Hi All,
We want to support a hardware accelerator on our device. We are using
OpenSSL with OpenSSL FIPS Object module. I wanted to know if we can add
engine support in OpenSSL FIPS Object module.
I welcome all valuable inputs.
Regards
Jayalakshmi.
I've been experimenting with more type correctness and less casting.
Some of the big casting culprits are the various _ctrl() functions,
e.g. SSL_ctrl().
Does anyone have any clue why these exist?
Is there any reason to not replace them with direct function calls
(other than API stability)?
Hi,
I've been working on IPv6 support, and one of the strangest things
I find is BIO_get_accept_socket().
If bind_mode == BIO_BIND_REUSEADDR_IF_UNUSED, and bind() fails
with EADDRINUSE it creates a new socket and tries to connect
to the port it tried to bind() to, and if that fails tries to
bind
On Fri Jul 04 20:33:35 2014, pspa...@redhat.com wrote:
Attached patch set adds support for key wrapping mode described in RFC
5649.
Well it seems this patch only supports the new functionality via the low level
APIs (which applications should avoid) and not EVP. This would mean
applications
On Sat, Jul 5, 2014 at 7:37 AM, Kurt Roeckx k...@roeckx.be wrote:
Does anybody have an idea why it's trying to do that, and why we
shouldn't just do SO_REUSEADDR the first time? Was there some
OS that maybe did strange things when trying to use SO_REUSEADDR
and it was already in use?
FWLIW:
On Sat, Jul 05, 2014 at 08:13:04AM -0400, Eric Covener wrote:
On Sat, Jul 5, 2014 at 7:37 AM, Kurt Roeckx k...@roeckx.be wrote:
Does anybody have an idea why it's trying to do that, and why we
shouldn't just do SO_REUSEADDR the first time? Was there some
OS that maybe did strange things
On 07/05/2014 02:09 AM, Jayalakshmi bhat wrote:
Hi All,
We want to support a hardware accelerator on our device. We are using
OpenSSL with OpenSSL FIPS Object module. I wanted to know if we can add
engine support in OpenSSL FIPS Object module.
I welcome all valuable inputs.
First, please
There's a bunch of hacks in apps/openssl.c to work around some old VMS
releases; the coment is dated 2011-03-22.
I am going to delete it.
Speak up now if you can justify keeping it.
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rs...@jabber.memailto:rs...@jabber.me;
On 5/07/2014 9:12 AM, Kurt Roeckx wrote:
On Sat, Jul 05, 2014 at 08:13:04AM -0400, Eric Covener wrote:
On Sat, Jul 5, 2014 at 7:37 AM, Kurt Roeckx k...@roeckx.be wrote:
Does anybody have an idea why it's trying to do that, and why we
shouldn't just do SO_REUSEADDR the first time? Was there
In the new roadmap I read on platform strategy:
--8---
Platform Strategy
Moving forward OpenSSL will adopt the following policy:
• There will be a defined set of primary platforms. The primary
platforms will be Linux and FreeBSD. A primary platform is one where
most development occurs.
• In
Hi,
I absolutely agree, that other less popular platforms need support.
Unfortunately, reading the conversation in the last few days, I got a
feeling that the OpenSSL core development is not willing to support
those platforms in the main line, but will come up with a separate
branch or
On 5 July 2014 18:46, Zoltan Arpadffy z...@polarhome.com wrote:
Hi,
I absolutely agree, that other less popular platforms need support.
Unfortunately, reading the conversation in the last few days, I got a
feeling that the OpenSSL core development is not willing to support those
platforms
On Sat, Jul 05, 2014 at 12:45:37PM -0400, Tim Hudson wrote:
On 5/07/2014 9:12 AM, Kurt Roeckx wrote:
On Sat, Jul 05, 2014 at 08:13:04AM -0400, Eric Covener wrote:
On Sat, Jul 5, 2014 at 7:37 AM, Kurt Roeckx k...@roeckx.be wrote:
Does anybody have an idea why it's trying to do that, and why
On 5/07/2014 2:14 PM, Kurt Roeckx wrote:
On Sat, Jul 05, 2014 at 12:45:37PM -0400, Tim Hudson wrote:
If you have SO_REUSEADDR set and a listener already in place you will
start a new listener
No you won't. You will get a bind() error:
socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
Those who forget history are doomed to re-implement it, wrongly.
SO_REUSEADDR was implemented in 4.2BSD so that a server could restart without
waiting for the various FIN_WAIT timeouts to happen.
:)
/r$
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM:
On 5/07/2014 1:06 PM, hmbrand via RT wrote:
I think it is highly thinkable that the dev-team does not have access to
proprietary OS's like HP-UX or AIX. Personally I give a shit about AIX,
but I value HP-UX a lot and I might be the only one left still releasing
software-depots (what HP uses
...but can not let the less popular platforms decline, therefore I decided to
set up Jenkins builds on polarhome.com's 30+ rare operating systems and
Wow, that is really great. Thank you!
As Ben said, we haven't decided on *anything* yet.
