Multithreading performance patches

Hey people! I'm working on fast multithreaded TLS server for node.js, and I've encountered few problems with openssl threading support which I would like to address with attached patches. Please ask me if you have any questions or comments. Cheers, Fedor. 1.patch Description: Binary data

Re: Multithreading performance patches

Wow, indeed my first patch is useless taking in account presence of OPENSSL_atomic_add and locking callback. Surely, it would be good if openssl will export this symbol, this is very important for tlsnappy since it's compiling to shared library and non-exported symbols are not visible for it.

ssl3_get_cert_verify performance

Hello devs, Right now I'm doing a lot of benchmarks, trying to figure out how to make my https server as fast as are others (for example, nginx). I've found that somewhere between 0.9.8 and 1.0.1c ssl3_get_cert_verify has started spending much more time than it was. I wonder if you're aware of

Re: ssl3_get_cert_verify performance

your server performance with two different OpenSSL versions. 6. Share your findings. On 5 January 2013 13:14, Fedor Indutny fe...@indutny.com wrote: Hello devs, Right now I'm doing a lot of benchmarks, trying to figure out how to make my https server as fast as are others (for example

SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION

Hey guys! I've just stumbled following flag while trying to debug node.js test failures regarding to the `renegotiate` method that I've just added. What I was wondering is, basically, why isn't OpenSSL sending CertificateRequest to client if it sees that session was resumed? Particularly, my

ssleay PRNG entropy

Hello devs! I just found that its impossible to get error from `RAND_bytes()` if running on default `RAND_SSLeay()` method. There're a couple of reasons and observations, that are confirming it (sorry for using github, its just more convenient to me): 1. `RAND_poll()` is called only once in

Re: ssleay PRNG entropy

Hello again, Is there any way to speed up discussion on this topic? Cheers, Fedor. On Mon, Oct 21, 2013 at 3:09 PM, Fedor Indutny fe...@indutny.com wrote: Hello devs! I just found that its impossible to get error from `RAND_bytes()` if running on default `RAND_SSLeay()` method. There're

Re: ssleay PRNG entropy

be a RAND_pseudo_bytes() backend, and RAND_bytes() should be something more secure (considering that it is how its described in man documentation). Cheers, Fedor. On Wed, Oct 23, 2013 at 6:53 PM, Richard Könning richard.koenn...@ts.fujitsu.com wrote: Am 21.10.2013 13:09, schrieb Fedor Indutny

Re: seems openssl version 1.0.1g also infected

Hello! What does `ldd /path/to/httpd` says? Cheers, Fedor. On Mon, Apr 14, 2014 at 12:17 PM, LOKESH JANGIR lk.jangi...@gmail.comwrote: Hi Team, I am using Ubuntu, Amazon ami with apache 2.0 and mod_ssl installed. I found the same openssl vulnerability issue with my ssl certificate. I have

Re: seems openssl version 1.0.1g also infected

So, considering that it fails to start now. Could you please verify that `ls -la /lib64/libcrypt.so.1` is still valid? Fedor. On Mon, Apr 14, 2014 at 2:53 PM, LOKESH JANGIR lk.jangi...@gmail.comwrote: Hi Rainer, Yes, apache was running with the old library, i have moved this out, and

Re: seems openssl version 1.0.1g also infected

pkgconfig So now should i move this libcrypt.a file to /usr/lib64 folder and rename this as .so ? Regards, Lokesh Jangir On Mon, Apr 14, 2014 at 4:31 PM, Fedor Indutny fe...@indutny.com wrote: So, considering that it fails to start now. Could you please verify that `ls -la /lib64

Re: seems openssl version 1.0.1g also infected

://www.akadia.com/services/ssh_test_certificate.html Lokesh Jangir On Mon, Apr 14, 2014 at 4:50 PM, Fedor Indutny fe...@indutny.com wrote: Hello again! That depends on your setup. I'd suppose that OpenSSL's default installer should create symlinks itself. If it did and they doesn't match

Re: seems openssl version 1.0.1g also infected

./config shared --prefix=$inst \ make to build the shared library version i use 2014-04-14 13:34 GMT+02:00 Fedor Indutny fe...@indutny.com: I guess you need to build it in a shared library mode. Take a look at this: http://www.linuxfromscratch.org/blfs/view/svn/postlfs/openssl.html . You

