Please ignore this message.
I'm testing a bug database for OpenSSL so hopefully we'll be able to
better keep track of bug reports...
__
OpenSSL Project http://www.openssl.org
Development Mailing
Allegedly "which" is not portable. I don't believe that is true for
any of the supported platforms (except for Win32 where you don't even
have sh). Also note that "config" even uses awk.
Anyway, I wonder if this would work?
Index: config
A switch to x86unix.pl to optionally generate 80386 code.
Index: x86asm.pl
===
RCS file: /e/openssl/cvs/openssl/crypto/perlasm/x86asm.pl,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 x86asm.pl
--- x86asm.pl 1998/12/21 10:55:30
Be careful here: Bourne-Shell is brain-dead in expansion semantics and tr and
test -s are unportable things.
ranlib.sh has been using -s all the time.
Anyway, next try:
Index: config
===
RCS file: /e/openssl/cvs/openssl/config,v
Cool ... but how does the flag get in there in the first place?
Presumably Configure needs modifying?
Yup.
Index: CHANGES
===
RCS file: /e/openssl/cvs/openssl/CHANGES,v
retrieving revision 1.154
diff -u -r1.154 CHANGES
---
Actually, this is all a bit strange - since x86asm.pl is included, but
you are grabbing the 386 flag from the commandline of whatever calls it.
Really, you should make it an (optional) argument to main'asm_init...
But then the individual assembler scripts will have to know about the
386 flag.
The $(RANLIB) stuff now works for makefile.one as well.
But I noticed that neither the makefile.one in the distribution nor a
newly generated one knows about openssl.v. Where must that be added?
__
OpenSSL Project
On Thu, Apr 01, 1999, Jean-Hugues ROYER wrote:
Hi, I ported openssl QNX/Watcom10.6 , everything is fine exept one problem
that i'm unable
to locate, all the tests runs fine exept rsa_oaep_test , the 3rd key
decryption fails.
1/ what has this 3rd key so special ?
2/ my goal is to use
There have been a few reports of failures in rsa_oaep_test that are
not actually related to OAEP. With this patch, the (old) PKCS#1 v1.5
encryption is tested as well as OAEP. The interoperation with RSAREF
is also improved.
Since it is no longer restricted to OAEP, I'd suggest to rename
Plus some numbers for the new functions:
Index: openssl/util/libeay.num
===
RCS file: /e/openssl/cvs/openssl/util/libeay.num,v
retrieving revision 1.13
diff -u -r1.13 libeay.num
--- openssl/util/libeay.num 1999/03/29 22:18:54
Index: Configure
===
RCS file: /e/openssl/cvs/openssl/Configure,v
retrieving revision 1.35
diff -u -r1.35 Configure
--- Configure 1999/04/09 16:25:25 1.35
+++ Configure 1999/04/12 14:15:02
@@ -292,6 +292,11 @@
{
A reasonable idea, but why do you use "-lRSAglue" twice? The correct and
working order should be "-lRSAglue -lrsaref", shouldn't it? Except for this
issue, +1 for the patch.
It should, but Richard Revitte suggested to put it in twice. Richard?
problems on irix.
Ulf Moeller wrote:
problems, however "make test" fails at rsa_oaep_test.
Are you using RSAREF?
i'm afraid not.
Could you please run "make test" on the latest snapshot and mail me the
result? The new rsa_oaep_test prints more output that will
ulf It should, but Richard Revitte suggested to put it in twice. Richard?
Did I write that? :) Sorry about the typo.
I only drew from other projects I've been involved in, where there
were some kind of cross references between two libraries. To solve
Ok, then -lRSAglue -lrsaref should be
If anyone could let me know how I can get these changes back into the
project (they are minimal, only 9 or 10 files changed ever so slightly)
along with a MacOS-safe archive with the project files I would appreciate
it. Obviously I won't have write access through CVS at this time. Since
Where would that location be?
Just somewhere else in the header, I think...
Anything after the error code stuff disappears after make errors.
