Hi Steve
On 4 March 2013 14:22, Dr. Stephen Henson st...@openssl.org wrote:
CMAC needs a separate API because it doesn't behave like a normal cipher.
Check out the CMAC_* functions. They behave in a very similar way to the
HMAC_* functions except they take a cipher instead of a digest
On 5 March 2013 14:13, Dr. Stephen Henson st...@openssl.org wrote:
On Tue, Mar 05, 2013, Leon Brits wrote:
Just want to add that I do set the data sizes before EncryptUpdate and
DecryptUpdate and mentioned in the CCM section of the OpenSSL support
page.
This page does answer both my
On 5 March 2013 18:36, Dr. Stephen Henson st...@openssl.org wrote:
On Tue, Mar 05, 2013, Matt Caswell wrote:
On 5 March 2013 14:13, Dr. Stephen Henson st...@openssl.org wrote:
On Tue, Mar 05, 2013, Leon Brits wrote:
Just want to add that I do set the data sizes before
This site would be a good place to start:
http://www.keylength.com/
Matt
On 6 March 2013 13:56, Ido Regev ido.re...@ecitele.com wrote:
We have a requirement from one of our customers regarding the encryption
algorithms – Make use of published public encryption algorithms that are
On Thu, Mar 14, 2013, Leon Brits wrote:
Hi List,
I just want to verify: Elliptic curve functions are not encapsulated by
the
EVP functions - correct? If so, what is the
EVP_PKEY_CTX_set_ec_paramgen_curve_nid function then used for? If NOT
so,
then please help with an example
On 19 March 2013 10:22, Leon Brits le...@parsec.co.za wrote:
Matt / List,
Thanks for the example. It sure helped a lot. But I am still stuck at the EC
key generation.
I’ve created keys for NIST Prime curves (224-571bit), Binary and Kolbits
curves (233-571 bit). I then convert the keys
On 19 March 2013 19:38, Steve Marquess marqu...@opensslfoundation.com wrote:
I took a quick look to see what utilities might be available to convert
between pod and mediawiki markup formats. pod2markdown (CPAN) is close
but not quite there.
The pod markup language is pretty basic. If something
On 19 March 2013 10:22, Leon Brits le...@parsec.co.za wrote:
I’ve created keys for NIST Prime curves (224-571bit), Binary and Kolbits
curves (233-571 bit). I then convert the keys to PEM using the same method
which I used successfully for RSA and DSA which only calls
PEM_write_bio_PrivateKey()
On 20 March 2013 10:36, Leon Brits le...@parsec.co.za wrote:
List,
I've continued so long to use the NIST prime curves to implement sign/verify
using EVP. I am basically using the same code as for RSA and DSA. This
mechanism is so transparent (nice!) that I just want to verify that it is
On 20 March 2013 07:14, Leon Brits le...@parsec.co.za wrote:
Hi Matt,
I use:
$ openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
I was able to successfully parse your attached private key.
I've attached my smallest prime, binary and kolbitz curve key pairs. As I
said the prime curve parses
On 20 March 2013 07:27, Leon Brits le...@parsec.co.za wrote:
Thanks for that explanation - so, just to understand the history, why is
there no secp256_r1 as well as the ANSI standard curve. In other words, why
does the ANSI curve replace it instead of being an additional curve?
I have no
On 20 March 2013 21:11, Matt Caswell fr...@baggins.org wrote:
On 20 March 2013 07:14, Leon Brits le...@parsec.co.za wrote:
Hi Matt,
I use:
$ openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
I was able to successfully parse your attached private key.
I've attached my smallest prime, binary
On 21 March 2013 09:06, Leon Brits le...@parsec.co.za wrote:
First off the private key created with the sect233r1 curve are:
-BEGIN PRIVATE KEY-
MHYCAQAwCQYHKoZIzj0CAQRmMGQCAQEEHVnVyx1BHVTaKFSi758nc0v1SnWNQ1aR
BYRjL4ZboUADPgAEAVZmnrloR8NnuKI7pzD8n8UYXHannulPUv2JVqeiAXI1bnBR
On 20 March 2013 19:44, Steve Marquess marqu...@opensslfoundation.com wrote:
There are tools of a sort to convert between docbook, pod, and markdown.
