Re: Signing XML document with 2 references

2007-06-12 Thread Roumen Petrov
No it is exc-c14n ( http://www.w3.org/TR/xml-exc-c14n/ ) not c14n http://www.w3.org/TR/xml-exc-c14n/ AndrewHartley wrote: Yes I did c14n the entire XML. I'll give the XSLSec library a go, thanks. Richard Salz wrote: It would help a great deal if you posted a sample signature. Did you

Re: [openssl.org #1552] mingw patch for openssl-0.9.8e

2007-06-28 Thread Roumen Petrov
been made in determine what is wrong. Anyway, I think you will find the current trunk snapshot to be a better reference. Just wanted to stop using MS compiler... :) Best Regards, Alon Bar-Lev. On 6/26/07, Roumen Petrov via RT [EMAIL PROTECTED] wrote: I would like to propose following patch

Re: [openssl.org #1553] mscrypto engine for 0.9.8

2007-07-01 Thread Roumen Petrov
/29/07, Roumen Petrov via RT [EMAIL PROTECTED] wrote: Please find attached file openssl-mscrypto-20070625.tar.gz with openssl engine that can use keys from windows key-store. The engine can work with external keys too. Source is for openssl version 0.9.8 and mingw build require openssl source

Re: [openssl.org #1553] mscrypto engine for 0.9.8

2007-07-01 Thread Roumen Petrov
Alon Bar-Lev wrote: SNIP There is also an issue of resources prompt (passphrase, token) and a small issue of object serialization in engine interface. If I remember well, smart card proprietary software will ask for password when is necessary. This should be part of engine API as well... So

Re: [openssl.org #1334] Resolved: [PATCH] Cross-compile for Windows from Linux

2007-07-11 Thread Roumen Petrov
Chris, the one-makefile build in 0.9.8 is broken. If you like to go in this direction you should find target files: in crypto/x509/Makefile and to replace Makefile.ssl with Makefile. Next add new options(as example Mingw32-unix) in util/mk1mf.pl: = --- util/mk1mf.pl.ORIG

Re: [openssl.org #1552] mingw patch for openssl-0.9.8e

2008-04-17 Thread Roumen Petrov
[EMAIL PROTECTED] wrote: I have applied both the patch from Roumen Petrov and the Fixup from Alon Bar-Lev. I don't have a mingw environment to actually verify the correct operation. Please check out the next snapshot and verify that everything is working now as expected. Best regards, Lutz

Re: [openssl.org #1671] Configure options are not passed to mkdef.pl in mingw build

2008-05-13 Thread Roumen Petrov
Victor Wagner via RT wrote: Found in current CVS HEAD (05/13/2008 16:00) Shared build of OpenSSL for Windows platform involves executing of file util/mkdef.pl to creates .def file for each shared library. This file specifies what symbols are exported from the library. Script mkdef.pl expects

Re: [openssl.org #1671] Configure options are not passed to mkdef.pl in mingw build

2008-05-28 Thread Roumen Petrov
Victor B. Wagner wrote: On 2008.05.13 at 22:10:12 +0300, Roumen Petrov wrote: [SNIP] But util/mkdef.pl parse OPTIONS in top Makefile. Therefore, it does it incorrectly. I've encountered real errors doing build with ./Configure mingw shared zlib --cross-compile-prefix=i586-mingw32msvc

Re: [openssl.org #1684] bug: name collision with Windows SDK

2008-06-03 Thread Roumen Petrov
[EMAIL PROTECTED] wrote: - typedef struct ocsp_response_st OCSP_RESPONSE; within openssl/ossl_typ.h collides with #define OCSP_RESPONSE ((LPCSTR) 67) within WinCrypt.h, a windows header file (Microsoft Windows SDK 6.0A). There are work-arounds, but the compiler errors led to a few

Re: [openssl.org #1693] Compiling OpenSSL with mingw-w64

2008-06-04 Thread Roumen Petrov
Hi Stefan, [EMAIL PROTECTED] via RT wrote: Hi, I just tried to compile OpenSSL-0.9.8h with mingw-w64 (see http://sourceforge.net/projects/mingw-w64/) and needed a couple of changes to the source code (see attached patch). Some notes: - I added a mingw64 line to Configure and

Re: [openssl.org #1693] Compiling OpenSSL with mingw-w64

2008-07-21 Thread Roumen Petrov
Ger Hobbelt wrote: On Tue, Jun 3, 2008 at 12:32 PM, [EMAIL PROTECTED] via RT [EMAIL PROTECTED] wrote: - windows.h apparently includes wincrypt.h (no idea whether that's specific to that compiler, but it seems so ...), so I needed to #undefine a couple of names messed up by wincrypt.h

Re: [openssl.org #1753] snapshot 20081003 broke mingw build

2008-10-22 Thread Roumen Petrov
[EMAIL PROTECTED] wrote: Hi, 5. Added -DWIN32_LEAN_AND_MEAN and drop the conflict undef of x509.h While I don't mind having to compile the library itself with special flags, the above implies that every _user_ of OpenSSL who includes x509.h has to either use -DWIN32_LEAN_AND_MEAN