So it would seem we'd have to rename the entire bio.h file and
include it from a new one. Then frankly I'd prefer not to be
error compatible at all.
Compiliation with -DNOPROTO once again fails with standard C compilers.
I think it is time to remove it.
I can't say I understand mkdef.pl, but if we encapulate the prototypes
with something like /* begin prototypes */ and /* end prototypes */
parsing them should hardly be more complicated than
Ditto create_string(si,str) in pkcs7/example.c. I'll remove si.
Remove? Is that a good idea?
It is not used, and as far as I can see the function is just an
example and is not called anywhere.
__
OpenSSL Project
Is pk7_enc.c an example of some sort, or can it be removed?
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager
In objects/o_names.c there is a function
static void names_lh_free(onp,type)
OBJ_NAME *onp;
{
...
}
Does that mean that the argument type is an int?
__
OpenSSL Project
performance has dropped by a factor of 2.5 ... 4!!!
Did you use the same compiler flags for both builds?
__
OpenSSL Project http://www.openssl.org
Development Mailing List
This script parses the OpenSSL header files and prints a list of the
functions declared in the prototypes.
Would someone who is more familiar with mkdef.pl and err_genc.pl care
to integrate it in those scripts?
__
OpenSSL
Wouldn't it be better to make multithreaded the default? That is what
the old script does, doesn't it?
__
OpenSSL Project http://www.openssl.org
Development Mailing List
crypto/opensslconf.h.in by Ulf). I don't see any need for it, so I've
folded the whole mumbo-jumbo to #undef BF_PTR:-)
If BF_PTR should normally not be defined, we can simply remove it
from opensslconf.h and the Configure script. Is that what you mean?
(As long as it is in opensslconf.h.in,
On Mon, May 03, 1999, Khimenko Victor wrote:
Well, Almost. Still this will lead to /etc/openssl/lib/openssl.cnf and it
looks little ugly :-(
Ok, that's the general question if openssl.cnf should be in .../lib.
I left it in place just because it has always been there. Now that
we've already
That would be in the #ifndef SHA1_ASM section.
Why??? It's just a macro! It doesn't hurt anybody if you never refer to
it...
If I say no assembler, I mean no assembler (and that includes inlines).
But that's just me, and if nobody else thinks that is a problem, I'll put
it in of course.
On Fri, May 07, 1999, Niels Poppe wrote:
I think it is a Good Thing for openssl to install by default in a
dedicated directory.
Sounds reasonable. Ok.
As it is with religions, there is no benefit from trying to enforce
one or another.
I don't want to enforce anything. The question is just
Freebsd 3.X on the alpha. Basically, it's the OpenBSD-alpha entry
If the different BSD branches use the same config, shouldn't we
use one entry (alpha-bsd, or something) for all of them?
__
OpenSSL Project
Ariel's documentation is very useful. Is there something more
turorial? Something that gives more of an overview? Is there a
reason not to include Ariel's documentation in the distribution?
One reason is that we still don't know whether or not we can include
it without violating American
What's the function of the bn_m.c module?
It apparently was some experimental code by Eric Young, and should have
deleted.
__
OpenSSL Project http://www.openssl.org
Development Mailing List
On Fri, Jul 09, 1999, Lenny Foner wrote:
autoconf work I've got, SSLeay compiled effortlessly under HPUX 9 and
10, Solaris, NetBSD, Linux (4.2 and 5.1), Irix (32 and 64 bit), Alphas
(64 bit, or course) and probably some other OS's I'm forgetting---all
simply by typing ./configure and then
mkerr.pl It modifies .h files all over the place.
Yes, but that is not part of configuring OpenSSL.
You don't use mkerr.pl when building OpenSSL, and if you add private
new error codes, you are free to add them manually to the header files.
On Fri, Jul 09, 1999, William M. Perry wrote:
Any reason the dependencies aren't auto-generated?
The tool we are currently using is not portable.
