn1.h), but
B_ASN1_T61STRING != B_ASN1_TELETEXSTRING == VIDEOTEXSTRING (see
patch below).
Regards,
Nils
Index:
Hi,
attached is a small patch to implement a new '-issuer_hash'
option for the 'x509' command. With this patch 'openssl x509
-issuer_hash ...' returns the hash value of the issuer name
(similar to the normal '-hash' option which returns the hash
value of the subject name).
Regards,
Nils
On Friday 15 August 2003 09:13, Leenex Gomes via RT wrote:
Memory leak in DSA_free() call in dsa_lib.c
Version :
openssl-0.9.6c. But the same exists in openssl-0.9.7b
Description :
method_mont_p member of DSA struct is not freed.
That's strange as this should be done by
afaik this code should break the printed dn up into several lines
if it's length exceeds 80 characters ... As this hasn't worked for
quite some time (since revesion 1.8 of this file afaik) and scripts
might already depend on this form of the output I've simply removed
this code (btw:
IMHO compile time options should be placed in the INSTALL file.
However I'not sure if we really want to encourage user to
enable these ciphers ...
Cheers,
Nils
__
OpenSSL Project
agree with your analysis = patch applied to 0.9.8-stable and the cvs head.
Please test a recent snapshot. Thanks !
Cheers,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List
patch applied (slightly modified) to 0.9.8-stable and 0.9.9-dev.
Please test a recent snapshot. Thanks !
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List
patch applied. Thanks !
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL
[EMAIL PROTECTED] via RT wrote:
I tried building OpenSSL 0.9.8e on windows with the no-ssl2 and it still
creates ms\ssleay32.def with the ssl2 and ssl23 functions. From reading
the logs this was supposed to be fixed in both 0.9.7l and 0.9.8 (bug
report 1434).
Am I missing a step or a
Stefan Neis via RT wrote:
Hi,
Any feedback about my problem? Can anybody confirm the
padding bug shown by my sample code (see RT) or can
nobody reproduce it (e.g. because I forgot to mention
that I'm using a static build...)?
openssl doesn't support the type of padding (0x80, 0x00,
Stefan Neis via RT wrote:
Nils Larsch via RT schrieb:
openssl doesn't support the type of padding
(0x80, 0x00, 0x00, ...) you are using
(openssl only supports the padding described
in pkcs7).
In that case, any idea why it does happen to
work with version 0.9.8? Assuming
Hi Dean,
[EMAIL PROTECTED] via RT wrote:
i've added a second patch
http://arctic.org/~dean/crypto/openssl-0.9.8-CVS-bn-sse2-v2.patch -- the
second patch includes run-time detection of SSE2 and selects between two
implementations of bn_mul_add_words so that it can be used in a general
[EMAIL PROTECTED] via RT wrote:
Attached is a patch to add a -issuerhash command to openssl x509
(against 0.9.7c)
It's already implemented (in 0.9.8-dev), see:
http://marc.theaimsgroup.com/?l=openssl-cvsm=105726514415475w=2
(note: in 0.9.8-dev -issuer_hash is used and not -issuerhash).
Btw: As
Michael Schmidt via RT wrote:
Hi,
I think I've encountered a problem with BN_num_bits. I have experienced
that BN_num_bits often returns 1 (sometimes more) bits less than the
actual key size of a BIGNUM. With 2048 bit DH key pairs, I've often seen
2047 bit returned by BN_num_bits
Hi,
I'm interested in views/comments on RSA keys generation.
Namely, testing whether (p-1)(q-1) is relatively prime to e.
It seems both p and q generated are not strong primes
so there might be (a slim) chance for e to divide p-1 or q-1.
However, this check (together with changing e) is
Maxim Masiutin via RT wrote:
Hello,
I was compiling a lightweight version of OpenSSL to utilize ECDSA and ECDH code.
I liked that code very much!
that's nice to hear ;-)
I did use the OPENSSL_NO_ENGINE define.
However, the ECDSA and ECDH files didn't honour this define.
should be fixed in a recent snapshot
Thanks,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
fixed, try a recent snapshot
Thanks,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
Ben recently committed some changes in this direction. Could you
please check if the problem still exists with a recent snapshot.
Cheers,
Nils
__
OpenSSL Project http://www.openssl.org
Development
this feature is implemented in 0.9.8-dev (as -issuer_hash) which
will hopefully released in a not so far away future ;-)
I therefore resolve this ticket.
Cheers,
Nils
__
OpenSSL Project
fixed,
Thanks,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL
since you have posted successfully to openssl-users since then
I close this ticket
Cheers,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List
This should be fixed in 0.9.8 . As we don't want to backport the
necessary changes to 0.9.7 I close this ticket.
Cheers,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List
thanks, I've committed your patch (adding support DER encoded keys) to
0.9.8-dev.