Re: OpenSSL should disable or remove heartbeat

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Hanno! Despite not a being an active community member, I'd like to share my thoughts on it, if you don't mind. I certainly agree that this extension has a quite faulty specification and very questionable use. But perhaps, instead of just

Re: [openssl.org #3318] memcmp vulnerable to remote timing attack

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello! I think that to hit this function you need to match session ids hashes first, but it seem to be possible indeed. What would attacker be able to do if they would know the session id? I think knowing it without knowing the master key and other

Cert chain inconsistency between client and server

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello devs! It has just caught my attention that `SSL_get_peer_cert_chain` does not contain `SSL_get_peer_certificate`'s value for server, but it does for client. Would you mind accepting patch for fixing it? Here are relevant lines of code: *

Re: Cert chain inconsistency between client and server

DzYRzWmdfgU8KWuqmjrrK0GpzblGJMdzdpFjimR348Q1WFGks/9cM4J558GEY+jD Jg8GUmefWPEAL/e3lWGq =21v4 -END PGP SIGNATURE- On Fri, Apr 18, 2014 at 3:44 AM, Fedor Indutny fe...@indutny.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello devs! It has just caught my attention that `SSL_get_peer_cert_chain

Re: Cert chain inconsistency between client and server

Is there any way to get some sort of feedback on it? I have tried submitting it to r...@openssl.org, but got not reply from the server, and can't see it on the website. Cheers, Fedor. On Mon, Apr 21, 2014 at 8:16 PM, Fedor Indutny fe...@indutny.com wrote: -BEGIN PGP SIGNED MESSAGE

Re: Cert chain inconsistency between client and server

Ok, that's what I was actually thinking about. Thank you very much for looking at it! On Mon, Apr 21, 2014 at 9:56 PM, Dr. Stephen Henson st...@openssl.orgwrote: On Fri, Apr 18, 2014, Fedor Indutny wrote: Hello devs! It has just caught my attention that `SSL_get_peer_cert_chain` does

Re: Start Contributing

Hello Team! I'd like to contribute some stuff too, let me know if I could help. Thanks, Fedor. On Wed, Apr 23, 2014 at 9:17 PM, Daniel Hamacher danielhamacher...@gmail.com wrote: Hi OpenSSL Team, Any suggestions on how to contribute. Are there specific requirements I need to have?

[PATCH] x86_64 asm: fix bn_mul_mont on odd-len BNs

Hello everyone! Discovered this problem while trying to fix https://github.com/joyent/node/issues/7704. Attached is a fix for it. Cheers, Fedor. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - From c6a4d5ff66cd886023f75780e876053f019ed8de Mon Sep 17 00:00:00 2001 From: Fedor Indutny fe

Re: [PATCH] x86_64 asm: fix bn_mul_mont on odd-len BNs

Bump. On Fri, Jun 6, 2014 at 2:35 PM, Fedor Indutny fe...@indutny.com wrote: Hello everyone! Discovered this problem while trying to fix https://github.com/joyent/node/issues/7704. Attached is a fix for it. Cheers, Fedor.

Re: [openssl.org #3397] Fwd: [PATCH] x86_64 asm: fix bn_mul_mont on odd-len BNs

Andy, I'd still pull Adam's changes, at least for consistency reasons. Other assembly files seems to be using signed comparison for the same kinds of operations. What do you think about it? Cheers, Fedor. On Wed, Jul 2, 2014 at 9:54 PM, Andy Polyakov via RT r...@openssl.org wrote:

Re: [openssl.org #3397] Fwd: [PATCH] x86_64 asm: fix bn_mul_mont on odd-len BNs

I'm totally willing to cooperate on this, and may have enough skills to do it. Do you think it could be possible for us to collaborate on this topic? Thank you, Fedor. On Wed, Jul 2, 2014 at 11:08 PM, Andy Polyakov via RT r...@openssl.org wrote: I'd still pull Adam's changes, at least for

Forcing client to send Certificate record

Heya! I just discovered that there is no way to force OpenSSL SSL client to send Certificate rercord if server hasn't sent CertificateRequest. Would a patch that will this API hole be welcome? What API do you guys have in mind? Cheers, Fedor.

