Markus Friedl wrote:
There could be more problems with other XXX_Init() or similar
functions, so all semantic changes to functions from the 0.9.6 API
should be reconsidered. All such changes could be a threat to existing
applications and break them in subtle ways -- and this must be
Stephen Sprunk wrote:
Can someone help me implement the EVP macros for AES 128-bit CFB and
OFB modes? It's too messy for me to figure out.
I've got non-EVP versions written, but it appears the EVP macros do
their own implementation of the various modes and only call the base
ECB
Markus Friedl wrote:
I think this change is needed if you want EVP_CipherInit() to have a
similar semantic as in OpenSSL 0.9.6.
Index: evp/evp_enc.c
===
RCS file: /cvs/openssl/crypto/evp/evp_enc.c,v
retrieving revision 1.28
Any reason for this:
/* Override the default new methods */
static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
{
if(operation == ASN1_OP_NEW_PRE) {
ECDSA_SIG *sig;
sig = OPENSSL_malloc(sizeof(ECDSA_SIG));
if
Harald Koch wrote:
Please test the 0.9.7-dev snapshots and report any problems that you
found, even if they have been reported before (it's a good reminder
for us), or even better, send us patches!
It used to be possible to call X509_STORE_CTX_init() with a NULL
X509_STORE pointer, in
Bodo Moeller wrote:
On Fri, Feb 15, 2002 at 10:55:13AM +, Ben Laurie wrote:
This fix for err.c is correct.
But evp_test.c should never have called OPENSSL_config() because
OPENSSL_config() uses the configuration file found in an OpenSSL
*installation*. If we want to use a
Ben Laurie wrote:
Hmm. You did this with a different name from me (idx instead of index_)
- isn't that going to be irritating?
I hadn't realised someone else had come across this. It should be
consistent I suppose. Personally I always find variable names with
appended underscores a little
Stephen Sprunk wrote:
Thus spake Richard Levitte - VMS Whacker:
The current state is EAY legacy. His idea was that one should be able
to pick out any of the algorithm directories and create a separate
library for them (the old libdes is actually exactly the same as
crypto/des/).
John Viega wrote:
Additionally, with respect to counter mode, it might be best to
implement external to the EVP proper interface, just like HMAC. There
are a few issues I see that make counter mode a bit different from
other modes:
1) You should be able to insert your own function for
D. K. Smetters wrote:
This is a patch to actually hand the user-supplied argument
into calls to app_verify_callback. It affects the following 5
files:
I've no objections to this patch. As long as there's an argument there
we might as well use it.
There is a way to pass application
[EMAIL PROTECTED] wrote:
levitte 16-Feb-2002 13:17:14
Modified:crypto/objects Tag: OpenSSL_0_9_7-stable obj_dat.h obj_mac.h
obj_mac.num objects.txt
Log:
Adjust the NID names for the AES modes OFB and CFB to contain the number
of feedback bits
Harald Koch wrote:
Are you in the US BTW if so can you resend you patch with a CC: to
[EMAIL PROTECTED]
I'm in Canada...
OK, I've checked in a fix which should do what you want. Let me know of
any problems.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Stephen Sprunk wrote:
Thus spake Dr S N Henson:
Maybe. It would be good to the the CFB and OFB modes working properly in
general for other numbers of bits.
The code for this is trivial; define me an API and I'll write the code
underneath.
Well I was thinking of something almost
Bodo Moeller wrote:
On Sat, Feb 16, 2002 at 11:16:23AM +0100, Richard Levitte - VMS Whacker wrote:
I see no problem adding this patch. Queued.
The problem is that the application callback prototype is incompatibly
changed. Otherwise I would have added the argument instead of simply
alexandru matei wrote:
Hello,
I complied latest snaps (all snaps from 2002) on a Redhat 7.2 system.
Make test finished succesfully. But on trying openssl smime -sign
-encrypt command, it segfaults. The rest of commands (as far as I
tested) are OK.
Can you give me some advice?
