Re: [openssl-dev] MD5 speed

On Sun, Jan 29, 2017 at 10:53 PM, Peter Waltenberg wrote: > > No one cares ?. I was rather thinking the same thing. Pretty much the same deprecated status for SHA1, too. Want to talk about poly1305? - M -- openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] X25519 is the default curve for ECDHE in OpenSSL 1.1.0

On Fri, Sep 16, 2016 at 8:52 AM, Salz, Rich wrote: ... That's because most people have not moved to OpenSSL 1.1.0 yet. I'm not > joking, I think that's a major reason. Well, you've provided them with a reason. ;-) Srsly, thanks for not making the NIST curves the default. -

Re: [openssl-dev] 3DES is a HIGH-strength cipher?

I think you should revert to your earlier comment - that High, Medium, Low are inherently awful. Maybe color codes? ;-) I consider 3DES-EDE to be adequately strong. The block size is a problem, speed in software is a problem, etc. but it has been remarkably resilient against differential

Re: [openssl-dev] curve25519

On Sun, Jun 21, 2015 at 3:00 PM, Salz, Rich rs...@akamai.com wrote: Your analysis is incorrect for servers over the Internet, where the only thing that an attacker can measure is time. Power and radiation require close proximity and, often, physical intervention. Those are reasonable attacks

Re: OpenSSL roadmap

On Wed, Jul 2, 2014 at 11:23 AM, Loganaden Velvindron logana...@gmail.com wrote: If I'm interested in fixing OpenSSL, why shouldn't I have access to coverity scans ? I'm not a committer, and not a core member, but I am fully prepared to answer your question. Because the policy of the project

Re: AW: Which platforms will be supported in the future on which platforms will be removed?

On Tue, Jun 3, 2014 at 7:10 AM, Theodore Ts'o ty...@mit.edu wrote: There's a very simple solution to that problem, especially since we now have the support and attention of many hardware companies. The rule should be very simple. If a company doesn't contribute either (a) exclusive,

Re: Regarding porting AES ciphers alone to kernel

On Thu, Aug 29, 2013 at 10:24 PM, Elluru, Krishna krishna.ell...@netapp.com wrote: HI Openssl dev team, We are looking for porting AES Cipher suite alone to kernel for a requirement. What platform? Linux and BSD support /dev/crypto, which is pretty much what you want. Support exists for

Re: AES GCM considerations in regards to SP800-38D

On Sun, Aug 18, 2013 at 2:08 PM, Ben Laurie b...@links.org wrote: On 15 August 2013 09:21, Tomas Mraz tm...@redhat.com wrote: ... Especially there is no checking that the key is not used with more than 2^32 different IV values. Did I overlook it and the test is there? Or is the test not

Re: OCB Authenticated Encryption

Does Phil still teach at UC Davis? You could always ask him directly for clarification or a waiver. - M __ OpenSSL Project http://www.openssl.org Development Mailing List

Re: ECDSA_do_verify()

Kirk81 wrote: Sorry guys, I found some mistakes in my code. Not just in your code So finally, with an IA-32 Pentium M processor 1500MHz, the functions are in order of microseconds [ms]: ms denotes milliseconds. us denotes microseconds, unless you can express it as μs, which is obviously

Re: SPARC assembly trick in libcrypto breaks IBM Rational Purify

Ger Hobbelt wrote: On Mon, Mar 16, 2009 at 10:23 PM, Kenneth Robinette supp...@securenetterm.com wrote: You need to take this discussion offline. snif Finally something interesting to read and it's mentioned it should go. sigh. Here's two who know their craft, it's even about OpenSSL and

Re: q and j parameters for Diffie-Hellman

Dr. Stephen Henson wrote: One other note. Static-static DH IIRC has an unfortunate side effect: the sender can be traced because they have made use of their private key. Other algorithms such as RSA or ephemeral-static DH don't have this property. This issue was discussed in the S/MIME

Re: David is off to the entropy store to get some fresh entropy

biswatosh chakraborty wrote: Michael, u need more training in communication and then probably in technology. I'm extremely impatient with the use of ill-defined terms by the less-than-well informed when they pretend to speak with authority. Schwartz has committed a number of bald assertions

Re: Couldn't obtain random bytes in sshd - problem in RAND_poll?

