Hi All,
Does *a**lternative chains certificate forgery** issue* affects the
OpenSSL stacks earlier than 1.0.1n releases Why I am asking this
question is affected code seems to be available in earlier versions as
well.
Thanks and Regards
Jayalakshmi
Precisely the versions as stated in
https://openssl.org/news/secadv_20150709.txt are affected:
This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o.
OpenSSL 1.0.2b/1.0.2c users should upgrade to 1.0.2d
OpenSSL 1.0.1n/1.0.1o users should upgrade to
If some one build their own openssl and add few lines to print the keys
during encrypt and decrypt and put in the library in the LD_LIBRARY_PATH,
may result in compromising the security of the keys.
Does any of you faced this problem and if you could share the solution it
would be helpful.
Actually that isn't quite right. A properly configured and tuned RBAC
policy, when combined with PaX, can very effectively limit all userspace
activity (including root access!).
How do you know that the module is installed and actually doing things? How do
you know what kernel is
On Tue, 21 Jul 2015 13:58:21 + (UTC)
Anirudh Raghunath anirudhraghun...@rocketmail.com wrote:
Ah okay, that clears up quite a lot of doubts. But the certificate I
want to load is a self signed certificate which has a private key
attached to it. I used the XCA application to export the
Actually that isn't quite right. A properly configured and tuned RBAC
https://en.wikipedia.org/wiki/Grsecurity#Role-based_access_control policy,
when combined with PaX https://en.wikipedia.org/wiki/Grsecurity#PaX, can
very effectively limit all userspace activity (including root access!). It
On 21/07/15 15:33, Tom Browder wrote:
On Sun, Jul 19, 2015 at 11:00 AM, Tom Browder tom.brow...@gmail.com wrote:
On Thu, Jul 9, 2015 at 12:00 PM, Viktor Dukhovni
That surely means that you're compiling some patched version or
not even 1.0.2d.
No, it's the correct version.
But just now,
^
d1_both.c: In function 'dtls1_retransmit_message':
d1_both.c:1261:9: warning: 'save_write_sequence' may be used
uninitialized in this function [-Wmaybe-uninitialized]
memcpy(s-s3-write_sequence, save_write_sequence,
^
This one is entirely
On 21/07/15 20:54, Jeffrey Walton wrote:
^
d1_both.c: In function 'dtls1_retransmit_message':
d1_both.c:1261:9: warning: 'save_write_sequence' may be used
uninitialized in this function [-Wmaybe-uninitialized]
memcpy(s-s3-write_sequence,
If it's a simple matter of adding =0 in the declaration, we should just fix
the darn thing.
--
Senior Architect, Akamai Technologies
IM: richs...@jabber.at Twitter: RichSalz
___
openssl-users mailing list
To unsubscribe:
On Tue, Jul 21, 2015 at 4:06 PM, Matt Caswell m...@openssl.org wrote:
On 21/07/15 20:54, Jeffrey Walton wrote:
^
d1_both.c: In function 'dtls1_retransmit_message':
d1_both.c:1261:9: warning: 'save_write_sequence' may be used
uninitialized in this function
Shoot, I need that functionality. Can I perhaps use the X509 *load_cert(BIO
*err, const char *file, int format, const char *pass, ENGINE *e, const char
*cert_descrip) function then? If yes, then can someone elaborate on how to use
this function? Thanks
On Tuesday, 21 July 2015 8:19 PM,
On Tue, Jul 21, 2015 at 4:40 PM, Tom Browder tom.brow...@gmail.com wrote:
On Tue, Jul 21, 2015 at 2:16 PM, Matt Caswell m...@openssl.org wrote:
On 21/07/15 15:33, Tom Browder wrote:
On Sun, Jul 19, 2015 at 11:00 AM, Tom Browder tom.brow...@gmail.com wrote:
I lied. After rebuilding gcc 5.2.0
Hi,
I'm currently working on my Master thesis, and the topic is about ECDSA
implementations and DSA implementations in the context of small embedded
systems.
I'd like to try out OpenSSL but I'm not sure if I can configure it to be
small enough for the embedded devices I use.
For my purpose
I'm not real current with C so I'm not in a great position to
criticize, but can't those warnings (if there is truly no problem) be
eliminated (at least in gcc) with a pragma?
Sadly, no.
GCC pragmas to manage warnings are almost useless. Its been broken for
years. See:
*
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
Of Kaduk, Ben
Sent: Tuesday, July 21, 2015 17:06
On 7/21/15, 17:37, Ken Goldman kgold...@us.ibm.com wrote:
On 7/21/2015 6:20 PM, Jeffrey Walton wrote:
For the stragglers, I don't think its a stretch to ask C99 in
On Tue, Jul 21, 2015 at 5:56 PM, Salz, Rich rs...@akamai.com wrote:
If it's a simple matter of adding =0 in the declaration, we should just fix
the darn thing.
You know... if OpenSSL changes its policies so that C99 is the
baseline, then you get to initialize all variables when declared.