I've played with a couple of them, but I think annoying little details
will keep such tools from representing any net labor savings over manual
On 20 March 2013 07:14, Leon Brits le...@parsec.co.za wrote:
Hi Matt,
I use:
$ openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
I was able to successfully parse your attached private key.
I've attached my smallest prime, binary and kolbitz curve key pairs. As I
said the prime curve parses
Hi Leon
On 21 March 2013 17:27, Matt Caswell fr...@baggins.org wrote:
On 20 March 2013 07:14, Leon Brits le...@parsec.co.za wrote:
Hi Matt,
I use:
$ openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
I was able to successfully parse your attached private key.
I've attached my smallest prime
On 6 February 2013 15:04, Steve Marquess marqu...@opensslfoundation.com wrote:
On 02/06/2013 09:43 AM, Salz, Rich wrote:
There are actually two licenses. The second allows all software (even
closed), but only for non-military use.
I would say that's still a problem. For example, we could
On 27 March 2013 11:52, Michael Sierchio ku...@tenebras.com wrote:
Does Phil still teach at UC Davis? You could always ask him directly
for clarification or a waiver.
Hi contact details are on the web page describing the various license
options (and yes its a UC Davis email address). It would
On 27 March 2013 21:03, Ben Laurie b...@links.org wrote:
The OSF is not actually the one that would benefit from such a
licence, so the whole idea that it (or we) should pay for one seems
weird to me.
Well, I wasn't actually suggesting that the OSF should pay for it
itself, merely that the OSF
Any thoughts on this issue?
As things currently stand binary curves are pretty much unusable in a FIPS
capable OpenSSL build.
Thanks
Matt
On 22 March 2013 19:41, Matt Caswell via RT r...@openssl.org wrote:
Hello
When using OpenSSL-1.0.1e-fips a call to PEM_write_bio_PrivateKey
silently
Have you tried using the EVP version and then i2d_PUBKEY?
Matt
On 7 April 2013 10:14, crvchul julianmel...@gmail.com wrote:
Hello,
It would be very great if my problem could be solved here.
In C I have to make a Diffie-Hellman Key Exchange and the problem is that
the corresponding Java
All
CCM mode ciphers do not appear to be loaded as part of a call to
OpenSSL_add_all_ciphers. Is that a bug or on purpose?
Thanks
Matt
__
OpenSSL Project http://www.openssl.org
Development
On 14 May 2013 14:44, yassine ahmed for4for...@gmail.com wrote:
hi all,
please i don't know how calculate the icv (Integrity Check Value). used in
aes-gcm algorithm
The Integrity Check Value is known as the authentication tag.
In order to retrieve the tag you must call EVP_CIPHER_CTX_ctrl
On 16 May 2013 14:35, yassine ahmed for4for...@gmail.com wrote:
Ok but for decryption part , based on the example
(http://marc.info/?l=openssl-cvsm=135042865227553) we need to provide the
authentication tag(gcm-tag or tag)
i have integrate this code ,how can i get this variable to use it.
On 4 June 2013 13:49, Adam Langley via RT r...@openssl.org wrote:
This change saves several EC routines from crashing when an EC_KEY is
missing a public key. The public key is optional in the EC private key
format and, without this patch, running the following through `openssl
ec` causes a
On 7 June 2013 19:12, Matt Caswell via RT r...@openssl.org wrote:
This patch is the first submission of what is planned to be a regular
series of patches. It represents the collected updates made to the pod
documentation published on the openssl wiki:
http://wiki.openssl.org
The primary
On 18 June 2013 08:11, Doru Georgescu via RT r...@openssl.org wrote:
openssl 1.0.1e's man 3 ecdsa is two times outdated and horribly misleading.
Since it was written the API changed and then EC_KEY was buried into the
inner headers of the library such that key-group (it should have been
On 18 June 2013 09:42, Matt Caswell fr...@baggins.org wrote:
With regards to other manual pages it is now possible to make updates
and fixes directly on the wiki (as long as you are comfortable with
POD syntax). Periodically I will be submitting as a patch to the
project containing any updates
On Mon, Aug 19, 2013, Leon Brits wrote:
Hi all,
I've been (re)implementing all the ciphers we use to make use of EVP
structures. On the wiki
(http://wiki.openssl.org/index.php/EVP_Key_and_Parameter_Generation) there
is an example to use EVP_PKEY for CMAC. I am a bit confused on the
On 11 December 2013 16:14, Yanchuan Nian via RT r...@openssl.org wrote:
hi guys,
There is a bug in the implementation of AES_cbc_encrypt() on x86 architecture.