Are you or are you not the same David Schwartz who claimed that SSLv3 is vulnerable to MITM? If so, what have you learned since then? __ OpenSSL Project http://www.openssl.org Development Mailing

Re: Couldn't obtain random bytes in sshd - problem in RAND_poll?

Theodore Tso wrote: As the old saying goes, better to be silent, and thought to be a fool, and to speak, and remove all doubt. Well, Brahma said, even after ten thousand explanations, a fool is no wiser, but an intelligent man requires only two thousand five hundred. Normally, I am fine with

Re: David is off to the entropy store to get some fresh entropy

David Schwartz wrote: No, we count on it [RSA] being (for practical purposes) irreversible. That's why you need a different key to decrypt than you used to encrypt. If it was reversible, like say DES, you could decrypt with the same key you encrypted with by simply reversing the process.

Re: Couldn't obtain random bytes in sshd - problem in RAND_poll?

David Schwartz wrote: Deterministic is the antithesis of truly random. You've said some truly stupid things, David, but that one wins the prize. __ OpenSSL Project http://www.openssl.org

David is off to the entropy store to get some fresh entropy

David Schwartz wrote: Deterministic is the antithesis of truly random. I think you're obliged to define what you mean by truly random -- maybe even think about it before using such terms. Most processes that generate random noise don't usually have an nice, equiprobable, Poisson

Re: David is off to the entropy store to get some fresh entropy

David Schwartz wrote: It's a well-understood term in the art. You are not a practitioner of the art, David. There are RBGs and PRBGs but no one uses the term truly random. In fact, it's the same distinction everyone else in this field makes. No. We know what cryptographically useful

Re: Couldn't obtain random bytes in sshd - problem in RAND_poll?

David Schwartz wrote: do disagree with my claim that an algorithmic process can produce an very large amount of cryptographically-strong random output with a small amount of truly random input? Yes. A small amount of random input might mean that the entire state -- past, present and future

Re: David is off to the entropy store to get some fresh entropy

David Schwartz wrote: RSA is reversible. I never claimed otherwise. What I said is: So /dev/random tries to provide truly random numbers while /dev/urandom tries to provide only cryptographically-secure pseudo-random numbers. It's as assured by the implementation as RSA assures that its

Re: David is off to the entropy store to get some fresh entropy

David Schwartz wrote: Apparently you don't understand the relationship between true randomness and entropy. I don't know what you mean when you say true randomness and I suspect that you don't. When you use the word entropy in this context, I assume you mean Shannon entropy, and I'm pretty

Re: IPv6 support in OpenSSL

Ravindra wrote: I'm looking for information regarding IPv6 support in OpenSSL. Which is the first and stable version that adds support for IPv6 in OpenSSL ? SSL operates atop TCP. Whether this supports IPv6 is left as an exercise for the reader. - M PS Does your web browser support IPv6?

Re: [CVS] OpenSSL: openssl/crypto/x509/ x509_att.c

Geoff Thorpe wrote: On Friday 30 May 2008 09:52:40 Ben Laurie wrote: Dr. Stephen Henson wrote: I do wish you wouldn't use these extra brackets around comparison operators. if (len == -1 !(attrtype MBSTRING_FLAG)) works just fine and is consistent with most of the rest of the

Re: valgrind and openssl

Thor Lancelot Simon wrote: ... However, consider the pathological case, in which an adversary manages to introduce N-1 bits of known state into your PRNG which has N bits of internal state. ... What you seem not to understand from this discussion is that the internal state is a consequence

Re: valgrind and openssl

Theodore Tso wrote: ... I'd be comfortable with an adversary knowing the first megabyte of data fed through SHA1, as long as it was followed up by at least 256 bits which the adversary *didn't* know. I'd be comfortable with an adversary knowing the first zetabyte of data fed though SHA1, as

Re: 117 Character Limit

robert2007 wrote: I noticed that using RSA with OpenSSL places a 117 character limit when encrypting messages. Would anyone happen to know the reason for this? 1) It doesn't 2) Do you mean with a 1024-bit modulus the encryption block size is 936? Because of padding. If one were to Wiki