I'll
Imran Badr wrote:
Hi,
The keyfile, representing an ecrypted private key, generated by openssl is
ASN.1 type RSAPrivateKey (PKCS#1), ecrypted using DES-EDE3-CBC and then PEM
encoded. Is that right ?
It doesn't have to be triple DES encrypted.
The traditional format involves adding some
Markus Friedl wrote:
This patch is needed for EVP+AES
--- crypto/evp/e_aes.c Sat Feb 16 13:39:53 2002
+++ crypto/evp/e_aes.c Sun Feb 24 16:54:59 2002
@@ -88,6 +88,8 @@
static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv,
Jeffrey Altman wrote:
When compiling an application with OPENSSL_LOAD_CONF defined, the
macro maps to OPENSSL_add_all_algorithms_conf(), which additionally
calls OPENSSL_config(NULL). This will automatically load the
openssl.cnf file for engine configuration. The idea behind all this
Jeffrey Altman wrote:
Where is the openssl.cnf file expected to be found on Windows?
The actual location is now determined by the function
CONF_get1_default_config_file() and the openssl utility will be modified
so everything goes through it.
Currently this follows the same
[EMAIL PROTECTED] wrote:
Hello,
After generating CSR with openssl 0.9.8-dev, 0.9.7-dev or 0.9.6
'asn1dump' says that:
261 023: INTEGER 65537
: }
: }
: }
266 A00: [0]
:
Jeffrey Altman wrote:
Just wondering. What are you compiling with that you are seeing
warnings?
VC++ 6.0 SP1, Kerberos 1.2.3 headers. I couldn't get the Kerberos 1.2.3
distribution to compile under Windows though. Can 1.2.4 sources/binaries
be downloaded from anywhere outside the US?
The
Richard Levitte - VMS Whacker wrote:
From: Jeffrey Altman [EMAIL PROTECTED]
jaltman Just wondering. What are you compiling with that you are seeing
jaltman warnings?
jaltman
jaltman I compile this code without any warnings without these modifications.
On Linux, with the target
James Yonan wrote:
I have an application which creates and destroys many SSL objects using
SSL_new and SSL_free. The SSL objects are bound to memory BIOs rather
than sockets. Here is a brief annotation of the relevent sections of code
(with error checks removed):
ks-ssl = SSL_new
Jeffrey Altman wrote:
Steve:
Which flavor of Kerberos 5 are you using?
Which release?
I have a feeling the reasons that you are I are seeing different
warnings is because the types of the fields in different flavors or
versions are different.
I'm compiling against MIT 1.2.4 which
Jeffrey Altman wrote:
Update on this. I've now got hold of MIT 1.2.4 sources from:
http://non-us.debian.org/debian-non-US/pool/non-US/main/k/krb5
I tested compiling OpenSSL with KRB options under Linux (RHL 6.2) and it
showed no warnings at all (my options are to use the -Wall
Masanori Satake wrote:
I tried parsing the PFX file attached(passphrase:test) using PKCS12_parse()
function.
However I cannot get the right value of DSA private key parameter x.
And I tried executing open-ssl command following
openssl -in target.pfx -out target.key -nocerts -nodes.
I
Michael Bell wrote:
Hi,
I found a bug in openssl ca. If you set authorityKeyIdentifier to
keyid and issuer always then the keyid will be set correctly but the
issuer is wrong.
Example:
Root-CA -- Sub-Level 1 CA -- Sub-Level 2 CA -- User
If I issue a certificate for a user then
Benzy Gabay wrote:
Hi,
I'm trying programmatically to code / decode ASN1 streams.
- Could someone tell me what are the set of API functions that I can
use to code / decode ASN1 streams.
