Bodo Moeller wrote:
On Thu, Feb 14, 2002 at 02:42:36PM +0100, [EMAIL PROTECTED] wrote:
Log:
For some reason, getting the topmost error was done the same way as
getting the bottommost one. I hope I understood correctly how this
should be done. It seems to work when running
Hmm. You did this with a different name from me (idx instead of index_)
- isn't that going to be irritating?
[EMAIL PROTECTED] wrote:
steve 14-Feb-2002 19:46:16
Modified:crypto/engine Tag: OpenSSL_0_9_7-stable hw_sureware.c
Log:
Fix warnings:
#if out some unused
Dr S N Henson wrote:
Ben Laurie wrote:
Hmm. You did this with a different name from me (idx instead of index_)
- isn't that going to be irritating?
I hadn't realised someone else had come across this. It should be
consistent I suppose. Personally I always find variable names
[EMAIL PROTECTED] wrote:
4. According to Theo and Beck (both OpenBSD folks), the current /dev/crypto
engine doesn't work. It seems to be a adaptation of Theo's cryptodev demo,
and should be thrown away.
My opinion: I trust Theo and those guys to know what they talk about,
Adam Back wrote:
It seems that if you enable ADH but disable MEDIUM ciphersuites, they
get left on anyway.
I guess not too many people enable ADH, but there are scenarios where
it is useful, and so this seems like a security bug.
What I did:
% openssl s_server -state -CApath
Bill Pringlemeir wrote:
In crypto/md5/md5_dgst.c, there is lots of code as follows,
/* Round 0 */
R0(A,B,C,D,X[ 0], 7,0xd76aa478L);
R0(D,A,B,C,X[ 1],12,0xe8c7b756L);
R0(C,D,A,B,X[ 2],17,0x242070dbL);
R0(B,C,D,A,X[ 3],22,0xc1bdceeeL);
...
This
James Yonan wrote:
Given that the EVP level is supposed to offer callers a cipher-independent
interface, where the caller doesn't necessarily know the idiosyncracies of
the underlying cipher, wouldn't it make sense for evp/e_des3.c to call
des_set_key_checked() instead of
Lutz Jaenicke wrote:
On Fri, Apr 19, 2002 at 05:01:02AM -0600, James Yonan wrote:
The following program succeeds on 0.9.6 but
fails on 0.9.7. It tests the feature of
calling EVP_CipherInit once to build
a key schedule, then cycling through
calls to EVP_CipherInit, EVP_CipherUpdate,
[EMAIL PROTECTED] wrote:
levitte 20-Apr-2002 12:22:43
Modified:crypto/engine tb_ecdsa.c
Log:
The callback must have (void) as argument list.
Notified by Bernd Matthes [EMAIL PROTECTED]
Surely only in the prototype - its necessarily void in the actual
function if there
Solar Designer wrote:
Hi,
This sounds like a bug to me. Noticed it last year and I've just
checked that it's still not resolved in the latest snapshot.
jill!solar:~/build/openssl-SNAP-20020416$ apps/openssl dgst -md5 /bin/ls
MD5(/bin/ls)= d93498d9f52c3dc0330ab930fe3ffc50
OK.
Solar Designer wrote:
On Tue, Apr 23, 2002 at 12:09:14PM +0100, Ben Laurie wrote:
Solar Designer wrote:
This sounds like a bug to me. Noticed it last year and I've just
checked that it's still not resolved in the latest snapshot.
jill!solar:~/build/openssl-SNAP-20020416$ apps
Nils Larsch wrote:
On Thursday, 25. April 2002 22:47, you wrote:
Hi,
I'm tring to use DH params from
http://www.ietf.org/internet-drafts/draft-ietf-ipsec-ike-modp-groups-04.txt
http://www.ietf.org/internet-drafts/draft-ietf-ipsec-ike-modp-groups-04.tx
t
, but none get imported
[EMAIL PROTECTED] wrote:
jaenicke07-May-2002 17:35:18
Modified:.Tag: OpenSSL_0_9_7-stable Makefile.org
Log:
Add missing ; after fi
Submitted by: [EMAIL PROTECTED]
PR: [openssl.org #18]
Revision ChangesPath
No revision
No
Solar Designer wrote:
On Mon, Apr 29, 2002 at 03:48:48PM +0100, Ben Laurie wrote:
Solar Designer wrote:
it could also be nice to report the filename and strerror(errno), or
it is sometimes not immediately clear what the error messages apply to:
jill!solar:~/build/openssl-SNAP
Lutz Jaenicke via RT wrote:
[[EMAIL PROTECTED] - Sun May 12 22:48:56 2002]:
JFYI, when updating our package from 0.9.6c to 0.9.6d I've noticed
that the new shared libcrypto library doesn't work anymore. The
openssl(1) binary wouldn't recognize any of the block ciphers. I
tracked
Deepak Saini wrote:
hi!