Re: Forcing client to send Certificate record

Viktor, Despite being a protocol violation, it is accepted by the OpenSSL's server implementation. But I do see now that this is indeed covered by RFC 5246. Sorry, I have missed that line in the Client Certificate section. On Wed, Aug 13, 2014 at 1:48 AM, Salz, Rich rs...@akamai.com wrote:

Subject: [PATCH] ssl: introduce async sign/decrypt APIs This patch is introducing `async_key_ex_cb` member of both `SSL_CTX` and `SSL`, and `SSL_supply()`. If `async_key_ex_cb` is present: * Server wi

This patch is introducing `async_key_ex_cb` member of both `SSL_CTX` and `SSL`, and `SSL_supply()`. If `async_key_ex_cb` is present: * Server will ignore dummy RSA key, assuming that it is matching the certificate. * Server will invoke this callback with either: * `SSL_KEY_EX_RSA` *

Re: Subject: [PATCH] ssl: introduce async sign/decrypt APIs This patch is introducing `async_key_ex_cb` member of both `SSL_CTX` and `SSL`, and `SSL_supply()`. If `async_key_ex_cb` is present: * Serve

Oops, just realized that I pasted whole commit message into a subject. Anyway, CCing Rich Salz here. Rich, You seem to be on a wave on triaging tickets, may be you could take a look at this one eventually? Thank you, Fedor. On Sat, Aug 23, 2014 at 10:08 PM, Fedor Indutny fe...@indutny.com

Re: Subject: [PATCH] ssl: introduce async sign/decrypt APIs This patch is introducing `async_key_ex_cb` member of both `SSL_CTX` and `SSL`, and `SSL_supply()`. If `async_key_ex_cb` is present: * Serve

it - please let me know and I will revert everything except style changes in that 0002 patch. Cheers, Fedor. On Wed, Aug 27, 2014 at 1:05 PM, Fedor Indutny fe...@indutny.com wrote: Oops, just realized that I pasted whole commit message into a subject. Anyway, CCing Rich Salz here. Rich

Re: Subject: [PATCH] ssl: introduce async sign/decrypt APIs This patch is introducing `async_key_ex_cb` member of both `SSL_CTX` and `SSL`, and `SSL_supply()`. If `async_key_ex_cb` is present: * Serve

Oh, and I have just realized that it doesn't handle `ssl3_get_cert_verify` case right now. I'll figure it out tomorrow. On Thu, Aug 28, 2014 at 2:26 PM, Fedor Indutny fe...@indutny.com wrote: Hello again! Here is a second patch that improves the first one. Additionally it copies

Re: Subject: [PATCH] ssl: introduce async sign/decrypt APIs This patch is introducing `async_key_ex_cb` member of both `SSL_CTX` and `SSL`, and `SSL_supply()`. If `async_key_ex_cb` is present: * Serve

Nevermind, I just realized that it is using Client certificate there and doesn't needs to be asyncified. On Fri, Aug 29, 2014 at 12:54 AM, Fedor Indutny fe...@indutny.com wrote: Oh, and I have just realized that it doesn't handle `ssl3_get_cert_verify` case right now. I'll figure it out

[PATCH] ssl: SSL_MODE_ASYNC_KEY_EX

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello devs! Here is a patch that implements asynchronous RSA key operation mode for a TLS/SSL implementation in OpenSSL. Here is some technical info about it: Support async RSA exchange by providing new SSL_want_rsa_sign(), SSL_want_rsa_decrypt()

Re: [openssl.org #3528] [PATCH] ssl: SSL_MODE_ASYNC_KEY_EX

Here is an additional patch, to expose the type of key that should be used for a signature. On Thu, Sep 11, 2014 at 10:59 AM, Fedor Indutny via RT r...@openssl.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello devs! Here is a patch that implements asynchronous RSA key

Re: [openssl.org #3528] [PATCH] ssl: SSL_MODE_ASYNC_KEY_EX

Q2wy0HUeX69Ra0ada3TcJQgB14qESj3Uvq1hcgFk7SEXBxkU5NJ2OcItvU1+emd7 hRlQvDqiiQcK9WgsdOIKZpovtT3FswhsIy0Tv77Nx9PY04urOTEgmhPJHveCJOQq i0apvI09YgimXs4Sd5h3rs9TsKrDtG0BG0jM1zfo5zbcKE2IbMpmzOc84MxkwUSl tPV48uw46UVpu4zOOByM =zJGs -END PGP SIGNATURE- On Sat, Sep 13, 2014 at 10:59 PM, Fedor Indutny fe...@indutny.com wrote: Here

