Openssl 0.98-dev provides system to implement additional ciphers and
message digest algorithms using dynamically loadable engines,
but doesn't seem to provide equivalent way for digital signature and
key distribution algorithms.
But there are much more digital signature algorithms then DSA and RS
We are developing add-on to OpenSSL in order to support the following
Russian cryptography standards.
GOST 28147-89 symmetric cipher
GOST 34.11-94 digest algorithm
GOST 34.10-94 digital signature
GOST 34.10-2001 digital signature
The engine infrastructure in OpenSSL 0.9.8 provides basic framewor
On 2004.11.07 at 17:55:56 +0100, Dr. Stephen Henson wrote:
> On Wed, Nov 03, 2004, Victor B. Wagner wrote:
>
> >
> > We think that these minimal changes would allow us to add new public
> > key cryptography algorithms into OpenSSL without further modifications
> &
On 2004.11.09 at 12:36:56 +0100, Nils Larsch wrote:
> > b) A method which should be stored in the method field of DSA or RSA
> > structure. There are additional problems concerning the ec_key_st
> > structure which doesn't contain the method field and which is the same
> > for two algorithm ty
On 2004.11.10 at 11:40:12 +0100, Nils Larsch wrote:
> please have a look at ec_key_meth_st in ec.h and how it's used in
> ecdsa_data_st (in ecdsa.h). The type specific key attributes (including
> a method pointer) are stored in a kind of derived structure
> (ecdsa_data_st).
> If you need more info
On 2004.11.11 at 13:13:53 +0100, [EMAIL PROTECTED] via RT wrote:
>
> i try to make a dgst of a 40Gb file, but when the openssl binary try to
> fopen the file, it's fail ..
>
> i think the problem was the fopen, maybe it's dont use the open (2) with
> the option O_LARGEFILE..
>
> can you fix it
On 2004.11.16 at 11:17:39 +0100, Nils Larsch wrote:
> Hi Victor,
>
> some first short notes:
>
> Victor B. Wagner wrote:
> ...
> >--- /home/vitus/src/openssl-SNAP-20041105.orig/apps/req.c2004-11-09
> >12:35:42.0 +0300
> >+++ apps/req.c
On 2004.12.04 at 00:45:45 -0500, Geoff Thorpe wrote:
> On December 3, 2004 07:30 pm, Dr. Stephen Henson wrote:
> > On Fri, Dec 03, 2004, Dmitry Belyavsky wrote:
> > > On Fri, 3 Dec 2004, Dmitry Belyavsky wrote:
> > > > I have custom dynamically-loaded engine implementing some
> > > > non-standard
On 2004.12.06 at 15:54:16 +0100, Dr. Stephen Henson wrote:
>
> I doubt its related to the NIDs and OBJ_create(). The NIDs and associated
> objects duplicate strings for use in OpenSSLs internal tables and so there
> shouldn't be any hanging references when a DLL unloads.
Here is trace of our seg
On 2005.01.19 at 15:26:25 +0100, Nils Larsch wrote:
> Roger Boden wrote:
> >Hello,
> >
> >are there any plans to support eliptic curve MQV key agreements in openssl?
>
> afaik no, btw: have a look at [1]
>
> Cheers,
> Nils
>
> [1] http://marc.theaimsgroup.com/?l=openssl-users&m=105308047218590&
On 2005.01.19 at 22:50:25 +, Ben Laurie wrote:
> Victor B. Wagner wrote:
> >On 2005.01.19 at 15:26:25 +0100, Nils Larsch wrote:
> >
> >
> >>Roger Boden wrote:
> >>
> >>>Hello,
> >It should be obvois next step when we get this infras
On 2008.12.19 at 14:03:46 -0500, Patrick Patterson wrote:
> Ok - if you are asking if there is a generic "crypto" layer in Linux - the
> answer is no. Today, there is a mix of applications that use their own crypto
> (eg: parts of KDE, Java, others), applications that use OpenSSL (Apache,
> Pos
Recently I've discovered problem with our automated test script, which
creates several certificates using openssl ca command.
Script used to create two certificates with identical distinguished
name, but different public key algorithms (which seems to be a situation
which can occur in real world)
I've investigated lacks of documentation in the current OpenSSL
snapshot.
Method of investigation is quite simple
1. Run util/extract-names.pl on the all pod files in the doc/crypto and
doc/ssl and produce sorted list of all function names referenced in the
NAME sections.