Re: [openssl.org #1753] snapshot 20081003 broke mingw build

2008-10-22 Thread Roumen Petrov
Alon Bar-Lev via RT wrote: [SNIP] For some strange reason perl reports that symlinks are available under msys, while it cannot create symbolic link when the to is not reachable from cwd. May be I can access a msys environment next week :( . It is save to assume that msys don't support

Re: [openssl.org #1693] Compiling OpenSSL with mingw-w64

2008-11-03 Thread Roumen Petrov
Alon Bar-Lev via RT wrote: On 10/31/08, Andy Polyakov via RT [EMAIL PROTECTED] wrote: Could you please test the other suggested bn_lcl.h modification? While you're on it... [SNIP] Attached is a new patch. Thanks! Alon. Why mingw64 ... -D_WIN32_WINNT=0x333 ? This has to defined by

Re: [openssl.org #1753] snapshot 20081003 broke mingw build

2008-11-05 Thread Roumen Petrov
Alon Bar-Lev wrote: Roumen? mingw64 is merged now... Please confirm this so we have mingw working again. This is also affect the mingw64. [SNIP] Cross-compilation is fine only with additional changes in rand_egd.c addressed in issue 1777. Access to MSYS environment is still problematic.

Re: [openssl.org #1780] OSCP_REQUEST name collision between ossl_typ.h and Wincrypt.h using Windows Platform SDK 6.0a in openssl-0.9.8h and openssl-0.9.8i

2008-11-12 Thread Roumen Petrov
Duplicate, see lists for solutions. Roumen __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager

Re: [openssl.org #1790] [Patch] Windows CE 5 and following support

2008-11-21 Thread Roumen Petrov
Some notes about patch: - INSTALL.WCE perl by MSYS what is this ? If this is perl build from mingw32 project ? I can't found perl issue in mingw32 bug tracker. Since the issue is not confirmed you can't write that a package don't work. - apps/ocsp.c why extra include of winsock2.h? this

Re: [openssl.org #1753] snapshot 20081003 broke mingw build

2008-11-23 Thread Roumen Petrov
Alon Bar-Lev wrote: Any luck? On 11/6/08, Roumen Petrov [EMAIL PROTECTED] wrote: Alon Bar-Lev wrote: Roumen? mingw64 is merged now... Please confirm this so we have mingw working again. This is also affect the mingw64. [SNIP] Cross-compilation is fine only with additional changes

Re: [openssl.org #1791] BUG: openssl 0.9.8i creates a notAfter time in the past for dates after 2049

2008-11-24 Thread Roumen Petrov
Christopher Williams via RT wrote: If I attempt to create a certificate with an expiry time after 2049 (so that openssl will use a GeneralizedTime rather than a UTCTime for the notAfter field), openssl actually generates a date in the past. [SNIP] Did HEAD work for you ?

Re: [openssl.org #1822] Issues w/ fips Makefile

2009-01-26 Thread Roumen Petrov
Philip Prindeville via RT wrote: The target: [SNIP] Also, in a cross-compiling environment, CC tends to default to the target machine. If you're building intermediate binaries to be run as part of the build itself, these need to be indicated separately. A common practice is:

Re: [openssl.org #1949] mod_ssl/openssl failures when more than 85 CAs are configured

2009-06-15 Thread Roumen Petrov
Maarten Litmaath wrote: Hi Stephen, I can't see how anything could cause an issue with 85 CAs. The attached descriptions imply it might be a mod_ssl issue (not reproducible with s_server). There is a bit more information now in our ticket: https://savannah.cern.ch/bugs/?48458 Romain

Re: [openssl.org #1968] [PATCH 06/14] Allow overriding of settings for cross compilation.

2009-07-02 Thread Roumen Petrov
David McCullough via RT wrote: Jivin Stephen Henson via RT lays it down ... This isn't really the way the config script was intended to be used. It is supposed to auto detect the machine type and call Configure with the appropriate target. If you want to cross compile you should call Configure

Re: [openssl.org #1977] Make openssl 0.9.8k for Mingw

2009-07-05 Thread Roumen Petrov
Mark via RT wrote: Hi there, there are 2 points: 1 you have possibly heard already, as I discovered it from https://www.wagner.pp.ru/~vitus/articles/openssl-mingw.html is that to cross-compile for Mingw you need to comment the invocation of is_msys() in Configure as it won't return the correct

Re: UTF8 in certificate DN via OpenSSL's x.509 API

2009-07-20 Thread Roumen Petrov
Thor Lancelot Simon wrote: Can I assume that any data returned when I access the DN of a peer's certificate using OpenSSL are ASCII or UTF8? No, see Howards posts. If not, how do I tell the difference? I think I understand that DNs not encoded as UTF8String should not have high-bit