the following code is for the ssl server code
it is not running properly and gives memory access error!
any ideas...?
gdb?
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
There is no limit to what a man can do or how far he can
Long ago, in a galaxy far far away, Solar Designer asked wtf openssl md5
calls getpid() a zillion times.
The answer is memory debugging, which checks the thread id on every
allocation/free. For reasons I haven't entirely fathomed, unless you are
on Windows, what's returned is the PID. Whether
[EMAIL PROTECTED] via RT wrote:
I believe that I have found a bug in the above file and would like for someone
else to santiy check it.
At line 290 in a_utctm.c, a separate code block is being used if the library
needs to call gmtime_r() to get the time structure. The value is stored in a
Rich Salz wrote:
On linux, getpid() is different for different threads.
/r$
Well... on FreeBSD (and Solaris) it isn't...
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
There is no limit to what a man can do or how far he can go if he
doesn't mind
Richard Levitte via RT wrote:
Probably because of atoi(), a last-second change was made, changing
ustrsep to strsep on that line. Try replacing strsep with
ustrsep, that should work better (I know it worked for me).
I made the change - I think I mistyped and meant sstrsep - reason being
Richard Levitte - VMS Whacker wrote:
In message [EMAIL PROTECTED] on Mon, 03 Jun 2002 14:38:35 +0100, Ben
Laurie [EMAIL PROTECTED] said:
ben Richard Levitte via RT wrote:
ben Probably because of atoi(), a last-second change was made, changing
ben ustrsep to strsep on that line. Try
[EMAIL PROTECTED] wrote:
levitte 05-Jun-2002 13:23:23
Modified:crypto/asn1 Tag: OpenSSL_0_9_6-stable a_enum.c a_int.c
Log:
signedness warning corrected
Revision ChangesPath
No revision
No revision
1.15.2.2 +2 -1
Richard Levitte - VMS Whacker wrote:
In revision 1.81 of Configure, the automatic run of 'make depend' was
commented out. IIRC, this was done because we had a dependency
rebuild war happening a little now and then back then. Since then,
we've unified the results of dependency generation
Satria Bakti (13297096) wrote:
Hi,
I'm doing some experiment on openssl-0.9.7-stable-SNAP-20020421.
I replaced the AES code (the original AES code) with
Brian Gladman's AES code (with some modification).
(http://fp.gladman.plus.com/cryptography_technology/rijndael/)
Then, I measure my
Bodo Moeller wrote:
On Sat, Jun 01, 2002 at 01:18:35PM +0100, Ben Laurie wrote:
Also, the thread id may be used elsewhere - is there any point if its
actually the PID?
Applications that are actually multi-threaded should (and indeed, on
most platforms, must) use CRYPTO_set_id_callback
Bodo Moeller wrote:
On Mon, Jun 17, 2002 at 07:02:45PM +0100, Ben Laurie wrote:
Avery Pennarun via RT wrote:
On Mon, Jun 17, 2002 at 11:19:31AM +0200, Bodo Moeller wrote:
Good question, but this problem does not appear to apply to C, and
anyway it only makes *existing* code uglier
[EMAIL PROTECTED] wrote:
levitte 27-Jun-2002 07:03:04
Modified:crypto/evp evp.h
Log:
A number of includes were removed from evp.h some time ago. The reason
was that they weren't really needed any more for EVP itself. However,
it seems like soma applications (I know
Geoff Thorpe wrote:
Any/all feedback is welcome. Patches too. :-)
Interesting. Nice. I say commit it to HEAD. No time for it right now,
but when I have it'll be much easier if its in CVS!
