Re: [openssl-dev] Systemwide configurability of OpenSSL

2017-09-27 Thread Steffen Nurpmeso
Hello. Tomas Mraz wrote: |I would like to restart the discussion about possibilities of system- |wide configurability of OpenSSL and particularly libssl. | |Historically OpenSSL allowed only for configuration of the enabled |ciphersuites list if application called

Re: [openssl-dev] Bug in pkey_rsa_encrypt() and _decrypt()

2017-09-27 Thread Blumenthal, Uri - 0553 - MITLL
> Working on pkcs11 engine, I discovered a bug in crypto/rsa/rsa_pmeth.c in pkey_rsa_encrypt() and pkey_rsa_decrypt(). > > They cause a crash when called with out==NULL. Normally it should not happen > but when an engine is called, and it cannot process the padding it reverts

Re: [openssl-dev] Bug in pkey_rsa_encrypt() and _decrypt()

2017-09-27 Thread Dr. Stephen Henson
On Tue, Sep 26, 2017, Blumenthal, Uri - 0553 - MITLL wrote: > Working on pkcs11 engine, I discovered a bug in crypto/rsa/rsa_pmeth.c in > pkey_rsa_encrypt() and pkey_rsa_decrypt(). > > They cause a crash when called with out==NULL. Normally it should not happen > ??? but when an engine is

Re: [openssl-dev] New crypto algorithms in openSSL engine

2017-09-27 Thread Matt Caswell
On 27/09/17 15:32, Byrne, Andrew wrote: > I’m working on testing some lattice based algorithms in openSSL for the > establishment of a TLS channel. I’ve investigated the potential for > developing an engine to support this as it would mean I don’t need to > touch the core openSSL code. However,

Re: [openssl-dev] why TLSv1 need two tls1_enc to get decrypted data while TLSv1.1/TLSv1.2 need one in OpenSSL1.1.0f?

2017-09-27 Thread Matt Caswell
On 27/09/17 15:44, Ma chunhui wrote: > Hi,  > > I met one problem when using OpenSSL1.1.0f with protocol TLSv1. > In brief, when using TLSv1,  after server side received encrypted data, > and after function tls1_enc finished, the decrypted data is not put in > result buffer, after another

[openssl-dev] Systemwide configurability of OpenSSL

2017-09-27 Thread Tomas Mraz
I would like to restart the discussion about possibilities of system- wide configurability of OpenSSL and particularly libssl. Historically OpenSSL allowed only for configuration of the enabled ciphersuites list if application called appropriate API call. This is now enhanced with the SSL_CONF

[openssl-dev] New crypto algorithms in openSSL engine

2017-09-27 Thread Byrne, Andrew
Hi all, I'm working on testing some lattice based algorithms in openSSL for the establishment of a TLS channel. I've investigated the potential for developing an engine to support this as it would mean I don't need to touch the core openSSL code. However, I've two blind spots which I can't

[openssl-dev] why TLSv1 need two tls1_enc to get decrypted data while TLSv1.1/TLSv1.2 need one in OpenSSL1.1.0f?

2017-09-27 Thread Ma chunhui
Hi, I met one problem when using OpenSSL1.1.0f with protocol TLSv1. In brief, when using TLSv1, after server side received encrypted data, and after function tls1_enc finished, the decrypted data is not put in result buffer, after another tls1_enc, the decrypted data is put in result buffer.