/r$
--
Principal Security Engineer
Akamai
On Sat, Jul 05, 2014 at 02:37:49PM -0400, Tim Hudson wrote:
On 5/07/2014 2:14 PM, Kurt Roeckx wrote:
On Sat, Jul 05, 2014 at 12:45:37PM -0400, Tim Hudson wrote:
If you have SO_REUSEADDR set and a listener already in place you will
start a new listener
No you won't. You will get a bind()
Some google engineering (search) will show the the variety of
confusion that this causes in cross-platform code.
Start here for some interesting reading -
http://stackoverflow.com/questions/14388706/socket-options-so-reuseaddr-and-so-reuseport-how-do-they-differ-do-they-mean-t
You will find
On Sat, Jul 5, 2014 at 2:37 PM, Tim Hudson t...@cryptsoft.com wrote:
On 5/07/2014 2:14 PM, Kurt Roeckx wrote:
On Sat, Jul 05, 2014 at 12:45:37PM -0400, Tim Hudson wrote:
If you have SO_REUSEADDR set and a listener already in place you will
start a new listener
No you won't. You will get
You are most welcome.
This is the main purpose of polarhome.
I have been working few days with that setup and I see already that it
will not be as smooth as somebody would guess, because java, git etc
are not available, or supported on every system.
I have sent a preview to Tim, but when
On Sat, Jul 05, 2014 at 02:55:36PM -0400, Tim Hudson wrote:
Some google engineering (search) will show the the variety of
confusion that this causes in cross-platform code.
Start here for some interesting reading -
On 5 July 2014 12:37, Kurt Roeckx k...@roeckx.be wrote:
But then I found some MSDN documentation that says that Windows
allows others to hijack your socket when you've set SO_REUSEADDR
and the results are non-deterministic. They also created an
SO_EXCLUSIVEADDRUSE and I'm getting confused
From: Salz, Rich rs...@akamai.com
There's a bunch of hacks in apps/openssl.c to work around some old VMS rele=
ases; the coment is dated 2011-03-22.
I am going to delete it.
Thanks for the notice.
Why? Is your primary goal to remove all support for VMS, or only to
cause defective
On Sat, Jul 5, 2014 at 4:03 PM, Steven M. Schweda s...@antinode.info wrote:
From: Salz, Rich rs...@akamai.com
There's a bunch of hacks in apps/openssl.c to work around some old VMS
rele=
ases; the coment is dated 2011-03-22.
I am going to delete it.
Thanks for the notice.
Why?
Since the 1.2 FIPS module is now obsolete this wont be fixed (would require
approval on next change letter). However there is a similar bug in the 2.0
module which I've comitted a fix for in the FIPS dev branch and will be a
candidate for inclusion for the next change letter.
Thanks for the
Fixed, thanks for the report.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project
Steve,
Thanks for the explanation. I'll refactor it a bit, and keep it.
/r$
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rs...@jabber.me; Twitter: RichSalz
__
OpenSSL Project
I am closing this item as it is not actually a defect (although we do
appreciate getting rapid feedback on the roadmap).
The discussion in terms of platform strategy should continue on the openssl-dev
mailing list as we work through tackling platform related issues.
Separately I'm looking
Hi,
As of 04-07-2014, the latest version of crypto/sha/asm/sha512-x86_64.pl
(commit 29be3f6411) in the master branch shows the following at line 2309:
$code.=___ if ($SZ==4 $shext);
Seeing that the variable $shext doesn't exist, but $shaext does, this
might be a typo.
Please find a
Fix worked for me, marking as resolved. If still a problem please reopen the
ticket.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL
Closing this item - see #3434 which is an overlapping (and more detailed
replacement).
Further discussions on AES wrapping should be added into that ticket and/or
continue on openssl-dev.
Thanks,
Tim.
__
OpenSSL Project
From: Salz, Rich rs...@akamai.com
Thanks for the explanation. I'll refactor it a bit, and keep it.
Whew.
Now that I look again, I see that there's already an
apps/vms_decc_init.c, so if adding something like an
apps/vms_argv64_bug.c to do the real work would improve the appareance,
it'd
Bug fix patch applied. As regards the feature: I don't feel that always
flushing is something we should do in general for ERR_print_errors_fp. Marking
as resolved, thanks for the report.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see:
Thanks Jeff:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=75b7606881b08a892f487629cc30e63dff1800cb
Applied to master, 1.0.2 and 1.0.1. I don't believe 1.0.0 has AES-NI support
(?) so haven't applied it to that branch.
Matt
Fixed (finally!), thanks for the report.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project
On Sat Jul 05 13:46:16 2014, steve wrote:
On Fri Jul 04 20:33:35 2014, pspa...@redhat.com wrote:
Attached patch set adds support for key wrapping mode described in
RFC
5649.
Well it seems this patch only supports the new functionality via the
low level
APIs (which applications should
Excellent. What about other cryptosystem implementations within
OpenSSL? You should take a look at the DSA and ECDSA code and write a
blog about that, too.
BBB
On Wed, Jul 2, 2014 at 9:13 PM, Huzaifa Sidhpurwala
sidhpurwala.huza...@gmail.com wrote:
Hi All,
Since we are talking about AES
38 matches
Mail list logo