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
There is no limit
Tom Wu wrote:
When I specify the SSL_VERIFY_FAIL_IF_NO_PEER_CERT flag to
SSL_CTX_set_verify, it has the intended effect if I set it on the server
side; a client not presenting a cert is rejected. Setting this on the
client side does not appear to have the same effect; a server that does
[EMAIL PROTECTED] wrote:
Thanks for the tip. Now, how do we get this fix into an official codebase?
I have a patch queued that fixes this.
Cheers,
Ben.
Yuval
-Original Message-
From: Harald Koch [mailto:[EMAIL PROTECTED]]
Sent: Mon, July 15, 2002 17:33
To: [EMAIL PROTECTED]
Richard Levitte - VMS Whacker wrote:
In message [EMAIL PROTECTED] on Thu, 18 Jul
2002 11:17:41 +0200, Bodo Moeller [EMAIL PROTECTED] said:
moeller I think this is wrong.
moeller
moeller The output file is opened in text mode (not binary), so on systems
moeller where line ends are usually
Geoff Thorpe via RT wrote:
G'day,
[levitte - Thu Jul 18 20:55:58 2002]:
I just did a tentative addition of history. Please check it and
complete it if needed.
Yup the history stuff looks great, thanks Richard. However I'm not sure
who understands the EVP behavioural changes well
The project leading to this advisory is sponsored by the Defense
Advanced Research Projects Agency (DARPA) and Air Force Research
Laboratory, Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
The patch and advisory were prepared by Ben Laurie.
Advisory 2
Lutz Jaenicke via RT wrote:
On Tue, Jul 30, 2002 at 04:10:45PM +0200, Richard Levitte - VMS Whacker via RT wrote:
In message [EMAIL PROTECTED] on Tue, 30 Jul 2002
15:56:30 +0200 (CEST), Richard Levitte - VMS Whacker [EMAIL PROTECTED] said:
levitte In message [EMAIL PROTECTED] on Tue, 30 Jul
Enclosed are patches for today's OpenSSL security alert which apply to
other versions. The patch for 0.9.7 is supplied by Ben Laurie
[EMAIL PROTECTED] and the remainder by Vincent Danen (email not
supplied).
Patches are for 0.9.5a, 0.9.6 (use 0.9.6b patch), 0.9.6b, 0.9.6c, 0.9.7-dev
Jeffrey Altman wrote:
The answer to your questions is 'yes'. As I understand it, the
patches were released as they are for the time being because it is
better to crash your application then allow the attacker to compromise
your computer.
New patches will have to be released to properly
[EMAIL PROTECTED] wrote:
Index: rsaref.c
===
RCS file: /e/openssl/cvs/openssl/demos/engines/rsaref/rsaref.c,v
retrieving revision 1.5
retrieving revision 1.5.2.1
diff -u -r1.5 -r1.5.2.1
--- rsaref.c
[EMAIL PROTECTED] wrote:
bodo02-Aug-2002 13:38:16
Modified:.Tag: OpenSSL-engine-0_9_6-stable CHANGES Configure
Makefile.org PROBLEMS STATUS config
crypto Tag: OpenSSL-engine-0_9_6-stable cryptlib.h mem.c
ssl
David Schwartz wrote:
On Sun, 11 Aug 2002 17:54:49 -0700 (PDT), James Shelby wrote:
My first thought was the same. Which brought up
another interesting questionthe 32bit Pentium II
333 is still faster than the UltraSparc 400.
Frankly, I don't find this surprising. A RISC CPU
Jeffrey Altman wrote:
Jeffrey Altman wrote:
The answer to your questions is 'yes'. As I understand it, the
patches were released as they are for the time being because it is
better to crash your application then allow the attacker to compromise
your computer.
New patches will have to be
Bodo Moeller wrote:
Ben Laurie [EMAIL PROTECTED]:
As noted elsewhere, I really object to returning internal errors!
It makes no sense to attempt to continue after the impossible has
occurred.