If the length of plaintext is not multiple of 16 bytes (must greater than 16),
the decoded message is different from the original.
If
On 14 December 2013 13:38, Stephen Henson via RT r...@openssl.org wrote:
Hmm... that's a weird one. The debug info tells me it is a TLS v1.0 connection
and that it is attempting to use MD5 when calculating the handshake hash. It
caches handshake records in the function
On 20 December 2013 18:51, Stephen Henson via RT r...@openssl.org wrote:
Well I have to admit to being far from a git expert. For me it's best if it's
easy to get the patches with commit messages and authorship somewhere I can
review them. If I manually have to apply multiple patches and add
On 8 January 2014 09:19, Alexey Haritonov via RT r...@openssl.org wrote:
Greetings,
It seems that OpenSSL supports AES in SSLv3, while this protocol is not
listed as supported protocols for SSLv3 according to RFC.
http://tools.ietf.org/html/rfc6101#appendix-A.6
Can You address this issue?
On 11 April 2014 00:00, Steve Marquess marqu...@opensslfoundation.com wrote:
With the very, very important caveat that I'm not one of the people who
directly carry this burden:
There is certainly room for improvement in the process by which patches
are reviewed and merged into OpenSSL. For
On 23 April 2014 18:17, Daniel Hamacher danielhamacher...@gmail.com wrote:
Any suggestions on how to contribute. Are there specific requirements I need
to have?
Hi Daniel/Fedor/Paul
I am actively seeking people to help out on the OpenSSL Wiki.
Documentation is an area where OpenSSL has
On 24 April 2014 00:21, Daniel Kahn Gillmor d...@fifthhorseman.net wrote:
On 04/23/2014 04:52 PM, Matt Caswell wrote:
I am actively seeking people to help out on the OpenSSL Wiki.
Documentation is an area where OpenSSL has frequently been criticized
in the past and is an area where we can do
On 25 April 2014 01:14, Viktor Dukhovni openssl-us...@dukhovni.org wrote:
On Thu, Apr 24, 2014 at 04:56:09PM -0700, Quanah Gibson-Mount wrote:
The problem with this approach are significant requests that have languished
for years. One such example would be
On 25 April 2014 01:58, Daniel Reynolds
daniel.reyno...@providenceday.org wrote:
I am not totally sure how many people would be working on this project, but
is seems to me like it would make sense to split up into 3 groups.
I would be concerned about spreading ourselves too thinly. I hope that
On 25 April 2014 18:24, Kurt Roeckx k...@roeckx.be wrote:
On Thu, Apr 24, 2014 at 06:31:34PM +0100, Ben Laurie wrote:
1. Triage RT (https://rt.openssl.org/).
I think part of this means that you'll need to give some people
access to it so they can actually modify the tickets.
I now have
On 27 April 2014 12:09, Kurt Roeckx k...@roeckx.be wrote:
There are already several copies of this patch.
Kurt
On Sun, Apr 27, 2014 at 01:04:01PM +0200, Chris Rorvick via RT wrote:
Signed-off-by: Chris Rorvick ch...@rorvick.com
---
Compiling SSL_CONF_cmd.pod with pod2man(1) fails with the
On 27 April 2014 12:04, Chris Rorvick via RT r...@openssl.org wrote:
Signed-off-by: Chris Rorvick ch...@rorvick.com
---
Compiling SSL_CONF_cmd.pod with pod2man(1) fails with the following
error:
POD document had syntax errors at /usr/bin/pod2man line 69.
This patch fixes the issue.
On 3 May 2014 18:52, luizl...@gmail.com wrote:
From: Luiz Angelo Daros de Luca luizl...@tre-sc.gov.br
OpenSSL is able to generate a certificate with name constraints with any
possible
subjectAltName field. The Name Contraint example in x509v3_config(5) even use
IP
as an example:
On 4 May 2014 23:44, Kurt Roeckx k...@roeckx.be wrote:
On Mon, May 05, 2014 at 12:36:57AM +0200, Matt Caswell via RT wrote:
This patch changes the output of pkg-config --libs libssl from:
-L/usr/local/ssl/lib -lssl -lcrypto
to:
-L/usr/local/ssl/lib -lssl
Arguably this is the strictly
On 5 May 2014 18:06, Luiz Angelo Daros de Luca luizl...@gmail.com wrote:
Thanks Matt,
Sent to r...@openssl.org. However, I didn't see it in http://rt.openssl.org/.