Re: 117 Character Limit

Goetz Babin-Ebell wrote: RSA has some weaknesses against chosen plain text attacks. RSA is just an algorithm, so if you talk of chosen plaintext or chosen ciphertext attacks, it needs to be in the context of an encryption method. OAEP is a response primarily to a chosen ciphertext

Re: OpenSSL and LSB

Theodore Ts'o wrote: Reading through the mail archives, the problem, as I understand it, is that OpenSSL is derived from a very old legacy codebase, with an interface which relies on publically visible data structures which must be accessed either directly, or via accessor macros. In

Re: Hiding headers for OpenSSL

Scott Campbell wrote: The long version: We run security check software, which makes connections with various services, calls up the header, and then tells us that based upon the version it read in the header, this service has certain vulnerabilities. For security purposes, we would

Re: Propose replacing POD with DocBook

Richard Salz wrote: I propose that OpenSSL move to DocBook FWIW, I emphatically support this proposal. __ OpenSSL Project http://www.openssl.org Development Mailing List

Re: Propose replacing POD with DocBook

Richard Salz wrote: FWIW, I emphatically support this proposal. Thanks! Hope you're doing well. I am, thanks. How are you? You sorta dropped low on the radar for a while. I used to joke: XML: the new ASN1! But I'm happy to be wrong about that. Anything -- and I include a clay tablet

Re: Propose replacing POD with DocBook

Sorry folks, my MUA caused that to go to the list instead of just Rich. Cheers, Michael __ OpenSSL Project http://www.openssl.org Development Mailing List

Re: ideas on replacing where ERR_STATE is stored?

Steven Reddie wrote: Hi Michael, I'm familiar with that approach, having used it many times myself. The choice of poll over select isn't important since they're basically the same; in fact, poll is sometimes implemented with select. Who implements poll with select should suffer a fate

Re: ideas on replacing where ERR_STATE is stored?

Jack Lloyd wrote: I believe Michael is actually talking about the thundering herd problem, when many processes are all waiting on a single event, which only one of them will end up responding to. That is a classic problem affecting some uses of select (and also accept, and IIRC a few other

Re: ideas on replacing where ERR_STATE is stored?

Lev Walkin wrote: ... Poll() provides no advantage over select() for the thundering herd problem. Sorry, I'm not here to chew your food for you. __ OpenSSL Project http://www.openssl.org

Re: ideas on replacing where ERR_STATE is stored?

Lev Walkin wrote: Including poll(). A polling model may be built on /dev/poll or kernel queues, etc. I made mention of /dev/poll in my first contribution to this thread. Go back to class. __ OpenSSL Project

Re: ideas on replacing where ERR_STATE is stored?

Steven Reddie wrote: Do you mean using select() to handle multiple simultaneous connections? I'm late in catching this thread, but I'll wager that Rich would use poll rather than select, or /dev/poll, or some such. The model he describes is the most efficient, but makes application

Re: [openssl.org #1176] Problems wirh openssl-0.9.8, make test

Andy Polyakov via RT wrote: Similar problem was reported in FreeBSD context and is believed to be caused by a bug in binutils. You either have to upgrade binutils or reconfigure with extra no-sse2 option. ... If you make an entry in the FAQ, please be specific about which versions of the GNU

Re: Inclusion of FIPS

Ben Laurie wrote: My understanding is that our security policy is that if you can show a chain of SHA-1 HMAC signatures from the certified source to whatever-it-is-you-are-running, then you are certified. We provide one mechanism to do that. You can provide others. Note that the chain of

Re: Accelerating RSA Key Generation

Bommareddy, Satish (Satish) wrote: HI One of the applications we are working on requires us to generate RSA key pairs at a rate of about 20-25 key pairs/second is there any application out there which can do this?? is using /dev/random, /etc/entropy or accelerator card with RNG any faster?? and

Re: Accelerating RSA Key Generation

Dr. Stephen Henson wrote: What's the intended purpose of the keypairs? If you don't have to use RSA then other public key algorithms could be used which have must quicker key generation times. Yep. A DH keypair is as fast as generating N random bits and doing a single modular exponentiation --