2. Take lists of expor
I've investigated lacks of documentation in the current OpenSSL
snapshot.
Method of investigation is quite simple
1. Run util/extract-names.pl on the all pod files in the doc/crypto and
doc/ssl and produce sorted list of all function names referenced in the
NAME sections.
2. Take lists of expor
On 2009.05.21 at 11:34:12 +0200, Marc Rios Valles wrote:
>I'm running the server as is indicated in the openssl web page:
>
>openssl ocsp -index index_file.txt -CA ca-cert.pem -rsigner rsigner_cert
>-rkey rsigner_key -port -text -out log.txt
>
>If I send an ocsp petition to
On 2009.05.22 at 17:45:02 +0530, Ashish Agrawal wrote:
>Hi,
>
>I want to know if openssl does an OCSP validation, i could find the
>utility command but luking for a programming API.
Look into source code of ocsp utility.
__
On 2009.05.27 at 12:16:53 +0530, Ashish Agrawal wrote:
>Hi All,
>
>I am luking for OCSP API interface support in openssl, can somebody guide
>me to relevant information source or sample code.
Look into the source of ocsp command in openssl source distribution
(apps/ocsp.c). You can a
Documentation for openssl ts command says following:
>Timestamp responce generation
>...skip...
>-policy object_id
> The default policy to use for the response unless the client
> explicitly requires a particular TSA policy. The OID can be speci-
> fied either in dotted notation
On 2009.05.28 at 10:40:24 -0700, Kyle Hamilton wrote:
> default_policy is only mandated if you don't use -policy.
It is not quite clear from the documentation.
It would be much better, if documentation would contain line, quoted
above, than current "(Optional)"
>
__
On 2009.06.04 at 21:31:19 -0400, David Michael wrote:
> Hi,
>
> A certain daemon I am building requires root certificates to have
> hash links in order to find them. My target OS provides a multi-cert
> PEM with just about every common root cert out there, so I prefer to
> have the hash links
On 2009.09.22 at 12:13:45 +0200, Ger Hobbelt via RT wrote:
> Sorry for late reply; been under the weather lately, healthwise, so
> this is my first 'on-line' experience in a while ;-)
>
> As far as the brain is operational again... I'd say the quickest way
> to fix this is to wrap the __try/__exc
Hi,
I've found out that default lookup method X509_LOOKUP_hash_dir caches
certificates and CRLs very aggressively.
Really, it uses X509_load_cert_file and X509_load_crl_file from
X509_LOOKUP_file method, which always put object into memory cache, and
never frees anything from this cache.
From s
On 2009.10.12 at 14:49:23 +0200, Dr. Stephen Henson wrote:
> On Mon, Oct 12, 2009, Victor B. Wagner wrote:
>
> >
> > BTW, it seems that most applications which actualy use CRLs, such as
> > Apache, openvpn and stunnel, do implement lookup of certicate in the CRL
> >
On 2009.10.12 at 14:49:23 +0200, Dr. Stephen Henson wrote:
> On Mon, Oct 12, 2009, Victor B. Wagner wrote:
>
> >
> > BTW, it seems that most applications which actualy use CRLs, such as
> > Apache, openvpn and stunnel, do implement lookup of certicate in the CRL
> >
On 2009.10.12 at 19:00:30 +0200, Dr. Stephen Henson wrote:
>
> Well we are in the middle of a beta relase cycle so making incompatible
> changes and/or major new functionality isn't an option.
Is this (#2) a major new functionality, given that cache field in
X509_CTX is already here and applica
On 2009.10.13 at 14:12:22 +0200, Dr. Stephen Henson wrote:
> On Tue, Oct 13, 2009, Victor B. Wagner wrote:
>
> > On 2009.10.12 at 19:00:30 +0200, Dr. Stephen Henson wrote:
> >
> > >
> > > Well we are in the middle of a beta relase cycle so making incompa
On 2009.10.13 at 14:30:50 +0200, Dr. Stephen Henson wrote:
> On Mon, Oct 12, 2009, Victor B. Wagner wrote:
>
> >
> > 2. Make X509_LOOKUP_hash_dir lookup method honour cache field in the
> > X509_STORE structure. (I think that it is better to make this field
>
On 2009.10.13 at 18:20:12 +0200, Dr. Stephen Henson wrote:
>
> There is some additional logic for CRLs though. In by_dir.c it stores the last
> suffix value of a CRL so if you have CRL links:
This logic have to be clearly documented in the X509_LOOKUP_hash_dir
manual page. I'd write what I've le
On 2009.10.13 at 15:25:19 +0200, Dr. Stephen Henson wrote:
> > X509_STORE_CTX, X509_VERIFY_PARAM and X509_LOOKUP_hash_dir/X509_LOOKUP_file
> > documents would follow.
