ASN1_TIME inconsistent function behaviour

ngth of 15. ASN1_GENERALIZEDTIME *gentime = ASN1_TIME_to_generalizedtime (X509_get_notBefore(cert), NULL); Consequently ASN1_STRING_cmp(date1, date2) fails, although the strings are exactly the same, 14 characters that make up the date followed by \0. Have I missed something or is there a bug somewh

[openssl-dev] common factors in (p-1) and (q-1)

small factors (besides 2 and 3) are kept out of the attackers hands. Thank You Paul Cheffers ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] common factors in (p-1) and (q-1)

code. Still, I think this is a theoretical problem. There should be a gcd(p-1,q-1)>16 check for the two primes in key generation. Paul Quoting mancha : On Fri, Jul 31, 2015 at 02:36:03AM +, p...@securecottage.com wrote: Hi there, I have looked at the RSA protocol a bit and have c

Re: [openssl-dev] common factors in (p-1) and (q-1)

e because of this. A gcd(p-1,q-1)>16 check will disallow less than 1 percent of the currently acceptable keys, won't take much time to run, and would defeat cyber attempts to create a key with a significant common factor within it. Thanks Paul Cheffers ___

Question on expiring certs on long-lived DTLS sessions

a new cert via the openSSL command line tool) and then have the openSSL lib manage it? Thanks! Paul

Question on expiring certs on long-lived DTLS sessions

We want to be able to handle long-lived connections/sessions, and we are therefore wondering about situations where a client or server certificate may expire either 1)after we have established a context, or 2)after a session has started. Perhaps the first question is: how often is a certifica

RE: Regarding porting AES ciphers alone to kernel

Krishna Mohan wrote: > We are looking for porting AES Cipher suite alone to kernel for a requirement. IMHO, the components of OpenSSL are not really optimized for this use. Further, OpenSSL is not the only implementation of AES that is available to you. You might want to look around; the other

RE: [PATCH] armcap.c: use getauxv on glibc to find caps

Cristian Rodríguez wrote: > El 12/09/13 14:17, Yuriy Kaminskiy escribió: > >> This will break on glibc-3.0. >> #if defined(__GLIBC_PREREQ) && __GLIBC_PREREQ(2, 16) > >Yes, that is the correct way, but ensure is being included. As a compiler implementer, I must object. The universal convention is

CDT: "What the heck is going on with NIST’s cryptographic standard, SHA-3?"

In case you hadn’t seen this: https://www.cdt.org/blogs/joseph-lorenzo-hall/2409-nist-sha-3 Paul _ Paul A. Suhler, PhD | Firmware Engineer | Quantum Corporation | Office: 949.856.7748 | paul.suh

RE: [openssl.org #3224] OpenSSL 1.0.1f rsa_pmeth.c duplicate code block

Tomas pointed out the "oeap" vs. "oaep" difference. And now you have to support the typo forever. Sigh. Paul -Original Message- From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On Behalf Of Paul Suhler via RT Sent: Friday, January 10, 20

[openssl.org #2563] Please close this bug; changes have been applied.

I just checked-up on my unresolved openssl bugs, and noticed that this suggestion is still open in RT. This report can be closed, because the changes that I requested were applied by Dr. Henson back on December 19, 2011. Thanks PG -- Sr. Technical Consultant, Stratus Technologies, Inc. 111 Powd

Unit Testing/statically analysing OpenSSL

I am keen to get more involved in the development of OpenSSL, I am curious, has the code been run through a static analysis tool (such as Coverity)? There are self checks, are there unit tests (e.g. Google Test/Mock)created for any part of OpenSSL? Paul

Re: Unit Testing/statically analysing OpenSSL

It sounds like us three should try and coordinate our efforts. Ideally, once we start getting working tests we can setup a Jenkins server to automate the process. Paul On 2014-07-09 15:42, dcrue...@qualitesys.com wrote: I'm also on the way to create unit tests on the source code basi

Re: Preferred method: email patches or pull requests?

