[PATCH] Add AES-ECB modes to eng_cryptodev.c
Attached is a patch to added AES-ECB modes (128, 192, 256) to eng_cryptodev.c (and some whitespace cleanup). I also have a backported 1.0.1e if you guys want that as well. The attached patch is from git master. I started adding other modes (CTR), but the tests were failing, so I decided to submit what I believe to be working. Thanks, Josh eng_cryptodev.patch Description: Binary data
Re: [openssl.org #3151] Bug report: openssl-1.0.1e-28.fc19.i686 on Fedora 19: OPENSSL_ia32_cpuid() misdetects RDRAND instruction on old Cyrix M II i686 CPU
On Čt, 2013-10-31 at 22:05 +0100, Kurt Roeckx wrote: On Mon, Oct 28, 2013 at 09:33:05AM +0100, Andre Robatino via RT wrote: I have an old i686 machine with a Cyrix M II CPU running Fedora 19. The latest version of openssl (openssl-1.0.1e-28.fc19.i686) doesn't work properly with it due to OPENSSL_ia32_cpuid() misdetecting the RDRAND instruction (see https://bugzilla.redhat.com/show_bug.cgi?id=1022346 ). All previous versions (up to openssl-1.0.1e-4.fc19.i686) worked properly. I was advised to create an upstream ticket. The listed bug report contains /proc/cpuinfo output and a gdb stack trace. This is a duplicate of ticket #3005 This has been fixed after the 1.0.1e release in: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5702e965d759dde8a098d8108660721ba2b93a7d But if -4 worked and -28 fails, you really should look what fedora changed between those releases. The -4 worked because the RDRAND engine was erroneously completely disabled in the Fedora build. Only after the enablement of it the bug in the CPU detection could manifest. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road is wrong though.) __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
ECDHE problem with 1.0.2-dev
Hi. When I build the latest development version of httpd or nginx against the OpenSSL_1_0_2-stable branch, the ECDHE-RSA and ECDHE-ECDSA ciphers don't work. With both webservers, I can get these ciphers to work by either... 1. Deleting: SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE); or 2. Adding: SSL_CTX_set_ecdh_auto(ctx, 1); Should it still be possible to manually configure ECDH keys using SSL_CTX_set_tmp_ecdh() in 1_0_2? If so, any ideas why it isn't working? Is there a bug in OpenSSL_1_0_2-stable? Or are both httpd and nginx doing something wrong? Or, is SSL_CTX_set_ecdh_auto(ctx, 1); the only supported way of doing it in 1_0_2? Thanks. -- Rob Stradling Senior Research Development Scientist COMODO - Creating Trust Online __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: ECDHE problem with 1.0.2-dev
On Fri, Nov 01, 2013, Rob Stradling wrote: Hi. When I build the latest development version of httpd or nginx against the OpenSSL_1_0_2-stable branch, the ECDHE-RSA and ECDHE-ECDSA ciphers don't work. With both webservers, I can get these ciphers to work by either... 1. Deleting: SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE); or 2. Adding: SSL_CTX_set_ecdh_auto(ctx, 1); Should it still be possible to manually configure ECDH keys using SSL_CTX_set_tmp_ecdh() in 1_0_2? If so, any ideas why it isn't working? Is there a bug in OpenSSL_1_0_2-stable? Or are both httpd and nginx doing something wrong? I think it's a bug in OpenSSL 1.0.2. It shouldn't break anything that works in previous versions, at least not without a very good reason. I'll look into it. Or, is SSL_CTX_set_ecdh_auto(ctx, 1); the only supported way of doing it in 1_0_2? It's the preferred way as it just does the right thing. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: ECDHE problem with 1.0.2-dev
Hey, I think it's a bug in OpenSSL 1.0.2. It shouldn't break anything that works in previous versions, at least not without a very good reason. I'll look into it. I already reported / patched this a while ago (with no response): https://rt.openssl.org/Ticket/Display.html?id=3103 It's the preferred way as it just does the right thing. It always choses the strongest curve supported by both sides, which isn't always preferred (IMHO). Best regards, Piotr Sikora __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3103] [PATCH] Set TLS EC curve_id from EC group alone.
On Fri Aug 02 10:23:33 2013, pi...@cloudflare.com wrote: Hello, attached patch fixes the issue with dropped support for EC cipher suites in software that uses SSL_OP_SINGLE_ECDH_USE after upgrading to OpenSSL-1.0.2+. Fixed now, thanks for the report. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: ECDHE problem with 1.0.2-dev
On Fri, Nov 01, 2013, Piotr Sikora wrote: Hey, I think it's a bug in OpenSSL 1.0.2. It shouldn't break anything that works in previous versions, at least not without a very good reason. I'll look into it. I already reported / patched this a while ago (with no response): https://rt.openssl.org/Ticket/Display.html?id=3103 Oops sorry missed that. It's the preferred way as it just does the right thing. It always choses the strongest curve supported by both sides, which isn't always preferred (IMHO). It picks the highest preference curve supported by both sides, which is usually the strongest curve but it doesn't have to be. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org