If we could be absolutely sure that these events are strictly
impossible
Bodo Moeller wrote:
On Wed, Aug 14, 2002 at 01:24:32PM +0300, Arne Ansper wrote:
[...] what if some standalone application thinks that the
best solution for _its own_ problems is to reboot the machine? (happens
all the time under the windows btw, you install some crap and the
Lutz Jaenicke wrote:
On Tue, Aug 13, 2002 at 07:45:30PM +0200, Bodo Moeller wrote:
On Tue, Aug 13, 2002 at 05:10:34PM +0100, Ben Laurie wrote:
Yes, and the application will continue as if it were sensible to do so.
In fact it *is* often sensible to do so because such supposedly
impossible
Bodo Moeller wrote:
On Tue, Aug 13, 2002 at 05:10:34PM +0100, Ben Laurie wrote:
Bodo Moeller wrote:
Ben Laurie [EMAIL PROTECTED]:
As noted elsewhere, I really object to returning internal errors!
It makes no sense to attempt to continue after the impossible has
occurred.
If we could
Bodo Moeller wrote:
On Tue, Aug 13, 2002 at 08:09:02PM +0200, Lutz Jaenicke wrote:
On Tue, Aug 13, 2002 at 07:45:30PM +0200, Bodo Moeller wrote:
On Tue, Aug 13, 2002 at 05:10:34PM +0100, Ben Laurie wrote:
Yes, and the application will continue as if it were sensible to do so.
In fact
Arne Ansper wrote:
Example: when working through the internal session cache we learn, that
the linked list is corrupted, we have dangling pointers and don't know
what is going on. This would touch all threads using the same SSL_CTX.
Thus: we don't know how to repair it - abort().
to make
Kenneth R. Robinette wrote:
Date sent:Wed, 14 Aug 2002 13:51:43 +0100
From: Ben Laurie [EMAIL PROTECTED]
To: Arne Ansper [EMAIL PROTECTED]
Copies to:[EMAIL PROTECTED],
Bodo Moeller [EMAIL PROTECTED]
Subject: Re
Arne Ansper wrote:
On Wed, 14 Aug 2002, Ben Laurie wrote:
The point is that the application is now in an inconsistent state and
cannot reliably know anything. Even returning from a function could
cause an exploit. The only safe thing to do is abort (now I think about
it, probably die
Bodo Moeller wrote:
On Wed, Aug 14, 2002 at 03:39:03PM +0100, Ben Laurie wrote:
So how did the buffer get to be too small?
Well, in one of the cases it was improper protocol data checking
(fixed in 0.9.6f). The others should really be impossible, but if
they ever become possible
Rainer Orth wrote:
With the introduction of public key cryptography into the Network Time
Protocol (NTP v4, cf. http://www.ntp.org/), the current version of NTP
became a heavy user of OpenSSL.
NTP developers strive to keep the sources warning-free with gcc (using
-Wall -Wcast-qual
Matthias Loepfe wrote:
Hi
I just want to give you some background information why AdNovum has
choosen the let's call it the 'interceptor-way' of implementing
the PKCS#11 functionality.
We are working in an environment where the main purpose of the
hardware security modules (HSM) is not
Michael Sierchio wrote:
Leif Kremkow wrote:
I'm looking for some guidance. I'd like to change the OpenSSL library
to be
able to use a TRNG for all random numbers, not just to seed the PRNG.
There are no such devices which produce adequate quantities of random
material for a server
Tushar wrote:
Hi,
I have a question regarding the buffer overflow checks
in 0.9.6g.
Why do we always check for
SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER?
^^^
Shouldn't it be for
SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
^^^
Line# 437 in
Stefan Richter wrote:
Hi all,
i have a problem with the PKCS12_gen_mac() which is called from within
PKCS12_verify_mac().
I've a function which extracts the private key from a PKCS#12 file. If I
call it once all is fine, but if I call it twice (with the same or another
PKCS#12 file) the
Lutz Jaenicke wrote:
On Fri, Sep 20, 2002 at 10:34:27AM +0200, Bodo Moeller wrote:
On Thu, Sep 19, 2002 at 01:44:01PM +0200, Bodo Moeller via RT wrote:
I don't know why that message is empty. What I wrote is that this
should now be fixed in the current snapshots (0.9.6-stable and
0.9.8-dev
Chris Brook wrote:
Those of us who make heavy use of the crypto library, with a limited group
of algorithms and without SSL, would certainly not want this pulling in all
the algorithms every time we call EVP_PKEY_new.