>
> OK thanks. I'll have a look at that.
>
> I'll add some documentation for X509_VERIFY_PARAM myself when I have time (I'm
> mor
On 2009.10.15 at 22:02:54 +0200, Roumen Petrov via RT wrote:
> May be is good to document that numbers in "hash dir" starts from zero.
May be.
But just now I think it is much more important to get ANY documentation
for these functions into CVS.
At least it is quite easy to find out what numbe
On 2009.10.25 at 00:05:36 +0200, Guenter via RT wrote:
> Hi,
> I checked with a recent snapshot 1.0.0-stable, and found that although
> the openssl commandline supports now sha224, sha256, sha384, and sha512
> message digests, it still only prints these:
>
> Message Digest commands (see the `dgst
Hello,
I'm testing my application with 0penssl-0.9.8 stable snapshot on several
platforms. And encounter some problems on most architectures except
Linux.
On Solaris-x86 current
openssl-0.9.8-stable-SNAP-20050523
snapshot segfaults on every operation.
I configure Openssl with
./config shared z
On 2005.05.23 at 18:50:44 +0400, eugeny gladkih wrote:
> "Victor B. Wagner" <[EMAIL PROTECTED]> writes:
>
> > I'm testing my application with 0penssl-0.9.8 stable snapshot on several
> > platforms. And encounter some problems on most architectures except
&
On 2005.05.23 at 17:30:04 +0200, Andy Polyakov wrote:
> >./config shared zlib no-sse2 -L/usr/local/lib -R/usr/local/lib
>
> uname -a, ld -V, as -V.
Sorry, I' forgot to attach output of make report
OpenSSL self-test report:
OpenSSL version: 0.9.8-beta2-dev
Last change: Add attribute funct
On 2005.05.23 at 17:30:04 +0200, Andy Polyakov wrote:
>
> Buf if you issue disassemble command at debugger prompt, you should see
> that you're in _init and if you follow to failing address you're most
> likely to spot mov (%eax),%al, right?
You are right:
Dump of assembler code for function _
On 2005.05.25 at 23:53:13 +0200, Andy Polyakov wrote:
> I guess it was erroneously omitted in some
> newer release. Try to patch your run-time environment by executing
> http://www.openssl.org/~appro/values.c and report back. The patch is
> designed to work with both old and new GCC releases. A
I've investigated various ways of building OpenSSL (release 0.9.8) for
Win32 with gcc.
There are at least three ways to do this
1. Using mingw32 compiler (from http://www.mingw.org)
2. Using cygwin compiler with -mno-cygwin switch to create executables
which do not depend on cygwin.dll
3. Using c
On 2005.10.13 at 12:42:34 -0700, Howard Chu wrote:
>
> We already build using the mingw32 compiler under msys. I've been a bit
> lax about sending back patches lately, but as I recall there were only a
> few small tweaks to Configure needed. IMO the Cygwin environment is
> worthless; it is sev
On 2005.10.13 at 13:27:47 -0700, Howard Chu wrote:
> Disregard that comment, I was lost. I don't interchange MSVC / gcc dll's
> on the fly. I was just thinking about the import libraries; a
> gcc-compiled DLL will work with an MSVC app if it's linked with the
> gcc-specific import library, and
On 2005.10.26 at 04:17:21 +0100, upinder singh wrote:
> I have newly atrted working on the ssl.I do not know
> much about the way it works and its design also.I want
> to integrate my own crypto routines with the ssl.
There is a lot of documentation bundled with OpenSSL. Just libcrypto
documentat
On 2005.10.26 at 19:37:34 +0100, upinder singh wrote:
>
>2) I have my own C implementation of the AES(rijndael) algo as also of
>the SHA-256 hash fn,UMAC,RSA and a PRBG to generate symmetric keys.All
>these are software implementations only.
