Greetings!
Here is the patch providing CMS support for ccgost engine.
--
SY, Dmitry Belyavsky
diff -u openssl-1.0.0e_orig/engines/ccgost//gost_ameth.c openssl-1.0.0e/engines/ccgost//gost_ameth.c
--- openssl-1.0.0e_orig/engines/ccgost//gost_ameth.c 2012-02-26 00:04:16.0 +0400
+++
Greetings!
Sorry, the request can't be resolved without changes in openssl core.
The problem occurs with RSA algorythm too.
The patch I have provided in #2744 add the support of the cms command
with ccgost engine, but the problem regarding the command itself is
not fixed.
Thank you!
On Wed,
Greetings!
Sorry, the request can't be resolved without changes in openssl core.
The problem occurs with RSA algorythm too.
The patch I have provided in #2744 add the support of the cms command
with ccgost engine, but the problem regarding the command itself is
not fixed.
Thank you!
On Wed,
[beld...@gmail.com - Wed Feb 29 15:20:51 2012]:
Greetings!
Sorry, the request can't be resolved without changes in openssl core.
The problem occurs with RSA algorythm too.
I'm a bit confused by that comment. I *have* change the OpenSSL core
code using this patch:
Greetings!
Thank you!
What about the patches to ccgost engine (2744 and recently resend
letter first sent in Nov 2011)?
On Wed, Feb 29, 2012 at 6:52 PM, Stephen Henson via RT r...@openssl.org wrote:
[beld...@gmail.com - Wed Feb 29 15:20:51 2012]:
Greetings!
Sorry, the request can't be
Greetings!
Thank you!
What about the patches to ccgost engine (2744 and recently resend
letter first sent in Nov 2011)?
On Wed, Feb 29, 2012 at 6:52 PM, Stephen Henson via RT r...@openssl.org wrote:
[beld...@gmail.com - Wed Feb 29 15:20:51 2012]:
Greetings!
Sorry, the request can't be
-- Forwarded message --
From: Dmitry Belyavsky beld...@gmail.com
Date: Mon, Sep 12, 2011 at 12:51 PM
Subject: GOST engine memory problems
To: r...@openssl.org, openssl-dev@openssl.org
Greetings!
When we load the GOST engine twice (because of misconfiguration or
so), the problems
I think the best way to deal with this is to cope attempts to load the
ENGINE multiple times. This could be treated as a hard error or just
returning a copy of the already loaded ENGINE.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see:
Greetings!
If I implement the patch you describe would it be accepted?
On Wed, Feb 29, 2012 at 10:29 PM, Stephen Henson via RT r...@openssl.org
wrote:
I think the best way to deal with this is to cope attempts to load the
ENGINE multiple times. This could be treated as a hard error or just
Greetings!
If I implement the patch you describe would it be accepted?
On Wed, Feb 29, 2012 at 10:29 PM, Stephen Henson via RT r...@openssl.org
wrote:
I think the best way to deal with this is to cope attempts to load the
ENGINE multiple times. This could be treated as a hard error or just
[beld...@gmail.com - Wed Feb 29 19:41:11 2012]:
Greetings!
If I implement the patch you describe would it be accepted?
Yes. One way is to check with ENGINE_by_id to see if the GOST ENGINE
already exists. The call to ENGINE_add will also fail but that's rather
too late. Alternatively
Greetings!
I see, thank you!
What about #2744?
On Wed, Feb 29, 2012 at 10:56 PM, Stephen Henson via RT r...@openssl.org
wrote:
[beld...@gmail.com - Wed Feb 29 19:41:11 2012]:
Greetings!
If I implement the patch you describe would it be accepted?
Yes. One way is to check with
Greetings!
I see, thank you!
What about #2744?
On Wed, Feb 29, 2012 at 10:56 PM, Stephen Henson via RT r...@openssl.org
wrote:
[beld...@gmail.com - Wed Feb 29 19:41:11 2012]:
Greetings!
If I implement the patch you describe would it be accepted?
Yes. One way is to check with
On Sun, 19 Feb 2012 18:44:24 -0700 Guan Jun He wrote:
It seems you're trying to address more than just CVE-2011-1473
via this patch, which results in a fairly large patch. Why do
you need to track client IP at all? This issue is about
client's ability to do unlimited number of
In t1_lib.c if any EC Cipher Suites are specified then TLS extensions are
generated that indicate the client supports all three point compression formats
and all 25 curves (I noticed the order changes between 1.0.0 and 1.0.1).
It appears there is no way to specify that only a subset should be
It appears there is no way to specify that only a subset should be used?
Yes, this is a know deficiency in the current code. I'm more familiar with
the server side, but I think it's similar: if you set up *one* curve, then
negotiation should happen accordingly; if you use a callback to provide
OpenSSL 1.0.1-beta3 23 Feb 2012
make make test
succeeded on:
platform: solaris64-x86_64-cc
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: cc -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -fast
-xarch=amd64 -xstrconst -Xa -DL_ENDIAN
Hi,
The changes to support EAP-FAST is included in changes between 0.9.8n and
1.0.0.
Can this change be made available also in 0.9.8 tree?
Thanks,
Muneer
18 matches
Mail list logo