Hi,
I understand that with the CMP implementation we've submitted a huge chunk of
code and it is probably not trivial to do the needed checks to ensure the
OpenSSL project's quality requirements for integrating it.
I'm a little concerned that this request might eventually be forgotten as the
Thanks you Bodo, for the comments.
Here are some quick answers
It seems that the BN_MONT_CTX-related code
The optimization made for the computation of the modular inverse in the ECDSA
sigh, is using const-time mod-exp.
Indeed, this is independent of the rest of the patch, and it can be used
This initialization is used for selecting a code path that would use
ADCX/ADOX
instructions when the processor supports them. The outcome depends only on
the appropriate CPUID bits. Therefore, there is no “thread-safe” issue
(because
any thread would select the same path).
I understand that
Hi all!
I've noticed that SSL_CTX_add_extra_chain_cert (actually
ss3_ctx_ctrl (..., SSL_CTRL_EXTRA_CHAIN_CERT, ..., ...)) just pushes
X509 cert to context's cert stack. This means that I'm unable to free
original certificate because double memory freeing occurs when context
is free'd later.
I'm beginning to think it's a bad idea to have cipher names like HIGH because
they are a moving target and bad things can happen when OpenSSL changes the
definitions.
If we need to keep them, would you be interested in code which added a
[cipher_names] block to config, which allowed folks to
Hi all!
I've noticed that SSL_CTX_add_extra_chain_cert (actually ss3_ctx_ctrl
(..., SSL_CTRL_EXTRA_CHAIN_CERT, ..., ...)) just pushes X509 cert to
context's cert stack. This means that I'm unable to free original
certificate because double memory freeing occurs when context is free'd
later.
Thanks you Bodo, for the comments.
Here are some quick answers
It seems that the BN_MONT_CTX-related code
The optimization made for the computation of the modular inverse in the ECDSA
sigh, is using const-time mod-exp.
Indeed, this is independent of the rest of the patch, and it can be used
On Tue, Oct 29, 2013, ?? ??? wrote:
Hi all!
I've noticed that SSL_CTX_add_extra_chain_cert (actually
ss3_ctx_ctrl (..., SSL_CTRL_EXTRA_CHAIN_CERT, ..., ...)) just pushes
X509 cert to context's cert stack. This means that I'm unable to free
original certificate because double memory
You don't and shouldn't free it: it will be free when the SSL_CTX it is added
to is freed.
In other words, if you want a local copy, bump the refcount for yourself.
Right?
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
On 10/29/2013 02:03 PM, Dr. Stephen Henson wrote:
On Tue, Oct 29, 2013, ?? ??? wrote:
I've noticed that SSL_CTX_add_extra_chain_cert (actually
ss3_ctx_ctrl (..., SSL_CTRL_EXTRA_CHAIN_CERT, ..., ...)) just pushes
X509 cert to context's cert stack. This means that I'm unable to free
On Tue, Oct 29, 2013, Daniel Kahn Gillmor wrote:
On 10/29/2013 02:03 PM, Dr. Stephen Henson wrote:
On Tue, Oct 29, 2013, ?? ??? wrote:
I've noticed that SSL_CTX_add_extra_chain_cert (actually
ss3_ctx_ctrl (..., SSL_CTRL_EXTRA_CHAIN_CERT, ..., ...)) just pushes
X509 cert to
On 10/20/2013 07:50 PM, Daniel Kahn Gillmor wrote:
[PATCH] fix documentation for SSL_CTX_set_tmp_dh_callback and friends
It doesn't look like this patch has been either applied or explicitly
rejected. Could I get some feedback on it?
Regards,
--dkg
In some platforms, such as POWER, char is defined as unsigned. This
patch fix a problem when comparing a char to -1.
Signed-off-by: Marcelo Cerri mhce...@linux.vnet.ibm.com
---
crypto/ec/ec_pmeth.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/ec/ec_pmeth.c
Hi,
This series of patches creates a new target for ppc64le and updates the
current assembly code for ppc64 in order to use the correct byte-order
when need.
Different approaches where tested to byte swap bytes, including the use
of instructions such as lwbrw, but the current version performed
SHA2 algorithm is defined using 32-bit and 64-bit variables in
big-endian. This patch updates sha512-ppc.pl to generate code that byte
swaps the input data when needed.
Signed-off-by: Marcelo Cerri mhce...@linux.vnet.ibm.com
---
crypto/sha/asm/sha512-ppc.pl | 196
SHA1 algorithm is defined using 32-bit variables in big-endian. This
patch updates sha1-ppc.pl to generate code that byte swaps the input
data when needed.
Signed-off-by: Marcelo Cerri mhce...@linux.vnet.ibm.com
---
crypto/sha/asm/sha1-ppc.pl | 32
1 file
This patch updates aes-ppc.pl to generate code that byte swaps the input
data when needed,
Signed-off-by: Marcelo Cerri mhce...@linux.vnet.ibm.com
---
crypto/aes/asm/aes-ppc.pl | 43 +++
1 file changed, 43 insertions(+)
diff --git
I feel like saying few words. One should recognize that by the time
multi-threading support was taking shape there was a whole variety of
threading implementations and callbacks were the only way to convey the
specifics. Nowadays we're pretty much talking only about pthreads and
Windows, and
On Tue, Oct 29, 2013 at 09:58:25PM +0100, Andy Polyakov wrote:
I feel like saying few words. One should recognize that by the time
multi-threading support was taking shape there was a whole variety
of threading implementations and callbacks were the only way to
convey the specifics. Nowadays
On Tue, Oct 29, 2013, Salz, Rich wrote:
You don't and shouldn't free it: it will be free when the SSL_CTX it is
added to is freed.
In other words, if you want a local copy, bump the refcount for yourself.
Right?
Yes. Unfortunately there isn't a function that does that at present and
20 matches
Mail list logo