Applications use the i2d/d2i functions to encode or decode data between
memory and C structures
Jeffrey Altman wrote:
To make it very clear, the locations that I'm seeing warnings are:
ssl\kssl.c:
In print_krb5_data() kdata-length is unsigned
In print_krb5_keyblock() keyblk-length is unsigned
In print_krb5_princ() princ-realm.length and
princ-realm.data[i].length are
Michael Bell wrote:
Dr S N Henson schrieb:
Michael Bell wrote:
Hi,
I found a bug in openssl ca. If you set authorityKeyIdentifier to
keyid and issuer always then the keyid will be set correctly but the
issuer is wrong.
Example:
Root-CA -- Sub-Level 1 CA -- Sub
Kiyoshi Watanabe wrote:
Dear All,
I am writing a code to add my private extension. For the extesion id,
where I should look at and add it? Each standard extension has the id
like NID_basic_constraints.
If I want to write this,
ex = X509V3_EXT_conf_nid(NULL,
Robert Joop wrote:
the user cert has the user CA's DN in the issuer DN (CN=User CA) and
the root CA's DN in the authority key identifier DirName (CN=Test-CA
(G4)), see the attached example.
but the user cert's authority key identifier keyid is the user CA
cert's subject key identifier
Masanori Satake wrote:
I tried parsing the PFX file attached(passphrase:test) using PKCS12_parse()
function.
However I cannot get the right value of DSA private key parameter x.
And I tried executing open-ssl command following
openssl -in target.pfx -out target.key -nocerts -nodes.
I
Benzy Gabay wrote:
Dr S N Henson,
First I want to thank you for the answer.
Secondly, you mentioned in your answer that I should use version 0.9.7.
I can't seem to find the 0.9.7 on openssl.org.
where can I get d/l it from?
It hasn't been released yet but you can get development
thomas poindessous wrote:
Hi,
in manpage (version 0.9.6b et version 0.9.7-stable-SNAP-20020317),
there is :
--
int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl);
and
EVP_SealUpdate() and EVP_SealFinal() return 1 for success and 0
Jeffrey Altman wrote:
From: Jeffrey Altman [EMAIL PROTECTED]
jaltman I prefer that des_old.h be compatible with libdes since that apps that
jaltman are built using it assume that the api they were using was constant
jaltman and unchanging.
The way things work now, there is at
Rodney Thayer wrote:
At 09:29 PM 3/21/2002 +, S.Henson wrote:
Is there some particular reason why such applications couldn't use the
EVP layer? An attempt has been made to keep this consistent and to make
any enhancements backwards compatible. In fact some of the more recent
changes
Lutz Jaenicke wrote:
On Fri, Apr 26, 2002 at 12:38:05PM +0200, Robert Joop wrote:
`x509 -noout -text` prints inconsistent output.
... openssl x509 -noout -text -in old.pem | grep Issuer:
Issuer: [EMAIL PROTECTED], CN=CA UCO, O=Universidad de Cordoba, C=ES
... openssl x509
Lewis McCarthy wrote:
Hi,
Evan Carew wrote re: MD4:
Because if it is bundled into a standard package such as this you can
ship source or executable code designed to link to it that will do
things like crack open NT boxes that still use it. Recently, while at
a major bank in the US
Simon Josefsson wrote:
apps/smime.c contain code, documentation seem to be somewhat
nonexisting/unstructured so the source was more useful for me at
least.
I've got some plain text docs for the stuff I originally did for Celo. I
haven't found time to convert to pod yet.
ObPatch: Could
Jeffrey Altman wrote:
I think what he would like is the ability to do what the Microsoft
SSPI does. Instead of OpenSSL being a layer between the I/O channel
and the app, he would like the app to provide all I/O functions and
have OpenSSL provide routines that encode and decode buffers
Sven Heiberg wrote:
Hi!
I'm not sure whether all topics touched describe bugs or not. At least
these are things which seem unnatural to me. Thank you in advance for your
attention and patience.
Sven Heiberg
-
1.
Svenning Sørensen wrote:
I don't think that is quite enough.
If BN_bin2bn returns NULL, there would still be a problem.