What do you mean by pulling in? They get linked in anyway. And only
the
John O Goyo wrote:
Greetings:
Certicom has intellectual property rights relating to safe primes in DH and
point compression in elliptic-curve cryptography.
Really? Has that been tested?
I ask that the following patches be implemented to inform people of
these facts.
Why would we want to
Sam Leffler wrote:
0.9.7 caused massive havoc compiling kerberos 4 (and to some extent 5) when
I integrated beta 3 into the freebsd tree. The crypt() macro was a minor
annoyance. The bigger problem was the redefinition of the DES key state
block (from array to struct). openbsd apparently
Nathan Bardsley wrote:
Hello everyone!
I work for a company that uses OpenSSH/OpenSSL to remotely support
systems we've sold. Since some of our clients are US Dept. of Defense
hospitals, our access to these servers needs to comply with a whole
range of requirements and standards. At
[EMAIL PROTECTED] wrote:
levitte 06-Oct-2002 02:23:34
Modified:crypto/des Tag: OpenSSL_0_9_7-stable des_old.h
Log:
Do not define crypt(). The supported function is DES_crypt() (an des_crypt()
when backward compatibility is desired).
Hooray!
Cheers,
Ben.
--
Bodo Moeller wrote:
On Mon, Oct 14, 2002 at 12:52:30PM +0200, Richard Levitte - VMS Whacker wrote:
The problem seems to be manifested in BN_dec2bn() because of
the BN_mul_words and BN_add_words (e.g. line b). Since the
upper parts of d aren't cleared out, those routines end up
adding to
Chris Brook wrote:
Forget my previous email. destest is actually only passing 29 bytes I see,
so the predicted ciphertext will of course be wrong if I pass 32 bytes for
encryption.
So what was the correct test entry in the end?
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
Jeffrey Altman wrote:
I think we need to take a very close look at the situations when it is
safe to replace memset(buf,0,sizeof(buf)) with
OPENSSL_cleanse(buf,sizeof(buf)).
It is clearly safe to make this replacement when the buffer is a stack
allocation because there can be no future use of
Richard Levitte - VMS Whacker via RT wrote:
In message [EMAIL PROTECTED] on Tue, 14 Jan 2003 14:49:31 +0100 (MET), Stephen Henson via RT [EMAIL PROTECTED] said:
rt I've analysed this further and the cause seems to be that it bcc 5.5
rt complains about taking the address of a structure that
Bodo Moeller via RT wrote:
On Tue, Nov 26, 2002 at 10:44:15PM +0200, Arne Ansper wrote:
I just checked. Seems that SSL_CTX_use_certificate_chain_file has a same
problem. Other uses of ERR_peek_error seem to be immune to the old entries
in error stack.
One theory is that applications should
Arne Ansper wrote:
I just checked. Seems that SSL_CTX_use_certificate_chain_file has a same
problem. Other uses of ERR_peek_error seem to be immune to the old entries
in error stack.
One theory is that applications should not call arbitrary OpenSSL
functions while there is stuff in the error
Richard Levitte - VMS Whacker wrote:
In message [EMAIL PROTECTED] on Sat, 1 Feb 2003 21:55:30 +0100 (CET), Ben Laurie [EMAIL PROTECTED] said:
ben OpenSSL CVS Repository
ben http://cvs.openssl.org/
ben
ben
ben
Eric Cronin wrote:
The Guillou-Quisquater (GQ) signature scheme seems to be popular in
theory literature due to its efficiency compared to other signature
algorithms. In the real world however, there does not seem to be much
use of GQ... It's not is any of the common cryptographic libraries
Eric Cronin wrote:
a) How much more efficient is it?
I don't know the answer to this one... Lacking any implementations to actually benchmark, all I have are some big-O space and time complexities as compared to RSA/DSA/ECDSA. This is why I was wondering if anyone had experience with it in
I expect a release to follow shortly.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit. - Robert Woodruff
OpenSSL v0.9.7a and 0.9.6i vulnerability
Corinna Vinschen wrote:
Hi,
is it recommended to apply the below patch to 0.9.6i as well? We're
still releasing both versions, 0.9.6i and 0.9.7a in the Cygwin net distro.
