On 11/06/15 18:02, Rainer Jung wrote:
> The release notes mentioned and linked in all of the four release
> announcements still contain stale text:
>
> https://www.openssl.org/news/openssl-1.0.2-notes.html
> https://www.openssl.org/news/openssl-1.0.1-notes.html
> https://www.openssl.org/news/ope
On Thu, Jun 11, 2015 at 09:07:18PM -0400, Dan McDonald wrote:
> I noticed that a new field was added to HMAC_CTX in the 1.0.2a->b or
> 1.0.1m->n update:
>
> typedef struct hmac_ctx_st { const EVP_MD *md; EVP_MD_CTX md_ctx;
> EVP_MD_CTX i_ctx; EVP_MD_CTX o_ctx; unsigned int key_length; unsigned
> c
Actually, just to get the ball rolling, I'll integrate the "reg" version of
Blake2, which is portable C, and a bit faster than the reference version,
which was designed for readability rather than performance.
___
openssl-dev mailing list
To unsubscribe:
Which is exactly why our hacked version of OpenSSL has
allocators/deallocators for all these private struct's.
It'd be really nice if OpenSSL would fix this, adding them won't break
backwards compatibility (i.e. API breakage isn't an excuse for not fixing
these) and going forwards problems like
> On Jun 11, 2015, at 9:07 PM, Dan McDonald wrote:
>
> typedef struct hmac_ctx_st {
> const EVP_MD *md;
> EVP_MD_CTX md_ctx;
> EVP_MD_CTX i_ctx;
> EVP_MD_CTX o_ctx;
> unsigned int key_length;
> unsigned char key[HMAC_MAX_MD_CBLOCK];
> + int key_init;
> } HMAC_CTX;
A cheesy, but bina
I noticed that a new field was added to HMAC_CTX in the 1.0.2a->b or 1.0.1m->n
update:
typedef struct hmac_ctx_st {
const EVP_MD *md;
EVP_MD_CTX md_ctx;
EVP_MD_CTX i_ctx;
EVP_MD_CTX o_ctx;
unsigned int key_length;
unsigned char key[HMAC_MAX_MD_CBLOCK];
+ int key_init;
} HMAC_CTX
On Thu, 11 Jun 2015 22:47:16 +, Salz, Rich via RT wrote:
> This is great!
>
> Any chance you can run it against master? I'm hoping most of the ones in
> apps go away ...
On master I get the following 12 reports. The first 10 seem to match
reports in my previous email, and the last two are n
Hello,
The following 13 potential null-pointer dereference bugs were found by
running Facebook's Infer static analyzer on openssl-1.0.2a. You can
reproduce these reports by downloading Infer and running it like so:
https://fbinfer.org/docs/getting-started.html
cd openssl-1.0.2a
./config &&
This is great!
Any chance you can run it against master? I'm hoping most of the ones in apps
go away ...
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On Thu, Jun 11, 2015 at 09:43:24PM +, Kannan Narayanasamy -X (kannanar -
HCL TECHNOLOGIES LIMITED at Cisco) wrote:
> Hi All,
>
> To resolve openSSL POODLE vulnerability we need to disable the SSLv3. In our
> application we have using openSSL through Apache. We have disabled using the
> belo
Hi All,
To resolve openSSL POODLE vulnerability we need to disable the SSLv3. In our
application we have using openSSL through Apache. We have disabled using the
below lines.
SSLProtocol all -SSLv2 -SSLv3
We are using 443 as SSL port. The command openssl s_client -connect
:443 -ssl3 shows the
Huhu!!
|Fixes for this issue were developed by Emilia Käsper and Kurt Roeckx
I just want to mention these «UTF-8 re-encoded as UTF-8» issues,
which may be acceptable for names of males, but, but
*particularly* with respect to the natural beauty of the affected
person… On the other hand i alway
Hello,
FYI using gcc 4.9.2 on x86_64 AMD
after Configure added
-flto
-g
-fstack-protector-all --param ssp-buffer-size=1
-fsanitize=address
-fsanitize=undefined
-fasynchronous-unwind-tables
-DOPENSSL_NO_BUF_FREELIST
and 'make test' fails with old bug marked "resolved"
342
The release notes mentioned and linked in all of the four release
announcements still contain stale text:
https://www.openssl.org/news/openssl-1.0.2-notes.html
https://www.openssl.org/news/openssl-1.0.1-notes.html
https://www.openssl.org/news/openssl-1.0.0-notes.html
https://www.openssl.org/news
On Thu, 11 Jun 2015, Andy Polyakov wrote:
It's can as well be wrong. I mean it might have to be adjusted as
$1>=2.20 instead of 2.19. While AVX support was added in binutils 2.19,
they might have omitted specifically vpclmulqdq. Can you confirm if it
works if you replace 2.19 with 2.20?