Re: FIPS mode

Mathias Brossard wrote: It's a little disappointing that RSA is not part of the process (it is much more common than DSA). Looking at the list of validated modules http://csrc.nist.gov/cryptval/140-1/1401val.htm I see in the field FIPS-approved algorithms the value RSA (PKCS #1, vendor

Re: More DH questions

Nils Larsch wrote: Is it true that for a given P g, I would always get the same public key No, the private key is (should be) a random number = you get a different public key for each invocation of DH_generate_key Not quite, no. In fact, DH would be pretty useless if that were the case. See

Re: More DH questions

Bala Pitchandi wrote: Is it true that for a given P g, I would always get the same public key and for a given P, g pub_key, I would get the same shared secret key? Okay, let's get a few terms straight. With Diffie-Hellman, a system shares g, p and each user generates a random secret exponent,

Re: More DH questions

Bala Pitchandi wrote: Yes, I do understand the DH exchange process. But with respect to the OpenSSL DH Library usage, let's say I and another party have fixed p g. I calculate X using DH_generate_key() (I get a different X every time for the same p g, is that okay?). And later I receive the

Re: AES counter mode

Stephen Sprunk wrote: I'm a bit more ambitious... We should specify NIST-style CTR mode for all octet stream applications within the IETF's domain, with SSL/TLS as an example. For record-based systems, I don't know if NIST-style or IPsec-style would be more appropriate :-( There is no such

Re: AES counter mode

Richard Levitte - VMS Whacker wrote: OK, I've been follownig this discussion for a while, and it's time I ake action. Basically, to provide for all the current and future ways of handling the IV, I can see three alternatives: - have the application provide a function that manipulates the IV. -

Re: AES counter mode

Richard Levitte - VMS Whacker wrote: Whatever, I used the terms like this: - IV is a bitstring of some sort (possibly random), of the same size as the crypto algorithm block. In the AES case, it would be 128 bits. - For CTR mode, the counter is a part of the IV. The rest of the IV is

Re: AES counter mode

Lee Dilkie wrote: I don't have experience with counter mode for SSL (if there is even such a beast) or the NIST mode you are referencing (I believe Ipsec was looking at that mode a few months ago) but I do have experience with counter mode for SRTP (secure RTP; encryption of media streams). In

Re: AES counter mode

Thierry Boivin wrote: I agree with you about the way to build the initial ctr value from the nonce value. My question is different : whithin the encryption of a whole plaintext message (so a big block to be divided into 128 bit length blocks) , why to increment ctr by 2^64 instead of 1 from

Re: AES counter mode

Thierry Boivin wrote: Hello, I am trying to play with AES crypto in counter mode. Using the crypto library against reference vectors found in IPSec RFC fails until the incrementation function (AES_ctr128_inc()) is modified in order to get a +1 step instead of a +2^64 step. Where does the actual

Re: how to convert a .DER certificate to .DB ?

Scott Harris wrote: I need some help to change the Certificate I generated using Microsoft Certificate server in .*DER* format to convert to .*DB* format to use with Netscape API. Any body knows *how to convert a .DER certificate to .DB *. Any tools that that can do that.. It's been a

Re: OpenSSL using a TRNG

Leif Kremkow wrote: I'm looking for some guidance. I'd like to change the OpenSSL library to be able to use a TRNG for all random numbers, not just to seed the PRNG. There are no such devices which produce adequate quantities of random material for a server with reasonable load. Most have a

Re: [PATCH] AES counter mode non-zero counter offset

Richard Levitte - VMS Whacker wrote: How could num (or n, inside AES_ctr128_encrypt() ever have a value that isn't between 0 (included) and AES_BLOCK_SIZE (excluded), It's even smaller than that. CTR mode is defined as a BIG-ENDIAN 128-bit number (AES only has one block size) 0 = n = 2^64-1

Re: Why should SPKAC-initiated certificates be stored in raw DERformat

Richard Levitte - VMS Whacker wrote: I just noticed that when 'openssl ca' is used with '-spkac', the resulting ctificate is stored in raw DER format instead if PEM format. Is there a logical reason for this, or is this another EAYism that noone understands today? Since SPKAC was a

Re: Openssl-09.5

Richard Koenning wrote: Look at http://www.openssl.org/support/faq.html#USER Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work. ... This is really a bug. It doesn't work *why*? Because the code isn't written to read properly from a FIFO.