Re: [openssl.org #3528] [PATCH] ssl: SSL_MODE_ASYNC_KEY_EX

And an additional follow-up, with docs and refined code. On Fri, Sep 19, 2014 at 2:48 AM, Fedor Indutny fe...@indutny.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Here is an example of how it could be used (in my TLS terminator): https://github.com/indutny/bud/compare/master

Re: [openssl.org #3528] [PATCH] ssl: SSL_MODE_ASYNC_KEY_EX

Sorry for a noise, here is even better version of this patch. Without BUF_MEM_grow() calls, which were actually useless, and with clearer state management. On Fri, Sep 19, 2014 at 12:30 PM, Fedor Indutny fe...@indutny.com wrote: And an additional follow-up, with docs and refined code. On Fri

Re: [openssl.org #3528] [PATCH] ssl: SSL_MODE_ASYNC_KEY_EX

Some fixes. On Fri, Sep 19, 2014 at 3:27 PM, Fedor Indutny fe...@indutny.com wrote: Sorry for a noise, here is even better version of this patch. Without BUF_MEM_grow() calls, which were actually useless, and with clearer state management. On Fri, Sep 19, 2014 at 12:30 PM, Fedor Indutny fe

Re: Error _armv7_tick openssl

Hello! I'm not a OpenSSL core developer, but anyway here are some thoughts from me. SIGILL is totally a normal condition, as it is caught by: https://github.com/openssl/openssl/blob/dabfbea7d91619b286e5d32ffc68ec7e5bd7e9bf/crypto/armcap.c#L96-L101 This is a part of detecting features, so if

Re: Error _armv7_tick openssl

-openssl-...@openssl.org [mailto: owner-openssl-...@openssl.org] *On Behalf Of *Fedor Indutny *Sent:* 10 October 2014 15:29 *To:* openssl-dev@openssl.org *Subject:* Re: Error _armv7_tick openssl Hello! I'm not a OpenSSL core developer, but anyway here are some thoughts from me. SIGILL

Re: CIPHER STRINGS

Hello! Have you seen: `openssl ciphers -v` output? Cheers, Fedor. On Sun, Oct 12, 2014 at 8:13 PM, dE de.tec...@gmail.com wrote: Hi. I was reading the openssl ciphers command, where I would like to suggest something for the CIPHER STRINGS. Currently all possible cipher strings are listed

[openssl-dev] [PATCH] x509: skip certs if in alternative cert chain

In situations like [0] the server may provide alternative certificate chain, which is no longer valid in the current certificate store. In fact the issuer of the leaf (or some intermediate) cert is known and trusted, but the alternative chain certs that are sent by server are not trusted, thus

Re: [openssl-dev] Is X509_V_FLAG_TRUSTED_FIRST safe to backport to 1.0.1

. On Thursday, January 15, 2015, Matt Caswell m...@openssl.org wrote: On 15/01/15 14:21, Matt Caswell wrote: On 15/01/15 14:13, Fedor Indutny wrote: Hello! During the course of deprecation of stale 1024bit CA certs, node.js and io.js project teams have identified the problem with how

[openssl-dev] Is X509_V_FLAG_TRUSTED_FIRST safe to backport to 1.0.1

Hello! During the course of deprecation of stale 1024bit CA certs, node.js and io.js project teams have identified the problem with how OpenSSL client handles the server's certificate chain. It is quite evident that it ignores certificate store and loads issuer from the chain that was received.

Re: [openssl-dev] Is X509_V_FLAG_TRUSTED_FIRST safe to backport to 1.0.1

Thank you! On Tue, Jan 27, 2015 at 6:02 PM, Matt Caswell m...@openssl.org wrote: On 15/01/15 17:06, Fedor Indutny wrote: Matt, Thank you for reply. May I ask you when do you think your patch may land in 1.0.2 or whatever? If this is something of your long term goals

Re: [openssl-dev] Using openssl with a remote private key

Hello Tigran! I was using: https://github.com/indutny/bud/compare/master...feature/async-key-ex For quite a long time now. It seems that you have your own solution, but anyway posted it here in case you are interested. Cheers! On Tue, Mar 17, 2015 at 8:44 AM, Tigran Gyonjyan (BLOOMBERG/ 731

Re: [openssl-dev] [openssl.org #3797] [PATCH] evp: fix memory corruption on absent payload

