:
> On Thu, Feb 13, 2014, Varma Dantuluri wrote:
>
> > In OpenSSL-1.0.1f, in 'ssl3_send_server_key_exchange' function, when all
> > the below conditions are true, there is a potential memory leak.
> >
> > 1) 'type & SSL_kEECDH' is true, (ie the
In OpenSSL-1.0.1f, in 'ssl3_send_server_key_exchange' function, when all
the below conditions are true, there is a potential memory leak.
1) 'type & SSL_kEECDH' is true, (ie the key exchange is ephemeral ecdh)
2) 'ecdhp == NULL' && 's->cert->ecdh_tmp_cb != NULL'
3) 's->cert->ecdh_tmp_cb' mallocs a
Thanks Steve for the response. That was very useful information.
Thanks
Varma
On Thu, Aug 23, 2012 at 6:05 AM, Dr. Stephen Henson wrote:
> On Wed, Aug 22, 2012, Varma Dantuluri wrote:
>
> > Hi
> >
> > We are in the process of adding support for ECDSA-ECDHE cipher su
Hi
We are in the process of adding support for ECDSA-ECDHE cipher suites and
hence ECDSA certificates to our server.
Right now, the server does the following:
1) Assign the ECDSA certificate to the SSL_CTX.
2) Set the callback for ECDH parameter generation using
SSL_CTX_set_tmp_ecdh_callback.
I
OpenSSL 1.0.1 has the following flag definitions:
RSA_FLAG_NON_FIPS_ALLOW
DSA_FLAG_NON_FIPS_ALLOW
EC_FLAG_NON_FIPS_ALLOW
EVP_CIPH_FLAG_NON_FIPS_ALLOW
EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
And these flags are checked in either the FIPS Module 2.0 code itself
(fipscanister.o) or in the FIPS capable OpenSS
Thanks Steve.
Just curious as to why this cannot be done. Is it because of some structure
changes between 0.9.8 and 1.0.1?
Thanks
Varma
On Tue, Dec 6, 2011 at 7:25 AM, Steve Marquess <
marqu...@opensslfoundation.com> wrote:
> On 12/05/2011 08:39 PM, Varma Dantuluri wrote:
> >
Hi
Can the new OpenSSL FIPS 2.0 module be used with OpenSSL 0.9.8 releases? Or
can it only be used with OpenSSL 1.0.1 and later?
Thanks
Varma