[openssl.org #3224] OpenSSL 1.0.1f rsa_pmeth.c duplicate code block

Lines 612 through 615 of rsa_pmeth.c apparently contain duplicated lines: Line 612: else if (!strcmp(value, oeap)) pm = RSA_PKCS1_OAEP_PADDING; else if (!strcmp(value, oaep)) pm = RSA_PKCS1_OAEP_PADDING; This appears

RE: [openssl.org #3224] OpenSSL 1.0.1f rsa_pmeth.c duplicate code block

Tomas pointed out the oeap vs. oaep difference. And now you have to support the typo forever. Sigh. Paul -Original Message- From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On Behalf Of Paul Suhler via RT Sent: Friday, January 10, 2014 00:54 Cc: openssl-dev

CDT: What the heck is going on with NIST’s cryptographic standard, SHA-3?

In case you hadn’t seen this: https://www.cdt.org/blogs/joseph-lorenzo-hall/2409-nist-sha-3 Paul _ Paul A. Suhler, PhD | Firmware Engineer | Quantum Corporation | Office: 949.856.7748 |

RE: [openssl.org #2051] [PATCH] IPv6 support for s_client and s_server

Is there a target date for releasing 1.0.2? Thanks, Paul -Original Message- From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Thursday, April 11, 2013 11:06 AM To: openssl-dev@openssl.org Subject: Re: [openssl.org #2051]

RE: TLS False Start support

I see that the internet draft for TLS False Start was withdrawn (https://datatracker.ietf.org/doc/draft-bmoeller-tls-falsestart/). More discussion here: http://blog.cryptographyengineering.com/2012/04/so-long-false-start-we-hardly-knew-ya.html Paul -Original Message- From:

FW: [members] Proposed Charter for PKCS 11 TC

In case you haven't seen this. Paul _ Paul A. Suhler, PhD | Firmware Engineer | Quantum Corporation | Office: 949.856.7748 | paul.suh...@quantum.com -Original Message- From: Chet Ensign

[openssl.org #2841] Unreachable return in OpenSSL 1.0.1c, x509_vfy::check_issued()

Recommend deleting the last return in the function. static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) { ... ctx-current_issuer = issuer; return ctx-verify_cb(0, ctx); return 0; }

Future Releases

Hi, everyone. Is there an expected date for the release of 1.0.1d? For 1.0.2? 1.1.0? Thanks, Paul _ Paul A. Suhler, PhD | Firmware Engineer | Quantum Corporation | Office: 949.856.7748 |

RE: SHA-256 and SHA-512 doubts in OpenSSL

I was just able to open the link below and the entire document looked okay. Paul _ Paul A. Suhler, PhD | Firmware Engineer | Quantum Corporation | Office: 949.856.7748 | paul.suh...@quantum.com

RE: SHA-256 and SHA-512 doubts in OpenSSL

Bhat, Like Andy, I had an older copy that appears to be correct. I'll mail it to you. I've notified the NIST webmaster about the bad file. We'll see how long it takes to get a response. Paul -Original Message- From: owner-openssl-...@openssl.org

[openssl.org #2832] Code Cleanup: FULL_UNROLL is unused?

In HEAD, FULL_UNROLL is #undef-ed in aes_locl.h, which means that it's never defined in either of the two files that use it (aes_misc.c and aes_core.c). Is there any reason that it was left in the code base? Thanks, Paul

AES_ASM ?

Hi, all. The compile option AES_ASM is placed into the command line options in Configure, but it doesn't appear elsewhere in the 1.0.1c or FIPS 2.0rc1 code. Is it actually used - my builds indicate that it's not - or could it be removed? If the latter, then I'll open a ticket. Thanks, Paul

ARM Assembly Error

Hi. I've been trying to build aes-armv4 for an embedded ARM 9 using the Green Hills Software tools. In the FIPS canister, the line following the label .Lok ... .Lok: stmdb sp!,{r4-r12,lr} sub r10,r3,#fips_aes_set_encrypt_key-AES_Te-1024@ Te4 gets this error: [asarm]

[openssl.org #2776] Use of bool as variable / argument in tasn_prn1.c

In the process of moving to a new compiler, we learned that OpenSSL 1.0.1 crypto\asn1\tasn_prn1.c has one use of bool as a function argument (in asn1_print_boolean_ctx()) and one as a local variable (in asn1_primitive_print()). Since bool is now seen as a defined type, the compiler errors

[openssl.org #2777] OpenSSL 1.0.1 TLS Version Handling Errors

Quantum commissioned tests for TLS 1.2. The following appear to be valid (although minor) bugs in how OpenSSL servers and clients process unexpected TLS/SSL version numbers. OpenSSL Server Anomalies: 300.001.004Tester sets major minor version fields to 0 in Client Hello Expected:

Use of bool as variable / argument in tasn_prn1.c

Hi, everyone. In the process of moving to a new compiler, we learned that OpenSSL 1.0.1 crypto\asn1\tasn_prn1.c has one use of bool as a function argument (in asn1_print_boolean_ctx()) and one as a local variable (in asn1_primitive_print()). Since bool is now seen as a defined type, the

RE: OpenSSL 1.0.1 beta 3 released

For what it's worth, I was unable to verify the signature. My PGP Desktop could not contact pgp.mit.edu on either port 11371 or 389. Paul _ Paul A. Suhler, PhD | Firmware Engineer | Quantum