Special credit to: Etienne Stalmans (SP) etie...@sensepost.com for reporting the segfault in a first place! On Sat, Apr 11, 2015 at 5:37 PM, Fedor Indutny via RT r...@openssl.org wrote: Hello! aes-128-cbc-hmac-sha1, aes-256-cbc-hmac-sha1 ciphers expect the AEAD payload, but fail to operate

[openssl-dev] [PATCH] evp: fix memory corruption on absent payload

Hello! aes-128-cbc-hmac-sha1, aes-256-cbc-hmac-sha1 ciphers expect the AEAD payload, but fail to operate if it wasn't supplied. In fact, in case of absent payload - `plen` is going to be `NO_PAYLOAD_LENGTH` and the memory will be corrupted (which sometimes leads to the crash). NOTE:

Re: [openssl-dev] [openssl.org #3528] [PATCH] ssl: SSL_MODE_ASYNC_KEY_EX

Thank you very much, Matt, Rich. I will read through these docs tomorrow. On Thu, Feb 4, 2016 at 4:29 AM, Matt Caswell via RT wrote: > > > On 04/02/16 06:34, Salz, Rich via RT wrote: > > It’s late and my response was incomplete. > > The other part has already landed in

Re: [openssl-dev] [openssl.org #3528] [PATCH] ssl: SSL_MODE_ASYNC_KEY_EX

in real situations. Just sharing some immediate concerns with you. Thank you, Fedor. On Thu, Feb 4, 2016 at 4:56 AM, Fedor Indutny via RT <r...@openssl.org> wrote: > Thank you very much, Matt, Rich. > > I will read through these docs tomorrow. > > On Thu, Feb 4, 2016 at 4:29 AM

Re: [openssl-dev] [openssl.org #3528] [PATCH] ssl: SSL_MODE_ASYNC_KEY_EX

On Fri, Feb 5, 2016 at 7:14 PM, Matt Caswell <m...@openssl.org> wrote: > > > On 05/02/16 22:42, Fedor Indutny wrote: > > Matt, > > > > I have looked through the APIs. Will have to experiment with them > > somewhen later to see how well they will perform, b

Re: [openssl-dev] [openssl.org #3528] [PATCH] ssl: SSL_MODE_ASYNC_KEY_EX

Rich, Thank you for response. There is quite a lengthy discussion on that github PR. Is there any TL;DR version of it? That PR's diff doesn't really look similar to changes proposed here, as I was mostly curious about splitting the state maching to allow deferring things until the required data

Re: [openssl-dev] [openssl.org #4281] [PATCH] Allow downgrading when reusing sessions on client

Hello Rich, Do I need to submit updated patch separately, or was it ok to attach it to the second email? Thank you, Fedor. On Sat, Jan 30, 2016 at 7:14 PM, Rich Salz via RT wrote: > cancelling as OP suggests. > -- > Rich Salz, OpenSSL dev team; rs...@openssl.org > >

Re: [openssl-dev] [openssl.org #4281] [PATCH] Allow downgrading when reusing sessions on client

This actually sounds like a lovely idea. See: https://github.com/openssl/openssl/pull/603 Thank you! On Sat, Jan 30, 2016 at 8:16 PM, Salz, Rich via RT wrote: > I closed the first ticket, so everything is okay. > If you want to do GitHub pull requests and just open an RT to

Re: [openssl-dev] SSL_read return error(Internet mail)

Hello again, Do you use renegotiation? On Sat, Jul 16, 2016 at 3:09 AM, paladinchen(陈奇) wrote: > Hi, >Thank you for your replay, how to resovle this issue or avoid it > hanppen ? when this error occur , will reconnect to server，affect normal > use . > > i think

Re: [openssl-dev] cert_cb and TLS tickets

opinion, and I'm trying to persuade everyone here in this too :) Thank you, Fedor. On Sat, Dec 10, 2016 at 2:35 PM, Alessandro Ghedini <alessan...@ghedini.me> wrote: > On Sat, Dec 10, 2016 at 11:13:48AM +0100, Fedor Indutny wrote: > > This totally makes sense. Unfortunately, adding a

Re: [openssl-dev] cert_cb and TLS tickets

Thank you for feedback, though! On Sat, Dec 10, 2016 at 11:13 AM, Fedor Indutny <fe...@indutny.com> wrote: > This totally makes sense. Unfortunately, adding a new API method for this > means that I'll have to re-introduce ClientHello parser in bud, and make a > wider use of it i