Is there some form of review process for changes? Paul On 2014-07-09 18:40, Kurt Roeckx wrote: On Wed, Jul 09, 2014 at 01:34:07PM -0400, Mike Bland wrote: I've got a pile of small test/build system commits pending in the following pull requests: test/testutil.h test registry macros

gmp engine

port routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:187:filename(/usr/local/ssl/lib/engines/libgmp.so): /usr/local/ssl/lib/engines/libgmp.so: cannot open shared object file: No such file or directory Is the gmp engine no longer supported? I see nothing about this in READ

Re: gmp engine

Dear Geoff, > > $ ./config "enable-gmp -I -L -lgmp" > > > > Not with the quotes, right? It works for me without them, I didn't try with > them. I confirm it works. Sorry for the noise, Paul Zimmermann __

Re: [openssl-dev] [openssl.org #4386] [PATCH] Add sanity checks for BN_new() in OpenSSL-1.0.2g

If one of the allocation calls succeeds and the other fails, the patched code will leak memory. It needs something along the lines of: if (order != NULL) BN_clear_free(order); if (d != NULL) BN_clear_free(d); in the failure case code. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network

Re: [openssl-dev] DRBG entropy

nd this down to 2 bits per byte, 1 bit per byte or even ½ bit per byte. The lower you go the more likely you are to be getting the entropy you want. The trade-off is the time for the hardware to generate the data and for the processor to hash it together. Pauli -- Oracle Dr Paul Da

Re: [openssl-dev] DRBG entropy

still zero actual entropy in the data. The tests have massively over estimated. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -Original Message- From: Kurt Roeckx [mailto:k...@roeckx.be] Sent: Friday, 29 July

Re: [openssl-dev] About Chinese crypto-algorithms

other algorithms but I haven't looked too deeply. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -Original Message- From: Salz, Rich [mailto:rs...@akamai.com] Sent: Wednesday, 28 September 2016 2:26 AM To: openssl-d

[openssl-dev] Test framework improvements

res as passes. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] Code Health Tuesday - test modernisation

gest improvements to the infrastructure? A: Sure thing, post them here too. -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Code Health Tuesday - test modernisation

A quick reminder that tomorrow is _test update_ Code Health Tuesday. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia From: Paul Dale Sent: Thursday, 6 April 2017 3:40 PM To: openssl-dev@openssl.org Subject: [openssl

[openssl-dev] Code Health Tuesday - summary

-- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia From: Paul Dale Sent: Thursday, 6 April 2017 3:40 PM To: openssl-dev@openssl.org Subject: [openssl-dev] Code Health Tuesday - test modernisation Next week on the 11th of Apri

Re: [openssl-dev] Work on a new RNG for OpenSSL

~/.rnd file or equivalent is beneficial here. I've implemented this to seed /dev/random a couple of times now. It isn't ideal but it is better than nothing. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Work on a new RNG for OpenSSL

The hierarchy of RNGs will overcome some of the performance concerns.  Only the root needs to call getrandom(). I do agree that having a DRBG at the root level is a good idea though.   Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031

Re: [openssl-dev] Work on a new RNG for OpenSSL

Ben wrote: > On 06/27/2017 07:24 PM, Paul Dale wrote: >> The hierarchy of RNGs will overcome some of the >> performance concerns. Only the root needs to call getrandom(). >> I do agree that having a DRBG at the root level is a good idea though. > Just to check my und

Re: [openssl-dev] Work on a new RNG for OpenSSL

cryptographic material is generated on first boot out of the factory. I've even seen some cases where this was done during the factory test. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -- openssl-dev mailing list To

Re: [openssl-dev] Work on a new RNG for OpenSSL

Cory asked: > When you say “the linked article”, do you mean the PCWorld one? My apologies I meant the one Ted referred to soon after. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -Original Message- Fro

Re: [openssl-dev] Work on a new RNG for OpenSSL

TFORK is not set as an option when OpenSSL calls OPENSSL_init_crypto. Would it be possible to make this default? This would be a large improvement in terms of protecting applications linking against OpenSSL. -Paul Kehrer (reaperhulk) On Mon, Aug 14, 2017 at 10:45 AM, Salz, Rich via openssl-dev