I
On 21/07/15 21:44, Jeffrey Walton wrote:
On Tue, Jul 21, 2015 at 4:06 PM, Matt Caswell m...@openssl.org wrote:
On 21/07/15 20:54, Jeffrey Walton wrote:
^
d1_both.c: In function 'dtls1_retransmit_message':
d1_both.c:1261:9: warning: 'save_write_sequence' may be
On 7/21/2015 6:20 PM, Jeffrey Walton wrote:
For the stragglers, I don't think its a stretch to ask C99 in 2015.
Visual Studio is often used on Windows, and it is not C99.
___
openssl-users mailing list
To unsubscribe:
For the stragglers, I don't think its a stretch to ask C99 in 2015.
Visual Studio is often used on Windows, and it is not C99.
Oh my, I was not aware it was still struggling for C99 :) I guess
Microsoft is still putting their energies into the one-size, tablet
interface known as Windows 8,
For the stragglers, I don't think its a stretch to ask C99 in 2015.
We agreed to support Netware; does it have C99? Anyone know?
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On 21/07/15 21:40, Tom Browder wrote:
On Tue, Jul 21, 2015 at 2:16 PM, Matt Caswell m...@openssl.org wrote:
On 21/07/15 15:33, Tom Browder wrote:
On Sun, Jul 19, 2015 at 11:00 AM, Tom Browder tom.brow...@gmail.com wrote:
I lied. After rebuilding gcc 5.2.0 and rechecking I get the following
It may be correct in this case, but simple matter of can sometimes
mask a real problem. If the function expected the value to be set
earlier, but the analysis tool finds a path where it's not set, there
could be a more real bug.
Is zero the right value? Why not, 1, -1, or 42?
=0 may be
On 7/21/15, 17:37, Ken Goldman kgold...@us.ibm.com wrote:
On 7/21/2015 6:20 PM, Jeffrey Walton wrote:
For the stragglers, I don't think its a stretch to ask C99 in 2015.
Visual Studio is often used on Windows, and it is not C99.
It is getting closer, though:
Like I said, its learning to play well with your tools :)
Well I think what your saying is that we should play well with other
people's tools! My tools (and presumably the rest of the dev team's as
well) don't report this warning.
Ah, OK. So its being reported in GCC 5.1 via
I read the following description from Oracle Solaris website
(https://blogs.oracle.com/DanX/entry/how_to_tell_if_sparc)
OpenSSL T4 engine Availability
The OpenSSL t4 engine is available with Solaris 11 and 11.1. For Solaris 10
08/11 (U10), you need to use the OpenSSL pkcs11 engine. The OpenSSL
Securing a system against this kind of attack can be done in several ways,
depending on the level of assurance you desire. You might start out with
Tripwire:
https://en.wikipedia.org/wiki/Open_Source_Tripwire
http://www.tripwire.org/
You could also implement mandatory access control and ACLs
Hello All,
I experience the same problem as other people described in the past. Despite reading all the postings on the topic I am still not sure if there is a usable workaround to make spontaneous message exchange between server an client work:
- both client and server exchange spontaneous
On Tue, 21 Jul 2015 06:58:24 + (UTC)
Anirudh Raghunath anirudhraghun...@rocketmail.com wrote:
Hello,
I would like to utilize the ENGINE_load_ssl_client_cert() function to
load a certificate from my smart card. I have successfully loaded the
engine and have also tried to play around with
If some one build their own openssl and add few lines to print the keys
during encrypt and decrypt and put in the library in the LD_LIBRARY_PATH, may
result in compromising the security of the keys.
Can anyone other than root do this? You have to trust root. They could just
cat your
Hello,
I would like to utilize the ENGINE_load_ssl_client_cert() function to load a
certificate from my smart card. I have successfully loaded the engine and have
also tried to play around with the ENGINE_load_private_key() function. It
worked successfully and I was able to get the private key
Ah okay, that clears up quite a lot of doubts. But the certificate I want to
load is a self signed certificate which has a private key attached to it. I
used the XCA application to export the certificate-private key pair as a p12
file to the smart card. What should I do to get the certificate
Hi there,
I have a concern regarding the private keys we use in the https (say
apache) server.
The https server links with openssl.so file, and uses the APIs provided by
it.
If some one build their own openssl and add few lines to print the keys
during encrypt and decrypt and put in the library in
On Tue, Jul 21, 2015, Victor Wagner wrote:
On Tue, 21 Jul 2015 06:58:24 + (UTC)
Anirudh Raghunath anirudhraghun...@rocketmail.com wrote:
As far as I can understand, this function is designed to be called from
the client certificate callback, set with function
On Sun, Jul 19, 2015 at 11:00 AM, Tom Browder tom.brow...@gmail.com wrote:
On Thu, Jul 9, 2015 at 12:00 PM, Viktor Dukhovni
That surely means that you're compiling some patched version or
not even 1.0.2d.
No, it's the correct version.
But just now, after building gcc-5.2.0 and using it to
WHAT
ROBERTO Y MARIBEL
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
36 matches
Mail list logo