First one is a typo
diff --git a/doc/crypto/EVP_PKEY_HKDF.pod b/doc/crypto/EVP_PKEY_HKDF.pod
index 00c0a76..8a5ef98 100644
--- a/doc/crypto/EVP_PKEY_HKDF.pod
+++ b/doc/crypto/EVP_PKEY_HKDF.pod
@@ -2,7 +2,7 @@
=head1 NAME
-EVP_PKEY_HKDF; EVP_PKEY_CTX_set_hkdf_md, EVP_PKEY_CTX_set1_hkdf_salt,
cc -I.. -I../.. -I../modes -I../include -I../../include -DDSO_DLFCN
-DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE
-DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM
-DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM
OpenBSD uses GCC 4.2.1
$ egrep -B 1 'warning|error' openssl-log.txt
ecp_nistz256.c: In function 'ecp_nistz256_points_mul':
ecp_nistz256.c:1131: warning: ignoring alignment for stack allocated 't'
ecp_nistz256.c:1131: warning: ignoring alignment for stack allocated 'p'
--
b_addr.c: In function
On Fri, Mar 4, 2016 at 11:00 PM Viktor Dukhovni
wrote:
>
> > On Mar 4, 2016, at 3:57 PM, Emilia Käsper wrote:
> >
> > I've updated the pull to do a much more substantial cleanup.
>
> What will @STRENGTH mean in this context? Will ignore
> the
> Browsers have largely decided to implement GCM-modes only with AES128.
> Chrome is now about to change that. Not sure if other browsers will
> follow.
>
> Right now if you configure a server with openssl's cipher suite
> ordering it is likely that a connection will happen with AES256 in CBC
>
> On Mar 4, 2016, at 3:57 PM, Emilia Käsper wrote:
>
> I've updated the pull to do a much more substantial cleanup.
What will @STRENGTH mean in this context? Will ignore
the distinction between AES256 and AES128? What does this
do to the @SECLEVEL interface which tries to
It's defined in openssl/crypto/bio/b_print.c
--
View this message in context:
http://openssl.6102.n7.nabble.com/Source-code-BIO-printf-function-tp64330p64335.html
Sent from the OpenSSL - Dev mailing list archive at Nabble.com.
--
openssl-dev mailing list
To unsubscribe:
Seconded CHOW Anthony's advice.
GitHub is much quicker, and returns 11 pages of results. Much easier to
parse thru their UI than command prompt/favorite text editor :)
On Mar 4, 2016 1:30 PM, "CHOW Anthony"
wrote:
> Try Github: https://github.com/openssl/openssl
Thanks for your promptly response, Viktor.
Viktor Dukhovni wrote:
> > On Mar 3, 2016, at 8:07 PM, Ángel González
> > wrote:
> >
> > They were showed in the help, but providing them failed with an
> > “unknown option” error, and showed the help which listed it
> > as a valid
Try Github: https://github.com/openssl/openssl
-Original Message-
From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of
MusseRedi
Sent: Friday, March 04, 2016 12:29 PM
To: openssl-dev@openssl.org
Subject: [openssl-dev] Source code BIO_printf() function
I'm new to the
If you have the source downloaded, you can use fgrep, sed, or
silversearcher to find all instances of `BIO_printf` in the source.
Recursively search through entire project, or section by section if load
gets too intense.
On Mar 4, 2016 1:24 PM, "MusseRedi" wrote:
> I'm new
I'm new to the OpenSSL project, and was wondering where I can find the source
code for the BIO_printf() function.
--
View this message in context:
http://openssl.6102.n7.nabble.com/Source-code-BIO-printf-function-tp64330.html
Sent from the OpenSSL - Dev mailing list archive at Nabble.com.
--
On Fri Mar 04 14:35:30 2016, darovskikh.and...@gmail.com wrote:
> Hi
>
> I'm using openssl 1.0.2 library for SSL connection.
> For supporting TLS1.2 protocol with client cert from windows cert store I
> modified openssl capi engine. In method capi_rsa_sign I initialize
> Microsoft Enhanced RSA and
OpenSSl 1.1.0 pre 3 on Solaris 10 Sparc using GCC 4.9.3 but Solaris
linker and assembler
% /usr/ccs/bin/as -V
/usr/ccs/bin/as: SunOS 5.10 118683-08 Patch 07/05/2012
% /usr/ccs/bin/ld -V
ld: Software Generation Utilities - Solaris Link Editors: 5.10-1.497
When linking other software against
I've updated the pull to do a much more substantial cleanup.
On Thu, Mar 3, 2016 at 6:16 PM Emilia Käsper wrote:
> Hm, I think that I actually agree. But David's done enough, so I'll have a
> look myself.
>
> On Thu, Mar 3, 2016 at 5:33 PM Blumenthal, Uri - 0553 - MITLL <
>
My patch will work for both solaris versions then.
Can someone commit the fix ?
>-- Original Message --
>
>Am 03.03.2016 um 18:51 schrieb Erik Forsberg:
>>
>> I have been having 32-bit only test failures from test_ca
>> for quite a while now on Solaris 10 (1.1.pre), Finally figured
>> out what is
needs tersting once 4377 is fixec
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4366
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe:
per OP, clsoing this.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4365
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
closing thanks!
