On 1/16/2012 at 11:31 PM, in message 20120116163148.4f325...@redhat.com,
Tomas Hoger tho...@redhat.com wrote:
On Wed, 11 Jan 2012 21:04:33 -0700 Guan Jun He wrote:
It seems you're trying to address more than just CVE-2011-1473 via
this patch, which results in a fairly large patch. Why
The attached trivial patch adds missing check for load_certs_crls
failure in apps.c. It is applicable to 1.0.0 and 1.0.1 branches.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
diff -up
In some cases when a S/MIME message with broken MIME headers is
processed a NULL dereference in mime_hdr_cmp can happen. The attached
patch guards against this dereference.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
The attached simple patch allows other possible syntaxes of XMPP
starttls headers to be recognized.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
diff -ru openssl-1.0.0d.old/apps/s_client.c
The attached simple patch moves the libraries that are not needed for
dynamic linking to the Libs.private section in the OpenSSL .pc files.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
diff -up
OpenSSL-1.0.1-beta2 build with no-srp option fails because there are
some missing #ifdef OPENSSL_NO_SRP directives in the s_server code. The
attached patch fixes this.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish
I'm writing an OpenSSL client program. It must interoperate with some .NET code
that uses the SslStream classes. The .NET code is correct. If I create a .NET
client it connects correctly. If I run the .NET server on Windows 7 it works
correctly (with .NET client and with C plus OpenSSL client).
On Thu, Feb 9, 2012 at 4:33 PM, Adam Langley a...@google.com wrote:
This is my bad, I didn't realise that s_client had any calls in it.
I'll fix it. (By fixing s_client I think).
Dear Ben, please see attached patch.
Cheers
AGL
patch
Description: Binary data
[xana...@geocities.com - Fri Feb 10 10:54:26 2012]:
I'm writing an OpenSSL client program. It must interoperate with some
.NET code that uses the SslStream classes. The .NET code is
correct. If I create a .NET client it connects correctly. If I run
the .NET server on Windows 7 it
I am experimenting with the OpenSSL FIPS Module 2.0, but am encountering some
difficulty.
I need to perform some RC4 calculations in code that does not need to be FIPS
compliant, even though I want all FIPS ciphers to be performed in FIPS mode.
I'm trying to use the
On Fri, Feb 10, 2012 at 09:39:20AM -0500, Erik Tkal wrote:
I am experimenting with the OpenSSL FIPS Module 2.0, but am encountering some
difficulty.
I need to perform some RC4 calculations in code that does not need to be
FIPS compliant, even though I want all FIPS ciphers to be
Yes, I understand all that; we currently have our own certified FIPS module
that I wired into OpenSSL via the engine APIs. Assuming that the module
boundary is the code in the FIPS canister, I want that module to perform all
FIPS-compliant operations, but still need the outer OpenSSL to
On Fri, Feb 10, 2012 at 10:01:43AM -0500, Erik Tkal wrote:
Yes, I understand all that; we currently have our own certified FIPS module
that I wired into OpenSSL via the engine APIs. Assuming that the module
boundary is the code in the FIPS canister, I want that module to perform all
So I would have to recompile the OpenSSL and link against my version. Would
it be possible in a future version to make SSL3_RT_MAX_EXTRA a runtime-settable
parameter? As it's now it's a constant, but it's used only dynamically (no
static buffer is allocated through it).
I have verified with a new build that I was able to connect WITHOUT forcing the
TLS version. So the changes worked in my tests.
Thanks for the quick turnaround!
-Steve
-Original Message-
From: Stephen Henson via RT [mailto:r...@openssl.org]
Sent: Thursday, February 09, 2012
I'm just saying that there are options to allow this and it just doesn't seem
to work.
#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest
* in FIPS mode */
/* Allow non FIPS cipher in FIPS mode */
#define
On Fri, Feb 10, 2012, Erik Tkal wrote:
I'm just saying that there are options to allow this and it just doesn't seem
to work.
#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW0x0008 /* Allow use of non
FIPS digest
* in FIPS mode */
/*
Hi Steve, thanks. This also seems to be a general issue with setting other
fields in the context, for example to override the key length (even in non-FIPS
mode) you have to initialize the cipher context with the cipher, then set the
fields in the context, then reinitialize it without
So I would have to recompile the OpenSSL and link against my version. Would
it be possible in a future version to make SSL3_RT_MAX_EXTRA a runtime-settable
parameter? As it's now it's a constant, but it's used only dynamically (no
static buffer is allocated through it).
I have verified with a new build that I was able to connect WITHOUT forcing the
TLS version. So the changes worked in my tests.
Thanks for the quick turnaround!
-Steve
-Original Message-
From: Stephen Henson via RT [mailto:r...@openssl.org]
Sent: Thursday, February 09, 2012 10:47 AM
Just go get source code for RC4 and call it directly when you need RC4.
--David
On 2/10/2012 6:39 AM, Erik Tkal wrote:
I am experimenting with the OpenSSL FIPS Module 2.0, but am
encountering some difficulty.
I need to perform some RC4 calculations in code that does not need to
be
On Fri, Feb 10, 2012, Erik Tkal wrote:
Hi Steve, thanks. This also seems to be a general issue with setting other
fields in the context, for example to override the key length (even in
non-FIPS mode) you have to initialize the cipher context with the cipher,
then set the fields in the
On Fri, Feb 10, 2012, Erik Tkal wrote:
I think the following in evp_enc.c at line 123 might work to only clean up
the CTX if you were specifying a cipher and one was already present:
if (cipher)
{
/* Ensure a context left lying around from last time is
Hi.
I'm not a Windows person so bear with me: I'm trying to ensure that some
multi-platform code continues to build and run on Windows, so I'm having to set
up a build environment there too.
I went looking for MASM and found it on MSDN, but when I try to run it, it
complains about the
On Fri, Feb 10, 2012, Philip Prindeville wrote:
Hi.
I'm not a Windows person so bear with me: I'm trying to ensure that some
multi-platform code continues to build and run on Windows, so I'm having to
set up a build environment there too.
I went looking for MASM and found it on MSDN,
25 matches
Mail list logo