Cheers,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List
thanks, I've fixed the pod file.
Cheers,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
ok, I've corrected the typo.
Thanks,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
this should be fixed in 0.9.8
Cheers,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
fixed in 0.9.8
Cheers,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL
I've committed something similar to 0.9.8, see [1]. Please try a
recent snapshot.
[1] http://marc.theaimsgroup.com/?l=openssl-cvsm=111455472305028w=2
Cheers,
Nils
__
OpenSSL Project
the blinding code in openssl 0.9.8 has been updated to include something
similar. please test a recent snapshot.
Cheers,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List
fixed
Thanks,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL
thanks, should be fixed in a new snapshot.
Cheers,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
I've committed a fix for no-aes, please test a new snapshot.
Thanks,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated
The correct assertion should be
assert((i == BN_BITS2) || (h = (BN_ULONG)1i));
as it should prevent an overflow (the result doesn't fit
into a single BN_ULONG).
Please test a recent snapshot.
Thanks,
Nils
__
OpenSSL
Karim Sharif via RT wrote:
Hello,
I would like to report a memory leak in SSL_connect(). Following code
sample was check for memory leaks
using Purify and show a 13K leak in SSL_connect().
did you read the * I think I've detected a memory leak, is this a bug?
item in the FAQ ?
Didn't
ok, I've committed a fix with which SSL_load_client_CA_file
should clear the error queue on success. Please test a recent
snapshot.
Thanks,
Nils
__
OpenSSL Project http://www.openssl.org
ok, ticket resolved.
Cheers,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
should be fixed. please test a new snapshot.
Thanks,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
should be fixed; please try a new snapshot.
Thanks,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
this should be fixed in 0.9.8 . please test a recent snapshot from
the 0.9.8 branch (or a beta release).
Cheers,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List
see http://www.openssl.org/news/vulnerabilities.html
Cheers,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List
I've updated the FAQ; case resolved.
Thanks,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
patch applied
Thanks,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL
m486 has been replaced with -march=i486; case closed.
thanks,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List
patch applied; please test a recent snapshot
Thanks,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
should be fixed
Thanks,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
this should already by fixed in recent snapshots; case resolved
Thanks,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
thanks for the report. About the make test issue : make test
should now run without a .rnd file on your platform (the error was
caused by problem in rand_unix.c which has been fixed).
Thanks,
Nils
__
OpenSSL Project
The default digest in 0.9.8 and the cvs head is SHA-1
(we didn't change 0.9.7 as we didn't want to break existing
implementations depending on the default digest being MD5).
About SHA-256 etc. : they are included in the soon to
appear 0.9.8.
Cheers,
Nils
thanks, I've applied a slightly modified version of your patch;
case resolved.
Cheers,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List
patch applied
Thanks,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL
committed.
Thanks,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL
should be fixed, please test a recent snapshot
Thanks,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
via RT wrote:
Oops, overlooked the -debug option that prints the Shared ciphers.
Although, if that Shared
ciphers:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:RC4-MD5:RC4-SHA:AE
ectest (with pre-computation) doesn't work when libefence is used
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List
patch applied, ticket resolved
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
Yair Elharrar via RT wrote:
...
diff -ur openssl-0.9.8-stable-SNAP-20050720\crypto\asn1\tasn_new.c
openssl-0.9.8-mod\crypto\asn1\tasn_new.c
--- openssl-0.9.8-stable-SNAP-20050720\crypto\asn1\tasn_new.c Wed May 11
06:45:24 2005
+++ openssl-0.9.8-mod\crypto\asn1\tasn_new.c Wed Jul 20 14:57:44
fixed, please test a new snapshot.
Thanks,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
the tables are now initialized in SSL_library_init() hence making
the lock for load_ciphers unnecessary = case resolved.
Thanks,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing
fixed, please test a recent snapshot.
Thanks,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
[EMAIL PROTECTED] via RT wrote:
Hi
We have ported the openSSL code for our project.We use SSL to
authenticate the users who use FTP to the controller(which is basically
a printer). We have different groups such as developer, user, designer
etc. each will have access permissions
I am
[EMAIL PROTECTED] via RT wrote:
We use DES encryption algorithm.When the user try to add an user with
the password 12345678 ,user couldn't login. So itried printing the DES
decrypted password, it returns junk password. Since it is junk user
couldn't login. Basically we maintain a file which
via RT wrote:
...
On a SuSE 9.0 machine, however, with gcc 3.3.1 and glibc 2.3.2 make
test deadlocks after:
The following command should have some OK's and some failures
There are definitly a few expired certificates
../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs
should be fixed, please test a recent snapshot
Thanks,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
should be fixed, please test a recent snapshot
Thanks,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
fixed
Thanks,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL
hmm, the bug is in your example. AES_ctr128_encrypt() is its own
inverse so applying AES_ctr128_encrypt() twice (we the _same_ key)
should give you the original input = instead of AES_set_decrypt_key()
for the second call use AES_set_encrypt_key() for both function calls.