Re: Solaris bc

Erwann ABALEA wrote: dc and bc are linked by some way... Yes. Unlink dc and bc won't work. ;-) __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL

Re: Solaris bc

Howard Chu wrote: The last time I checked, dc is only a front-end for bc. It seems odd to me that dc can work correctly if bc is broken... # cd /usr/bin # ls -l dc -r-xr-xr-x 1 root bin40584 Jan 5 2000 dc # ls -l bc -r-xr-xr-x 1 root bin25600 Jan 5 2000 bc #

Re: Solaris bc

Daniel Sands wrote: What's the problem here? The output is exactly as it should be for this program. Your lack of reading skills? The point is that the previous poster asserted that dc was a front end to bc. I believe that I conclusively demonstrated that this is not the case. Try again.

Re: How can i make a symmetric key?

Kukmin, Han wrote: How can i make a symmetric key using openssl library? Make a random number. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL

Re: bug and solution wrt SSL_set_verify()

Nelson Stewart wrote: REMOVE Remove what? Those old rags you're storing in your skull? You didn't save the instructions you got when you subscribed, did you? http://www.openssl.org/support/ And do your best to follow the instructions.

Re: HOWTO renew a certificate

Massimiliano Pala wrote: However keep in mind that certificate renewal (issuing a new certificate to the same subject using the same key) should be discouraged as its lifetime (key's one) should be considered ended with the expiration of the certificate (or you could have issued the

Re: RAND_add() and the entropy...

Lutz Jaenicke wrote: The entropy parameter should tell, how much uncertainty is in the data provided. If we choose a value of 0, we mean that there may be entropy in it, but maybe an attacker can predict the value, so we use it but do not count it as a really unpredictable input. So, if

Re: Orders of PKCS7 certificate chain

Wang, Kate wrote: Hi, everyone, Here is another novice question. Is there any easy way to find out the subject certificate out of a PKCS7 certificate included the whole chain? Or more specifically, if I use openssl PKCS7 command to convert a PKCS7 certificate into PEM format, or

Re: Differences between TLS and SSL

Joaquim Quinteiro Uchoa wrote: I'm needing, urgently, to know the differences between TLS and SSL protocols... I don't need big details, only one or two paragraphs about the difference. SSLv3 was devised by Paul Kocher with Phil Karlton and Alan Frier for Netscape. TLS is an IETF

Re: NULL fields in RSA structure

Ajay Nerurkar wrote: According to the doc the fields p, q, dmp1, dmq1 and iqmp in the RSA structure may be NULL in private keys but the function i2d_RSAPrivateKey() calls BN_num_bits() with each field of the argument RSA* a. And BN_num_bits() cannot handle a NULL argument. So, either

Re: Is Diffie - Hellman used anywhere?

Dr S N Henson wrote: Michael Sierchio wrote: Dr S N Henson wrote: DH certificates aren't currently supported: hardly anything uses them. The DH algorithm itself is used by (among other things) SSL and TLS. Mobile IP does. I suggest again that, since a DH profile exists

Re: Is Diffie - Hellman used anywhere?

Dr S N Henson wrote: Wouldn't you rather have the ASN.1 profile? I'd rather have both. If past experience is anything to go by the ASN.1 profile will show what the certificates should be like and the examples will show what they really are like :-) Yes, and I've already promised you

Re: Is Diffie - Hellman used anywhere?

Requests. Sound reasonable? I think maybe I could bite off a chunk of this... Comments? - Michael Sierchio __ OpenSSL Project http://www.openssl.org Development Mailing List

Re: Is Diffie - Hellman used anywhere?

Dr S N Henson wrote: OK that looks like standard PKCS#3 stuff which can be handled fairly easily for just certificate support. Is a private key format defined as well or is that up to the application? If the latter I'd follow the PKCS#8 + PKCS#11 standard for DH. Okay, private key format,

Re: Is Diffie - Hellman used anywhere?