>
>
>
>3)I want to plug in these and
On 2006.09.28 at 23:33:53 +0200, Heiko J Schick wrote:
> Hello,
>
> I'm looking into the OpenSSL engine support which was introduced in
> OpenSSL version 0.9.6 (or 0.9.7). Is there an official "engine"
> specification or HOWTO available? The only document I have found so
> far is [1]. As a
On 2006.10.17 at 19:40:05 +0200, Alon Bar-Lev wrote:
> Hello,
>
> I tried to compile OpenSSL using MinGW on Linux, but I could not do
> this.
> I've tried to modify configurations, converting ms/mingw.bat to
> ms/mingw.sh, removing the translation of / into \, and more...
>
> Before I making t
On 2006.10.20 at 08:44:14 +0200, Andy Polyakov wrote:
>
> >>Before I making too much modifications,
> >>Have anyone succeeded in doing so?
> >
> >I do it routinely.
> >
> >1. Modify Configure script, adding target
> >mingw-cross
> >(this all should go into one line)
> > "mingw-cross", "i586-ming
On 2006.10.20 at 12:05:11 +0400, Victor B. Wagner wrote:
> > Can you test if './Configure mingw' followed by 'make
> > CC=i586-mingw32msvc-gcc RANLIB=i586-mingw32msvc-ranlib' works? I mean
>
> It seems to work. Although when I start make test on real win3
On 2006.10.20 at 10:56:35 +0200, Andy Polyakov wrote:
> >It is not perfect to, because it assumes that if one uses mingw32
> >target, there is always some Unix emulation environment (i.e. cygwin,
> >msys or real Unix in case of cross-builds).
>
> As implied earlier I'd actually prefer this, i.e. m
On 2006.10.20 at 11:49:39 +0200, Corinna Vinschen wrote:
> > I'm not an expert on Win32 tcpip history and cannot tell whether it is
> > problem of my mingw32 runtime headers or something also.
>
> ws2tcpip.h is incompatible with winsock.h since winsock.h is only meant
> for supporting old Winsock
On 2006.10.20 at 13:33:37 +0400, Victor B. Wagner wrote:
> NM=i586-mingw32msvc-nm
> (i've patched Makefile.shared to support NM overriding),
> I get following results:
>
> shared library cryptoeay-0.9.8.dll (why not 0.9.9?) is created,
> but it exports no symbols. So bu
On 2006.10.20 at 13:01:01 +0200, Corinna Vinschen wrote:
> > So, use IPV6 on native windows requires considerable changes anyway?
>
> I wouldn't say it's considerable. Just a tweak to the loading of
> getaddrinfo/freeaddrinfo in crypto/bio/b_sock.c, AFAICS.
Implementing of dynamic loading by ha
Now I've managed to cross-compile current CVS tree with
Mingw32 crosscompiler both in static and shared version.
Following changes are needed to the source tree:
1. Configure
1.1. Add -Wl,--export-all to the shared library linker command line
1.2. Add -lws2_32 to list of libraries
On 2006.10.20 at 15:41:35 +0400, Victor B. Wagner wrote:
I was to quick to send previous patch. Two additional changes
are required: changing order of
#include
and #include "apps.h" in apps/apps.c
and order of and "../e_os.h" in test/randtest.c
Updated patch attach
On 2006.10.20 at 13:01:01 +0200, Corinna Vinschen wrote:
> On Oct 20 14:28, Victor B. Wagner wrote:
> > On 2006.10.20 at 11:49:39 +0200, Corinna Vinschen wrote:
> > > ws2tcpip.h is incompatible with winsock.h since winsock.h is only meant
> > > for supporting old W
On 2006.10.20 at 13:51:47 +0200, Andy Polyakov wrote:
>
> Keep in mind that mingw defines _WIN32_WINNT=0x333, i.e. the intention
> was to target all NT versions [note that 0x333 actually covers even for
> Windows 9x, which has at least all 0x333 stubs, so that application can
> actually start]
On 2006.10.20 at 14:12:44 +0200, Andy Polyakov wrote:
> >2. Makefile.shared
> > Define NM variable to hold name of nm program (which also differs
> > from just nm when cross-compiling)
> > Replace explicit call to nm by reference to this variable.
>
> Haven't you yourself ment
On 2006.10.20 at 12:05:11 +0400, Victor B. Wagner wrote:
> Second problem with cross build is that make does certificate
> rehash, using freshly compiled c_rehash program. It doesn't lead to make
> failure, but it would be nice to be able to redefine c_rehash as well,
> and
On 2006.10.20 at 15:10:06 +0200, Andy Polyakov wrote:
> I personally have no problems with that, but formally we should ask
> ourselves what is the goal of this effort? To produce *some* .dll or to
> produce *100% compatible replacement* .dll for MSC build? If latter,
> then we have to get .def
I've tested current CVS state of OpenSSL with mingw32-cross compiler
and found out following:
1. Everything compiles without error
2. make rehash is omitted during build
When testing on real Win32 platform with MSYS installed
1. make rehash is omitted again, but shouldn't.