Is it supposed to update realtime?
It can take some considerable time to come through sometimes.
Matt
On 9 May 2014 18:03, Phong Long sslphoe...@gmail.com wrote:
Hi Dev (sorry if this is a dupe, sent to dev w/ wrong email)
I’ve been reading up on what it'll take to keep the documentation
up to date as it's something I can do to contribute, but I’m a bit
confused about which format to use. The
On 27 May 2014 15:40, Dmitry Belyavsky beld...@gmail.com wrote:
Hello Stephen,
Yes, it was a problem in our patch. So this ticket (and I think, 2598)
should be closed.
What about 2745?
Matt
__
OpenSSL Project
On 01/06/14 08:28, Janpopan wrote:
Hi all,
is there a list of currently supported platforms?
Which platforms are deprecaded an could/should be removed in the
sourcecode?
MS-DOS?
Windows 16 Bit?
OS/2?
Windows 95/98/ME?
Windows NT/2000/XP?
Hi Jan
You raise an interesting and
On 01/06/14 19:38, Dr. Stephen Henson wrote:
On Sun, Jun 01, 2014, Kurt Roeckx wrote:
On Sun, Jun 01, 2014 at 01:39:54PM -0400, Salz, Rich wrote:
Make structures opaque when possible and provide accessor functions. Within
openssl itself use macros if you want.
This has been on my list
On 2 June 2014 15:38, Mike Bland mbl...@acm.org wrote:
My goal would be to help everyone learn to fish, to use the tired
cliché. I currently have very little knowledge of the OpenSSL code
base or community, and I don't have a ton of time to do all the heavy
lifting by myself; nor do I think
On 04/06/14 23:29, Kurt Roeckx wrote:
On Mon, Jun 02, 2014 at 10:38:05AM -0400, Mike Bland wrote:
It seems that the encryption algorithms themselves are relatively
well-tested; in contrast, Heartbleed was an infrastructure bug. It's
in shoring up the test coverage of the infrastructure bits
On 05/06/14 21:51, Jeremy Farrell wrote:
Current OpenSSL sources only support 32-bit Cygwin. Corinna Vinschen
contributed patches to support 64-bit Cygwin some time ago:
http://rt.openssl.org/Ticket/Display.html?id=3110
These patches have already been applied to the 1.0.2 branch by Andy.
On 6 June 2014 08:27, Zhong Chen zc...@sonicwall.com wrote:
Hello,
In the “OpenSSL Security Advisory [05 Jun 2014]”, regarding “SSL/TLS MITM
vulnerability (CVE-2014-0224)”, it says:
Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1.
Usersof OpenSSL servers earlier
On 6 June 2014 14:42, Zoltan Arpadffy z...@polarhome.com wrote:
Hi,
the 1.0.0m fails to build on OpenVMS Alpha architecture.
OPENSSL_assert(s-s3-wnum INT_MAX);
^
%CC-E-UNDECLARED, In this statement, INT_MAX is not declared.
at line number 586 in file
On 9 June 2014 19:42, Kurt Roeckx via RT r...@openssl.org wrote:
On Sun, Jun 08, 2014 at 10:57:57PM +0200, Matt Caswell via RT wrote:
Hi Quanah
Thanks for the submission. The problem with correcting this is that
technically
it forms part of the public API (since the macro is defined in asn1
On 10 June 2014 21:52, Kurt Roeckx k...@roeckx.be wrote:
As far as I can see this is SSLv3 only, and only about the Finish
message.
So it seems that function return the length of the digest, and in
some error cases 0. We'll end up with a wrong value in
(peer_)finish_md_len.
It should then
On 11 June 2014 06:47, Otto Moerbeek o...@drijf.net wrote:
On Tue, Jun 10, 2014 at 11:35:06PM +0100, Matt Caswell wrote:
On 10 June 2014 21:52, Kurt Roeckx k...@roeckx.be wrote:
As far as I can see this is SSLv3 only, and only about the Finish
message.
