From: openssl-dev On Behalf Of Nayna Jain
Sent: Wednesday, June 10, 2015 20:31
If I have a pem file with private key in that, how do I check if that is
RSA/DSA ?
If it uses a legacy format, the BEGIN line specifies the algorithm
-BEGIN RSA PRIVATE KEY-
-BEGIN DSA PRIVATE KEY-
On 10/30/2013 12:15 AM, Nico Williams wrote:
On Tue, Oct 29, 2013 at 09:58:25PM +0100, Andy Polyakov wrote:
pthreads and Windows, and one can indeed argue why wouldn't OpenSSL
simply default to either of the two when appropriate. While it's
more than appropriate on Windows as it is, on
The status of the draft is unchanged (Finding Reviewers). Perhaps OpenSSL
can speed up the review process.
BLAKE2 has a keyed (aka MAC/PRF) mode, so it may also replace Poly1305. A
BLAKE2 MAC can be customized wrt key or tag size, and can provide the
highest security level for a give key/tag size
That shouldn’t be too difficult (finding reviewers, I mean).
Is the ISE asking for volunteers to review? What kind of volunteers? IMO what
a reviewer needs to be able to say is:
- The document is clear (you can implement based on this)
- The algorithm might be useful in the IETF
- The
Just to let you know that I thoroughly enjoyed your reply. :-)
Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.
Original Message
From: Andy Polyakov
Sent: Thursday, June 11, 2015 10:14
To: openssl-dev@openssl.org
Reply To: openssl-dev@openssl.org
Subject: Re:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 0.9.8zg released
===
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 0.9.8zg of our open
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 1.0.0s released
===
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.0.0s of our open source
It could be the gcc version is too old. Trying to recall, gcc needs to
be something like 4.4 or newer to support the Intel carry-less multiply
instruction.
It's pure assembler issue, not compiler. You can compile the module with
gcc 3.x if you wish (I actually do) as long as you have new
Hello All,
This patch fixes/back port the DH parameters changes from 1.0.1 stable branch
to 0.9.8f version.
---
$ cat /tmp/patch.txt
--- s3_clnt.c_org 2015-06-10 14:27:54.0 +0530
+++ s3_clnt.c
The release notes mentioned and linked in all of the four release
announcements still contain stale text:
https://www.openssl.org/news/openssl-1.0.2-notes.html
https://www.openssl.org/news/openssl-1.0.1-notes.html
https://www.openssl.org/news/openssl-1.0.0-notes.html
On Thu, Jun 11, 2015 at 06:01:26AM +0530, Nayna Jain wrote:
I have similar concern for private key.
If I have a pem file with private key in that, how do I check if that is
RSA/DSA ?
In almost all cases don't check. Just load and use the key as a
generic EVP_PKEY.
--
Viktor.
It could be the gcc version is too old. Trying to recall, gcc needs to
be something like 4.4 or newer to support the Intel carry-less multiply
instruction.
On 06/11/2015 09:37 AM, Dimitrios Apostolou wrote:
Hello list,
I've been trying to build OpenSSL-1.0.2a on an outdated SLES11 system.
Hello list,
I've been trying to build OpenSSL-1.0.2a on an outdated SLES11 system.
It fails unless I configure with no-asm. Here is the relevant output:
gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -fPIC
-DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN
Hello,
FYI using gcc 4.9.2 on x86_64 AMD
after Configure added
-flto
-g
-fstack-protector-all --param ssp-buffer-size=1
-fsanitize=address
-fsanitize=undefined
-fasynchronous-unwind-tables
-DOPENSSL_NO_BUF_FREELIST
and 'make test' fails with old bug marked resolved
Huhu!!
|Fixes for this issue were developed by Emilia Käsper and Kurt Roeckx
I just want to mention these «UTF-8 re-encoded as UTF-8» issues,
which may be acceptable for names of males, but, but
*particularly* with respect to the natural beauty of the affected
person… On the other hand i
Hi All,
To resolve openSSL POODLE vulnerability we need to disable the SSLv3. In our
application we have using openSSL through Apache. We have disabled using the
below lines.
