Re: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems

In message <5720fd7d.3050...@gmail.com> on Wed, 27 Apr 2016 12:57:17 -0500, Douglas E Engert said: deengert> You can call it a documentation problem. The problem only showed up deengert> with trying to update d deengert> in an existing rsa key. RSA_set0_key requires n, e,

Re: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems

You can call it a documentation problem. The problem only showed up with trying to update d in an existing rsa key. RSA_set0_key requires n, e, and d == NULL OR n, e, and d to all be set at the same time. (In the case I found, one routine created the key with only n and e, then d was added

[openssl-dev] Are you using "TLS proxy certificates"?

If so, please let us know. Replies to me will be summarized for the lists. -- Senior Architect, Akamai Technologies IM: richs...@jabber.at Twitter: RichSalz -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4500] Testing cipher AES-128-XTS(encrypt/decrypt) failure

> There is a bug in Hercules 3.12 and below as well as Hyperion. In other words, not OpenSSL problem, cases are being dismissed. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4500 Please log in as guest with password guest if prompted -- openssl-dev mailing list To

Re: [openssl-dev] [openssl.org #4500] Testing cipher AES-128-XTS(encrypt/decrypt) failure

There is a bug in Hercules 3.12 and below as well as Hyperion. Here is the fix information from the Hercules-390 yahoo group posted yesterday: 2.1 Defects in PCC and KM instructions -- Patch available for testing Tue Apr 26, 2016 1:33 pm (PDT) . Posted by: juergen.winkelmann Hi

Re: [openssl-dev] [openssl.org #4500] Testing cipher AES-128-XTS(encrypt/decrypt) failure

> Hi Paul, It doesn't seem unlike that OP is not subscribed, so he won't see responses send to alone. To ensure delivery and or reply to . > I have not checked the code for the test, but I do get the expected > values with my little test program. But what is your host,

Re: [openssl-dev] [openssl.org #4509] ECC key generation under valgrind reports: impossible has happened

>>> Valgrind does not necessarily support all instructions, if there’s >>> any optimized assembly, you might run into problems. >>> Are you able to compile a non-assembly version of the OpenSSL >>> library? >>> Are you able to update to a newer Valgrind? >> Or at least tell valgrind version,

Re: [openssl-dev] [openssl.org #4509] ECC key generation under valgrind reports: impossible has happened

On Wed, 2016-04-27 at 13:33 +, Andy Polyakov via RT wrote: > > > > Valgrind does not necessarily support all instructions, if there’s > > any optimized assembly, you might run into problems. > > Are you able to compile a non-assembly version of the OpenSSL > > library? > > Are you able to

Re: [openssl-dev] [openssl.org #4509] ECC key generation under valgrind reports: impossible has happened

On Wed, 2016-04-27 at 13:33 +, Andy Polyakov via RT wrote: > > > > Valgrind does not necessarily support all instructions, if there’s > > any optimized assembly, you might run into problems. > > Are you able to compile a non-assembly version of the OpenSSL > > library? > > Are you able to

Re: [openssl-dev] [openssl.org #4512] ChaCha20_ctr32 function increments 64 bit counter?

Hi, I'm aware it doesn't affect anything because the caller shouldn't process more than 2^32 * 64 bytes per key/nonce setup anyway. I was just wondering because it differs from the s390 asm implementation (and whether there is a particular reason to do so). Thanks for reply. Mit freundlichen

Re: [openssl-dev] [openssl.org #4509] ECC key generation under valgrind reports: impossible has happened

> Valgrind does not necessarily support all instructions, if there’s any > optimized assembly, you might run into problems. > Are you able to compile a non-assembly version of the OpenSSL library? > Are you able to update to a newer Valgrind? Or at least tell valgrind version, because I can't

[openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems

After quite a lot of discussion, we finally came to a solution. Commits 1da12e34ed69cec206f3a251a1e62ceeb694a6ea and 4c5e6b2cb95a4332829af140e5edba965c9685ce That closes this ticket. Cheers, Richard -- Richard Levitte levi...@openssl.org -- Ticket here:

Re: [openssl-dev] Getting raw ASN1 data from X509 certificate

On Tue, Apr 26, 2016, Kurt Roeckx wrote: > Hi, > > I'm working on a tool that checks various things related to X509 > certificates. I want to check that the encoding is actually > correct DER. With things like ASN1_TIME is seems easy to get to > the raw data, it just seems to contain it. But

Re: [openssl-dev] [openssl.org #4512] ChaCha20_ctr32 function increments 64 bit counter?

Hi, > The following code in the ChaCha20_ctr32 function in > crypto/chacha/chacha_enc.c looks like you are actually using an IV=[64bit > counter||64 bit nonce] as specified in the "original Bernstein ChaCha" > instead of IV=[32bit counter||96bit nonce] as specified in RFC7539. Correct. While

Re: [openssl-dev] [openssl.org #4521] openssl GCM ordering

> Is there is a reason why openssl has restriction of auth before > encrypt > order ? I dont believe there is an algo restriction, was > wondering why > openssl has this. > > > It *is* inherent in the algorithm. The authentication tag for the > AAD

Re: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems

In message <571fccee.8010...@roumenpetrov.info> on Tue, 26 Apr 2016 23:17:50 +0300, Roumen Petrov said: openssl> For protocol "0009-sshkey.c-opaque-DSA-structure.patch" is practical openssl> sample of an upgrade to 1.1 API. RSA is similar. A quick side remark: check

Re: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems

On Út, 2016-04-26 at 18:25 +, Blumenthal, Uri - 0553 - MITLL wrote: > On 4/26/16, 14:20 , "openssl-dev on behalf of Salz, Rich" > > wrote: > > > > > > > > > Look. If Doug noticed this, programmers less intimate with this > > >