2. attempt to start ve
On 2006.10.23 at 11:21:26 +0200, Andy Polyakov wrote:
>
> Care to figure out and tell how to do it with windres and ld? I mean
It is quite simple. When I finish solving current dll name problem
(I.e. manage to do make and make test without manual dll renaming)
i'll do this.
___
On 2006.10.23 at 13:35:39 +0400, Victor B. Wagner wrote:
> I've tested current CVS state of OpenSSL with mingw32-cross compiler
> and found out following:
>
> 1. Everything compiles without error
> 2. make rehash is omitted during build
>
> When testing on rea
On 2006.10.23 at 11:21:26 +0200, Andy Polyakov wrote:
> >But there is another problem which Unix-style Configure doesn't solve
> >now:
> >
> >dll can include VERSION_INFO resource. Now Configure creates .rc file
> >only if IsMK1MF is set. I think that if we want to have native Win32
> >dll, we sh
On 2006.10.23 at 13:54:55 +0100, Martin Simmons wrote:
> > 1. DLL name issue is not permanentely settled. MSVC build creates
> > libeay32.dll and ssleay32.dll, and Mingw build crypto32.dll and
> > ssl32.dll. Patch includes code to support this difference, but I'm
> > not absolutely su
On 2006.10.25 at 13:36:11 +0200, Andy Polyakov wrote:
> So we have to decide on unified naming convention for both MSC and
> mingw. Suggestion is to embed version number into name, but remaining
> questions are:
>
> - do we still stick to 8.3 naming?
Really I think that time to forget 8.3 nam
I've encountered following problem with current CVS state of
Openssl-dev:
When I build OpenSSL with MingW32 cross-compiler on Linux and run
make test on various vversions of Windows, on Win2003 server and WinXP
it works, but on Windows 2000 attempt to run OpenSSL.exe or any of test
programs in tes
I've found that some tests for ccgost engine segfaults on Solaris/Sparc.
Investigation shows that segfault happen wnen i2d_PrivateKey function
calls function, pointed by old_priv_encode field in ASN1_METHOD
structure
This field is commented in the crypto/asn1/asn1/asn1_locl.h as
/* Legacy function
Recently, (08-Nov) #ifdef ENGINE_DYNAMIC_SUPPORT
was added around IMPLEMENT_DYNAMIC_BIND function
in engines/ccgost/gost_eng.c (in CVS HEAD)
By default, this macro is not enabled, even if shared option is passed
to configure. This renders compiled shared library unusable, at least
without proper i
On 2006.11.14 at 10:59:41 +, Ben Laurie wrote:
> > cvs log doesn't tell anything but "Fix various warnings"
>
> If you compile with -Wall -Wmissing-prototypes -Wstrict-prototypes
> -Wmissing-declarations -Werror then you'll see the errors I'm fixing.
> If people always did that before submi
On 2006.11.15 at 15:47:40 +1000, Simon McMahon wrote:
> Hi,
>
> Using MSVC++ 6.0
>
> I followed all the instructions in install.w32 including:
> > perl util\mkdef.pl crypto ssl update
> to get the "things not having numbers assigned" error to go away. Then:
> > ms\do_ms
> worked ok. Then:
> > n
On 2006.12.22 at 10:21:41 +0100, Nils Larsch via RT wrote:
>
> patch applied, please test a recent snapshot.
Our tests passed, at least on Linux platform.
__
OpenSSL Project http://www.openssl.or
I've encountered following problem yesterday our automated
tests for ccgost engine begin to fail on all x86 platforms, but work
flawlessly on SPARC and AMD64.
Result is same on half of dozen different linux distributions, which use
various 3.x or 4.x versions of gcc and three FreeBSD (4.x, 5.x a
On 2006.12.26 at 20:06:49 +0100, Andy Polyakov wrote:
> >
> >Perhaps ccgost is using the BIGNUM library in a way that other routines
> >don't
> >and that is triggering a problem.
If so, should it be considered bug or feature of ccgost engine?