Indee
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [11 Jun 2015]
===
DHE man-in-the-middle protection (Logjam)
A vulnerability in the TLS protocol allows a man-in-the-mid
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 1.0.2b released
===
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.0.2b of our open source
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 1.0.1n released
===
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.0.1n of our open source
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 1.0.0s released
===
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.0.0s of our open source
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 0.9.8zg released
===
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 0.9.8zg of our open sourc
Just to let you know that I thoroughly enjoyed your reply. :-)
Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.
Original Message
From: Andy Polyakov
Sent: Thursday, June 11, 2015 10:14
To: openssl-dev@openssl.org
Reply To: openssl-dev@openssl.org
Subject: Re: [op
> It could be the gcc version is too old. Trying to recall, gcc needs to
> be something like 4.4 or newer to support the Intel carry-less multiply
> instruction.
It's pure assembler issue, not compiler. You can compile the module with
gcc 3.x if you wish (I actually do) as long as you have new en
Hello All,
This patch fixes/back port the DH parameters changes from 1.0.1 stable branch
to 0.9.8f version.
---
$ cat /tmp/patch.txt
--- s3_clnt.c_org 2015-06-10 14:27:54.0 +0530
+++ s3_clnt.c 2015-06
It could be the gcc version is too old. Trying to recall, gcc needs to
be something like 4.4 or newer to support the Intel carry-less multiply
instruction.
On 06/11/2015 09:37 AM, Dimitrios Apostolou wrote:
> Hello list,
>
> I've been trying to build OpenSSL-1.0.2a on an outdated SLES11 system.
Hello list,
I've been trying to build OpenSSL-1.0.2a on an outdated SLES11 system.
It fails unless I configure with "no-asm". Here is the relevant output:
gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -fPIC
-DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFC
On Thu, Jun 11, 2015 at 06:01:26AM +0530, Nayna Jain wrote:
> I have similar concern for private key.
> If I have a pem file with private key in that, how do I check if that is
> RSA/DSA ?
In almost all cases don't check. Just load and use the key as a
generic EVP_PKEY.
--
Viktor.
That shouldn’t be too difficult (finding reviewers, I mean).
Is the ISE asking for volunteers to review? What kind of volunteers? IMO what
a reviewer needs to be able to say is:
- The document is clear (you can implement based on this)
- The algorithm might be useful in the IETF
- The securit
> From: openssl-dev On Behalf Of Nayna Jain
> Sent: Wednesday, June 10, 2015 20:31
> If I have a pem file with private key in that, how do I check if that is
RSA/DSA ?
If it uses a "legacy" format, the BEGIN line specifies the algorithm
-BEGIN RSA PRIVATE KEY-
-BEGIN DSA PRIVATE KEY--
The status of the draft is unchanged ("Finding Reviewers"). Perhaps OpenSSL
can speed up the review process.
BLAKE2 has a keyed (aka MAC/PRF) mode, so it may also replace Poly1305. A
BLAKE2 MAC can be customized wrt key or tag size, and can provide the
highest security level for a give key/tag siz
On 10/30/2013 12:15 AM, Nico Williams wrote:
> On Tue, Oct 29, 2013 at 09:58:25PM +0100, Andy Polyakov wrote:
>> pthreads and Windows, and one can indeed argue why wouldn't OpenSSL
>> simply default to either of the two when appropriate. While it's
>> more than appropriate on Windows as it is, on p
On 01/14/2014 07:12 AM, Aaron wrote:
> Hi All,
>
> We have upgraded our OpenSSL from 9.0.8b to OpenSSL 1.0.1e. We have
> encountered some thread issues. From releated OpenSSL document
> (http://www.openssl.org/docs/crypto/threads.html), we see the following
> description.
>
> /CRYPTO_THREADID and
Hi,
>Can we use armv8 assembly support provided in openssl-1.0.2a for
> 32 bit mode compilation.
It *is* used in 32-bit compilation as-is. aesv8-armx and ghashv8-armx
are included in armv4_asm, and sha1-armv4-large and sha256-armv4 modules
incorporate support for ARMv8 SHA instructions. B
> On Jun 11, 2015, at 2:36 AM, Bill Cox wrote:
>
> BLAKE2 rocks. I'm looking forward to using it in many applications.
>
Sure. I would be glad to see that used as a hash in signatures and in TLS, as a
PRF in TLS and IKE, etc.
Does anyone know what the status of draft-saarinen-blake2 is? If
33 matches
Mail list logo
