>>> On 1/16/2012 at 11:31 PM, in message <20120116163148.4f325...@redhat.com>,
Tomas Hoger wrote:
> On Wed, 11 Jan 2012 21:04:33 -0700 Guan Jun He wrote:
>
>> > It seems you're trying to address more than just CVE-2011-1473 via
>> > this patch, which results in a fairly large patch. Why do yo
The attached trivial patch adds missing check for load_certs_crls
failure in apps.c. It is applicable to 1.0.0 and 1.0.1 branches.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
diff -up openssl-1.0.0a/apps
In some cases when a S/MIME message with broken MIME headers is
processed a NULL dereference in mime_hdr_cmp can happen. The attached
patch guards against this dereference.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Tur
The attached simple patch allows other possible syntaxes of XMPP
starttls headers to be recognized.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
diff -ru openssl-1.0.0d.old/apps/s_client.c openssl-1.0.0d/
The attached simple patch moves the libraries that are not needed for
dynamic linking to the Libs.private section in the OpenSSL .pc files.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
diff -up openssl-1.
OpenSSL-1.0.1-beta2 build with no-srp option fails because there are
some missing #ifdef OPENSSL_NO_SRP directives in the s_server code. The
attached patch fixes this.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish
I'm writing an OpenSSL client program. It must interoperate with some .NET code
that uses the SslStream classes. The .NET code is correct. If I create a .NET
client it connects correctly. If I run the .NET server on Windows 7 it works
correctly (with .NET client and with C plus OpenSSL client).
On Thu, Feb 9, 2012 at 4:33 PM, Adam Langley wrote:
> This is my bad, I didn't realise that s_client had any calls in it.
> I'll fix it. (By fixing s_client I think).
Dear Ben, please see attached patch.
Cheers
AGL
patch
Description: Binary data
> [xana...@geocities.com - Fri Feb 10 10:54:26 2012]:
>
> I'm writing an OpenSSL client program. It must interoperate with some
>.NET code that uses the SslStream classes. The .NET code is
>correct. If I create a .NET client it connects correctly. If I run
>the .NET server on Windows 7
I am experimenting with the OpenSSL FIPS Module 2.0, but am encountering some
difficulty.
I need to perform some RC4 calculations in code that does not need to be FIPS
compliant, even though I want all FIPS ciphers to be performed in FIPS mode.
I'm trying to use the EVP_CIPH_FLAG_NON_FIPS_A
On Fri, Feb 10, 2012 at 09:39:20AM -0500, Erik Tkal wrote:
> I am experimenting with the OpenSSL FIPS Module 2.0, but am encountering some
> difficulty.
>
>
>
> I need to perform some RC4 calculations in code that does not need to be
> FIPS compliant, even though I want all FIPS ciphers to be p
Yes, I understand all that; we currently have our own certified FIPS module
that I wired into OpenSSL via the engine APIs. Assuming that the module
boundary is the code in the FIPS canister, I want that module to perform all
FIPS-compliant operations, but still need the "outer" OpenSSL to perfo
On Fri, Feb 10, 2012 at 10:01:43AM -0500, Erik Tkal wrote:
> Yes, I understand all that; we currently have our own certified FIPS module
> that I wired into OpenSSL via the engine APIs. Assuming that the module
> boundary is the code in the FIPS canister, I want that module to perform all
> FIP
So I would have to recompile the OpenSSL and link against "my" version. Would
it be possible in a future version to make SSL3_RT_MAX_EXTRA a runtime-settable
parameter? As it's now it's a constant, but it's used only dynamically (no
static buffer is allocated through it).
_
I have verified with a new build that I was able to connect WITHOUT forcing the
TLS version. So the changes worked in my tests.
Thanks for the quick turnaround!
-Steve
-Original Message-
From: Stephen Henson via RT [mailto:r...@openssl.org]
Sent: Thursday, February 09, 2012 10
I'm just saying that there are options to allow this and it just doesn't seem
to work.
#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest
* in FIPS mode */
/* Allow non FIPS cipher in FIPS mode */
#define EVP_
On Fri, Feb 10, 2012, Erik Tkal wrote:
> I'm just saying that there are options to allow this and it just doesn't seem
> to work.
>
>
> #define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW0x0008 /* Allow use of non
> FIPS digest
>* in FIPS mode */
>
Hi Steve, thanks. This also seems to be a general issue with setting other
fields in the context, for example to override the key length (even in non-FIPS
mode) you have to initialize the cipher context with the cipher, then set the
fields in the context, then reinitialize it without specifying
So I would have to recompile the OpenSSL and link against "my" version. Would
it be possible in a future version to make SSL3_RT_MAX_EXTRA a runtime-settable
parameter? As it's now it's a constant, but it's used only dynamically (no
static buffer is allocated through it).
_
I have verified with a new build that I was able to connect WITHOUT forcing the
TLS version. So the changes worked in my tests.
Thanks for the quick turnaround!
-Steve
-Original Message-
From: Stephen Henson via RT [mailto:r...@openssl.org]
Sent: Thursday, February 09, 2012 10:47 AM
T
Just go get source code for RC4 and call it directly when you need RC4.
--David
On 2/10/2012 6:39 AM, Erik Tkal wrote:
I am experimenting with the OpenSSL FIPS Module 2.0, but am
encountering some difficulty.
I need to perform some RC4 calculations in code that does not need to
be FIP
On Fri, Feb 10, 2012, Erik Tkal wrote:
> Hi Steve, thanks. This also seems to be a general issue with setting other
> fields in the context, for example to override the key length (even in
> non-FIPS mode) you have to initialize the cipher context with the cipher,
> then set the fields in the
On Fri, Feb 10, 2012, Erik Tkal wrote:
>
> I think the following in evp_enc.c at line 123 might work to only clean up
> the CTX if you were specifying a cipher and one was already present:
>
> if (cipher)
> {
> /* Ensure a context left lying around from last ti
Hi.
I'm not a Windows person so bear with me: I'm trying to ensure that some
multi-platform code continues to build and run on Windows, so I'm having to set
up a build environment there too.
I went looking for MASM and found it on MSDN, but when I try to run it, it
complains about the architec
On Fri, Feb 10, 2012, Philip Prindeville wrote:
> Hi.
>
> I'm not a Windows person so bear with me: I'm trying to ensure that some
> multi-platform code continues to build and run on Windows, so I'm having to
> set up a build environment there too.
>
> I went looking for MASM and found it on M
25 matches
Mail list logo