Re: [openssl-dev] cert_cb and TLS tickets

This totally makes sense. Unfortunately, adding a new API method for this means that I'll have to re-introduce ClientHello parser in bud, and make a wider use of it in Node.js again. On Sat, Dec 10, 2016 at 3:07 AM, Salz, Rich wrote: > > Oh, just to restate it. I'm willing to

Re: [openssl-dev] cert_cb and TLS tickets

Hello Benjamin, On Fri, Dec 9, 2016 at 11:24 PM, Benjamin Kaduk <bka...@akamai.com> wrote: > On 12/09/2016 01:43 PM, Fedor Indutny wrote: > > Hello, > > During development of one feature for my TLS proxy bud, I have discovered > that the cert_cb is invoked only for

Re: [openssl-dev] cert_cb and TLS tickets

On Fri, Dec 9, 2016 at 11:13 PM, Viktor Dukhovni <openssl-us...@dukhovni.org > wrote: > On Fri, Dec 09, 2016 at 09:47:19PM +0100, Fedor Indutny wrote: > > > > The callback is *correctly* only called when choosing the server > > > certificate. In *that* case, it is

Re: [openssl-dev] cert_cb and TLS tickets

Oh, just to restate it. I'm willing to submit the patch if we agree on what exactly it should do. On Fri, Dec 9, 2016 at 11:29 PM, Fedor Indutny <fe...@indutny.com> wrote: > Hello Benjamin, > > On Fri, Dec 9, 2016 at 11:24 PM, Benjamin Kaduk <bka...@akamai.com> wrote: > &

[openssl-dev] cert_cb and TLS tickets

Hello, During development of one feature for my TLS proxy bud, I have discovered that the cert_cb is invoked only for newly generated tickets/sessions. The reasoning behind this is clear, but I believe that it is most likely needs a revision. Here is my reasoning: The major use case is choosing

Re: [openssl-dev] cert_cb and TLS tickets

Hello Viktor! Replying inline. On Fri, Dec 9, 2016 at 9:28 PM, Viktor Dukhovni <openssl-us...@dukhovni.org> wrote: > On Fri, Dec 09, 2016 at 08:43:01PM +0100, Fedor Indutny wrote: > > > During development of one feature for my TLS proxy bud, I have discovered > > tha

[openssl.org #3323] Fwd: Cert chain inconsistency between client and server

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello devs! It has just caught my attention that `SSL_get_peer_cert_chain` does not contain `SSL_get_peer_certificate`'s value for server, but it does for client. Would you mind accepting patch for fixing it? Here are relevant lines of code: *

[openssl.org #3397] Fwd: [PATCH] x86_64 asm: fix bn_mul_mont on odd-len BNs

Hello everyone! Discovered this problem while trying to fix https://github.com/joyent/node/issues/7704. Attached is a fix for it. Cheers, Fedor. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - From c6a4d5ff66cd886023f75780e876053f019ed8de Mon Sep 17 00:00:00 2001 From: Fedor Indutny fe

Re: [openssl.org #3397] Fwd: [PATCH] x86_64 asm: fix bn_mul_mont on odd-len BNs

Andy, I'd still pull Adam's changes, at least for consistency reasons. Other assembly files seems to be using signed comparison for the same kinds of operations. What do you think about it? Cheers, Fedor. On Wed, Jul 2, 2014 at 9:54 PM, Andy Polyakov via RT r...@openssl.org wrote:

Re: [openssl.org #3397] Fwd: [PATCH] x86_64 asm: fix bn_mul_mont on odd-len BNs

I'm totally willing to cooperate on this, and may have enough skills to do it. Do you think it could be possible for us to collaborate on this topic? Thank you, Fedor. On Wed, Jul 2, 2014 at 11:08 PM, Andy Polyakov via RT r...@openssl.org wrote: I'd still pull Adam's changes, at least for

[openssl.org #3528] [PATCH] ssl: SSL_MODE_ASYNC_KEY_EX

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello devs! Here is a patch that implements asynchronous RSA key operation mode for a TLS/SSL implementation in OpenSSL. Here is some technical info about it: Support async RSA exchange by providing new SSL_want_rsa_sign(), SSL_want_rsa_decrypt()

[openssl-dev] [openssl.org #3637] [PATCH] x509: skip certs if in alternative cert chain