Ron was wrong, Whit is right

Interesting study of public keys: http://eprint.iacr.org/2012/064.pdf NY Times article: http://www.nytimes.com/2012/02/15/technology/researchers-find-flaw-in-an -online-encryption-method.html?_r=1 By the way, if anyone feels this sort of topic is inappropriate for this list, then please

Failure to Sign data using a message digest value in 1.0.1 Beta 2

I'm trying to use OpenSSL 1.0.1 Beta2 to create a SHA-2 digest for a 256-byte-long file and generate a signature using an RSA 2048-bit private key. Unfortunately it fails. One of the examples on page http://www.openssl.org/docs/apps/pkeyutl.html# http://www.openssl.org/docs/apps/pkeyutl.html

RE: Failure to Sign data using a message digest value in 1.0.1 Beta 2

Thanks, Steve. Is the openssl application capable of signing a longer message all in one command, or must I create the 256-bit hash with a separate command? Thanks, Paul _ Paul A. Suhler |

RE: OpenSSL FIPS Module 2.0 status update

Hi, all. What is the file openssl-fips-2.0rc2.tar.gz.1, which is about an hour newer than the one listed below? Thanks, Paul _ Paul A. Suhler, PhD | Firmware Engineer | Quantum Corporation |

EVP_Cipher()

Hi, everyone. Should EVP_Cipher() be used? I've found an inconsistency in its return values: For the cipher EVP_aes_256_gcm, successful decryption returns the length of the input. (That's what aes_gcm_cipher() returns.) For other ciphers, like EVP_aes_256_cbc, EVP_Cipher() returns 1 for

RE: New Timing Attack on OpenSSL ECDSA

Hi, David. So what is the meaning of the Affected status for OpenSSL? Is that simply because ECDSA is supported by OpenSSL? Or did they actually test against an implementation that exhibited the vulnerability? Either way, FIPS 140-3 will only require protection against non-invasive

BN_NIST_521 or BN_NIST_512 ?

Hi, everyone. The file crypto/bn/bn_nist.c seems to have some mis-named symbols, e.g., BN_NIST_521_TOP BN_get0_nist_prime_521 BN_get0_nist_prime_521 BN_NIST_521_RSHIFT BN_nist_mod_521 ... etc. It looks like they all should be 512 I see this at least as early as 0.9.8o, and it's been carried

RE: New FIPS 140-2 validation underway

-Original Message- From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On Behalf Of Steve Marquess Sent: Tuesday, January 11, 2011 7:46 AM To: openssl-dev@openssl.org Subject: Re: New FIPS 140-2 validation underway Xiao, Ying wrote: Hi Steve, Sorry for the

alloca() in OpenSSL 1.0.1

Hi, everyone. I see that alloca() is used in three files in 1.01 and four in 1.1.0. As far as I can tell, this function is not standard and hence not supported on many platforms, including my embedded one. Moreover, it can blow the stack if the amount allocated is too large, something that seems

decryption_failed vs. bad_record_mac Alert in TLS 1.1

Hi, everyone. This is in reference to openssl-SNAP-20101222 and openssl-1.0.1-stable-SNAP-20101004. RFC 4346 (TLS 1.1) section 7.2.2 says that bad_record_mac MUST be returned if a received record decrypts in an invalid way, including having an invalid size. However, there seems to be a path

RE: TLS 1.1 / 1.0 Interoperation

://www.idrix.fr On 10/10/2010 6:28 AM, Paul Suhler wrote: Hi, Mounir. In the server, I use TLSv1_1_server_method, resulting in s-version == 0x0302 (TLS 1.1). In the client, I use TLSv1_client_method to get TLS 1.0. When the server sees s-client_version == 0x0301, shouldn't it change s-version

RE: TLS 1.1 / 1.0 Interoperation

see if it has been already corrected, otherwise I'll send a patch for it. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 08/10/2010 18:55, Paul Suhler wrote: Hi, everyone. [I'm re-sending this to the developers list.] I've found that when a server built with openssl-1.0.1-stable-SNAP

TLS 1.1 / 1.0 Interoperation

Hi, everyone. [I'm re-sending this to the developers list.] I've found that when a server built with openssl-1.0.1-stable-SNAP-20101004 receives a Client Hello from a client specifying TLS 1.0 (version = 0x0301), the connection is rejected for a bad version. This appears to be implemented in

RE: OpenSSL Security Advisory

Am I reading the changes file correctly: if you don't use Kerberos, then this vulnerability doesn't apply? Thanks, Paul ___ Paul A. Suhler | Firmware Engineer | Quantum Corporation | Office: 949.856.7748 | paul.suh...@quantum.com

RE: [openssl.org #1935] AES-GCM, AES-CCM, CMAC updated for OpenSSL 1.0 beta 2

Thanks very much, Peter. Will this be made a part of the 1.0.0 distribution, or will it only be distributed as a patch? Thanks, Paul ___ Paul A. Suhler | Firmware Engineer | Quantum Corporation | Office: 949.856.7748 | paul.suh...@quantum.com

AES-CCM and -GCM in Release 1.0.0?

Hi,e veryone. Is there a particular reason that AES-CCM and AES-GCM are not included in 1.0.0? Thanks, Paul ___ Paul A. Suhler | Firmware Engineer | Quantum Corporation | Office: 949.856.7748 | paul.suh...@quantum.com ___