Dr S N Henson wrote: DH certificates aren't currently supported: hardly anything uses them. The DH algorithm itself is used by (among other things) SSL and TLS. Mobile IP does. I suggest again that, since a DH profile exists, it should be supported in OpenSSL.

subjectAltName truncating IPv6 address to IPv4

It appears that (haven't not yet looked at the code) IPv6 addresses aren't currently supported in OpenSSL certs in subjectAltName. Is this the case? Or is the problem in the 'openssl ca' command line parsing? Thanks. __

Re: subjectAltName truncating IPv6 address to IPv4

Dr S N Henson wrote: No they aren't handled currently. I haven't really looked into IPv6 and how the things should be displayed and parsed. I can supply the display and parsing grammar. As for the address encoding, it's just 16 octets (in network byte order) encoded as an octet string,

Re: subjectAltName truncating IPv6 address to IPv4

Shoichi Sakane wrote: i sent the patch to deal with ipv6 address in subjectaltname last month. http://marc.theaimsgroup.com/?l=openssl-devm=99769011626596w=2 isn't it enough for you ? Thanks, I think that will do it. __

Re: EBCDIC port plea.

Richard Levitte - VMS Whacker wrote: If I understand correctly, one of the bigger issue is that PEM files may be ASCII or EBCDIC encoded, and that there may be some confusion about this particular detail and what is really supported, is that correct? I can't answer, since the support is

Re: EBCDIC port plea.

Richard Levitte - VMS Whacker wrote: If I understand everything correctly, the letters, digits and so on do not share the same numeric (character code) space in EBCDIC and in ASCII. With that in consideration, I can very well see problems if a file is written with ASCII encoding and later

Re: autoconf -- when?

Dan Kegel wrote: I just bumped up again against the fact that OpenSSL still lacks a modern autoconf system. It *sure would be nice* if you'd use Gnu automake and autoconf on posix-compliant systems, and keep the old Configure system for non-posix systems. I couldn't agree more.

Re: Export level ciphers..

Nagaraj Bagepalli wrote: Does openssl support export level cipher suites? I was looking at 0.9.5a version of openssl and I could not locate any function which does the 40 bit DES. Yes. DES 56 bit, DES 56 bit w/SHA1 and DES CBC 56 bit w/SHA1 *are* export grade ciphers.

Re: request for openssh0.9.6 makefile

Richard Levitte - VMS Whacker wrote: Oh well, I've been thinking of doing a Makefile haul-over for some time, perhaps that time is now (or at least in the near future)... automake? autoconf? Pleez? __ OpenSSL Project

Re: Hmm... (discoveries about BIGNUM code)

Rich Salz wrote: after I pointed it out), that calling realloc() in the code will leave lots of copies of private keys and other sensitive data lying around in memory. The bignum code should never call the libc realloc(), but should instead use a safe realloc which does a malloc(), a

Is the list down?

-- Michael Sierchio [EMAIL PROTECTED] Certified Master Internet Security Specialist http://www.brainbench.com/transcript.jsp?pid=1889331 __ OpenSSL Project http://www.openssl.org Development

Footprint reduction by thinning

I have some interest in reducing the deployed footprint for libssl and libcrypto, and would like to expand on the build options that allow the exclusion of {IDEA|RC2|etc.}. It's a little trickier, but I have in mind deploying both clients and servers using only: DHE-DSS-RC4-SHA I'll

Re: Rijndael, PKI and key lengths.

Bryan Mongeau wrote: ... but I seem to be slightly confused about key lengths. Yes, you do ;-) Key lengths for symmetric ciphers and key lengths for public key cryptosystems are not equivalent. Although it is hard to draw equivalences, a DH or RSA modulus length of 1024, probably the

Re: Rijndael, PKI and key lengths.

Bryan Mongeau wrote: Thanks for the detailed clarification. I can then extrapolate that Rijndael can be used as the block cipher in network encryption only if its symmetric key were to be encrypted with the intended recipient's public key. This seems to be undesirable practice since it

Re: FreeBSD and shared libs

Richard Levitte - VMS Whacker wrote: From: Daniel Richards [EMAIL PROTECTED] kyhwana Im having problems with getting openssl to make shared libs kyhwana in FreeBSD. It just doesn't seem to make them, even when I kyhwana do a ./config shared. Any ideas? Could I be missing kyhwana

Re: Sanity check: RSA performance on Linux

patrick engel wrote: I'm using a 2048 bit key since strong encryption is required for my app. I'm encrypting relatively large files (10mb and eventually much larger). No one does this. See PKCS#7 for the way it's done in the real world.