So it seems that function return
On 12/06/14 12:55, Richard Moore wrote:
Hi,
I put a couple of fixes as pull requests into github, but haven't seen
any movement (eg. reviews). In case it's simply because no one noticed
here's a link:
https://github.com/openssl/openssl/pulls/richmoore
Both are pretty trivial fixes
On 12/06/14 22:43, Otto Moerbeek wrote:
On Thu, Jun 12, 2014 at 10:26:56PM +0200, Matt Caswell via RT wrote:
Patch applied:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=abfb989fe0b749ad61f1aa4cdb0ea4f952fc13e0
Many thanks for your contribution.
Matt
http://www.openbsd.org
On 11/06/14 08:23, Matt Caswell wrote:
On 11 June 2014 06:47, Otto Moerbeek o...@drijf.net wrote:
On Tue, Jun 10, 2014 at 11:35:06PM +0100, Matt Caswell wrote:
I can't see a way that this could be exploited. It is a bug though.
I've just pushed a fix:
https://git.openssl.org/gitweb/?p
On 21 June 2014 19:51, Otto Moerbeek o...@drijf.net wrote:
You care confusing the matter. Kurt already expained he got the fix
from OpenBSD. After that explanation, the OpenSSL repo was fixed to
contain the attribution.
I think we are all getting confused in this thread! :-)
Otto - I think
On 27 June 2014 06:38, Oscar Jacobsson via RT r...@openssl.org wrote:
Cheers!
In general, should I be looking to submit patches against master? Assuming
the latest stable branch was the place to go may have been presumptuous of
me. :)
Unless a patch is only applicable to one of the
On 1 July 2014 10:50, Ben Laurie b...@links.org wrote:
On 1 July 2014 06:52, Zoltan Arpadffy z...@polarhome.com wrote:
Hi,
I see that Rich is doing a fantastic job by cleaning up the backlog...
I absolutely agree that very old releases cannot be supported, but what
about the platforms?
I
On 2 July 2014 13:33, Florian Weimer fwei...@redhat.com wrote:
On 07/01/2014 11:50 AM, Ben Laurie wrote:
Our soon-to-be-released roadmap has this to say on supported platform:
* Currency, i.e. a platform is widely deployed and in current use
* Vendor support
* Available to the dev team,
On 3 July 2014 13:01, Loganaden Velvindron logana...@gmail.com wrote:
On Thu, Jul 3, 2014 at 3:10 PM, Salz, Rich rs...@akamai.com wrote:
No, I don't mean to imply that you are one of the bad guys. It's just that
we have only one real way of knowing who the good guys are, and that is
being
On 13/07/14 22:28, Dr. Stephen Henson wrote:
The separate problem is that the OP has written an ENGINE that supports XTS
mode and the requested patch was to make XTS mode work in the ENGINE. I'm
suggesting that the OPs ENGINE implementation of XTS mode in an EVP_CIPHER
has set the flags
On 09/08/14 18:31, Randolph wrote:
Hello, is there any certified lib binary for android of OpenSSL?
Thanks for providing that and fixing the errors. Randolph
We do not certify any binaries. OpenSSL only provides sources. Jeff
Walton has provided some instructions for building OpenSSL on
gpg: please do a --check-trustdb
gpg: Good signature from Matt Caswell m...@openssl.org
gpg: aka Matt Caswell fr...@baggins.org
$ gpg --list-sigs 0E604491
pub 2048R/0E604491 2013-04-30
uid Matt Caswell m...@openssl.org
sig 30E604491 2014-08-03
On 21 August 2014 16:08, Marcus Meissner meiss...@suse.de wrote:
It is mostly a suggestion to do some gpg signing if you meet each other
and also widen the signature circle ;)
Agreed - that would be a good thing. Of course actually meeting up is quite
a challenging thing to organise - but
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The OpenSSL Development Team have today released the OpenSSL Project
Security Policy.
The policy has been published at:
https://www.openssl.org/about/secpolicy.html
The policy details how we handle and classify security issues, as well
as who we
On 24 September 2014 10:03, Michael Menge
michael.me...@zdv.uni-tuebingen.de wrote:
Hi,
Last week i asked on openssl-user Mailinglist about an SIGSEGV
in Cyrus-Imapd 2.4.17 which seems to be received in ssl3_get_message
or a function called by ssl3_get_message, but received no reply.