Rather, I think you need something like:
if (ret ai-type == V_ASN1_NEG_INTEGER) ret-neg = 1;
Yes I looked at the code too quickly. I thought it exited if 'ret'
Peter Sylvester wrote:
It is my understanding that an i2d function should return the length of the
identifier, length and content octets, and that in the case described below
i2d_ASN1_OBJECT did not. That's all.
Based on Steve's message (which I read after sending my message), this
Peter Sylvester wrote:
Yes thats something I'm considering for the ASN1 revision. Something
like saving the lengths when the length is calculated and then using
them when the stuff is written out.
Maybe one could cache the length in the ASN1 object. As long as any object
is only used
Jeffrey Altman wrote:
I was just attempting to summarize what the original poster was asking
for. I think the primary problem is that there are no example apps
showing how to use the different types of BIOs.
No there isn't much, which is a pity because BIOs are very useful things
and
Alicia da Conceicao wrote:
My contacts at Netscape mentioned that a few CA'a like Versign have
issued new root CA certs that support the new OCSP (Online Cert Status
Protocol), specified in RFC 2560. He also mentioned that OCSP support
will not only be included in future Netscape
Baber Amin wrote:
Need info on the PEM format used by openSSL for keys.
Is it just b64 encoding of der and other pkcs formats or something more? Any
pointers to implementation and/or decoding would be appreciated?
Try reading the docs to the applications, rsa, dsa and pkcs8 they give
Rich Salz wrote:
time_t TSPX_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm,int gmt) {
...
if (strncmp(tm-data,strtime,15) 0)
test -= (time_t)(1 i) ;
This is curious code. It is trying to treat the TIME datatype as
opaque, but then
"Hellan,Kim KHE" wrote:
An ASN1_UTCTIME_get() function is probably exactly what I am looking
for, but the problem is that I can't see that such a function exists?
I have looked everwhere in my OpenSSL 0.9.5a installation, but I
can't find it???
crypto/asn1/a_utctm.c,
Baber Amin wrote:
Thanks, so let me get this straight.
1. openSSL PEM format for importing and exporting keys is a b64 encoding of DER
encoded public and private keys, yes/no.
Yes but "DER encoded public and private keys" doesn't mean much, since
it doesn't specify what structure is
Peter Onion wrote:
I need to check if a certificate is marked for a particular key usage.
I can get the extension and dump (as text) its contents. I've looked at how the
string name for each bit in the extension is found in the function
i2v_ASN1_BIT_STRINGS() but I can't see any
Lutz Jaenicke wrote:
Hi!
As the usual non-blocking question had to be answered again in the last days,
I thought it would be better to provide some man-pages instead of writing
things again and again... (Do I really think this helps? ...)
Well it will be something else for newbies to
Oliver King wrote:
Hi,
We'd like to submit the following patch to OpenSSL, which allows you to
specify the directoryName format for X509v3 extensions such as
subjectAltName, crlDistributionPoints, etc. It parses RFC2253-style
distinguished names, so you can specify something like the
"montinip@libero." wrote:
Hi everybody,
I have a problem: I am developing a project in which I need to use
'special' RSA private keys.
I use RSA_generate_key() to generate the key pair and the I use BN_copy
to modify manually tha value of rsa-d.
If I check with RSA_check_key the test
Richard Levitte - VMS Whacker wrote:
I'm surprised this hasn't been discovered yet. Stephen just
discovered that the default return value (the value returned when a
specific control command is unimplemented) from the BIO *_ctrl()
functions is 0. However, that is also an "OK" value from a
Peter Sylvester wrote:
It seems to me that
SMIMEEncryptionKeyPreference ::= CHOICE {
issuerAndSerialNumber [0] IssuerAndSerialNumber,
receipentKeyId [1] RecipientKeyIdentifier,
subjectAltKeyIdentifier [2] SubjectKeyIdentifier
}
is not supported since d2i_ASN1_TYPE
SCH wrote:
What is the goal of rewriting the ASN1 code?
Will Steve try some ASN1 compiler?