Re: mingw 64bit

2009-08-06 Thread Roumen Petrov
Peter Quiring wrote: Hi all, I'm not sure if anyone else has done this before but I'm trying to get openssl to compile using mingw 64bit. I do a normal configure for mingw 32bit: ./configure zlib no-asm no-shared threads mingw Hmm ... grep -i mingw Configure: # MinGW mingw, gcc:-mno-cygwin

cross-compile-prefix

2009-10-15 Thread Roumen Petrov
The recent Configure may ignore cross-compile-prefix option. Its seems to me env. var CROSS_COMPILE override it. Roumen __ OpenSSL Project http://www.openssl.org Development Mailing List

Re: cross-compile-prefix

2009-10-15 Thread Roumen Petrov
Roumen Petrov wrote: The recent Configure may ignore cross-compile-prefix option. Its seems to me env. var CROSS_COMPILE override it. And BUILDENV form Makefile still contain .. CROSS_COMPILE_PREFIX='$(CROSS_COMPILE_PREFIX)' .. so later build fail with ... windres: command not found - see

Re: [openssl.org #2137] [PATCH] mingw fixups

2010-01-12 Thread Roumen Petrov
Alon Bar-Lev via RT wrote: The following is required in order to make beta4 compile using mingw (w64). Every time there is #includewindows.h some symbols should be removed. Also, there is no need to #includewindows.h if e_os2.h was included. [SNIP] diff -urNp

DEVRANDOM quoting

2005-06-01 Thread Roumen Petrov
Quoting of DEVRANDOM after DOS DJGPP changes in crypto/rand/rand_unix.c my break all other platforms, except OpenBSD. Result is file with name DEVRANDOM instead of list defined in e_os.h. The test case: = #include string.h #include

Re: [PATCH] printf size_t support.

2006-03-12 Thread Roumen Petrov
Kurt Roeckx wrote: Hi, I've attached a patch that fixed a warning about the arguments to a printf function. strlen() returns an size_t, so it should have the z modifier. Is the patch tested on windows ? z modifier - I'm not sure that this is portable. [SNIP]

Re: s/snprintf/BIO_snprintf/g

2006-03-12 Thread Roumen Petrov
Gisle Vanem wrote: As the comment in b_print.c says; As snprintf is not available everywhere, we provide our own implementation So we should use BIO_snprintf() in apps/s_client.c and ssl/ssltest.c. The other patch to ssltest.c fixes the missing newline problem under DOS and Windows. Patch

Re: [openssl.org #1400] spurious CRs in S/MIME clearsigned mails

2006-10-02 Thread Roumen Petrov
Bruno Kozlowski via RT wrote: [SNIP] The resulting mailfile has mixed EOLs: Most lines end in LF, but 3 lines end in CRLF: | $ cat -A mailfile | grep \^M | Content-Type: text/plain^M$ | ^M$ | some text^M$ I think that this is correct - EOL for emails(headers, empty line, body) is CRLF,

Re: OpenSSL breaks with gcc 4.2

2006-11-10 Thread Roumen Petrov
David Schwartz wrote: An object may be the type of its last cast -- but it also can't exactly lose the benefit/cost of being cast to a pointer to an undefined type. As soon as you undefine the type of a pointer, it loses the remnant of ever having had the initial type in the first place.

Re: [openssl.org #2137] [PATCH] mingw fixups

2010-01-13 Thread Roumen Petrov
Hi Alon, Alon Bar-Lev via RT wrote: Hello, I use i686-w64-mingw32... We discussed this in past (I think) LEAN_AND_MEAN was added to win64 but not win32. As w64 compiler much more complete and maintained I use it to compile win32 as-well. Alon. On Tue, Jan 12, 2010 at 11:14 PM, Roumen Petrov

Re: Get root certificates from System Store of Windows

2010-01-17 Thread Roumen Petrov
NARUSE, Yui wrote: Hi, (2010/01/12 9:38), Dr. Stephen Henson wrote: On Mon, Jan 11, 2010, NARUSE, Yui wrote: So I request X509_STORE_set_default_paths call this. When this is merge, both Unix user and Windows user can use [SNIP] Thank you for your comment. So I rewrite my patch as you

Re: Can't Use Hashlib in Python

2010-03-13 Thread Roumen Petrov
brown wrap wrote: I have several programs that I am trying to compile and they compile due to openssl As an example in trying to compile gobject-introspection-0.6.8, after the configure, the make fails: File

Re: Windows support baseline [was: Unwanted dependencies to user32.dll]

2010-03-18 Thread Roumen Petrov
William A. Rowe Jr. wrote: On 3/16/2010 4:53 PM, Kees Dekker wrote: * I saw a lot of NT4 code. What NT4 code? You must be referring to _WIN32_WINNT macro sometimes set to 0x400. It does not denote NT4-specific code, it denotes that NT4 is required *minimum*. Meaning that it targets *all*

Re: [openssl.org #2195] [PATCH] Set default field separator in do_name_ex() (nameopt switch)

2010-03-18 Thread Roumen Petrov
Kaspar Brand via RT wrote: When using -nameopt with the x509/req/ca commands, OpenSSL will currently abort the output if no sep_xxx option is provided. Examining the certificate from https://rt.openssl.org with openssl 509 -noout -text -nameopt utf8 e.g. gives Certificate: Data:

Re: [PATCH] for compiling OpenSSL 1.0.0 (3/29/10) using MinGW

2010-04-01 Thread Roumen Petrov
Ray Satiro wrote: Third time's the charm, hopefully... -- Without this patch the make will error with Pick one target type from and a list of assembler types. mingw32-make: *** [tmp\x86cpuid.asm] Error 1 -- I had to make some changes to compile OpenSSL 1.0.0 (3/29/10) using MinGW. The

underscore in function name (OPENSSL_isservice)

2010-04-10 Thread Roumen Petrov
Hello all, Check-in [19505] and [19557] cryptlib.c: allow application to override OPENSSL_isservice adds call for GetProcAddress with argument name of function that start with underscore. The function OPENSSL_isservice is specific for windows platforms and on those platforms in not well

Re: [openssl.org #2246] dtls1.h includes winsock.h, overriding the #undefs from ossl_typ.h on Windows

2010-04-26 Thread Roumen Petrov
M.-A. Lemburg via RT wrote: An application that only includes openssl/ssl.h from OpenSSL 1.0.0 and doesn't use winsock.h will run into problems on Windows, since the dtls1.h header file includes the winsock.h header file long after the ossl_typ.h header file was loaded. What about to define

Re: [openssl.org #2374] [PATCH] mingw32 cant compile e_capi.c (1.0.0b)

2010-11-18 Thread Roumen Petrov
Guenter via RT wrote: Hi, it seems that all native MingW32 versions (tested with MingW32 4.50) lack of stuff to compile e_capi.c: [SNIP] make[1]: *** [e_capi.o] Error 1 make[1]: Leaving directory `/d/openssl-1.0.0b/engines' Therefore I've added some more define tests to OpenSSL 1.0.0b

Re: [openssl.org #2443] mkdef.pl cannot handle FIPS related functions

2011-02-03 Thread Roumen Petrov
Stephen Henson via RT wrote: [open...@roumenpetrov.info - Thu Feb 03 16:36:58 2011]: The mingw cross-build of current HEAD(2011-01-31) fail : WARNING: mkdef.pl doesn't know the following algorithms: NEXTPROTONEG Creating library file: libcrypto.dll.a Cannot export FIPS_dh_free: symbol

Re: [openssl.org #2463] [PATCH]: OpenSSL 1.0.0d: Add abbility to load server certificate by ENGINE.

2011-03-12 Thread Roumen Petrov
Andrey Kulikov via RT wrote: Hello, Please find file attached: server_cert_from_engine4.patch This is a patch to allow loading server SSL certificate by ENGINE. [SNIP] After applying this patch s_server will accept -certform ENGINE option. This patch supplied by Stonesoft Corporation, who

Re: MinGW building from cmd.exe woes

2011-03-15 Thread Roumen Petrov
Darryl Miles wrote: [SNIP] Tried using: ms\mingw32.bat [SNIP] Try with ./Configure mingw . Roumen __ OpenSSL Project http://www.openssl.org Development Mailing List

Re: MinGW building from cmd.exe woes

2011-03-15 Thread Roumen Petrov
Darryl Miles wrote: Roumen Petrov wrote: [SNIP] I have tried using perl Configure mingw ... manually but I have not been able to find a combination that works to produce a usable Makefile that mingw32-make.exe (a version of GNU Make) can use. May be issue is to find working version of mingw

Re: [openssl.org #2504] Cross Compile MinGW DLLs on Linux

2011-04-27 Thread Roumen Petrov
Marc Wäckerlin via RT wrote: Hi OpenSSL I managed to Cross Compile OpenSSL on Linux so that I can develop OpenSSL applications that run on Windows entireliy inside a Linux build environment. It even builds the executables and the DLLs on Linux. Please add my changes to the official Configure

Re: [openssl.org #2594] Problem with X509 path loop detection - PATCH

2011-09-11 Thread Roumen Petrov
Nick Lewis via RT wrote: The path loop detection in crypto/x509/x509_vfy.c:check_issued() does not work correctly for some combinations of ctx-chain, x and issuer. For example when the cert x is in the chain at a location other than the top, a path loop is incorrectly declared. Also if the

Re: Engines memory-management problems

2011-09-21 Thread Roumen Petrov
Hi Dmitry, Dmitry Belyavsky wrote: Greetings! During the 1.x version the current scheme of algorithms providing through engines was implemented. Debugging our (Cryptocom LTD) engines, I’ve found some troubles in the way it works, please tell me where I’m mistaken. Openssl is configured with

Re: [openssl.org #2594] Problem with X509 path loop detection - PATCH

2011-09-26 Thread Roumen Petrov
Nick Lewis via RT wrote: Roumen Thank you for looking at the patch [SNIP] + if (issuer_num (issuer_num x_num)) Please find a corrected version below Best Regards Nick [SNIP] With update version i confirm that regression test of a software now pass with OpenSSL HEAD

Re: Engines memory-management problems

2011-09-26 Thread Roumen Petrov
Dmitry Belyavsky wrote: Greetings! On Thu, Sep 22, 2011 at 3:00 AM, Roumen Petrov open...@roumenpetrov.info wrote: [SNIP] What is result if register__gost methotds are moved from bind to init ? Double-free occurs too. The openssl speed -engine gost -evp gost89 is successful

2011-10-12 head, test fail , TLSv1.2 related ?