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4366
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>> cc -I.. -I../.. -I../modes -I../include -I../../include -DDSO_DLFCN
>> -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE
>> -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM
>> -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DPOLY1305_ASM
>> -DOPENSSLDIR="\"/usr/local/ssl\""
>>
Hello All,
In reviewing code in directory 'crypto/evp', in file 'openbsd_hw.c',
there is a call to OPENSSL_realloc() which is NOT checked for a return
value of NULL, indicating failure. However, the statement after this
is memcpy(), which if the destination variable is NULL, will result
in a
Hi,
I created pull request to reorder SNI/ALPN processing, such that ALPN occurs
after SNI. Since SNI may change the SSL_CTX, and the ALPN callback is defined
on the SSL_CTX, it makes sense to allow SNI to possibly update the SSL_CTX, and
then do ALPN processing (possibly for a new virtual
> where section is "1" or "3" as appropriate. Links across sections are useful.
Absolutely. They're criticial. The build script on the website needs a tweak
(or the manpage does), that's all.
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Hi
I'm using openssl 1.0.2 library for SSL connection.
For supporting TLS1.2 protocol with client cert from windows cert store I
modified openssl capi engine. In method capi_rsa_sign I initialize
Microsoft Enhanced RSA and AES Cryptographic Provider. It support sha256 -
sha512 hash algs. It used
>> Fear is irrational and destructive feeling. Having faith that world is
>> better than that it nothing but healthy :-) What I'm saying is that
>> let's put a little bit more substance into discourse. Would anybody
>> consider it *sane* programming practice to rely on partially overlapping
>>
> On Mar 4, 2016, at 5:24 AM, Salz, Rich wrote:
>
> Yes, links across sections (apps/crypto etc) don’t work well.
We could put all the docs in a single directory. If we were
worried about collisions, switch from:
page.html => page..html
where section is "1" or "3"
> On Mar 4, 2016, at 7:24 AM, Andy Polyakov via RT wrote:
>
> Fear is irrational and destructive feeling. Having faith that world is
> better than that it nothing but healthy :-) What I'm saying is that
> let's put a little bit more substance into discourse. Would anybody
>
Dear Stephen,
On Fri, Mar 4, 2016 at 4:00 PM, Dr. Stephen Henson
wrote:
> On Fri, Mar 04, 2016, Dmitry Belyavsky wrote:
>
> > Dear Rich,
> >
> > Is it possible to add a command line option to select hash algorithm used
> > in the PRF calculations?
> > GOST ciphersuites, for
On Fri, Mar 04, 2016, Dmitry Belyavsky wrote:
> Dear Rich,
>
> Is it possible to add a command line option to select hash algorithm used
> in the PRF calculations?
> GOST ciphersuites, for example, use TLS1 PRF based on the GOST digest
> algorithms.
>
I think it's already there -pkeyopt md:
>>> If the other EVP ciphers universally allow this then I think we must
>> treat this
>>> as a bug, because people may be relying on this behaviour. There is also
>>> sporadic documentation in lower-level APIs (AES source and des.pod) that
>> the
>>> buffers may overlap.
>>>
>>> If it's
On Fri, Mar 4, 2016 at 12:48 PM Andy Polyakov via RT wrote:
> > If the other EVP ciphers universally allow this then I think we must
> treat this
> > as a bug, because people may be relying on this behaviour. There is also
> > sporadic documentation in lower-level APIs (AES
On Fri, Mar 4, 2016 at 12:48 PM Andy Polyakov via RT wrote:
> > If the other EVP ciphers universally allow this then I think we must
> treat this
> > as a bug, because people may be relying on this behaviour. There is also
> > sporadic documentation in lower-level APIs (AES
> If the other EVP ciphers universally allow this then I think we must treat
> this
> as a bug, because people may be relying on this behaviour. There is also
> sporadic documentation in lower-level APIs (AES source and des.pod) that the
> buffers may overlap.
>
> If it's inconsistent then, at
Send a patch ☺
--
Senior Architect, Akamai Technologies
IM: richs...@jabber.at Twitter: RichSalz
From: Dmitry Belyavsky [mailto:beld...@gmail.com]
Sent: Friday, March 04, 2016 2:29 AM
To: openssl-dev@openssl.org
Subject: Re: [openssl-dev] links to KDF functions from pkeyutl man are broken
Dear
Dear Rich,
Is it possible to add a command line option to select hash algorithm used
in the PRF calculations?
GOST ciphersuites, for example, use TLS1 PRF based on the GOST digest
algorithms.
Thank you!
On Fri, Mar 4, 2016 at 1:24 PM, Salz, Rich wrote:
> Yes, links across
Yes, links across sections (apps/crypto etc) don’t work well.
--
Senior Architect, Akamai Technologies
IM: richs...@jabber.at Twitter: RichSalz
From: Michel [mailto:michel.sa...@free.fr]
Sent: Friday, March 04, 2016 2:06 AM
To: openssl-dev@openssl.org
Subject: [openssl-dev] links to KDF
Hi,
Just to let you know that the links to EVP_PKEY_HKDF and EVP_PKEY_TLS1_PRF
are not [yet ?] operational.
https://www.openssl.org/docs/manmaster/apps/pkeyutl.html
Regards,
Michel.
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On 03/03/16 11:54, Marcus Meissner wrote:
> Hi,
>
> https://guidovranken.wordpress.com/2016/03/01/public-disclosure-malformed-private-keys-lead-to-heap-corruption-in-b2i_pvk_bio/
>
> Integer overflow in b2i_PVK_bio
>
> Have you assigned a CVE internally for that already?
>
> Ciao, Marcus
>
Am 03.03.2016 um 18:51 schrieb Erik Forsberg:
I have been having 32-bit only test failures from test_ca
for quite a while now on Solaris 10 (1.1.pre), Finally figured
out what is wrong.
I build both 32-bit and 64-bit libraries.
My /usr/local/bin/perl is always 64-bit,
used to be required for
39 matches
Mail list logo