Autoconf will supposedly work on windows in the next major release. Last I
heard at least. :)
Checking the CPU version could be done through
echo "Has to be precisely forty-six characters long" | openssl enc -a \
| openssl enc -d -a
Now fixed. Thanks for the patch.
__
OpenSSL Project http://www.openssl.org
Development Mailing
On Fri, Feb 25, 2000, Andrew W. Gray wrote:
change line 5
PATH=..\ms;%PATH%
to reflect output directory for w32 build:
PATH=..\out32dll;%PATH%
That won't work.
You should run test.bat in the output directory.
(It would make sense to have test.bat change to that directory
On Thu, Mar 02, 2000, Pascal Junod wrote:
#define ENTROPY_NEEDED 16 /* require 128 bits = 16 bytes of randomness
*/
[...]
Is it a bad idea to define this constant in rand.h instead of md_rand.c
?
The information hiding principle suggests that it is indeed a bad idea.
If there was a
Hello.
The openssl-dev mailing list is here to discuss the *development* of
OpenSSL. Please send all questions you may have about how to use it
to openssl-users.
By filling openssl-dev with irrelevant mail, you are forcing the developers
into using private mail for our design discussions, which
On Thu, May 25, 2000, [EMAIL PROTECTED] wrote:
Here is the patch is attached. I did not however add in anything
to set the HAVE_TIMEGM define, so that would need to be defined
somewheres on systems that have that function.
Why not use the standard function on all systems?
On Thu, Jun 01, 2000, Stefan Mangard wrote:
make test didn't pass - but it actually failed in the RSA test.
Not in the SHA1 test - the SHA1 test was ok.
Hm... that sure is confusing, I guess we should fix the SHA1 test.
However, RSA in OAEP mode uses SHA1, so rsa_test also detects SHA1
Please send questions about how to use OpenSSL to the openssl-users
mailing list. openssl-dev is for discussing the development of the
library itself, *not* for application questions.
__
OpenSSL Project
On Fri, Jun 23, 2000, James Bailey wrote:
I think openssl requires gnu make (its much better than most makes). You
may need to download this or you may have it already under the name of
gmake.
OpenSSL doesn't require GNU make.
But if you want to build a library on Unix, you need "ar".
On Wed, Jun 28, 2000, Brian S. Craigie wrote:
it doesn't appear to proceed to look wherever RANDFILE is defined, nor
to call RAND_egd. The command-line SSL programs do honour the RANDFILE
settings, but libcrypto.a doesn't appear to. From what I can see in the
source, apps/app_rand.c is
On Thu, Jul 06, 2000, Richard Levitte - VMS Whacker wrote:
From: Charlene Yee [EMAIL PROTECTED]
Charlene.Yee I doubt this is a bug, am I missing anything on my machine? If
Charlene.Yee so how do I fix this. I already ran ./config
[...]
Charlene.Yee /usr/ucb/cc: language optional
On Fri, Jul 21, 2000, Song Ingwon wrote:
OAEP needs parameter.
The parameter is hashed, and pHash is concatenated with Message.
But, in openssl-0.9.5, a parameter is set by NULL!!
The OAEP specification allows that parameter to be left out.
In the unlikely case that you do need it,
On Mon, Sep 11, 2000, Jeffrey Altman wrote:
What my code does is call RAND_status() to determine whether or not
random data needs to be computed. Does RAND_status() no longer simply
provide a test, but instead performs entropy gathering?
RAND_status() simply provides a test, but the RAND
On Tue, Sep 12, 2000, Jeffrey Altman wrote:
What you are saying is that RAND_status() is going to call RAND_poll()
regardless of whether or not the PRNG has been seeded. In other
words, you are saying that you do not trust (and I don't really blame
you) the application author to know how to
On Thu, Sep 14, 2000, Jeffrey Altman wrote:
Rand_Poll succeeds in the sense that the function completes,
but it never returns to ssleay_rand_bytes.
What do you mean by "but it never returns to ssleay_rand_bytes"? How
can it return to RAND_bytes() without returning to
On Mon, Sep 25, 2000, Anton J. Gamel wrote:
Who the hell removed the support for hpux 10 i.e.