2011-10-12 Thread Roumen Petrov
Hi, One of the changes is past week is to not enable ... sorry I remove diffs files and I cannot remember exact change (file, date, etc)... Result is that now regression test in head fail with : ...:error:04075070:rsa routines:RSA_sign:digest too big for rsa key:rsa_sign.c:119:

DTLS-SRTP and mingw

2011-11-20 Thread Roumen Petrov
One of recent changes is Add DTLS-SRTP negotiation from RFC 5764. After update build fail for HEAD . The simple solution is to move function declarations from srtp.h to tls1.h int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); int SSL_set_tlsext_use_srtp(SSL *ctx,

mdc2 algorithm and 0.9.8x, 1.0.0x and upcoming 1.01

2012-02-01 Thread Roumen Petrov
be verified only with 1.0.1 and verification fail with earlier version. Issue with certificates apply to CRLs Regards, Roumen Petrov P.S. high level log with test case failure: === entering .../origin+x509-7.1x-0.9.8t/... ... testing with OpenSSL 0.9.8t 18 Jan 2012 ... testid_rsa-rsa_mdc2.crt

Re: mdc2 algorithm and 0.9.8x, 1.0.0x and upcoming 1.01

2012-02-14 Thread Roumen Petrov
Dr. Stephen Henson wrote: On Wed, Feb 01, 2012, Roumen Petrov wrote: [SNIP] Looking into this there is a long standing incompatibility between various functions that use mdc2 for signatures. Since SSLeay the function RSA_sign() using mdc2 as an argument uses a DigestInfo structure whereas

Re: mdc2 algorithm and 0.9.8x, 1.0.0x and upcoming 1.01

2012-02-21 Thread Roumen Petrov
Dr. Stephen Henson wrote: [SNIP] Should be fixed now, see: http://cvs.openssl.org/chngview?cn=22124 to make OpenSSL understand both formats when verifying and: http://cvs.openssl.org/chngview?cn=22126 to use the same format as older versions of OpenSSL when creating signatures. 10x . I confirm

Re: [openssl.org #2718] openssl-fips-1.2.3: testsuite failures (SIGILL / Illegal instruction)

2012-02-22 Thread Roumen Petrov
the build GCC 4.6.1 warn user for bad cast and that application will terminate it code is reached. I note this on 64-bit platform with gcc 4.5.2 and as Steve suggest I switch to 0.9.8x fips build. Regards, Roumen Petrov

Re: Accessing ENGINESDIR value

2012-02-25 Thread Roumen Petrov
Hi Dmitry, Dmitry Belyavsky wrote: Greetings! What is the correct way to get the ENGINESDIR value It is defined in opensslconf.h but it is not enough to include opensslconf.h to get it defined. Why engine directory for openssl configuration is so important ? Engine installation may depend

Re: [openssl.org #2750] [BUG] spec file doesn't properly build for lib64

2012-03-04 Thread Roumen Petrov
Kevin Vargo via RT wrote: Some minor updates to the openssl.spec: wrapping ifarch around the various lib dirs to get the right files in the right places. See attached diff Configure script and spec are not consistent regarding multilib. It seems to me spec file should use libdir script

Re: [openssl.org #2781] OpenSSL 1.x doesn't compile on mingw-w64 (targeting win32)

2012-04-01 Thread Roumen Petrov
Leandro Santiago via RT wrote: I'm trying to compile openssl 1.0.1 (but I also tested the 1.0.0) on mingw-w64 (gcc 4.7), but I'm having errors. I tested in three configurations: Ubuntu 11.04 32-bit, Kubuntu 11.10 64-bit and Windows 7 32-bit having the same errors. The command line I used was:

Re: ENGINE reference leak using FIPS-capable OpenSSL

2012-04-19 Thread Roumen Petrov
Dr. Stephen Henson wrote: On Wed, Apr 18, 2012, Erik Tkal wrote: Any takers? Should I be able to build a FIPS-capable OpenSSL and have some of the implementation be provided via an ENGINE (e.g. let's say I have a hardware module to perform AES) but some by the OpenSSL FIPS canister? Or is

FIPS build in 1.0.1+ stable branches

2012-06-09 Thread Roumen Petrov
Hello OpenSSL developers. I could not understand *Check-in [22619]* Reduce version skew in openssl 1.0.1 stable branch. May be this version adds some useful improvements but FIPS build(compile) is broken. I wonder what is policy to update 1.0.1 stable branch. After remove of #include

