Re: [openssl-dev] X509_V_FLAG_OCSP_CHECK

> -Original Message- > From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of > Anthony T CHOW > > On the openssl-user mailing list archive, I found this: > > http://www.mail-archive.com/openssl-users@openssl.org/msg67721.html > > On GitHub, I don't find this flag

Re: [openssl-dev] [openssl.org #4274] OpenSSL 1.1 X509_NAME_der()

Howard Chu via RT wrote: In OpenLDAP we reference X509_NAME->bytes->data directly, we want the DER bytes which we then pass thru our own DN validator/formatter. This no longer works with OpenSSL 1.1 and I don't see any provided method to return the DER bytes. I don't want a malloc'd copy, I just

[openssl-dev] [openssl.org #4280] OpenSSL 1.1.0 pre 2: feature request: ECDSA_SIG_set0(const ECDSA_SIG*, BIGNUM *, BIGNUM *) is needed

On Fri Jan 29 09:59:23 2016, alek...@aleksey.com wrote: > Hello, > > At the moment, there is no way to set r/s in the ECDSA_SIG structure > manually to verify the signature encoded into a different format. > Would be great to add a simple function: > > void ECDSA_SIG_set0(const ECDSA_SIG*, BIGNUM

Re: [openssl-dev] [openssl.org #4274] OpenSSL 1.1 X509_NAME_der()

Howard Chu via RT wrote: > In OpenLDAP we reference X509_NAME->bytes->data directly, we want the DER > bytes which we then pass thru our own DN validator/formatter. This no longer > works with OpenSSL 1.1 and I don't see any provided method to return the DER > bytes. I don't want a malloc'd copy,

Re: [openssl-dev] [openssl.org #4280] OpenSSL 1.1.0 pre 2: feature request: ECDSA_SIG_set0(const ECDSA_SIG*, BIGNUM *, BIGNUM *) is needed

I agree. Until OpenSSL adds a ECDSA_SIG_set0 there is a way, for example: rv = PKCS11_ecdsa_sign(dgst, dlen, sigret, , key); nLen = siglen / 2; if (rv > 0) { sig = ECDSA_SIG_new(); if (sig) { #if OPENSSL_VERSION_NUMBER >= 0x1010L

Re: [openssl-dev] OpenSSL Security Advisory

+1 Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.   Original Message   From: Hanno Böck Sent: Friday, January 29, 2016 06:18 To: openssl-dev@openssl.org Reply To: openssl-dev@openssl.org Cc: open...@openssl.org Subject: Re: [openssl-dev] OpenSSL Security Advisory

[openssl-dev] [openssl.org #3600] When compiling with enable-ec_nistp_64_gcc_128, then EC_GROUP_have_precompute_mult always returns 0

Fixed in master and 1.0.2. Thanks for the report. Matt ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4278] DH_CHECK_PUBKEY_INVALID should be 0x4, not 0x3

Thanks David - fixed. Matt ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4280] OpenSSL 1.1.0 pre 2: feature request: ECDSA_SIG_set0(const ECDSA_SIG*, BIGNUM *, BIGNUM *) is needed

Hello, At the moment, there is no way to set r/s in the ECDSA_SIG structure manually to verify the signature encoded into a different format. Would be great to add a simple function: void ECDSA_SIG_set0(const ECDSA_SIG*, BIGNUM *, BIGNUM *) to set these values similar to other XXX_set0()

[openssl-dev] [openssl.org #4279] openssl-1.1.0-pre2 make failes on Solaris10 x64

Hello, I tried openssl-1.1.0-pre2 on Solaris10 x86/x64. For x86, no error found. But for X64, make fails in crypto/modes. Got the same result with solarisstudio12.4 & gcc-4.8.5. 1. with solarisstudio12.4 % ./Configure solaris64-x86_64-cc % make   : cc -I.. -I../.. -I../modes -I../include

Re: [openssl-dev] [openssl.org #4279] openssl-1.1.0-pre2 make failes on Solaris10 x64

> On Jan 29, 2016, at 4:59 AM, Kiyoshi KANAZAWA via RT wrote: > > cc -I.. -I../.. -I../modes -I../include -I../../include -DOPENSSL_THREADS > -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -xarch=generic64 -xstrconst -Xa > -DL_ENDIAN -DFILIO_H -xO5 -xdepend -xbuiltin

Re: [openssl-dev] [openssl.org #4279] openssl-1.1.0-pre2 make failes on Solaris10 x64