Cheers,
Nils
should be fixed now, please try a recent snapshot
Thanks for the report,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
fixed,
thanks,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL
fixed in the cvs
Thanks,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
fixed in the cvs
Thanks,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
patch applied.
Thanks,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL
Markus Hardt via RT wrote:
Hi!
The script Configure assumes that darwin-i386 is a big endian
architecture. That's wrong. ;-)
Here is a patch to solve that.
could you please test a recent snapshot from the 0.9.8-stable
branch. This bug should already be fixed.
Cheers,
Nils
Markus Hardt via RT wrote:
Unfortunately, I wasn't able to compile openssl-0.9.8-stable-
SNAP-20060311 at all. Attached you'll find the log make produced.
...
/usr/bin/ld: Undefined symbols:
_X509_STORE_set1_param
_X509_VERIFY_PARAM_free
_ASN1_generate_nconf
...
as these are symbols which
Markus Hardt via RT wrote:
Markus Hardt via RT wrote:
Unfortunately, I wasn't able to compile openssl-0.9.8-stable-
SNAP-20060311 at all. Attached you'll find the log make produced.
...
/usr/bin/ld: Undefined symbols:
_X509_STORE_set1_param
_X509_VERIFY_PARAM_free
_ASN1_generate_nconf
...
as
problem already solved = ticket closed
Cheers,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
[guest - Tue Feb 7 07:16:34 2006]:
Here's the certificate bundle file for reproducing this issue.
using the gcc 3.4.2 on 64 bit Solaris 8 box I could reproduce
your problem. Somewhat strange however is that when I replace
the call to the standard qsort() function in crypto/stack/stack.c
with
fix applied. Please test a recent snapshot.
Thanks,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
ticket closed as it seems to be a bug in the libc.so
and not in openssl
Cheers,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List
has been included in the cvs head = ticket closed
Thanks,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List
this is already fixed in the cvs. Please try a recent snapshot.
Cheers,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
wrote:
I have founded a bug in openssl 0.9.8.a!
when used EVP_des_ede3_cbc algorithm
used
EVP_DecryptInit(KCtx-ctx, KCtx-enc, KCtx-keystr, KCtx-iv);
EVP_DecryptUpdate(KCtx-ctx, pbData, (int *)pdwDataLen, p, len);
EVP_DecryptUpdate(KCtx-ctx, pbData, (int *)pdwDataLen, p, len);
Michael McDougall wrote:
diff -ur openssl-SNAP-20060415/crypto/aes/aes_cfb.c
openssl-SNAP-20060415.changed/crypto/aes/aes_cfb.c
--- openssl-SNAP-20060415/crypto/aes/aes_cfb.c2004-12-30
06:00:14.0 -0500
+++ openssl-SNAP-20060415.changed/crypto/aes/aes_cfb.c
Ulf Moeller via RT wrote:
The certificate encoding is in fact ok:
27168: OBJECT IDENTIFIER qcStatements (1 3 6 1 5 5
7 1 3)
27261: BOOLEAN TRUE
2729 24: OCTET STRING, encapsulates {
2731 22: SEQUENCE {
Joachim Metz via RT wrote:
Hello OpenSSL team,
First I want to compliment you with the good work your doing.
I am currently working on a library that uses OpenSSL MD5 hash
calculation function.
I have found a difference in openssl/md5.h and the MD5_Init manual
page (both 'man
[EMAIL PROTECTED] via RT wrote:
Setting ECDH and ECDSA methods in ENGINE interface does not
work properly. I can not set up ENGINE ECDH and ECDSA methods
as default.
...
should be fixed now, please try a new snapshot.
Thanks for the bug report.
Cheers,
Nils
Andrzej Chmielowiec via RT wrote:
I have tryed to sign sha256 digest using ECDSA_OpenSSL() method and
secp160r1 domain parameters. Unfortunately during this operation
apears an error which sugests that I am trying to sign too long
digest. But in such standards as IEEE 1363-2000 and SEC-1
via RT wrote:
Some X509v3 OIDs from RFC 2459 are currently missing from objects.txt:
* X509v3 Certificate Issuer
* X509v3 Issuing Distribution Point
* X509v3 Subject Directory Attributes
All the other OIDs from the RFC are already included in OpenSSL. The
attached patch introduces
fixed in cvs
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
patch applied.
Thanks,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL
patch applied to 0.9.8-stable and the cvs head.
Thanks,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
patch applied.
Thanks,
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL
1 - 100 of 121 matches
Mail list logo