Re: [openssl-dev] Work on a new RNG for OpenSSL

ess from the bits you already have. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Work on a new RNG for OpenSSL

nly drop an error on the child process's error queue though? That behavior could potentially be a separate flag that OpenSSL uses by default (OPENSSL_TRY_TO_INIT_ATFORK), and then OPENSSL_INIT_ATFORK can be more strict about reseed failures if desired. -Paul -- openssl-dev mailing l

Re: [openssl-dev] Plea for a new public OpenSSL RNG API

;t count it. I like the idea of two independent global RNGs. Keeping the generation of long lived key material segregated from other uses of randomness seems sensible -- there is no possibility of cross compromise. This does increase seeding requirements however. Pauli -- Oracle Dr Paul

Re: [openssl-dev] Plea for a new public OpenSSL RNG API

: one to get random bytes, the other to request entropy. The first can be whitened or produced by a DRBG etc, the second also returns an estimate as to the quality. Essentially the difference between RDRAND and RDSEED. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encr

Re: [openssl-dev] how to static compile ssl engine into openssl

> On 26 Sep 2017, at 18:13, 程文平 > wrote: > > There is some more info. > > https://github.com/01org/QAT_Engine/issues/9 > Interesting. This issue was created by me last year, seems some people still struggling with co

Re: [openssl-dev] how to static compile ssl engine into openssl

> On 26 Sep 2017, at 18:13, 程文平 > wrote: > > There is some more info. > > https://github.com/01org/QAT_Engine/issues/9 > Interesting. This issue was created by me last year, seems some people still struggling with co

[openssl-dev] FIPS module for 1.1.x ?

interface so it could provide FIPS capability but I understand that other possibilities are again under consideration. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -- openssl-dev mailing list To unsubsc

Re: [openssl-dev] A question DH parameter generation and usage

For DHE_RSA, you first need a pair of RSA certificate/key for signing. And you if want to use specific DH parameters, you can use the SSL_CTX_set_tmp_dh API, there is documentation describing how to use this function. DH parameter could be generated by OpenSSL in many ways, one of the common way

Re: [openssl-dev] Speck Cipher Integration with OpenSSL

tion only applies to 1.0.2 builds currently. FIPS is on the project plan for 1.1 but it isn't available at the moment. The US government is forbidden to purchase any product that contains cryptographic operations unless the product has a FIPS validation. No FIPS, no sale. Paul

decryption_failed vs. bad_record_mac Alert in TLS 1.1

nc() to return bad_record_mac instead of decryption_failed for TLS 1.1 and later.) thanks, Paul _ Paul A. Suhler, PhD | Firmware Engineer | Quantum Corporation | Office: 949.856.7748 | paul.suh.

alloca() in OpenSSL 1.0.1

easy to occur and difficult to detect and recover from at runtime. Are we sure that using alloca() is the right thing to do? Is there any alternative to replacing it with OPENSSL_malloc() and adding an OPENSSL_free()? Thanks, Paul

RE: New FIPS 140-2 validation underway

e called v1.2.2 (that version designation is already in use). v2.0 perhaps; we haven't discussed it yet. -Steve M. = Are you aware of the speed complaints and speculations about a trapdoor in Dual_EC_DRBG? http://

BN_NIST_521 or BN_NIST_512 ?

;s been carried forward into 1.0.0c, openssl-1.0.1-stable-SNAP-20110201 , and openssl-SNAP-20110201. Thanks, Paul _____ Paul A. Suhler, PhD | Firmware Engineer | Quantum Corporation | Office: 949.856.

RE: [openssl.org #2449] [BUG] openssl 1.0.0d warnings during build and ACCVIO on OpenVMS

to me that this data type is just what you (and OpenSSL) are looking for. Hope this info helps. (*) The POSIX-2008 standard is online at http://pubs.opengroup.org/onlinepubs/9699919799/toc.htm. You must pre-register to view it, but the registration step carries no charge and is simple to perfo

Whence OPENSSL_NO_DSA / OPENSSL_NO_ECDSA ?

that the FIPS-compliant build does not define these symbols. Is there interest in cleaning this up? If not, then I'll just continue to make local changes for my port. Thanks, Paul _ Paul A. S

RE: New Timing Attack on OpenSSL ECDSA

n-invasive attacks at level 3 and higher. Cheers, Paul _ Paul A. Suhler | Firmware Engineer | Quantum Corporation | Office: 949.856.7748 | paul.suh...@quantum.com <mailto:paul.suh..