> On Jan 29, 2016, at 4:59 AM, Kiyoshi KANAZAWA via RT wrote: > > cc -I.. -I../.. -I../modes -I../include -I../../include -DOPENSSL_THREADS > -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -xarch=generic64 -xstrconst -Xa > -DL_ENDIAN -DFILIO_H -xO5 -xdepend -xbuiltin

[openssl-dev] [openssl.org #3885] [BUGFIX] OpenSSL fails to cross-compile on 32-bit->64-bit

I have an available fix: https://github.com/openssl/openssl/pull/597 -- -Todd Short // tsh...@akamai.com // "One if by land, two if by sea, three if by the Internet." ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4274] OpenSSL 1.1 X509_NAME_der()

On Fri Jan 29 15:08:47 2016, h...@highlandsun.com wrote: > Howard Chu via RT wrote: > > In OpenLDAP we reference X509_NAME->bytes->data directly, we want the > > DER > > bytes which we then pass thru our own DN validator/formatter. This no > > longer > > works with OpenSSL 1.1 and I don't see any

[openssl-dev] [openssl.org #4274] OpenSSL 1.1 X509_NAME_der()

On Fri Jan 29 17:35:05 2016, steve wrote: > On Fri Jan 29 15:08:47 2016, h...@highlandsun.com wrote: > > Howard Chu via RT wrote: > > > In OpenLDAP we reference X509_NAME->bytes->data directly, we want > > > the > > > DER > > > bytes which we then pass thru our own DN validator/formatter. This > >

Re: [openssl-dev] [openssl.org #4280] OpenSSL 1.1.0 pre 2: feature request: ECDSA_SIG_set0(const ECDSA_SIG*, BIGNUM *, BIGNUM *) is needed

Thanks! It works great. Do you have plan to change the behavior of DSA_SIG_new() as well to pre-create r and s? Currently both are NULL. Thanks in advance, Aleksey On 1/29/16 5:44 AM, Stephen Henson via RT wrote: > On Fri Jan 29 09:59:23 2016, alek...@aleksey.com wrote: >> Hello, >> >> At the

Re: [openssl-dev] [openssl.org #4279] openssl-1.1.0-pre2 make failes on Solaris10 x64

This sounds like RT3885. I have an available fix: https://github.com/openssl/openssl/pull/597 -- -Todd Short // tsh...@akamai.com // "One if by land, two if by sea, three if by the Internet." On Jan 29, 2016, at 12:04 PM, Viktor Dukhovni via RT

Re: [openssl-dev] [openssl.org #4279] openssl-1.1.0-pre2 make failes on Solaris10 x64

This sounds like RT3885. I have an available fix: https://github.com/openssl/openssl/pull/597 -- -Todd Short // tsh...@akamai.com // "One if by land, two if by sea, three if by the Internet." On Jan 29, 2016, at 12:04 PM, Viktor Dukhovni via RT

[openssl-dev] [openssl.org #4280] OpenSSL 1.1.0 pre 2: feature request: ECDSA_SIG_set0(const ECDSA_SIG*, BIGNUM *, BIGNUM *) is needed

On Fri Jan 29 17:59:59 2016, alek...@aleksey.com wrote: > > Do you have plan to change the behavior of DSA_SIG_new() as well > to pre-create r and s? Currently both are NULL. > That seems like a reasonable change. In 1.0.x we can't do that because it would result in compatibility issues. For

Re: [openssl-dev] [openssl.org #4274] OpenSSL 1.1 X509_NAME_der()

Stephen Henson via RT wrote: > On Fri Jan 29 15:08:47 2016, h...@highlandsun.com wrote: >> Howard Chu via RT wrote: >>> In OpenLDAP we reference X509_NAME->bytes->data directly, we want the >>> DER >>> bytes which we then pass thru our own DN validator/formatter. This no >>> longer >>> works with

Re: [openssl-dev] [openssl.org #4274] OpenSSL 1.1 X509_NAME_der()

Stephen Henson via RT wrote: > On Fri Jan 29 17:35:05 2016, steve wrote: >> On Fri Jan 29 15:08:47 2016, h...@highlandsun.com wrote: >>> Howard Chu via RT wrote: In OpenLDAP we reference X509_NAME->bytes->data directly, we want the DER bytes which we then pass thru our own DN

Re: [openssl-dev] X509_V_FLAG_OCSP_CHECK

Stephen, Thanks for the info and have a nice weekend, Anthony. -Original Message- From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of Wall, Stephen Sent: Friday, January 29, 2016 5:56 AM To: openssl-dev@openssl.org Subject: Re: [openssl-dev] X509_V_FLAG_OCSP_CHECK