Re: [openssl.org #2745] Fwd: GOST engine memory problems

2012-09-01 Thread Roumen Petrov
Stephen Henson via RT wrote: I've finally had time to look into this. Please see if this fixes the issue: May be is not related, but this engine lack call of ENGINE_register_pkey_asn1_meths . It seems to me without this registration initialization is different . If engine configuration is

Re: Major OpenSSL 1.0.1d regression from 1.0.1c

2013-02-06 Thread Roumen Petrov
Hi, FIPS enabled build fail at same line. Brad House wrote: It appears there is a major regression with OpenSSL 1.0.1d over 1.0.1c. I've narrowed it down to setting a custom cipher list I think as if I do not set a cipher list, the issue does not occur. I have reproduced the issue with the

current 1.0.2 with gcc for windows

2014-03-01 Thread Roumen Petrov
cannot be executed as makefile lack suffix for dependent executables . Please find attached proposed fix 0001-use-EXE_EXT-in-dependecies.patch.gz . Regards, Roumen Petrov 0001-use-EXE_EXT-in-dependecies.patch.gz Description: GNU Zip compressed data 0002-use-ULL-for-GCC-instead-MSC-specific

current 1.0.2 branch and fips

2014-03-01 Thread Roumen Petrov
Hello, According the current version scheme 1.0.2 retain binary compatibility. In this case is expected external application linked 1.0.1 to work with 1.0.2 without modification. It seems to me now FIPS build retain binary but lost functional compatibility. For instance EVP_dss1 could be

1.0.2beta2 and X.509 certificate verification

2014-03-03 Thread Roumen Petrov
lookup:unable to get local issuer certificate 2 === There is extra error with code 20. This may break external applications with custom verification callback. For historic reasons exit code of openssl verify command is not used and to me this is not so important. Regards, Roumen Petrov

Re: [openssl.org #3557] -nameopt utf8 behaviour in openssl 1.0.1i

2014-10-12 Thread Roumen Petrov
set of flags as 'separator' is required. Pages x509 and X509_NAME_print_ex could be updated to detail that 'separator' flag is required. Regards, Roumen Petrov __ OpenSSL Project http

Re: [openssl-dev] Seeking feedback on some #ifdef changes

2015-02-08 Thread Roumen Petrov
in script. [SNIP] OPENSSL_NO_STORE Also removing the code? Regards, Roumen Petrov ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] OCSP issues in master 2015-10-17

2015-10-21 Thread Roumen Petrov
Dr. Stephen Henson wrote: On Sat, Oct 17, 2015, Roumen Petrov wrote: Hello, After embed some attributes OCSP in master stop to work. The current status is the client comment report "Cert Status: unknown" and "Nonce Verify error" for X.509 certificates used in my ssh reg

[openssl-dev] OCSP issues in master 2015-10-17

2015-10-17 Thread Roumen Petrov
nown version to work is "47c9a1b5096be684c18335137284f0dfcefd12d6 : embed support for ASN1_STRING" (optionally with "Appease gcc's Wmaybe-uninitialized" if build fail due to pedantic compiler flags). First regression is from "af170194a88d6127d447bea826845c23ca192727 : embed OCSP_CERTID&q

[openssl-dev] extra data for ec keys

2015-12-22 Thread Roumen Petrov
patch" - note that index CRYPTO_EX_INDEX is with gap in numbering but I would like patch to be minimal. I would like to request external applications to be able to change method - see attached patch "0009-access-EC_KEY-method-property.patch". Regards,

[openssl-dev] __STDC_VERSION__ is not defined

2015-12-22 Thread Roumen Petrov
:00 2001 From: Roumen Petrov <open...@roumenpetrov.info> Date: Thu, 3 Dec 2015 23:43:24 +0200 Subject: [PATCH 01/15] __STDC_VERSION__ is not defined for c89 compilers --- include/openssl/e_os2.h | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/include/openssl/e_os2.

[openssl-dev] about "Rename some BUF_xxx to OPENSSL_xxx"

2015-12-21 Thread Roumen Petrov
Hello, After modification OPENSSL_strlcpy is declared twice. Regards, Roumen >From 5f5b81e162eae025dcc40a7074a973621c7dac33 Mon Sep 17 00:00:00 2001 From: Roumen Petrov <open...@roumenpetrov.info> Date: Mon, 21 Dec 2015 18:45:06 +0200 Subject: [PATCH 02/15] redundant rede

[openssl-dev] access-EC_KEY-method-property

2015-12-24 Thread Roumen Petrov
eth); pkey_rsa->engine = eng; ENGINE_up_ref(eng); Let me know how to proceed with this request. Roumen Petrov ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] prefer headers from source tree

2016-06-25 Thread Roumen Petrov
d. Windows modification is similar. Roumen >From a7e0111eea1ef51d62a673e8511e9017945c2780 Mon Sep 17 00:00:00 2001 From: Roumen Petrov <open...@roumenpetrov.info> Date: Sat, 21 May 2016 10:29:51 +0300 Subject: [PATCH 2/2] make templates: prepend path to source headers --- Configurations