I
On 15/10/14 14:43, nicolas@free.fr wrote:
Hi,
there's a workaround here :
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
it aims to forbid protocol downgrade, except for interoperability
however I don't know when draft will be accepted and included to
TLS protocols
On 17/10/14 06:15, wr...@rowe-clan.net wrote:
How did C 'inline' become a mandatory feature, particularly as a
security release?
It isn't - there is no change in policy here, just a known issue with
the release. inline is (supposed to be) used only if the compiler
supports it. See:
On 17 October 2014 04:44, Alex Weber a...@broot.ca wrote:
Not much else to say about this. :)
Hi Alex
Please can you submit patches to r...@openssl.org? They automatically
get copied to this list too. That way we can track them properly.
Patches sent directly to this list will have a tendency
On 20/10/14 20:30, Andrew Felsher (afelsher) wrote:
I’m guessing this patch (or part of it) was incorporated into 1.0.1j,
because this error, and the causal code, showed up after we synced to
1.0.1j. The problem is that both SSL_R_INAPPROPRIATE_FALLBACK (added in
this patch) and
On 05/11/14 13:16, Philip Bellino wrote:
Matt,
Thank you very much for the response.
I am under image size constraints with my application, so would it be
possible for you to show me how me to change the 1.0.1j code to rebuild
heartbeat as it was in 1.0.1h for use in my Linux
On 10/11/14 12:38, Kurt Roeckx wrote:
I would also like to get rid of SSL_OP_NO_SSLv2 and instead have a
way to specify the minimum and maximum supported version by those
methods, because that's really what people want to do as far as I
know.
The default should assume the maximum supported
On 13/11/14 16:15, Indtiny S wrote:
Hi,
I need to write code which can generate ECC based public key and private
key using openssl ..
can somebody suggest what apis I should use to generate the keys using
C/C++ ...
See:
https://wiki.openssl.org/index.php/EVP_Key_and_Parameter_Generation
On 18/11/14 16:25, Indtiny S wrote:
Dear All,
I have written below code to generate a ECC based private and public key .
But I am missing logic , my keys are not generated .
My goal is to generate , Client :- private = Ca , public= Ca,G and
Server:- private=Sa, pub = Sa.G
and
On 18/11/14 17:04, Indtiny S wrote:
Hi,
Thanks for the reply .
Now below code is working fine. But is there any straight way get the
public key also?
void handleErrors(void){
printf(\n Error );
}
void myPrint( BIGNUM * x, char * t ) {
char * s = BN_bn2dec( x ) ;
On 18/11/14 17:22, Indtiny S wrote:
Hi,
Sorry,, I am bit new to ECC , I Need to just prove the below thing
Ca.Sa.G) = Sa.Ca.G) .
* Client *:- private = Ca , public= Ca,G and *Server*:- private=Sa, pub
= Sa.G
When I read ECC tutorial, its defined that public key = Q (where Q=dG)
On 24/11/14 13:45, Philip Bellino wrote:
Yes I am.
I have seen in other posting about using EVP instead, but I am a bit unclear
on how to get there from here.
Thanks.
Some sample code here:
https://wiki.openssl.org/index.php/EVP_Message_Digests
Matt
On 26/11/14 18:06, Dmitry Sobinov via RT wrote:
Hi,
Matt, looks like your last commit fixed the memory leak from PR#3572. I've
tested with valgrind with the test application and no more leaks reported.
Thanks!
Thanks for letting us know Dmitry - I will close that ticket.
Matt
On 25/11/14 23:20, Praveen Kariyanahalli wrote:
Hi Matt
Trying out your patch. Will keep you posted. In meanwhile we ran into
more valgrind issues .. on the server end. Can you please comment on them?
==621== 8,680 (1,488 direct, 7,192 indirect) bytes in 62 blocks are
definitely lost in
On 27/11/14 02:54, Praveen Kariyanahalli via RT wrote:
The purpose of DTLSv1_listen is to listen for incoming datagrams from
anyone. If it receives a ClientHello without a cookie it immediately
responds with a HelloVerifyRequest containing a cookie. The client is
expected to respond with a
On 28/11/14 06:33, Anup Kumar wrote:
Hi Team,
Please guide me to be the part of Development group.
