Re: AES counter mode

At 07:48 10/06/03 -0700, you wrote: Thierry Boivin wrote: I agree with you about the way to build the initial ctr value from the nonce value. My question is different : whithin the encryption of a whole plaintext message (so a big block to be divided into 128 bit length blocks) , why to

[openssl.org #642] WinCE IE 3.02 client problem

To whom it may concern, I'm not sure of the format you require for bug reports but I'll try to limit this email to pertinent info only... Summary: Our application uses Pocket IE v3.02 on WinCE to communicate with our secure webserver (apache + mod_ssl). When we upgraded the server's openssl

[openssl.org #643] Possible bug in -passin[out] fd:int argument form to openssl rsa

Possible bug in OpenSSL 0.9.6h on Solaris 2.8 with /dev/urandom The rsa command fails strangely when attempting to use both -passin fd:int and -passout fd:int together. My code was openssl rsa -passin fd:5 -des3 -passout fd:7 and it was reencoding the key with a bad passphrase. Changing to

[openssl.org #11] [PATCH] pkcs#11 engine for openssl-0.9.7b

Contribution to openssl: pkcs#11 engine for openssl 0.9.7b [EMAIL PROTECTED] Bull TrustWay RD __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL

[openssl.org #11] [PATCH] pkcs#11 engine for openssl-engine-0.9.6j

Contribution to openssl: pkcs#11 engine for openssl-engine 0.9.6j [EMAIL PROTECTED] Bull TrustWay RD __ OpenSSL Project http://www.openssl.org Development Mailing List

Re: [openssl.org #643] Possible bug in -passin[out] fd:intargument form to openssl rsa

In message [EMAIL PROTECTED] on Wed, 11 Jun 2003 09:21:49 +0200 (METDST), Charles B Cranston via RT [EMAIL PROTECTED] said: rt rt Possible bug in OpenSSL 0.9.6h on Solaris 2.8 with /dev/urandom rt rt The rsa command fails strangely when attempting to use rt both -passin fd:int and -passout

Re: [openssl.org #643] Possible bug in -passin[out] fd:int argument form to openssl rsa

In message [EMAIL PROTECTED] on Wed, 11 Jun 2003 09:21:49 +0200 (METDST), Charles B Cranston via RT [EMAIL PROTECTED] said: rt rt Possible bug in OpenSSL 0.9.6h on Solaris 2.8 with /dev/urandom rt rt The rsa command fails strangely when attempting to use rt both -passin fd:int and -passout

Re: Blinding breaks engines?

or behavioural problems lurking that might have required the memset in the first place. Should be in CVS shortly, and so the next nightly snapshots too. I've done some minimal manual testing of openssl-0.9.7-stable-SNAP-20030611 using ubsec: it does fix the regresssion, and I don't see any other

Re: [openssl.org #643] Possible bug in -passin[out] fd:int argument form to openssl rsa

In message [EMAIL PROTECTED] on Wed, 11 Jun 2003 09:21:49 +0200 (METDST), I (Charles B Cranston via RT [EMAIL PROTECTED]) said: Possible bug in OpenSSL 0.9.6h on Solaris 2.8 with /dev/urandom The rsa command fails strangely when attempting to use both -passin fd:int and -passout fd:int

Re: pkcs#11 engine for openssl newbie question

Hi, I used the joined shell to generate key pair on my crypto hardware, a CSR, and make a self-signed certificate. Regards Afchine Madjlessi - Original Message - From: Gilad Finkelstein [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, June 11, 2003 4:21 PM Subject: pkcs#11 engine

OpenSSL0.9.7b communication problem with IE6.0

Hi All, (B (BI run SSL test server of OpenSSL0.9.7b by following command (B (Bopenssl s_server -www -cipher "ALL:!RC4:@STRENGH" (B (BI tried to browse this server by IE6.0. (BHowever IE6.0 shows error "cannot display page ". (B (BI capture packets of this commucation. (BServerHello was

Re: OpenSSL0.9.7b communication problem with IE6.0

On Wed, Jun 11, 2003 at 11:53:04PM +0900, [EMAIL PROTECTED] wrote: I run SSL test server of OpenSSL0.9.7b by following command openssl s_server -www -cipher ALL:!RC4:@STRENGH I tried to browse this server by IE6.0. However IE6.0 shows error cannot display page . I capture packets of