[openssl-dev] BIO_new_connect after refactoring

2016-02-07 Thread Roumen Petrov
Hello, With master branch my ssh ocsp tests start to fail again. The program code call BIO_new_connect("127.0.01") and then parsing of 'name' crash. Please find attached proposed patch. Roumen >From 65f29abcce374e3ceddc93f2854493f1839eb305 Mon Sep 17 00:00:00 2001 From: Roumen

Re: [openssl-dev] BIO_new_connect after refactoring

2016-02-08 Thread Roumen Petrov
Richard Levitte wrote: That patch just got merged into master, commit 80926502986a97eed53afe1d85fc074e40829547 10x It seems to me #4296 is second report. Cheers, Richard In message <56b718f3.9070...@roumenpetrov.info> on Sun, 07 Feb 2016 12:14:11 +0200, Roumen Petrov

[openssl-dev] OPENSSL_cleanup additional

2016-02-23 Thread Roumen Petrov
Hello, I just finish tests with new initialization methods. Memory detection tool report a number of memory leaks. Startup code is: OPENSSL_init_crypto( OPENSSL_INIT_ENGINE_ALL_BUILTIN | OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS |

[openssl-dev] shared build, master, 2016-02-23

2016-02-23 Thread Roumen Petrov
Hello, The current master branch does not create shared libraries. Attached patch restore build with gnu tools. Regards, Roumen Petrov >From 2c3d122965a0a6a0b8b2ae3188b7c16658e5a57a Mon Sep 17 00:00:00 2001 From: Roumen Petrov <open...@roumenpetrov.info> Date: Tue, 23 Feb 2016

[openssl-dev] duplicate opt* declaration in apps.h

2016-02-16 Thread Roumen Petrov
Hello, Currently opt_next, opt_imax and opt_umax are declared more than once in apps.h - see attached patch Roumen >From 1e44a45a2c38a16ba342355bf92af6f0fc7d15f6 Mon Sep 17 00:00:00 2001 From: Roumen Petrov <open...@roumenpetrov.info> Date: Tue, 16 Feb 2016 21:30:27 +0200 Subject:

[openssl-dev] OPENSSL_config with default configuration

2016-02-16 Thread Roumen Petrov
Hello, OPENSSL_config with NULL argument crash in master branch. Please find attached file with proposed patch. Regards, Roumen >From f6eee9281567e47ae23383c527845cc4a897d195 Mon Sep 17 00:00:00 2001 From: Roumen Petrov <open...@roumenpetrov.info> Date: Fri, 12 Feb 2016 22:18:59 +020

Re: [openssl-dev] OpenSSL 1.0.2g - make test fails with FIPS -- regression from 1.0.2f

2016-03-01 Thread Roumen Petrov
Brad House wrote: It appears OpenSSL 1.0.2g introduced a regression when attempting to run 'make test' on a fips-enabled build on linux. When compiling without FIPS, the tests pass as expected. However, with fips turned on, "make test" fails when trying to use ssl2 it appears. Running 'make

[openssl-dev] unified build dependencies

2016-03-10 Thread Roumen Petrov
Hello , It seems to me unified build system work quite well with simultaneous build jobs. I would like to report a minor issue - I have to run make 3 times until all decencies are resolved. Second make rebuild about 450 items. Third time only speed is rebuild. The build is in a clean source

[openssl-dev] OPENSSL_cleanup new issue

2016-03-10 Thread Roumen Petrov
xit () from /lib64/libc.so.6 #11 0x0041cf5d in main (argc=, argv=out>) at apps/openssl.c:361 (gdb) My build is based on commit 603358de576217812cb3d752e97c78e476cdc879 -plus remaining modifications from issue "#4207 engine key format in 1.1" Regards, Roumen Petrov Roumen Petr

Re: [openssl-dev] OPENSSL_cleanup new issue

2016-03-15 Thread Roumen Petrov
Hi Matt, Matt Caswell wrote: Hi Roumen On 10/03/16 22:21, Roumen Petrov wrote: Hello, With new thread model in some configurations openssl hands on unload of engine. I just pushed commit 773fd0bad4 to master which should hopefully resolve this issue. It seems to me hang is resolved after

[openssl-dev] What about DSA_SIG_get0 ? Was: ECDSA_SIG_get0() for const ECDSA_SIG *

2016-03-20 Thread Roumen Petrov
Hello , Issue 4436 report only ECDSA_SIG_get0 but DSA is the same. Perhaps DSA_SIG_get0 could use constant signature pointer. Stephen Henson via RT wrote: Fixed now. Closing ticket. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available

[openssl-dev] OPENSSL_cleanup now error is "invalid pointer"

2016-04-23 Thread Roumen Petrov
Hi With current master "corrupted double-linked list" disappear but error still exist, see below Roumen Petrov wrote: [SNIP] Stack trace *** Error in '/apps/openssl': corrupted double-linked list: 0x006de730 *** ^C Program received signal SIGINT, Interrupt. 0x7f