NON-PARISC hardware with m68k??
Why the hell didn't you tell us during the beta period?
Actually, why the hell don'tyou send us a patch to config
to properly recognize your system??
On Fri, Sep 29, 2000, Richard Levitte - VMS Whacker wrote:
While I looked around in e_os.h, I found the following by the end. I
do not understand the purpose, and from what I understand of "cvs
annotate", it was there already in SSLeay. Anyone know and can
explain why it's there?
Looks
On Mon, Oct 02, 2000, Jihui Yang wrote:
When I did speed test of rsa encypt(openssl speed rsa), it failed with 2048
and 4096 bits key length.
Can anybody tell me the reason?
The reason is that you are using RSAREF.
__
On Tue, Oct 03, 2000, Terje Elde wrote:
Any thoughts around implementing Rijndael in OpenSSL? I assume it's something
that's going to get done at some point in time, but have anyone thought about
who will do it, when it will be done, and how soon it'll be considered stable
code?
Did you
On Tue, Oct 03, 2000, Robert Wilson wrote:
I am very new to openssl and other Open Source stuff. Successfully compiled openssl
using GNU C (Mingw32) on Win2k Prof. When I try to compile /demo/bio, I get about 100
lines of "Undefined Reference" error. First 5 lines are:
Try adding the
On Tue, Oct 03, 2000, Tom Biggs wrote:
I have so many questions, but this one is most pressing -
Is there a reasonable upper limit on the size in bits of a BN?
For various HW reasons we were hoping we could cap BNs
at 4096 bits for ModExp functions and the like. Is this possible?
Or is
On Wed, Oct 04, 2000, Hasch, Bernhard wrote:
good idear. I changed RAND_poll and now it works. OK, to call srandom(3) and
random(3) is not the best way to get random numbers, but it works and
RAND_poll needs only 20 bytes at this point.
No, it does not work, it just seems that way. Please
On Fri, Oct 20, 2000, Rob Neff wrote:
I would like to see a version scheme using a
MAJOR.MINOR.BUILD whereas the next release
of OpenSSL is not v0.9.7 but v1.1.0.
We talked about that earlier, and decided to switch to v1.x.x once the
API has stabilized (at this point we can't guarantee
On Wed, Nov 01, 2000, Lawrence MacIntyre wrote:
When you run the program 1000 times, somewhere between 3 and 9
times the length of the public key will be 55 bytes instead of 56, as it
should be. This breaks my client:-( Once, the key was actually 54
bytes.
You really should fix the
On Tue, Nov 07, 2000, Richard Levitte - VMS Whacker wrote:
You do know, don't you, that the engine code is not part of the main
development line?
s/not/now/
__
OpenSSL Project
On Tue, Nov 07, 2000, Paul D. Smith wrote:
I sent this patch back on 05 May 2000, constifying crypto/lhash.
Your patch can only be accepted if you CC it to [EMAIL PROTECTED]
__
OpenSSL Project
On Wed, Nov 08, 2000, Richard Levitte - VMS Whacker wrote:
My first step will be to simply remove all references to it, while
still leaving the rsaref/ directory in
If anyone is interested, they can look it up in the archives. Theres
no point in carrying dead code along.
On Tue, Nov 07, 2000, Mixmaster wrote:
shl_load() also needs to load along a path given through an
environment variable, SHLIB_PATH. This change makes that possible.
Loading shared libs from SHLIB_PATH or LD_LIBRARY_PATH is a huge security
hole. No security conscious program uses
On Tue, Nov 14, 2000, [EMAIL PROTECTED] wrote:
+The BOOLEAN type now takes three values.
Yeah, *that* is progress!
SCNR.