Re: OpenSSL0.9.7b communication problem with IE6.0

Thank you!! Your suggestion is correct. I could solve this problem. IE6.0 displayed following page with 3DES cipher-suite. //Mas -- s_server -cipher ALL:!RC4:@STRENGTH -www -bugs Ciphers supported in s_server binary TLSv1/SSLv3:EDH-RSA-DES-CBC3-SHA TLSv1/SSLv3:EDH-DSS-DES-CBC3-SHA

[openssl.org #643] Possible bug in -passin[out] fd:int argument form to openssl rsa

[EMAIL PROTECTED] - Wed Jun 11 09:21:46 2003]: Possible bug in OpenSSL 0.9.6h on Solaris 2.8 with /dev/urandom The rsa command fails strangely when attempting to use both -passin fd:int and -passout fd:int together. My code was openssl rsa -passin fd:5 -des3 -passout fd:7 and it was

[openssl.org #643] Possible bug in -passin[out] fd:int argument form to openssl rsa

I just committed a change, which will appear in tomorrow's snapshots. Thanks for the report. Ticket resolved. [levitte - Wed Jun 11 20:16:02 2003]: [EMAIL PROTECTED] - Wed Jun 11 09:21:46 2003]: Possible bug in OpenSSL 0.9.6h on Solaris 2.8 with /dev/urandom The rsa command fails

[openssl.org #634] [PATCH] bogus links to des_modes.7

Patch applied and committed. Thank you. Ticket resolved. [EMAIL PROTECTED] - Sun Jun 1 16:35:09 2003]: I've noticed that openssl installs the man page des_modes.7 and makes three links to it called Modes.7, of.7, and DES.7 (because the title is Modes of DES). To fix this, I have

Re: [openssl.org #643] Possible bug in -passin[out] fd:int argument form to openssl rsa

Richard Levitte via RT wrote: I've figured it out. The problem only occurs when the first passphrase is longer than the second. In your example, you will see that the output key (tpk.pem) really is protected with the passphrase baaa (5 bs followed by 7 as). Thanks, I would NEVER

[openssl.org #633] Request

I've no idea. I think you should ask in the Apache mailing lists, not here. I'm resolving this ticket. [EMAIL PROTECTED] - Fri May 30 09:17:48 2003]: hi, For Apache version 2.0.42 (web server) which version of openssl is compatible Please kindly help me on this from athma

[openssl.org #629] Custom error handling

I've implemented ERR_set_mark() and ERR_pop_to_mark(), which can be used for similar functionality. I'll look into ERR_disable() and ERR_enable() as well, but that requires quite a lot more work. If the implemented functions are enough for you for now, I'll resolve this ticket. [EMAIL

[openssl.org #617] bug in x509_trs.c (openssl-0.9.7b)

[EMAIL PROTECTED] - Fri May 16 12:54:13 2003]: Hi All, The X509_TRUST_OBJECT_SIGN, which is defined in crypto/x509/x509.h, is not included in the trstandard table defined in crypto/x509/x509_trs.c. The number of trust options and the number of entries and their order in this table should

[openssl.org #617] bug in x509_trs.c (openssl-0.9.7b)

I've added ean entry for X509_TRUST_OBJECT_SIGN in trstandard[]. Please test tomorrow's snapshot. [EMAIL PROTECTED] - Fri May 16 12:54:13 2003]: Hi All, The X509_TRUST_OBJECT_SIGN, which is defined in crypto/x509/x509.h, is not included in the trstandard table defined in

Re: [openssl.org #629] Custom error handling

Ok. Is there a new release soon? I would like to have it implemented (ERR_disable/ERR_enable) by next release, I have no problem doing it, just want to know if I have time to do it. Frédéric Giudicelli http://www.newpki.org - Original Message - From: Richard Levitte via RT [EMAIL