[openssl-dev] get engine function for EC key

2016-04-23 Thread Roumen Petrov
Hi, Currently access to engine member is available for some keys: $ grep -r get0_engine include/ include/openssl/dh.h:ENGINE *DH_get0_engine(DH *d); include/openssl/dsa.h:ENGINE *DSA_get0_engine(DSA *d); include/openssl/rsa.h:ENGINE *RSA_get0_engine(RSA *r); Please add function for EC_KEY. If

[openssl-dev] build with defined ENGINE_REF_COUNT_DEBUG

2016-04-23 Thread Roumen Petrov
Hi, Please see attached file 0003-build-with-defined-ENGINE_REF_COUNT_DEBUG.patch . If ENGINE_REF_COUNT_DEBUG is defined build fail. Proposed patch resolve issue. Regards, Roumen >From 3db4a9eb01f6caf1c59c50d8f6a3f6ec73cc71df Mon Sep 17 00:00:00 2001 From: Roumen Petrov &l

[openssl-dev] remove defines that access X.509 store

2016-04-23 Thread Roumen Petrov
umen >From 32b59c4406581d9e0418ba9b61a1abe2044468ff Mon Sep 17 00:00:00 2001 From: Roumen Petrov <open...@roumenpetrov.info> Date: Sat, 16 Apr 2016 19:10:19 +0300 Subject: [PATCH 4/4] remove defines X509_STORE_set_verify_... as context is now opaque --- include/openssl/x509_vfy.h | 3 --- 1 file changed, 3

[openssl-dev] use of X.509 lookup methods, X509_OBJECT internal or opaque?

2016-04-23 Thread Roumen Petrov
Hi Openssl developers, Recent modification to X509... structures prevent external implementation of X509_LOOKUP_METHOD. Main issue that 1.1beta5 is not usable. A lot of X509... structures are now opaque, but there is no access neither memory management functions. I hop that soon will be

Re: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems

2016-04-26 Thread Roumen Petrov
blic part between get0 and set0 key methods. For protocol "0009-sshkey.c-opaque-DSA-structure.patch" is practical sample of an upgrade to 1.1 API. RSA is similar. Cheers, Richard Roumen >From 57d17bdf3ef9975b6f09a597557843943909b5b9 Mon Sep 17 00:00:00 2001 From: Roumen Petr

Re: [openssl-dev] use of X.509 lookup methods, X509_OBJECT internal or opaque?

2016-05-10 Thread Roumen Petrov
Hi Rich, Salz, Rich wrote: Can you look at https://github.com/openssl/openssl/pull/1044 and see if it addresses the issues? Yes. May be with some definitions for backward compatibility. I mean for renamed pre 1.1 functions - with inserted ..._CTX into name of : -

Re: [openssl-dev] use of X.509 lookup methods, X509_OBJECT internal or opaque?

2016-05-12 Thread Roumen Petrov
Salz, Rich wrote: Can you look at https://github.com/openssl/openssl/pull/1044 [SNIP ] I pushed a new version that adds your feedback. 10x, it's fine by me. Roumen -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] use of X.509 lookup methods, X509_OBJECT internal or opaque?

2016-05-07 Thread Roumen Petrov
Hi Rich, Scope of my request is "use of a lookup method". Salz, Rich wrote: You need (1) I test port to current openssl code with following definitions X509_OBJECT_new() and X509_OBJECT_get0_X509_CRL. : diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index ff64821..8547b0d

Re: [openssl-dev] [openssl.org #4681] Resolved: X.509 load method

2017-02-03 Thread Roumen Petrov
Rich Salz via RT wrote: According to our records, your request has been resolved. If you have any further questions or concerns, please respond to this message. Resolved? Hmm, how to implement X.509 lookup method with 1.1+ API? Regards, Roumen Petrov -- openssl-dev mailing list

Re: [openssl-dev] (future) STORE vs X509_LOOKUP_METHOD by_dir

2017-02-08 Thread Roumen Petrov
Hi Richard, Richard Levitte wrote: Hi, I've some ponderings that I need to bounce a bit with you all. Some have talked about replace the X509_LOOKUP_METHOD X.509 lookup method could return certificate , revocation list or EVP_KEY (structure x509_object_st). Unfortunately functionality of

Re: [openssl-dev] [RFC 1/2] engine: add new flag based method for loading engine keys

2016-11-17 Thread Roumen Petrov
means that the key_id is actually a bio pointer. I'm not sure that is good idea to pass pointers between loadable modules. It could be used if there is no alternative. In this case URN format for could inform engine how to load key. [SNIP] Regadrs, Roumen Petrov -- openssl-dev mailing list

Re: [openssl-dev] Still showing openssl 1.0.2 snapshot issue

2016-11-27 Thread Roumen Petrov
Salz, Rich wrote: [SNIP] I posted yesterday, what's your config. I standard config/make does not do this for me. For instance: CONFIGURE_ARGS=--prefix=... -DOPENSSL_NO_BUF_FREELISTS shared no-ssl2 no-ssl3 zlib-dynamic enable-gost enable-unit-test linux-x86_64 Roumen -- openssl-dev mailing

  1   2   >