[PATCH] CMS econtent_type option

The CMS application only supports the econtent_type option for the sign operation. The trivial patch below adds support for the encrypt operation (enveloped-data). This allows signalling of the content of enveloped-data structures. Kind regards, Paul diff -u -r openssl-1.0.0d//apps/cms.c

RE: Generating randomness in userspace

Vegard Nossum wrote: > I've written a small program that gathers randomness from the uncertainty of > scheduling between threads/cores in a multithreaded program/system. Welcome to the challenge of generating pseudo-random data correctly, efficiently, quickly, and securely. This is not an easy

Issue with dtls1_clear changes from issue #2506

memset in dtls1_clear fixes the issue. -- Paul Witty __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated Li

Re: Issue with dtls1_clear changes from issue #2506

ent_ip_bio, client_op_bio); SSL_set_verify(client_ssl, SSL_VERIFY_PEER, dtls_verify_callback); SSL_set_connect_state(client_ssl); SSL_set_mtu (client_ssl, 1400); SSL_do_handshake(client_ssl); -- Paul On 12/09/11 14:45, Robin Seggelmann wrote: Hi Paul, On Sep 9, 2011, at 4:56 PM, Paul Witty wrot

Re: Issue with dtls1_clear changes from issue #2506

On 15/09/11 18:12, Michael Tuexen wrote: Hi Paul, I think this is what Robin found. Could you give the patch provided by Robin in http://rt.openssl.org/Ticket/Display.html?id=2602 a try? It should fix your issue. It does indeed; the code to reproduce is for informational purposes only, as you

EVP_Cipher()

urns 1 for success. Is this inconsistency indicative of a deprecated API that isn't being maintained? It's not documented on the website. Thanks, Paul _____ Paul A. Suhler, PhD

RE: Release of OpenSSL 1.0.1 approaching...

Dr. Stephen Henson wrote: > OpenSSL 1.0.1 is expected to be released in the next few weeks. [snip] > Users are encouraged to test recent snapshots of OpenSSL 1.0.1 and report any problems via the > request tracker (r...@openssl.org). I submitted RT #2563 back on July 14, 2011. It contains a maj

Build of openssl-1.0.1-beta1 on OpenVOS

I built openssl-1.0.1-beta1 on OpenVOS Release 17.1.0at using the "vos-gcc" entry in Configure, along with some extra arguments (see below). It successfully built and passed all relevant self-tests. However, several source files reference str(n)casecmp without including . Since the implicit decla

RE: OpenSSL FIPS Module 2.0 status update

Hi, all. What is the file openssl-fips-2.0rc2.tar.gz.1, which is about an hour newer than the one listed below? Thanks, Paul _ Paul A. Suhler, PhD | Firmware Engineer | Quantum Corporation

Version number: why 1.0.1 instead of 1.1?

ignificant features but not go to 1.1? I'd like to review it before advocating for 1.1. (And, no, I am quite sure it is not too late to choose "1.1" for "this new version" if the community wants to do so during

Re: Version number: why 1.0.1 instead of 1.1?

On Jan 23, 2012, at 9:07 AM, Dr. Stephen Henson wrote: > On Mon, Jan 23, 2012, Paul Hoffman wrote: > >> Greetings. I will likely be using features that only appear in "this new >> version" of OpenSSL in a project. There has been a question about whether >>

Re: Version number: why 1.0.1 instead of 1.1?

back the OpenSSL project because people won't even notice that you have added significant features if the new version is indicated by a third digit instead of a second or first digit. It's your call, of course. --Paul Hoffman

Failure to "Sign data using a message digest value" in 1.0.1 Beta 2

e I get a complaint about the input data's being too long.) Is the behavior broken, or have I overlooked something? Thanks, Paul ____ _ Paul A. Suhler | Firmware Engineer | Quantum