Yes.
Corinna
On Mon, Mar 17, 2003 at 08:47:01AM +, Ben Laurie wrote:
I expect a release to follow shortly.
--
http
dean gaudet wrote:
hi there, i tried sending this ages ago but i guess some spam filters
probably lost it... i see i have to be subscribed to post stuff.
Actually, I've been sitting on it waiting for some free time to take a
look :-)
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
Brian C Morris wrote:
Hi -
We're entertaining the possibility of porting openssl to the AS/400
(iSeries).
It seems from searching the archives this effort has been started before
- but I assume not finished as I don't see reference to the platform in
the code?
Is there still an
Stephen Sprunk wrote:
Thus spake Richard Levitte - VMS Whacker [EMAIL PROTECTED]
lee_dilkie (the other thing to remember is that CTR can be used with
lee_dilkie any block cipher, it's not limited to AES)
Absolutely. However, since it's currently very obviously an
experimental field, and it
Peter Sylvester wrote:
Well, sorry for the message below. The
result is the destest crashes.
So, on solaris, trying the no-asm shared, somehow now
I get problems conpiling engines, ok trying no-engine
since I don't have any.
Why does engines insist to compile the engines with
Richard Levitte wrote:
OpenSSL CVS Repository
http://cvs.openssl.org/
Server: cvs.openssl.org Name: Richard Levitte
Root: /e/openssl/cvs Email: [EMAIL PROTECTED]
I'm coming close to the end of the work to get OpenSSL FIPS-140ed. So,
if people have comments/changes/concerns, they'd better get a move on
and clue me in, because once its done we can't change it.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
There is no
Mathias Brossard wrote:
On Fri, 2003-09-05 at 11:55, Ben Laurie wrote:
- What version of OpenSSL does it correspond to? 0.9.7b?
Yes, and the FIPS specific routines will be carried forward in future
OpenSSL releases. Only the cryptographic module containing the
relevant cryptographic module
Chris Brook wrote:
If I read your reply right, responsibility for DAC and Known Answer Test
checking is the responsibility of the app developer, though you will provide
the DAC checksum for the crypto module. Have you also included the KATs,
since they essentially exist the OpenSSL test
Chris Brook wrote:
Item #2: typically FIPS-140 certified code is delivered as a binary,
tested by a lab and checked at both source and binary level, so the
opportunity to modify is not there (DAC test will fail). With
OpenSSL source that's not the case unless the developer of the
product
Mathias Brossard wrote:
On Fri, 2003-09-05 at 19:59, Ben Laurie wrote:
Mathias Brossard wrote:
- Asymmetric: DSA, RSA, ECDSA
Not my understanding. Anyway, DSS only. RSA can't be, and ECDSA we
aren't doing.
It's a little disappointing that RSA is not part of the process
Richard Levitte wrote:
OpenSSL CVS Repository
http://cvs.openssl.org/
Server: cvs.openssl.org Name: Richard Levitte
Root: /e/openssl/cvs Email: [EMAIL PROTECTED]
Verdon Walker wrote:
I have downloaded the latest FIPS snapshot (9/9) and I have a couple
more questions about it:
1) How do I build it? If I just do a ./config (Linux) and make, it
will build everything, but I'm not sure I'm getting all the FIPS stuff.
Do I need to specify something like
Richard Levitte - VMS Whacker wrote:
In message [EMAIL PROTECTED] on Tue, 09 Sep 2003 13:55:43 -0600, Verdon Walker
[EMAIL PROTECTED] said:
VWalker I have downloaded the latest FIPS snapshot (9/9) and I have a couple
VWalker more questions about it:
VWalker
VWalker 1) How do I build it?