Re: [openssl.org #629] Custom error handling

In message [EMAIL PROTECTED] on Wed, 11 Jun 2003 23:52:17 +0200, Frédéric Giudicelli [EMAIL PROTECTED] said: groups Ok. groups Is there a new release soon? I would like to have it implemented groups (ERR_disable/ERR_enable) by next release, I have no problem doing it, just groups want to know if

Re: [openssl.org #629] Custom error handling

Ok, I'll wait for you to tell me when the update on the error handling will be done, I'll take it from there. Frédéric Giudicelli http://www.newpki.org - Original Message - From: Richard Levitte - VMS Whacker [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday,

Re: [openssl.org #629] Custom error handling

In message [EMAIL PROTECTED] on Thu, 12 Jun 2003 00:22:28 +0200, Frédéric Giudicelli [EMAIL PROTECTED] said: groups Ok, I'll wait for you to tell me when the update on the error groups handling will be done, I'll take it from there. If you mean to ask for when the new functions ERR_set_mark()

Re: [PATCH] NetWare Support for OpenSSL 0.9.7

In message [EMAIL PROTECTED] on Wed, 11 Jun 2003 10:43:03 -0600, Verdon Walker [EMAIL PROTECTED] said: VWalker I have also applied the patch to the latest 0.9.8 development VWalker snapshot. It applies (with the exception of changes to VWalker hw_aep.c which does not exist in the 0.9.8 tree),

[openssl.org #595] DSO with global symbols

Patch applied and committed to 0.9.8-dev. Thanks. Ticket resolved. -- Richard Levitte [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List

[openssl.org #595] Ticket Resolved

According to our records, your request has been resolved. If you have any further questions or concerns, please respond to this message. __ OpenSSL Project http://www.openssl.org Development Mailing

[openssl.org #593] hw_zencod.h typo

Patch applied and committed. Thanks. Ticket resolved. [EMAIL PROTECTED] - Thu Apr 24 18:41:01 2003]: managment - management i diffed against openssl-0.9.7a. jmc. --- demos/engines/zencod/hw_zencod.h Tue Aug 13 14:26:40 2002 +++ hw_zencod.h.new Thu Apr 24 13:55:19

[openssl.org #592] Problems building OpenSSL with SunOS 5.5.1

I fixed this a while ago. Ticket resolved. [EMAIL PROTECTED] - Tue Apr 22 13:02:44 2003]: Hi *, I have just tried to build openssl-SNAP-20030421 on a Solaris box and got an error (see below). Note: this error does not occur in 0.9.7. Regards, Nils OpenSSL self-test report:

[openssl.org #585] build fixes for openssl-0.9.7b on SunOS-4

I've addressed all three concerns with small changes. Please try tomorrow's 0.9.7 snapshot, and report a bug report if you find them. Ticket resolved. [EMAIL PROTECTED] - Thu Apr 17 19:20:13 2003]: Hi, sorry, another issue, that seems not to be cleanly handled (for more info about

[openssl.org #584] typo in openssl-0.9.6g

Corrected. Thanks. Ticket resolved. [EMAIL PROTECTED] - Thu Apr 17 19:18:35 2003]: Hi! openssl-0.9.6g/bugs/SSLv3:non-self-sighed CA which does not have it's CA in netscape, and the openssl-0.9.6g/doc/ssl/SSL_CTX_set_options.pod:non-self-sighed CA which does not have it's CA in

[openssl.org #11] Fw: trustway pkcs11 engine for openssl

I've added the two latest contributions to http://www.openssl.org/contrib/. -- Richard Levitte [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List

[openssl.org #11] Fw: trustway pkcs11 engine for openssl

And oh, it might be interesting to port this to use the new STORE type in 0.9.8-dev, which supports key generation... [levitte - Thu Jun 12 03:27:57 2003]: I've added the two latest contributions to http://www.openssl.org/contrib/. -- Richard Levitte [EMAIL PROTECTED]

Should I search OCSP response signer in X509_STORE ?

(B (B (B (BHi,all (B (BI am studying the verifying of the OCSP response in Openssl v0.9.7b. (BI find in the ocsp_find_signer() in ocsp_vfy.c , there is no search in the (BX509 STORE for the signer certificate of the ocsp response. (B(there is comment says /* Maybe lookup from store if