RE: Failure to "Sign data using a message digest value" in 1.0.1 Beta 2

Thanks, Steve. Is the openssl application capable of signing a longer message all in one command, or must I create the 256-bit hash with a separate command? Thanks, Paul _ Paul A. Suhler

"Ron was wrong, Whit is right"

let me know. Cheers, Paul _ Paul A. Suhler, PhD | Firmware Engineer | Quantum Corporation | Office: 949.856.7748 | paul.suh...@quantum.com <mailto:paul.suh...@quantum.com> Preservi

RE: OpenSSL 1.0.1 beta 3 released

For what it's worth, I was unable to verify the signature. My PGP Desktop could not contact pgp.mit.edu on either port 11371 or 389. Paul _____ Paul A. Suhler, PhD | Firmware Engineer | Qu

Use of "bool" as variable / argument in tasn_prn1.c

type, the compiler errors out. I'd submit a diff file, but getting that approved by our open source committee would take a while, so I'll just offer it for anyone to take over. Thanks very much, Paul ____

RE: [openssl.org #2789] SHA-256 bug - Big endian arch

Pavel Stanek wrote:   > I think that there is a bug in [OpenSSL 0.9.8 ] SHA-256 implementation [ when > on a big-endian x86 ] > Platform is Renesas SH3E in BIG-endian mode ( used compiler sh3eb-linux-gcc) > > OpenSSL version:  0.9.8u > Options:  -DB_ENDIAN > Target:   linux-generi

RE: [openssl.org #2789] SHA-256 bug - Big endian arch

y Polyakov Sent: Friday, April 13, 2012 5:32 AM To: openssl-dev@openssl.org Subject: Re: [openssl.org #2789] SHA-256 bug - Big endian arch Paul, > OpenSSL is just one of many open-source packages whose authors have > assumed that all IA32 implementations are little endian. No-no-no. IA is r

ARM Assembly Error

stant expression: fips_aes_set_encrypt_key-AES_Te-1024 currently resolves to: 0xb6c-0-0x400 = 0x76c which does not fit in an 8 bit field. Could I have made an error in my port which could explain this? If this file was successfully built using some ARM compiler, which one was it? Thanks

AES_ASM ?

Hi, all. The compile option AES_ASM is placed into the command line options in Configure, but it doesn't appear elsewhere in the 1.0.1c or FIPS 2.0rc1 code. Is it actually used - my builds indicate that it's not - or could it be removed? If the latter, then I'll open a ticket.

RE: SHA-256 and SHA-512 doubts in OpenSSL

I was just able to open the link below and the entire document looked okay. Paul _ Paul A. Suhler, PhD | Firmware Engineer | Quantum Corporation | Office: 949.856.7748 | paul.suh...@quantum.com

RE: SHA-256 and SHA-512 doubts in OpenSSL

Bhat, Like Andy, I had an older copy that appears to be correct. I'll mail it to you. I've notified the NIST webmaster about the bad file. We'll see how long it takes to get a response. Paul -Original Message- From: owner-openssl-...@openssl.org [mailto:owner-openssl-

Future Releases

Hi, everyone. Is there an expected date for the release of 1.0.1d? For 1.0.2? 1.1.0? Thanks, Paul _ Paul A. Suhler, PhD | Firmware Engineer | Quantum Corporation | Office: 949.856.7748

FW: [members] Proposed Charter for PKCS 11 TC

In case you haven't seen this. Paul _____ Paul A. Suhler, PhD | Firmware Engineer | Quantum Corporation | Office: 949.856.7748 | paul.suh...@quantum.com -Original Message- From: Chet E

RE: Question on encryption algorithms brittleness

Ido, Perhaps you should hire Bruce Schneier or a similar expert. Or read his books, which cover this topic in depth and are quite understandable to any well-educated software engineer. Also, see his web site and blog for much useful information. My own personal take is that these require