Richard Levitte - VMS Whacker wrote:
In message [EMAIL PROTECTED] on Wed, 10 Sep 2003 09:45:29 +0100, Ben Laurie
[EMAIL PROTECTED] said:
ben Richard Levitte - VMS Whacker wrote:
ben In message [EMAIL PROTECTED] on Tue, 09 Sep 2003 13:55:43 -0600, Verdon
Walker [EMAIL PROTECTED] said
Richard Levitte wrote:
OpenSSL CVS Repository
http://cvs.openssl.org/
Server: cvs.openssl.org Name: Richard Levitte
Root: /e/openssl/cvs Email: [EMAIL PROTECTED]
Richard Levitte - VMS Whacker wrote:
In message [EMAIL PROTECTED] on Sat, 13 Sep 2003 18:57:57 +0200 (CEST), Ben
Laurie [EMAIL PROTECTED] said:
ben OpenSSL CVS Repository
ben http://cvs.openssl.org/
ben
Geoff Thorpe wrote:
There is a patch that illustrates how I've been going about the crypto/bn/
audit that can be browsed/downloaded at;
http://www.openssl.org/~geoff/bn_debug.diff
The comment in the bn.h header changes explains what the basic idea is and
of course the macro
Dr Stephen Henson wrote:
Hmm lets try this again...
What was wrong with the first attempt?
Cheers,
Ben.
--
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition
Arne Ansper wrote:
hi!
i would like to report some bugs in ssleay. unfortunately i don't have
diffs against latest openssl source, but the fixes are really small, so i
hope it's not too much trouble to incorporate them.
1) crypto/bio/b_printf.c uses static buffer for vsprintf which
Arne Ansper wrote:
8) ssl/s2_pkt.c and ssl/s3_pkt.c write_pending and
ssl3_write_pending have unnecessary check at the beginning which stops
me from moving data around in my buffers between calls to SSL_write.
this data is already copied to internal buffers and there is no need
for
I'm being driven slowly mad by the number of files that have to be in
the CVS tree but also get modified by code. Most of them I can deal
with, but one I need some feedback on. In general, Makefile.ssl is
linked to Makefile (why???), and dependencies tacked on to the end of
Makefile.ssl. This
Jun-ichiro itojun Hagino wrote:
Hello this is Jun-ichiro (Itoh) Hagino of KAME project.
RFC2144 says that, CAST128 must be performed only 12 rounds if
key length = 80bits. The following patch should fix the behavior.
Assembly language versions needs some fix
Richard Levitte - VMS Whacker wrote:
ben I'm being driven slowly mad by the number of files that have to be in
ben the CVS tree but also get modified by code. Most of them I can deal
ben with, but one I need some feedback on.
ben In general, Makefile.ssl is to Makefile (why???),
I'm
Clifford Heath wrote:
Folk,
I am responsible for the server that currently distributes the SSLeay mailing
lists. I believe that these lists should and will die, and interested parties
should move across to openssl lists. Before suggesting this to ssl-users,
I'd like to poll the feeling
Anonymous wrote:
Ben Laurie [EMAIL PROTECTED] wrote:
I'm totally against this. We have no responsibility to enforce the USG's
stupid export laws, and I see no reason we should take that
responsibility on.
Once the library contains crypto code of American origin, it is
covered
Sameer Parekh wrote:
b) US law doesn't apply to me (at least while I'm not in US territory)
or OpenSSL, AFAIK, regardless of the code's origin.
US law may not apply to you, but it applies to many of the
people who are using OpenSSL outside the United States. If its your
Sameer Parekh wrote:
b) I would like the OpenSSL project to require that all contributors
warrant that the code they are contributing does not violate export
controls.
So long as _I_ don't have to collect these warranties, I can't see why
this should be a problem. I do wonder what
Ralf S. Engelschall wrote:
Noch ack'ed, but haven't we already fixed this recently
for OpenSSL 0.9.2?
Yes, I fixed it a couple of weeks ago.
Cheers,
Ben.
- Forwarded message from "M.-A. Lemburg" [EMAIL PROTECTED] -
Date: Fri, 29 Jan 1999 15:21:01 +0100
From: "M.-A. Lemburg"
OpenSSL Project wrote:
OpenSSL STATUS Last modified at
__ $Date: 1999/01/21 13:01:20 $
DEVELOPMENT STATE
o OpenSSL 0.9.2: Under development.
o OpenSSL 0.9.1c: Released on December 23th, 1998
RELEASE
1 - 100 of 636 matches
Mail list logo