In situations like [0] the server may provide alternative certificate chain, which is no longer valid in the current certificate store. In fact the issuer of the leaf (or some intermediate) cert is known and trusted, but the alternative chain certs that are sent by server are not trusted, thus

Re: [openssl-dev] [openssl.org #3797] [PATCH] evp: fix memory corruption on absent payload

Special credit to: Etienne Stalmans (SP) etie...@sensepost.com for reporting the segfault in a first place! On Sat, Apr 11, 2015 at 5:37 PM, Fedor Indutny via RT r...@openssl.org wrote: Hello! aes-128-cbc-hmac-sha1, aes-256-cbc-hmac-sha1 ciphers expect the AEAD payload, but fail to operate

[openssl-dev] [openssl.org #3797] [PATCH] evp: fix memory corruption on absent payload

Hello! aes-128-cbc-hmac-sha1, aes-256-cbc-hmac-sha1 ciphers expect the AEAD payload, but fail to operate if it wasn't supplied. In fact, in case of absent payload - `plen` is going to be `NO_PAYLOAD_LENGTH` and the memory will be corrupted (which sometimes leads to the crash). NOTE:

Re: [openssl-dev] [openssl.org #3528] [PATCH] ssl: SSL_MODE_ASYNC_KEY_EX

in real situations. Just sharing some immediate concerns with you. Thank you, Fedor. On Thu, Feb 4, 2016 at 4:56 AM, Fedor Indutny via RT <r...@openssl.org> wrote: > Thank you very much, Matt, Rich. > > I will read through these docs tomorrow. > > On Thu, Feb 4, 2016 at 4:29 AM

Re: [openssl-dev] [openssl.org #3528] [PATCH] ssl: SSL_MODE_ASYNC_KEY_EX

Thank you very much, Matt, Rich. I will read through these docs tomorrow. On Thu, Feb 4, 2016 at 4:29 AM, Matt Caswell via RT wrote: > > > On 04/02/16 06:34, Salz, Rich via RT wrote: > > It’s late and my response was incomplete. > > The other part has already landed in

Re: [openssl-dev] [openssl.org #3528] [PATCH] ssl: SSL_MODE_ASYNC_KEY_EX

On Fri, Feb 5, 2016 at 7:14 PM, Matt Caswell <m...@openssl.org> wrote: > > > On 05/02/16 22:42, Fedor Indutny wrote: > > Matt, > > > > I have looked through the APIs. Will have to experiment with them > > somewhen later to see how well they will perform, b

Re: [openssl-dev] [openssl.org #3528] [PATCH] ssl: SSL_MODE_ASYNC_KEY_EX

Rich, Thank you for response. There is quite a lengthy discussion on that github PR. Is there any TL;DR version of it? That PR's diff doesn't really look similar to changes proposed here, as I was mostly curious about splitting the state maching to allow deferring things until the required data

Re: [openssl-dev] [openssl.org #4281] [PATCH] Allow downgrading when reusing sessions on client

Hello Rich, Do I need to submit updated patch separately, or was it ok to attach it to the second email? Thank you, Fedor. On Sat, Jan 30, 2016 at 7:14 PM, Rich Salz via RT wrote: > cancelling as OP suggests. > -- > Rich Salz, OpenSSL dev team; rs...@openssl.org > >

Re: [openssl-dev] [openssl.org #4281] [PATCH] Allow downgrading when reusing sessions on client

This actually sounds like a lovely idea. See: https://github.com/openssl/openssl/pull/603 Thank you! On Sat, Jan 30, 2016 at 8:16 PM, Salz, Rich via RT wrote: > I closed the first ticket, so everything is okay. > If you want to do GitHub pull requests and just open an RT to

[openssl-dev] [openssl.org #4281] [PATCH] Allow downgrading when reusing sessions on client

When connecting to pool of diverse servers (both TLS1.0 and TLS1.2), a following scenario may happen: 1. Connect to TLS1.2 server, receive new session 2. Store this session 3. Attempt to reuse it later when connecting to server 4. Connect to different server from the pool, which speaks

[openssl-dev] [openssl.org #4282] Re: [PATCH] Allow downgrading when reusing sessions on client

ket = 1` on renegotiation? Why is it DTLS-only right now? Should this patch do anything else to reset the current session? Thank you very much, Fedor. On Sat, Jan 30, 2016 at 5:04 PM, Fedor Indutny <fe...@indutny.com> wrote: > When connecting to pool of diverse servers (both TLS1.