Re: [openssl-dev] About multi-thread unsafe for APIs defined in crypto/objects/obj_dat.c

On 24. jan. 2018, at 6:11 f.h., Benjamin Kaduk via openssl-dev wrote: > On 01/23/2018 07:19 PM, Salz, Rich via openssl-dev wrote: >> Well, the most likely fix is to make the “safely” wording be more vague, >> which I doubt you’ll like. But I doubt anyone on the team

Re: [openssl-dev] Speck Cipher Integration with OpenSSL

On 9. jan. 2018, at 7:40 f.h., Randall S. Becker wrote: > On January 9, 2018 10:05 AM, Rich Salz wrote: >> It would be interesting to see how many changes you need to support your >> platform. > > Surprisingly not many at all. The platform has been significantly

Re: [openssl-dev] where is PEM_read_bio_X509_AUX()

On Apr 18, 2016, at 6:11 PM, CHOW Anthony wrote: > I am trying to do “openssl verify –CAfile server.pem” and the command hang. > When I debug, I see that after calling the function PEM_read_bio_X509_AUX in > load_cert() it hangs. > > But I don’t seems to

Re: [openssl-dev] [openssl.org #3852] bn_gfm2.c: in BN_GF2m_mod_arr() a check is optimized out

On May 18, 2015, at 1:41 PM, Andy Polyakov via RT r...@openssl.org wrote: Found by the https://github.com/xiw/stack tool and then I checked the generated asm (gcc and clang) to confirm. In the check if (d0 tmp_ulong) tmp_ulong always evaluates to true because the compiler optimizes out the

Re: [openssl-dev] [openssl.org #3852] bn_gfm2.c: in BN_GF2m_mod_arr() a check is optimized out

On May 18, 2015, at 1:41 PM, Andy Polyakov via RT r...@openssl.org wrote: Found by the https://github.com/xiw/stack tool and then I checked the generated asm (gcc and clang) to confirm. In the check if (d0 tmp_ulong) tmp_ulong always evaluates to true because the compiler optimizes out the

Re: [openssl-dev] [PATCH] Insert CFI directives in x86_64 SHA1 implementation to enable backtracing

On Mar 25, 2015, at 11:56 AM, Matt Cross matt.cr...@gmail.com wrote: I am working with something that does a lot of SHA1's. I am trying to profile my application and generate flame graphs (see http://www.brendangregg.com/flamegraphs.html ), but profiling tools cannot successfully

Re: [openssl-dev] [PATCH] Insert CFI directives in x86_64 SHA1 implementation to enable backtracing

On Mar 25, 2015, at 2:42 PM, Matt Cross matt.cr...@gmail.com wrote: This is done to align %rsp to a 64 byte boundary, and the original %rsp is stored on the stack; so the only way to get the actual frame pointer is to read 64(%rsp) and add an offset to that. I managed to do that by

Re: [openssl.org #3320] Invalid large memory access in openssl due

On 28 Apr 2014, at 4:20 PM, Kurt Roeckx wrote: To me this all sounds like an we end up in an inconsistent state. I'm expecting write(2) like behaviour of SSL_write(). You can request write(2)-like behavior from SSL_write() by setting SSL_MODE_ENABLE_PARTIAL_WRITE with SSL_CTX_set_mode().

Re: On the concurrent use of SSL_write and SSL_read

On 11 Aug 2013, at 2:19 PM, Ahmed Charfeddine wrote: It has been understood that the concurrent use of SSL_write and SSL_read is dangerous. However, is it correct to assume that the only crossing between these two APIs happen at the handshake stage only ? In other terms, once the SSL

Re: [openssl.org #3094] bug report: osx 10.8.4 won't build with enable-ec_nistp_64_gcc_128

I did a quick test, and found that 'make test' succeeds for -O0, -O1, -Os, and -Oz, but fails for -O2 and -O3. This is using Apple's cc which is based on clang-3.3 (it describes itself as clang-500.1.58 based on LLVM 3.3svn) and openssl-1.0.1e. It fails in the NIST test vectors stage of NIST

Re: What are the procedures to authenticate certificate?

On 10 Apr 2013, at 5:25 PM, igenyar wrote: After receiving a certificate, the client needs to send challenge to server to verify that the server does have the private key associated with the certificate. (Besides other checkings such as DNS, etc.) This happens as part of the SSL handshake ---

Re: BIO_do_connect() fails with IPv6 address

On 7 Jan 2013, at 10:21 PM, shyamala wrote: Hi, I have some queries regarding BIO_* calls. Our application uses BIO_* calls (BIO_do_connect, BIO_new_connect etc) to establish connection with Onboard Administrator. This works fine with IPv4 IP address, but BIO_do_connect fails when IPv6

Re: Why simple OCSP server listen only TCPv6 connections on Windows?