I.e. if I discover difference between way of using B
On 2006.12.27 at 09:57:30 +0100, Andy Polyakov wrote:
> >
> >>turns to be culprit, then note that there are two code pathes, sse2 and
> >>integer-only, the latter has separate squaring procedure, and we have to
> >>figure out which one fails... To switch off squaring procedure, comment
> >>out
On 2006.12.27 at 09:57:30 +0100, Andy Polyakov wrote:
> line #248 still reads as 'if(0)'. I'll have alook at the code, but there
> might be need for test case, so could you provide sequence of commands
> to reproduce the problem [or program if it was one].
Here small test programm is attached.
Now tests pass on my workstation. Next morning we'll see results on all
other platforms.
> For reference. In order to test integer-only code paths on sse2 capable
> system you can run test suite with OPENSSL_ia32cap environment variable
> set to 0. In other words it's not necessary to have both
On 2007.01.04 at 16:57:35 +0100, Gisle Vanem wrote:
> There is a problem building OpenSSL on a 8+3 filesystem like
> DOS due to the files:
> engines/ccgost/gost2001.c
> engines/ccgost/gost2001_keyx.c
Sorry, when I named files I haven't thought than anybody still use real
DOS with no long names su
On 2007.01.05 at 17:11:50 +0100, Gisle Vanem wrote:
> "Victor B. Wagner" <[EMAIL PROTECTED]> wrote:
>
> >It'll be interesting to see if ccgost engine can work at all under DOS -
> >we never intended it to be used on the platform without dynamic loading,
Hi, All!
Does openssl have an API to load certificate from engine module.
I've found ENGINE_load_private_key and ENGINE_load_public_key functions,
but they both return EVP_PKEY, not X509.
Problem is: There is hardware crypto device, say smartcard, which is
able to store both private key and cert
On 2007.03.09 at 09:09:44 +0800, ?? ?? wrote:
> Hi,
>I'm learning OpenSSL.
>Now, I have some questions about OpenSSL that is:
>1. Can I compile openssl-0.9.8e directly under microsoft windows
> VC++ environment? How to do that?
You can. But if you are not familiar with
On 2007.04.19 at 11:59:39 -0700, David Schwartz wrote:
> This is not nearly as simple as you might think. Are 'foo.txt' and 'Foo.txt'
> the same file? What about 'directory/file.txt' and 'symlink/file.txt'?
>
> I don't see how you can do this without making assumptions about the
> semantics of t
On 2007.04.20 at 11:57:35 -0700, David Schwartz wrote:
>
> > On 2007.04.19 at 11:59:39 -0700, David Schwartz wrote:
> >
> > > This is not nearly as simple as you might think. Are 'foo.txt'
> > and 'Foo.txt' the same file? What about 'directory/file.txt' and
> > 'symlink/file.txt'?
> > >
> > > I d
On 2007.04.25 at 01:55:23 -0700, David Schwartz wrote:
>
> > For example, if we are running under Unix-style kernel, we can make
> > stat calls on both files. And if both st_dev and st_ino fields of
> > the resulting stat structures are same, we should consider files same.
>
> Why? Suppose the f
On 2007.05.16 at 14:20:45 +0200, Stephen Henson via RT wrote:
> I've attempted to reuse the header files in s_client.c which have used
> similar select() functionality for quite a while.
> If this still doesn't work properly on all systems I'd suggest using
> something similar to s_client.c, s_s
On 2007.05.16 at 12:35:37 -0700, [EMAIL PROTECTED] wrote:
>I'm running OpenSSL 0.9.8e. If I set up an ECDSA verify with
>EC_KEY_new_by_curve_name(NID_X9_62_prime256v1) and call ECDSA_do_verify
>with dgst (first arg) an array of all zeros and dgst=1 (second arg), the
>call fails wi
On 2007.05.19 at 20:20:14 +0200, Andy Polyakov via RT wrote:
> > In the revision 1.9 of file x86cpuid.pl there appeared block with
> > some &setne instructions:
> > These instructions are translated under Solaris x86 into
> > setneb assembler instruction which causes "Illegal mnemonic" error with
On 2007.10.26 at 14:06:37 +0200, Dr. Stephen Henson wrote:
> OpenSSL CVS Repository
> http://cvs.openssl.org/
>
> Modified files:
> openssl CHANGES
> openssl/appss_client.c
> openssl/crypto/dsa dsa_pmeth.c
> openssl/crypto/evp evp.h pmet
Static build of OpenSSL is still default one, even in 0.9.9 snapshots.