Re: rewriting the ASN1

Dr S N Henson wrote: One goal is to reduce code bloat. As such I want to avoid any option that results in lots of code. I'm planning an "intelligent" encoder and decoder that gets passed a tiny structure describing the ASN1 structure to encode or decode. It will be possible to hand code

Re: OpenSSL des3..... returns Bad magic number ?

"Hellan,Kim KHE" wrote: ...but I keep getting a "bad magic number" message back. This seems to indicate the wrong version of a shared library in your path (i.e. not the same one that the executable was built against). __

Re: PKCS8 question

[EMAIL PROTECTED] wrote: ...At any rate, I can't sign it w/ my openssl-generate CA cert, and I can't convert it using openssl x509. This may seem rather pedandic, but you don't sign things with a cert -- you do so with the private key associated with the public key that's baked into a cert.

Re: Compilation error on OpenStep 4.0

Ulf Möller wrote: On Tue, Mar 07, 2000 at 02:14:05PM -0700, Francisco A Tomei Torres wrote: bss_bio.c:209: undefined type, found `ssize_t' I've encountered the same problem on another platform. Expect a fix shortly. (For now, you can just replace all occurences of "ssize_t" with

Re: Typo in objects.h

Jean-Marc Desperrier et toute sa plume, et son visage nu traînant, a écrit: Let's all dump english. Right. Instead of "email" we'll all write "courrier électronique" and all of that pesky, excess communication bandwidth will be filled. For every English term there is a suitable French

RSA Private Key Format

and would like to use them -- having discarded p and q... Ta. -- Michael Sierchio [EMAIL PROTECTED] QUI ME AMET, CANEM MEUM ETIAM AMET. __ OpenSSL Project http://www.openssl.org Development Mailing List

VBS virus

Please unsubscribe this moron, or close the list to nonsubscribers. Thanks, Anjali Koshti wrote: Have fun with these links. Bye. Name: LINKS.VBS LINKS.VBSType: VBScript Script File (application/x-unknown-content-type-VBSFile) Encoding:

Re: Problems compiling OpenSSL

Jorge Castello wrote: Helo: I'm trying to install OpenSSL 0.9.4 on a Sun Netra computer with Solaris 2.6, and I get the following error message wen running 'make': ar r ../libcrypto.a cryptlib.o mem.o cversion.o ex_data.o tmdiff.o cpt_err.o make[1]: ar: Command not found try putting

Re: Sadistic C compiler...

Jeffrey Altman wrote: . 4 fn(x, y, z);/* Function call: functions */ /* x and y, and array z */ /* passed as addresses */ A function pointer may not be an "address" -- in

Re: Yahoo - The Sun-Netscape Alliance Releases PKI Library Source Code

Ben Laurie wrote: http://biz.yahoo.com/prnews/000118/ca_sun_net_1.html Yahoo - The Sun-Netscape Alliance Releases PKI Library Source Code.url Hmm. Doesn't say what language its in! I think you're safe, Ben -- it's gotta be English. They stopped using Euskera after I left Sun. Cheers,

Multiplatform support and autoconf

It "would be really nice" if the openssl build process used GNU autoconf -- at least on those platforms for which it is available. This would solve some of the problems of consistent implementation on multiple platforms -- such as I am facing now. ;-) arf, Michael -- QUI ME AMET, CANEM MEUM

Building on Solaris

Has anyone successfully built openssl-0.9.4 on Solaris with shared libraries? The 'linux-shared' target seems to produce numerous errors (gcc invoking the native ld?). Any pointers greatly appreciated. Cheers, Michael -- QUI ME AMET, CANEM MEUM ETIAM AMET

Re: Verisign acquisition of Thawte

Bill Michaelson wrote: I've long believed that acceptance of liability by CA's is what would truly make certificates meaningful in a practical sense. I'd rather have a certificate with (fidelity?) insurance from Lloyd's or Citigroup than what Verisign offers, and it's really what irks me

  1   2   >