Re: testing upgrade from 0.9.7e to 0.9.8g

I am supposed to help with a test plan to make sure our stuff works properly, but I'm not sure what to test. I imagine that it has to be backward compatible, since everyone using HTTPS has to be, but am not sure. Other than reading the NEWS page for changes, can anyone think of something I shoul

Re: Interface selection BIO_do_connect

[EMAIL PROTECTED] wrote: With openSSL, what is the "usual way" to select a network interface on a multihomed device? I know that with a regular socket I could use ioctl SIOCSIFNAME. But I don't see a way to do that for a client SSL connection. BIO* conn = BIO_new_connect(addr); BIO_

Re: testing upgrade from 0.9.7e to 0.9.8g

> Besides certificate verification and session reconnect I don't > know any details what you have to retest. > You imply that the mechanism of X509-based certificate verification has been embedded in openssh mainstream, right?

Interface selection BIO_do_connect

With openSSL, what is the "usual way" to select a network interface on a multihomed device? I know that with a regular socket I could use ioctl SIOCSIFNAME. But I don't see a way to do that for a client SSL connection. BIO* conn = BIO_new_connect(addr); BIO_do_connect(conn); // <== soc

Re: testing upgrade from 0.9.7e to 0.9.8g

On Thu, Mar 06, 2008 at 11:00:07PM +0100, Goetz Babin-Ebell wrote: > |> I am supposed to help with a test plan to make sure our stuff works > |> properly, but I'm not sure what to test. I imagine that it has to be > |> backward compatible, since everyone using HTTPS has to be, but am not > |> sur

Re: testing upgrade from 0.9.7e to 0.9.8g

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Victor Duchovni schrieb: | On Thu, Mar 06, 2008 at 01:15:03PM -0600, [EMAIL PROTECTED] wrote: | |> So we're testing out an upgrade from OpenSSL 0.9.7e to 0.9.8g, |> and we're mostly using the SSL network connection functionality, |> not the crypto lib

testing upgrade from 0.9.7e to 0.9.8g

So we're testing out an upgrade from OpenSSL 0.9.7e to 0.9.8g, and we're mostly using the SSL network connection functionality, not the crypto lib. I am supposed to help with a test plan to make sure our stuff works properly, but I'm not sure what to test. I imagine that it has to be backward com

interop between OpenSSL PKCS#7 (v1.5) and BC (CMS)

So I've got to interchange data with a Java-based environment. I believe their choice of libraries is with Bouncy Castle, which IIUC implements a newer version of PKCS#7 called CMS. We only have OpenSSL, which uses PKCS#7 v1.5.. Does anyone have experience with these kinds of situations? It has

Re: testing upgrade from 0.9.7e to 0.9.8g

On Thu, Mar 06, 2008 at 01:15:03PM -0600, [EMAIL PROTECTED] wrote: > So we're testing out an upgrade from OpenSSL 0.9.7e to 0.9.8g, > and we're mostly using the SSL network connection functionality, > not the crypto lib. > > I am supposed to help with a test plan to make sure our stuff works > pr

Re: PKEYUTL application and ECDSA problem

On Thu, Mar 06, 2008, Alvarez, Daniel wrote: > Hi all: > > > I am trying to sign files with my own program and have followed almost the > same steps as the pkeyutl application included in the OpenSSL distribution. > When I try to sign 'large' files, the pkeyutl tool is not able to sign it > prod

PKCS#1 and PKCS#7

We have singed a digest with RSA_sing and we have an PKCS#1. We need to transform from the PKCS#1 to a PKCS#7. ¿Do you know how to transform the PKCS#1 to a PKCS#7? Thank you. Fernando.

PKEYUTL application and ECDSA problem

Hi all: I am trying to sign files with my own program and have followed almost the same steps as the pkeyutl application included in the OpenSSL distribution. When I try to sign 'large' files, the pkeyutl tool is not able to sign it producing a zero size output signature. I have debugged the app

Re: Using OpenSSL cryptographic functions in a multi-threaded application

I do not know if it does or not. But, as an experienced programmer, I can guarantee that even if it does not today, one day someone will do something that will cause it to need it and you will start to get failures that will take weeks to track down. Why can't people just do things right the first

Re: Using OpenSSL cryptographic functions in a multi-threaded application

Bobby Krupczak wrote: Hi! The ORA Network Security with OpenSSL documents the few stubs you need to in order for openssl to work with pthreads as well as windows threads. You can even download the example code from the net. What is the link for the above ? http://www.oreilly.com/catalog/op

Building OpenSSL with GMP;ECDSA optimization

Hi, I am using OpenSSL 0.9.8g and i want increase the performance of ECDSA signing and verification on freescale 5200b using QNX.For this i am trying to compile OpenSSL with GMP for my target platform.My question are: 1. will this enhance the the performance of ECDSA signing and verification.

(solved) valgrind complaints about my network data receive

Hi! I posted last week about valgrind and excessive complaints about the network data that my application receives. Many thanks to those who posted suggestions. In particular, Christoph Bartoschek nailed it. My problem was caused by a combination of uninitialized data in libcrypto. Previous po

Re: Re: Using OpenSSL cryptographic functions in a multi-threaded application

Hi! > > > The ORA Network Security with OpenSSL documents the few > > stubs you need > > > to in order for openssl to work with pthreads as well as windows > > > threads. You can even download the example code from the net. > > > > What is the link for the above ? > > http://www.oreilly.com/ca

RE: Re: Using OpenSSL cryptographic functions in a multi-threaded application

> > The ORA Network Security with OpenSSL documents the few > stubs you need > > to in order for openssl to work with pthreads as well as windows > > threads. You can even download the example code from the net. > > What is the link for the above ? http://www.oreilly.com/catalog/openssl/ Mark.

Re: Using OpenSSL cryptographic functions in a multi-threaded application

--On Thursday, March 06, 2008 07:26:11 AM -0500 Edward Diener <[EMAIL PROTECTED]> wrote: What is the link for the above ? Greetings, Jens pgp0Jj3wYmEkw.pgp Description: PGP signature

Re: Using OpenSSL cryptographic functions in a multi-threaded application

Bobby Krupczak wrote: Hi! We are using only the OpenSSL cryptographic functionality, the EVP and HMAC functions, in a multi-threaded application. Do we need to do anything to ensure thread safety ? The documentation mentions CRYPTO_set_locking_callback() and CRYPTO_set_id_callback() but we ar

Re: aes in evp

On Wed, Mar 05, 2008, John Parker wrote: > > The ciphers are all found in evp.h, EVP_aes_128_cbc, for example. > > Is there a reason why this is undocumented? > Only that no one has so far got round to documenting them. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage

Re: EVP_CIPHER_CTX_init question

On Wed, Mar 05, 2008, John Parker wrote: > Is it appropriate to call the sequence > EVP_CipherInit_ex() > EVP_CipherUpdate_ex() > EVP_CipherFinal_ex() > > *multiple* times between init and cleanup? > Yes it is appropriate, in fact that is the most efficient way of doing things. By doing that c