However, engine "dynamic" is built into it, and makes it possible to
load engine modules even into statically build applications.
However, engine API of OpenSSL requires any engine to call some
functions of libcrypto, such as
>
> Hi there,
>
Is there somebody involved in development of mod_ssl module for Apache?
Question is - since support for GOST cryptography is added to OpenSSL
0.9.9, we are now going to implement support of GOST ciphersuites in the
Apache (because https is most frequent use of TLS with national
I was asked by one user if we are planning to provide PKCS#11 module,
based on OpenSSL (it was in the context of adding GOST algorithms
support to the Mozilla-based software).
I doubt is this solution is technically feasable.
As far as I know, most people do it other way around - write interfaces
On 2007.11.19 at 20:46:36 +1000, Peter Waltenberg wrote:
> There are some things that are "quite hard" problems doing it the other way
> round. FIPS certification with the OpenSSL engine plugin active is probably
> the worst.
> With PKCS#11 on top of OpenSSL you have an "industry standard" API, wh
On 2007.11.19 at 14:51:16 -0600, Steven Bade wrote:
> OpenCryptoki's Soft token based on openssl, was never intended to be a
> FIPS capable function, its simply intended to be an example for those
> who might wish to
> a) test PKCS#11 applications without having to have a card
It is what I need.
On 2008.01.07 at 23:05:09 -0500, Thor Lancelot Simon wrote:
> The engine interface operates at too low a layer to directly accellerate
> HMAC. This is unfortunate since it means even on hosts with crypto
> hardware that can do HMAC quite fast, it ends up using raw digest operations
> and being sl
On 2008.05.13 at 22:10:12 +0300, Roumen Petrov wrote:
>> Shared build of OpenSSL for Windows platform involves executing of
>> file util/mkdef.pl to creates .def file for each shared library.
>> This file specifies what symbols are exported from the library.
>>
>> Script mkdef.pl expects to receiv
Recently (with commit of Jan 15 2009) MD5 hash function in
X509_NAME_hash was replaced by SHA1.
However local variable to hold computed hash value is still 16 bytes
(when 20 is required).
This causes stack corruption and segmentation faults on some platforms
(detected on Debian Linux 4.0 amd64)
We've found some typos and omissions in the openssl utility documentation
(either builtin messages and pod pages). Following patch fixes some of
these problems. We haven't thoroughly reviewed all the manual pages in
the docs/app, concentrating on those commands which can use GOST
algorithmns via c
On 2009.10.13 at 15:25:19 +0200, Dr. Stephen Henson wrote:
> > X509_STORE_CTX, X509_VERIFY_PARAM and X509_LOOKUP_hash_dir/X509_LOOKUP_file
> > documents would follow.
>
> OK thanks. I'll have a look at that.
>
> I'll add some documentation for X509_VERIFY_PARAM myself when I have time (I'm
> mor
We've accidently found out that openssl command line utility doesn't
report correcrly why it is unable to load prviate key.
Investigation shows that error reporting in the load_key function
(in apps/apps.c) which is used by most commands of openssl utility,
is incomplete and inconsistent.
1. Thi
Hello,
I've found following problem with compilation of OpenSSL on Solaris x86
platform:
I use gcc 3.3 from www.sunfreeware.com, which is configured to use Sun
native assembler.
It seems that Sun assembler doesn't know anything about SSE2
instruction, and compilation of assembler file x86cpuid
Hello.
When trying to build openssl with some cipher algorithms disabled I've
encountered following result:
making all in crypto/engine...
gcc -I.. -I../.. -I../../include -fPIC -DOPENSSL_PIC -DZLIB
-DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN
-DHAVE_DLFCN_H -DL_ENDIAN -DTE
Hello,
I've found out that OpenSSL fails to build correctly on FreeBSD
5.3-RELEASE machine, producing cryptic assembler messages.
Further investingation shows that Openssl is configured for
BSD-x86 (a.out) architecture instead of BSD-x86-elf
problem is that elf/a.out test in config looks like
Attempt to build Openssl-0.9.8-stable-SNAP-20050530 on Solaris 8 sparc
using 64-bit mode (solaris64-sparcv9-gcc target) results in error in
RIEMD160 tests.
If test_rmd target is excluded from the tests, all other tests pass
correctly
-- output of make test
../util/shlib_wrap.sh ./rmdtest
error
1 - 100 of 108 matches
Mail list logo