[openssl-dev] Could someone verify my efforts of a scan for the DROWN attack?

2016-03-30 Thread Brian Reichert
I'm applying the advice from this post: https://mta.openssl.org/pipermail/openssl-dev/2016-March/005602.html I've successfully downloaded and compiled this test utility. I have a number of varying SSL services I'm scanned; some are Java apps, and some are linked against OpenSSL. According to

Re: [openssl-dev] [openssl.org #4393] [PATCH] Call EC_GROUP_order_bits in priv2opt.

2016-03-30 Thread David Benjamin via RT
On Tue, Mar 29, 2016 at 12:17 PM Emilia Käsper wrote: > While we're at this, shouldn't we then also check the length in oct2priv? > (And > either reject or reduce mod n.) Afaics it accepts arbitrary BNs currently, > which means some keys can be parsed but cannot be re-encoded? > Probably. Boring

Re: [openssl-dev] OPENSSL SNAP 20160330 issues

2016-03-30 Thread Matt Caswell
On 30/03/16 15:55, The Doctor wrote: > > Just got > > make && make test > gcc -DZLIB_SHARED -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS > +-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_PART_WORDS > +-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM > +-DSHA512_ASM

[openssl-dev] OPENSSL SNAP 20160330 issues

2016-03-30 Thread The Doctor
Just got make && make test gcc -DZLIB_SHARED -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS +-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_PART_WORDS +-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM +-DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DGHASH_ASM -DECP_NIS

Re: [openssl-dev] AF_ALG engine support and kernel versions

2016-03-30 Thread Grandi, Andrea
Hi Jeffrey, I have checked with Tadeusz, which is one of the contributors for AF_alg . Here is what he said with regard to your question about the version number. ___ The async operation on a socket has been added with this this commit: commit 0345f93138b2224e0d7ce91fcffdb3dd23f364d7 Author:

Re: [openssl-dev] Token binding as a custom extension

2016-03-30 Thread Salz, Rich
Submit a PR -- Senior Architect, Akamai Technologies IM: richs...@jabber.at Twitter: RichSalz From: Bill Cox [mailto:waywardg...@gmail.com] Sent: Wednesday, March 30, 2016 3:07 AM To: openssl-dev@openssl.org Subject: [openssl-dev] Token binding as a custom extension Hi. I implemented the token

[openssl-dev] Token binding as a custom extension

2016-03-30 Thread Bill Cox
Hi. I implemented the token binding TLS negotiation extension in BoringSSL using the OpenSSL custom extension API. AFAIK, there are no current examples of any custom extensions in the OpenSSL code base. Is this correct? While my ulterior motive is to promote token binding (Google pays me to wor