On 10 Oct 2012, at 4:58 AM, Vladimir Belov wrote: After I got the message “Waiting for OCSP client connections...” I see that process openssl.exe listen only TCPv6 port , no TCPv4. How to set up OCSP responder to handle IPv4-connections? Or the only way is to use only IPv6-connection

Re: Digital certificate with more than 1 year validity

On 17 Sep 2012, at 9:13 PM, Santhosh AP wrote: Kindly help us to create digital certificate having more than 365 day’s validity. At present we are using OpenSSL 0.9.7a Feb 19 2003 version. Kindly confirm is it possible to cross the certificate validity more than 1 year, if it’s possible

Re: How to know which curve to use for which cipher

(I think this is more appropriate for openssl-users than -dev, so I'm responding to that list.) On 10 Jul 2012, at 8:59 AM, Sirshendu Rakshit wrote: My questions are: 1) Is this a good way to know the EC_KEY using the curve-name Or there is some better way to know it? If you're hardcoding a

Incorporating ticket #2562 / debug info?

About a year ago, building on some work by Yoni Londner, I posted some patches to add more accurate debug information, mostly describing stack unwinding, to the hand-optimized x86 assembly code. This is especially helpful when profiling or debugging, since otherwise the debugger does not know

Re: [openssl-dev] [openssl.org #2782] BUG report: RSA private key serializer

On 3 Apr 2012, at 2:34 AM, Tamir Khason via RT wrote: It seemed that we are speaking about different things. In certificate i pasted, integers used for exponent1, exponent2 and coefficient encoded with different lengths. Yes. This is OK. In fact, it is required by DER (ISO 8825, etc). In

Re: [openssl.org #2782] BUG report: RSA private key serializer

On 2 Apr 2012, at 10:21 AM, Tamir Khason via RT wrote: Please see attached good and bad example + plain dump for both The attached file was corrupted at some point in the mail ... perhaps you could put it on your website? I couldn't read the PEM file you posted either because it was

Re: How encrypt long string RSA

On 27 Mar 2012, at 3:01 AM, Frater wrote: Where is any working example to encrypt file or long string using RSA Public or private key. in demos/maurice is example 1 but using certificate not privkey. The code in demos/maurice reads a certificate and extracts an EVP_PKEY from it, which is

Re: openssl md5 output

On 18 Jul 2011, at 1:25 PM, Patrick Donnelly wrote: Are you seriously suggesting that parsing the md5sums of multiple files from the output of openssl md5 *.txt is a sensible use case? It's not just sensible, it's fairly common. The DIGEST(filename)=hexhexhex... output style is in imitation

Re: [openssl.org #2562] Adding cfi/fpo records to asm (fix backtrace when debugging)

FWIW, I worked on extending this to cover the other x86 perlasm files in libcrypto over the weekend, by causing the %esp-tracking code in x86asm to emit CFI directives when needed. Other than the SHA implementations (some of which use a sliding-stack scheme that's hard to unwind) it needs only

Re: [openssl.org #2562] Adding cfi/fpo records to asm (fix backtrace when debugging)

FWIW, I worked on extending this to cover the other x86 perlasm files in libcrypto over the weekend, by causing the %esp-tracking code in x86asm to emit CFI directives when needed. Other than the SHA implementations (some of which use a sliding-stack scheme that's hard to unwind) it needs only

[openssl.org #2557] Bug in perlasm/cbc.pl with short/partial blocks?

I noticed this odd sequence of instructions in cbc.pl, near line 171. It seems like a bug, but the code hasn't been modified since 1998, and it seems unlikely this bug would have gone unnoticed for that long[1]: set_label(ej3); movb(HB(ecx), BP(2,$in,,0)); xor(ecx,

Re: [PATCH] cfi/fpo directives in md5 assembly code

Well, I did some testing with the slightly-modified patch (debian squeeze and openbsd 4.9), and confirmed that this produces an .eh_frame which allows gdb to walk the stack successfully if the program is stopped in or singlestepped through md5_block_asm_data_order(). Some notes, though: - Not

Re: [PATCH] cfi/fpo directives in md5 assembly code

On 28 Jun 2011, at 5:56 PM, Wim Lewis wrote: Several of the other assembly files could use the same treatment as well: md5-x86_64.pl uses %rbp to point to one of its arguments, sha1-586.pl uses %ebp as a scratch register, etc. It occurs to me that a lot of the CFI management could be done

Re: [PATCH] cfi/fpo directives in md5 assembly code

On 28 Jun 2011, at 12:21 AM, yoni londner wrote: 1. I looked at a generated assembler from gcc. So I am not 100% sure what is the 'most correct', but this is what gcc emits. I was concerned that since this routine isn't compiler-generated it might be doing something different from what

Re: [PATCH] cfi/fpo directives in md5 assembly code

On 27 Jun 2011, at 9:27 AM, yoni londner wrote: As you know, on 32bit systems, when using EBP for anything other than holding the stack base, it is very difficult to get reasonable backtrace. this can be fixed if directing the compiler to add a debug record which tells (at runtime) where we

Re: [openssl.org #2332] Issue while generating SSL certificate using Apache 2.216 + openssl 0.9.8o

On Sep 8, 2010, at 8:51 AM, shibu nair via RT wrote: We found that the error is due to the –days option. And when we change the value 9996 this works fine. and was working fine three date before (03-sept-2010. it seems to be issue related to the date range. Well, January 1st, 2038