RE: TLS False Start support

I see that the internet draft for TLS False Start was withdrawn (https://datatracker.ietf.org/doc/draft-bmoeller-tls-falsestart/). More discussion here: http://blog.cryptographyengineering.com/2012/04/so-long-false-start-we-hardly-knew-ya.html Paul -Original Message- From: owner

RE: [openssl.org #2051] [PATCH] IPv6 support for s_client and s_server

Is there a target date for releasing 1.0.2? Thanks, Paul -Original Message- From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Thursday, April 11, 2013 11:06 AM To: openssl-dev@openssl.org Subject: Re: [openssl.org #2051

Building openssl-0.9.7-beta4

Hi, I am trying to port openssl on vxWorks(Tornado 2.0 vxWorks 5.4) for StrongArm(ixp1200) platform. I have a problem here. The encryption is not working for me. My code is as given below. I am using 3DES encryption first. Then to verify the output I am doing a decryption for the encrypted out

RE: Building openssl-0.9.7-beta4

ctly. Seems like maybe you need to initialise a salt/IV value. I'm running OpenSSL on a StrongARM (Windows CE) and haven't seen any problems like this. Steven -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of bepsy paul Sent: Thursday, 21 Novem

ASN1_TIME inconsistent function behaviour / bug?

the strings are exactly the same, 14 characters that make up the date, followed by \0. Have I missed something or is there a bug somewhere? Paul __ OpenSSL Project http://www.openssl.org Developm

Re: ASN1_TIME inconsistent function behaviour / bug?

java library (from bouncycastle.com I think). > What does the time in this existing certificate look like? That is what length > is reported by asn1parse on it. In particular does the certificate encoding > include the trailing \0? The output of openssl asn1parse -inform

[PATCH] VOS OpenSSL port

l nature should be directed to Elaine Martel at the address listed above. Sincerely, Paul Green Senior Technical Consultant Stratus Technologies, Inc. Attachments (c

BCM5820 driver

Hi, I am working on BCM5820 driver for vxWorks on ixp1200 platform. Has anyone developed/ported this driver onto ixp1200? If anyone know how to port it, please reply. Thanks in advance, Bepsy From: " via RT" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: [EMAIL P

[openssl.org #499] Status update?

I'm looking for status on my request, on behalf of Stratus, to use the term "VOS OpenSSL" to refer to our port of openssl to our VOS operating system. I originally submitted this request on February 6th. Thanks PG -- Stratus Technologies 111 Powdermill Road Maynard, MA 01754-34

OpenSSL on pSos?

Does anybody know if (parts of) OpenSSL compile and run on the pSos operating system? In case it matters: I'm particularly interested in the crypto (algorithms, x509, etc.) part of OpenSSL, which could (except BIO, ...?) be quite portable I guess. Regards,

Patches for Stratus VOS

doesn't allow embedded spaces. 7. e_os2.h. I added a macro for VOS. 8. test/Makefile.ssl. I added the executable suffix in all places where it was needed. Problems/comments/complaints, etc., can be directed to me. Thanks PG -- Paul Green, Senior Technical Consultant, Stratus Technolog

RE: Patches for Stratus VOS

Richard Levitte - VMS Whacker [mailto:[EMAIL PROTECTED] wrote: > In message <[EMAIL PROTECTED]> > on Tue, 23 Mar 2004 18:12:08 -0500, "Green, Paul" <[EMAIL PROTECTED]> said: > > Paul.Green> I have ported OpenSSL 0.9.7c to the Stratus VOS operating > Paul.G

RE: [openssl.org #499] [PATCH] VOS OpenSSL port

Richard Levitte via RT [mailto:[EMAIL PROTECTED] wrote: > Paul, I finally decided to apply the changes, both to the > 0.9.7-stable and 0.9.8-dev branches. > > Please try tomorrow's snapshot to verify that I didn't miss anything. I downloaded openssl-SNAP-20040629.ta

RE: OpenSSL thread safety (was: possibly bug in crypto/rand/rand_ win.c)

variety of platforms. Thanks PG -- Paul Green, Senior Technical Consultant, Stratus Technologies, Maynard, MA USA Voice: +1 978-461-7557; FAX: +1 978-461-3610 __ OpenSSL Project http://www.openssl.org D