As to my vision, The c code generated by
ASN1 compiler is dirty. Maybe we can write
the ASN1 code in openssl with C++.
I am to build some PKIX stuff with the current ASN1 routines
in Openssl.So
Michael Sierchio wrote:
Dr S N Henson wrote:
One goal is to reduce code bloat. As such I want to avoid any option
that results in lots of code. I'm planning an "intelligent" encoder and
decoder that gets passed a tiny structure describing the ASN1 structure
to encode
Frank Balluffi wrote:
Steve,
If the decoder possesses meta data, it would be nice for the decoder to
report the location and cause of errors. For example, if the third
extension in a certificate contained the illegal object identifier value
1.9.3.4, the decoder could report the
SCH wrote:
To rewrite ASN1 code will change almost everything in openssl.
the current nid--oid definig, the signing ,verifing of RSA and DSA,
then the cert and request management, PKCS5,7,8,12, then the
SSL handshake, the last but necessary, the demos and apps.
I haven't look into the
Bodo Moeller wrote:
On Fri, Sep 22, 2000 at 03:31:06PM +0200, Lutz Jaenicke wrote:
I just tried Postfix/TLS 0.9.6 and found problems with certificate
verification:
0.9.6 returned X509_V_ERR_SUBJECT_ISSUER_MISMATCH on a completely valid
certificate. [...]
Do you use a
Lutz Jaenicke wrote:
Hi!
In verify.c there is an option "-trusted", which is not documented in
verify.pod. I am not sure that I understood all of the source of verify.c,
at least I did not understand what this option is good for :-)
Not much. It supplies a file of trusted certificates
Michael Ströder wrote:
Richard Levitte - VMS Whacker wrote:
X509_NAME_oneline(), it's displayed as "/Email=...". Other products,
like the JDK, seem to name it "/EmailAddress=...". As you can see,
that will create a problem when you try to use the representation used
by one system
zhu qun-ying wrote:
I am actually quite new to the Crypto world, just about 2 months. While reading
Peter Gutmann's article on breaking PKCS#12 formatted file, I am wondering is
the implementation of OpenSSL's PKCS#12 routines subject to the same attack.
What's the most secure format could
zhu qun-ying wrote:
Thank you for your clearence. There are still some information that I want to
know. Is the default setting to PKCS12_create() will be sufficient? Or do I need
to increase the mac_iter and nid_cert ciper to 3DES-CBC?
They should be sufficient. Certificates are usually
nagendra wrote:
Hi,
We're generating a CSR on IIS (win2k). When a certificate is already
installed on IIS, it generates a PKCS#7 certificate renewal request rather
than a PKCS#10 CSR. Furthermore the PEM header in the request is an
invalid PKCS#7 header. As a result none of the openssl
Jean-Marc Desperrier wrote:
Hi,
pkcs#7 DER structures generated by openssl have two header in
BER (infinite length) for the two sequence at the very start of the
encoding.
Is there a good reason for that ?
I have a tool that 's annoyed by this BER encoding and I think it should
not
Frank Balluffi wrote:
I am unable to decode an authority key identifier extension containing a
directory name choice in a Microsoft-Certificate-Server-generated
certificate using OpenSSL's d2i_AUTHORITY_KEYID when d2i_GENERAL_NAMES is
asked to expect the class universal (i.e.,
Frank Balluffi wrote:
Steve,
Attached are:
1. cert.pem: sample certificate (PEM format)
2. cert.der: sample certificate (DER encoded)
3. cert.html: dump of cert.der (in HTML)
4. aki.der: AuthorityKeyIdentifier from sample certificate (DER encoded)
5. aki.html: dump of aki.der
Richard Levitte - VMS Whacker wrote:
I'm trying to make a simple perl script that is capable of parsing
through an ASN.1 module embedded in any document an extracting the
OIDs from it. When I'm done with that, I'll extend it to be able to
parse LDAP schemas entries as in RFC2256. Then
Terje Elde wrote:
* Ulf Moeller ([EMAIL PROTECTED]) [001003 18:01]:
On Tue, Oct 03, 2000, Terje Elde wrote:
Any thoughts around implementing Rijndael in OpenSSL? I assume it's something
that's going to get done at some point in time, but have anyone thought about
who will do it,
Jason Tanner wrote:
I am thinking of using the OpenSSL library for a project I am working on
but have a couple of questions.