Hello Anup,
Thanks for your interest in OpenSSL. I have attempted to answer this
question here:
https://wiki.openssl.org/index.php/Developing_For_OpenSSL
Matt
On 03/12/14 05:01, Dominyk Tiller wrote:
Hey guys,
I wanted to query something I saw pop up on the Git earlier:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=961d2ddb4b48e0e857a704b0cc6b475d63372419
Does that change imply that right now, without that commit, building
without
On 03/12/14 20:36, Yuriy Kaminskiy wrote:
... and same in cherry-picked variants in other branches:
05e769f269f28b649d8300a1fc3aaef19901a173 (OpenSSL_1_0_2-stable)
4c21e004a3738b70c7d21d6e86ca68b21577d4d0 (OpenSSL_1_0_1-stable)
Appears harmless, though.
Thanks. I'll get this fixed.
Matt
On 05/12/14 02:10, b_smith...@hotmail.com wrote:
I apologize if this is not the right place to post this question but it
seems like the best of the choices available to me. I am trying to
understand when TLS 1.2 Suite B ECDSA will be generally available. I
understand that this functionality
On 10/12/14 16:51, The Doctor wrote:
Now POODLE is hitting TLS
http://www.computerworld.com/article/2857274/security0/poodle-flaw-tls-itbwcw.html
Any fixes in the works?
See my response to this yesterday on openssl-users:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
You will have noticed that the OpenSSL 1.0.0 End Of Life Announcement
contained a link to the recently published OpenSSL Release Strategy that
is available here:
https://www.openssl.org/about/releasestrat.html
I have put up a blog post on the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 24/12/14 11:37, Yuriy Kaminskiy wrote:
Dominyk Tiller wrote:
Hey Matt,
For some reason, this email is getting flagged as a bad signature
by Enigmail. All of your previous emails checked out fine, but
this one checked in with a big purple
On 15/01/15 14:13, Fedor Indutny wrote:
Hello!
During the course of deprecation of stale 1024bit CA certs,
node.js and io.js project teams have identified the problem with
how OpenSSL client handles the server's certificate chain. It is
quite evident that it ignores certificate store and
On 16/02/15 17:33, David Woodhouse wrote:
On Mon, 2015-02-16 at 13:25 +, Matt Caswell wrote:
That sounds like a bug. I can't think of a reason why this should
exclude DTLS.
This fixes it to work with DTLS1_BAD_VER too:
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 3eaee1d
I have posted a new blog article covering the recent reformat activity:
https://www.openssl.org/blog/blog/2015/02/11/code-reformat-finished/
It's basically a review of what we did, how we did it and the problems
we encountered. It also discusses the various tags that we've created in
the repo,
On 16/02/15 12:45, David Woodhouse wrote:
The Cisco AnyConnect VPN protocol establishes a connection over HTTPS
and negotiates parameters (cipher, master secret session ID) for a
DTLS connection which is then resumed.
The OpenConnect VPN client handles this by using SSL_SESSION_new(),
On 27/01/15 12:02, david.ll...@fsmail.net wrote:
Hi,
Quick note about this (or could you refer me to the discussion that I
missed). Although I have no problems with explicitly patented code being
included with OpenSSL, shouldn't the default for such code be off with an
explicit
On 10/01/15 02:39, Guy wrote:
Hello,
Is this correct list for query; or should I write to users?
I fix this problem like below, is this proper?
Thank you.
diff U3 a/openssl-0.9.8zd/crypto/cryptlib.h
b/openssl-0.9.8zd/crypto/cryptlib.h
--- a/openssl-0.9.8zd/crypto/cryptlib.h
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/01/15 00:02, Dominyk Tiller wrote:
Hey guys,
I wanted to check the status of the two ciphers referenced in the
subject in OpenSSL.
I thought, for some reason, the ChaCha and Poly cipher support was
landing in the 1.0.2 branch, but I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/01/15 07:58, Frey (Wei) Fu wrote:
Hi Matt,
I've checked the util dir in your branch and official branch, but
the openssl-format-source script file seems unavailable. Would you
please point out the exact location?
Did you look in the
On 13/01/15 14:05, John Foley wrote:
Given the 1.0.2 release is forthcoming in the near future, it would be
good if someone could look at this issue. It looks like there were a
lot of changes made to sha1-586.pl in 1.0.2 to support the new Intel SHA
extensions, which aren't available until
1 - 100 of 930 matches
Mail list logo