RE: sha test failing on MkLinux PPC

ng platform to see where the math divered. Enjoy. Thanks PG -- Paul Green, Senior Technical Consultant, Stratus Technologies. Voice: +1 978-461-7557; FAX: +1 978-461-3610; AIM: PaulGreen __ OpenSSL Project

RE: sha test failing on MkLinux PPC

Andy Polyakov wrote, responding to my earlier post: > Paul, > > > With the wide variety of platforms, it is not unusual for > > problems to show up on only one platform. > > Yes, but when it does, it's more and more likely to mean that it's > something wron

RE: intrested in participate on openssl development

with the package executes 100% of the source statements (or as close to that as possible)? Not that C0 code coverage is sufficient, but it is a good place to start. I'm guessing that we can always use more and better tests. The test suite is a lifesaver when porting OpenSSL to a new platf

0.9.6a-beta2 on Alpha RedHat 6.2 fails make test

building OpenSSH on top of this version of OpenSSL. Can anyone suggest things I might do to help diagnose what's going wrong? Thanks! Paul Allen -- Boeing Phantom Works \ Paul L. Allen, (425) 865-3297 Math & Computing Technology \ [EMAIL PROTECTED] POB 3707

Re: 0.9.6a-beta2 on Alpha RedHat 6.2 fails make test

Well, that patch was for the MIPS assembler stuff. Can't quite use it directly on my Alpha. :-) I reconfigured with no-asm, re-did the make, and the test fails at the same place. Paul Allen - David Rees wrote: > Thi

Re: 0.9.6a-beta2 on Alpha RedHat 6.2 fails make test

ed with no-asm, and it passes all the tests. I gather this disables inline asm code all over the place, so I may be losing performance. The speed of the "make test_bn" test didn't change with or without asm, but I had to run it a dozen times to get one that ran all the way through.

Re: [ANNOUNCEMENT] OpenSSL 0.9.6a Beta 3 released

Richard Levitte wrote: > > The third beta release of OpenSSL 0.9.6a is now available from the > OpenSSL FTP site ftp://ftp.openssl.org/source/>. Passes all tests on Alpha, RedHat Linux 6.2. Great job, guys! Paul Allen -- Boeing Phantom Works \ Paul L. Allen, (4

[PATCH] openssl/crypto/bn/asm bn-586.pl bn_mul_add_words

0.0016s 0.0001s615.5 7936.6 rsa 1024 bits 0.0073s 0.0003s137.3 2891.8 rsa 2048 bits 0.0405s 0.0011s 24.7893.0 rsa 4096 bits 0.2590s 0.0039s 3.9257.6 Index: crypto/bn/asm/bn-586.pl === RCS file:

Re: .NET version of OpenSSL

h such obvious designed-in flaws as Windows. "Old Unix programmers" and young ones as well are working quite hard to make certain that software that doesn't suck is available for those who can tell the difference. Paul Allen -- Boeing Phantom Works \ Paul L. Allen, (

Re: .NET version of OpenSSL

Jeff Roberts wrote: > > Paul, > > I know, I am an old Unix Programmer that now loves .NET ! As a matter of fact I was >programming before Unix was around ! I have seen a lot of old Unix programmers end >up in the unemployment line because they failed to change with

Re: Compatibility of client PKCS#12 files

te is meaningless in that context (as far as I know...) so I have changed the store to remove it. This solves the problem for me, but still it would be best to make PKCS12_parse() more robust. Cheers, Paul. On 10/07/2008, at 1:14 AM, Joe Orton wrote: On Tue, Jul 08, 2008 at 12:03:15PM

openssl speed RSA

know these implementation details. Thanks much, Paul __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Ma

openssl speed RSA

know these implementation details. Thanks much, Paul __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Ma

RE: openssl-0.9.8-stable-SNAP-20081115 and FIPS

Dear 'The Doctor', I am not on the OpenSSL team so I'm just speaking for myself here. But I have done work on many other open-source products, so I'm responding based on my overall experience with open-source development. When you find a problem in an open-source product, the accepted protocol i

  1   2   3   >