Perhaps someone in the know could answer them for me.
1. It would seem that the SSL/TLS library does not include the
Blowfish crypto algorithm when
"Reddie, Steven" wrote:
[Firstly, I'm working with 0.9.5a, but the relevant 0.9.6 source seems to be
unchanged.]
This may be a bigger problem than just my specific case, but here is what
I've found:
We are using BIO_do_handshake() to accept socket connections, which results
in a call
patrick engel wrote:
Hi,
First, thanks for providing an open source
implementation of SSL. The package built with no
problems on my Linux box.
I have been running some bench marks for assymetric
key encryption. Using RSA yeilds some very long
encryption and decryption times.
I'm
Jean-Marc Desperrier wrote:
I have some code that I could use to verify certificate, and that's not
able to do it anymore when compiled with 0.9.6
I traced this to the following line (330) in the file by_dir.c
This line has been changed from 0.9.5 to 0.9.6.
I think the last argument in
Richard Levitte - VMS Whacker wrote:
Actually, that macro mumbo-jumbo should be avoided and we should adopt
a new name standard, but that will also require a lot of work, not
only on our part... Perhaps to version 1?
Or dump the low level APIs...
geoff Thoughts anyone?
Well, apart
Tarik Miller wrote:
Greetings,
I've posted this question to openssl-users and haven't received any
responses so I figured I would try here as well. I've discovered that
when using s_client, I cannot connect to my server using EXP-RC4-MD5 w/
SSLv3 or TLSv1. The minimal server example
Dan Kegel wrote:
I'm doing it; right now, I have a single network thread doing all normal
networking *and* SSL; after I write the load tests that demonstrate
how woefully inadequate that is :-), I'll split that into two threads:
one for doing the SSL accept / connect stuff, and one for
Dan Kegel wrote:
Dr S N Henson wrote:
Dan Kegel wrote:
I'm doing it; right now, I have a single network thread doing all normal
networking *and* SSL; after I write the load tests that demonstrate
how woefully inadequate that is :-), I'll split that into two threads:
one
Richard Levitte - VMS Whacker wrote:
rsalz Also, have you looked at bio/bss_fd.c?
rsalz
rsalz Sure, but the issue is what OpenSSL uses interally, as I hope
rsalz my example showed.
Oh, absolutely. What I wanted to point out is that there is a BIO
that uses file descriptors, which
Geoff Thorpe wrote:
On Tue, 31 Oct 2000, Ben Laurie wrote:
BTW: Right now, all the existing engine implementations typically work
immediately without any "setup" beyond what they work out for themselves
before, during, or after initialisation.
Indeed, but its possible to imagine
Ben Laurie wrote:
Dr S N Henson wrote:
The idea behind this is that a simple engine aware application could
then just call ENGINE_load_config("filename.cnf") and forget about any
other details.
The reason I suggested a handle instead of a filename was so that the
data could
Richard Levitte - VMS Whacker wrote:
I've become irritated enough with some functions not having const used
properly (or at least what appears proper), so I've started working on
bringing better use of const to OpenSSL, as some may already have
noticed.
This may, for a few days, bring
Richard Levitte - VMS Whacker wrote:
And oh, you may not have noticed, but the unconstification carried to
a couple of other places. One of them is in the ASN.1 macros, but if
I understood Stephen right, the new ASN.1 code he's working on will
take away that problem (Stephen, I'd like to
Dr S N Henson wrote:
Now since I've never heard a report of this problem I can only assume
hardly anyone uses this parameter. Fixing the existing code is a very
painful task and the only advice that can be given is don't use that
parameter!