SSLProtocol all -SSLv2 -SSLv3
We are using 443 as SSL port. The command openssl s_client -connect
IPAddress:443 -ssl3
On Thu, 11 Jun 2015 22:47:16 +, Salz, Rich via RT wrote:
This is great!
Any chance you can run it against master? I'm hoping most of the ones in
apps go away ...
On master I get the following 12 reports. The first 10 seem to match
reports in my previous email, and the last two are new.
On Thu, Jun 11, 2015 at 09:43:24PM +, Kannan Narayanasamy -X (kannanar -
HCL TECHNOLOGIES LIMITED at Cisco) wrote:
Hi All,
To resolve openSSL POODLE vulnerability we need to disable the SSLv3. In our
application we have using openSSL through Apache. We have disabled using the
below
This is great!
Any chance you can run it against master? I'm hoping most of the ones in apps
go away ...
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Hello,
The following 13 potential null-pointer dereference bugs were found by
running Facebook's Infer static analyzer on openssl-1.0.2a. You can
reproduce these reports by downloading Infer and running it like so:
https://fbinfer.org/docs/getting-started.html
cd openssl-1.0.2a
./config
I noticed that a new field was added to HMAC_CTX in the 1.0.2a-b or 1.0.1m-n
update:
typedef struct hmac_ctx_st {
const EVP_MD *md;
EVP_MD_CTX md_ctx;
EVP_MD_CTX i_ctx;
EVP_MD_CTX o_ctx;
unsigned int key_length;
unsigned char key[HMAC_MAX_MD_CBLOCK];
+ int key_init;
} HMAC_CTX;
Actually, just to get the ball rolling, I'll integrate the reg version of
Blake2, which is portable C, and a bit faster than the reference version,
which was designed for readability rather than performance.
___
openssl-dev mailing list
To unsubscribe:
On Jun 11, 2015, at 9:07 PM, Dan McDonald dan...@omniti.com wrote:
typedef struct hmac_ctx_st {
const EVP_MD *md;
EVP_MD_CTX md_ctx;
EVP_MD_CTX i_ctx;
EVP_MD_CTX o_ctx;
unsigned int key_length;
unsigned char key[HMAC_MAX_MD_CBLOCK];
+ int key_init;
} HMAC_CTX;
A cheesy,
Which is exactly why our hacked version of OpenSSL has
allocators/deallocators for all these private struct's.
It'd be really nice if OpenSSL would fix this, adding them won't break
backwards compatibility (i.e. API breakage isn't an excuse for not fixing
these) and going forwards problems like
On Jun 11, 2015, at 2:36 AM, Bill Cox waywardg...@google.com wrote:
BLAKE2 rocks. I'm looking forward to using it in many applications.
Sure. I would be glad to see that used as a hash in signatures and in TLS, as a
PRF in TLS and IKE, etc.
Does anyone know what the status of
Hi,
Can we use armv8 assembly support provided in openssl-1.0.2a for
32 bit mode compilation.
It *is* used in 32-bit compilation as-is. aesv8-armx and ghashv8-armx
are included in armv4_asm, and sha1-armv4-large and sha256-armv4 modules
incorporate support for ARMv8 SHA instructions.
On 01/14/2014 07:12 AM, Aaron wrote:
Hi All,
We have upgraded our OpenSSL from 9.0.8b to OpenSSL 1.0.1e. We have
encountered some thread issues. From releated OpenSSL document
(http://www.openssl.org/docs/crypto/threads.html), we see the following
description.
/CRYPTO_THREADID and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 1.0.2b released
===
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.0.2b of our open source
On Thu, 11 Jun 2015, Andy Polyakov wrote:
It's can as well be wrong. I mean it might have to be adjusted as
$1=2.20 instead of 2.19. While AVX support was added in binutils 2.19,
they might have omitted specifically vpclmulqdq. Can you confirm if it
works if you replace 2.19 with 2.20?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [11 Jun 2015]
===
DHE man-in-the-middle protection (Logjam)
A vulnerability in the TLS protocol allows a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 1.0.1n released
===
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.0.1n of our open source
31 matches
Mail list logo