__
OpenSSL Project http://www.openssl.org
Development Mailing List
On Tue, Nov 14, 2000, [EMAIL PROTECTED] wrote:
+rijndaelEncryptRound2642 EXIST::FUNCTION:
+rijndaelDecrypt 2643 EXIST::FUNCTION:
+rijndaelKeyEncToDec 2644 EXIST::FUNCTION:
+rijndaelDecryptRound
On Wed, Nov 15, 2000 at 11:06:15PM +0300, Fedor Utenkov wrote:
I'm try to build an OpenSSL 0.9.6 with Borland C++ Builder 4 and it
fails. The problem is that compiler don't like type cast from
'something' to void.
Is it really that? It looks more like it doesn't match ANSI C
On Wed, Dec 06, 2000, [EMAIL PROTECTED] wrote:
+# ('make test_bn' should not try to run 'bc' if it does not exist or if
+# it is the broken SunOS 5.[78] bc, which fails the following test.)
It should detect the broken SCO bc as well.
On Thu, Dec 14, 2000, Tom Biggs wrote:
I think our hardware's basic method of generating
randomness is pretty good, but the HW engineer is going
to stir and combine the first stage randoms even further
to get really high-quality randomness. This is all to the good.
However, it slows the
On Fri, Dec 15, 2000, Tom Biggs wrote:
No, from what I can see, the hardware RNG looks
very good. It's a question of speed - it's going to generate
top-quality RNs, but relatively slowly.
In that case you should use the built-in software PRNG, and seed it
with a chunk of random bytes from
On Mon, Dec 18, 2000, [EMAIL PROTECTED] wrote:
bodo18-Dec-2000 17:36:11
Modified:.Tag: OpenSSL_0_9_6-stable CHANGES
crypto/rsa Tag: OpenSSL_0_9_6-stable rsa_eay.c
Log:
Obtain lock CRYPTO_LOCK_RSA before creating BN_MONT_CTX
structures and
If you have questions regarding application development with OpenSSL or
other usage questions, please send them to [EMAIL PROTECTED]
This list is here for discussing the development of the OpenSSL toolkit
itself only.
It is important that you respect this -- by filling the list with
irrelevant
On Sun, Feb 04, 2001, [EMAIL PROTECTED] wrote:
Can't remember why this was needed?
For compatibility with older versions of libdes, I'm sure.
__
OpenSSL Project http://www.openssl.org
On Thu, Mar 08, 2001, Richard Levitte - VMS Whacker wrote:
CDive- Solaris 2.8 with 32bits or 64 bits libraries
I've tested 0.9.6 32bit, I haven't tested 64bit. My tests showed it
worked.
CDive- HPUX 11 with 32 and/or 64bits libraries
There have been
On Wed, Mar 28, 2001, [EMAIL PROTECTED] wrote:
Add news section for OpenSSL 0.9.6a. Please add what's missing
Should we mention the SSL_peek fix, and the disabled Alpha assembler code?
__
OpenSSL Project
On Thu, Sep 06, 2001, Ben Laurie wrote:
1. crypto\engine\hw_nuron.c
2. crypto\rand\rand_win.c
What errors?
I fixed those, but the mkdef.pl script doesn't ignore the OpenBSD stuff.
Can someone look into that? Steve?
3. ms\libeay32.def: unresolved symbols:
EVP_DigestInit_dbg
Done.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
committed.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
[guest - Tue Jul 11 09:13:28 2006]:
testmail2.signed-original.eml is one example that doesn't validate
The qcStatements extension in the certificate is
2714:d=8 hl=2 l= 39 cons: SEQUENCE
2716:d=9 hl=2 l= 8 prim: OBJECT:qcStatements
2726:d=9 hl=2 l= 1 prim: BOOLEAN
The certificate encoding is in fact ok:
27168: OBJECT IDENTIFIER qcStatements (1 3 6 1 5 5
7 1 3)
27261: BOOLEAN TRUE
2729 24: OCTET STRING, encapsulates {
2731 22: SEQUENCE {
2733 10:
As I have no real clue what to do with such an extension when verifying
a certificate I would simply ignore it.
Hm... If the certificate issuer thought the extension could just be
ignored, they probably wouldn't mark it as critical.
Fixed.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
78 matches
Mail list logo