On Thu, 2015-05-07 at 21:28 -0400, Jeffrey Altman wrote:
On 5/7/2015 8:40 PM, Viktor Dukhovni wrote:
On Thu, May 07, 2015 at 08:00:17PM -0400, Nathaniel McCallum wrote:
There have been some conversations behind Red Hat doors about
improving the state of Kerberos/TLS in both standards
On Tue, 2015-05-05 at 09:21 +0100, Matt Caswell wrote:
I am considering removing Kerberos support from OpenSSL 1.1.0. There
are
a number of problems with the functionality as it stands, and it
seems
to me to be a very rarely used feature. I'm interested in hearing any
opinions on this
1. Does it provide a confounder? If no, this is easy to work around.
2. Does it provide a MAC? If no, this is more difficult. Since the
actual key is never exposed by EVP_SealInit(), no MAC can be performed
after the fact.
Nathaniel
___
openssl-users
I'd like to use ASN1_item_d2i_bio() (or something similar) to parse an
incoming message. However, given that types like ASN1_OCTET_STRING
have (essentially) unbounded length, how do I prevent an attacker from
DOS'ing via OOM?
Is there some way to set a max packet size?
Nathaniel
Does OpenSSL have support for any admissible encodings of curve points?
If so, which API do I use and which encoding method does it employ?
The backdrop for my request is the desire to implement EC-DH-EKE. This
requires an encoding of a curve point such that all possible encodings
are valid
I am trying to make an x509v3 extension that is a STACK_OF(X509). But
I'm not really sure the best way to go about this on OpenSSL. I
essentially want to encode/decode this:
CertificateStack ::= SEQUENCE OF Certificate
Should I attempt to decode the SEQUENCE OF by hand and use d2i_X509() to
build