There's another case I've just realised
Does anyone reuse the (type **) parameter to the ASN1 functions and
friends (such as PEM)?
As many of you may know I'm currently revising the OpenSSL code and I'm
seeing what features are used and which should be dumped or fixed. The
parameter is one case where there is a feature which is
Dr S N Henson wrote:
Another general ASN1 question.
The revised OpenSSL ASN1 code will eventually have support for I/O based
operations in addition to the current memory based operations which need
to have the entire structure in memory (tricky if its a 1Gb structure on
tape).
Doing
Rich Salz wrote:
So with that in mind, is there a good reason to try and have this
functionality (but working this time!) in the new ASN1 code or should
any existing structure be freed and a new one freshly allocate?
Are refcounts on the ASN1 objects or higher-level? How do you
Ben Laurie wrote:
[EMAIL PROTECTED] wrote:
/* read in at offset 8, read the EVP_Cipher
* documentation about why */
- i=BIO_read(b-next_bio,(ctx-buf[8]),ENC_BLOCK_SIZE);
+
Dan Kegel wrote:
Dr S N Henson wrote:
The revised OpenSSL ASN1 code will eventually have support for I/O based
operations in addition to the current memory based operations which need
to have the entire structure in memory (tricky if its a 1Gb structure on
tape).
Doing
Ben Laurie wrote:
Dr S N Henson wrote:
Eh? Isn't the IV length the same as the block length?
Nope. Rijndael's biggest IV is 16 bytes, but the biggest block is 32
bytes. I haven't checked why, so if someone wants to enlighten me...
Well they can enlighten me too then. I can't see
Ulf Moeller wrote:
On Tue, Nov 14, 2000, [EMAIL PROTECTED] wrote:
+The BOOLEAN type now takes three values.
Yeah, *that* is progress!
Yes it reminded me of Eric's old signature about a tristate boolean in
Windoze.
Well strictly speaking two values are for DER and the other is only
[EMAIL PROTECTED] wrote:
Hi all,
Can we use OpenSSL to implement security in EPOC32.?
Well there's no public port of OpenSSL to EPOC32 but there are a couple
of problems anyway.
OpenSSL is currently rather large so the result would be larger than
1Mb.
The second is a problem with
Frank Balluffi wrote:
Steve Henson said:
BOOLEAN is an evil thing for the ASN1 code. Its declared as an 'int'.
Every other type is declared as a pointer which is allocated as
required: if it is NULL then the field is omitted (I'll be adding a
check to see if thats allowed at some
Maxim Masiutin wrote:
Hello openssl-dev!
My question is: who is currently in charge of S/MIME implementation
in openssl?
Me probably.
I would also like to implement such neat additions as
draft-ietf-smime-compression, it would be great if we had two
implementations
Geoff Thorpe wrote:
Hi y'all,
Quick question about RSA_new() I wanted to run by interested parties;
namely, RSA_new() does a bunch of initialisations of a new RSA structure
prior to calling the RSA_METHOD's "init()" handler to do any tweaking to
the new RSA structure that it may choose
Geoff Thorpe wrote:
On Sat, 25 Nov 2000, Dr S N Henson wrote:
An application could always use the ex_data callback new_func() to do
the initialization.
Not really, because you'd need to wait until the CRYPTO_EX_DATA structure
had actually been initialised (which is after init() gets
Geoff Thorpe wrote:
Unless I misunderstand the RSA_get_ex_new_index() stuff - calling it to
just get an index from inside the init() handler the first time it happens
(and passing NULL callbacks) and then using CRYPTO_[set|get]_ex_data with
that index should be functionally equivalent to
Deng Rowe wrote:
Hi there,
Are there somebody having noticed this:
struct bio_st/* From /openssl/crypto/bio/bio.h. */
{
..
char *cb_arg; /* Here in the struct BIO, cb_arg is defined as pionter to
char. */
...
};
yet, look at these codes:
/* Form
1 - 100 of 291 matches
Mail list logo
