[openssl-users] eng_cryptodev question

I have implemented a H/W encryption driver and have integrated it with cryptodev. In eng_cryptodev.c there is an array digests[]. In that array it defines CRYPTO_MD5 to have a keylen of 16. In cryptodev, the xform.c file definedes MD5 to have a keylen of 0.Why is the keylen not zero for t

Re: [openssl-users] Any way to create a large encrypted finish message?

> Thanks Thulasi, for the clarification. Does this apply to all TLS > implementations or just openssl? It's protocol definitions, not implementations. -- Principal Security Engineer, Akamai Technologies IM: rs...@jabber.me Twitter: RichSalz ___ open

Re: [openssl-users] Any way to create a large encrypted finish message?

Thanks Thulasi, for the clarification. Does this apply to all TLS implementations or just openssl? Vyas From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Thulasi Goriparthi Sent: Thursday, December 11, 2014 3:40 AM To: openssl-users@openssl org Subject: Re: [openssl-use

Re: [openssl-users] CVE-2011-1473 fixed version

> I wasn't involved at the time, but reading about it now CVE-2011-1473 > essentially says (as I understand it) that if you fire lots of SSL > handshakes at a server it could cause a DoS because it is much cheaper on > the client side than it is on the server side. That's pretty disingenuous. You c

Re: [openssl-users] Using s_client under z/OS installation

Thanks for the quick response. I compiled it with the EBCDIC option. I think that is my problem. The EHLO goes out in EBCDIC to an ASCII server. So then I receive an invalid command response, makes sense. When I point to another z/OS system to retrieve the certs it goes out EBCDIC and responds

Re: [openssl-users] Using s_client under z/OS installation

A quick look at apps/s_client.c in the 1.0.1j sources suggests that it does EBCDIC-ASCII translation if it was compiled with CHARSET_EBCDIC. What version are you using? Was it built with CHARSET_EBCDIC defined? Michael Wojcik Technology Specialist, Micro Focus From: openssl-users [mailto:opens

[openssl-users] Using s_client under z/OS installation

I am trying to use the s_client feature to retrieve certificates from other SMPT servers. The s_client connection works to other z/OS systems, but fails to any ASCII based mail server. Tracing the connections show that the EHLO goes out in EBCDIC and the responding server claims unknown command.

Re: [openssl-users] Hashing public keys in EVP_PKEY's

On Thu, Dec 11, 2014 at 04:02:10PM +0100, Jan Danielsson wrote: >If I would want to use the hash of a EVP_PKEY to uniquely identify > the key (regardless of whether it contains the private key or not), what > would be the best way to do this? (I.e. how do I deterministically hash > the public

[openssl-users] Hashing public keys in EVP_PKEY's

Hello, If I would want to use the hash of a EVP_PKEY to uniquely identify the key (regardless of whether it contains the private key or not), what would be the best way to do this? (I.e. how do I deterministically hash the public key of a EVP_PKEY?). Performance is not a major concern.

Re: [openssl-users] Error: A call to SSPI failed ...

On 11 December 2014 at 10:20, Thirumal, Karthikeyan wrote: > Dear team, > > Can someone tell me why the error is happening as SSPI failed ? Am seeing > this new today and when I searched the internet - it says whenever there is > a BAD formed request or when there is no client certificate - we m

Re: [openssl-users] Any way to create a large encrypted finish message?

A correction regarding padding. On 11 December 2014 at 16:53, Thulasi Goriparthi < thulasi.goripar...@gmail.com> wrote: > One can't change the encrypted finished size unless one is using variable > padding. encrypted finished size depends on 3 parameters: protocol version, > cipher type, MAC type

Re: [openssl-users] CVE-2011-1473 fixed version

On 11/12/14 11:35, Gayathri Manoj wrote: > Hi Jeffrey, > > In this its not mentioned. > > Thanks, > Gayathri > > On Thu, Dec 11, 2014 at 4:46 PM, Jeffrey Walton > wrote: > > On Thu, Dec 11, 2014 at 6:07 AM, Gayathri Manoj > mailto:gayathri.an...@gmail.com>> wrot

Re: [openssl-users] CVE-2011-1473 fixed version

On Thu, Dec 11, 2014 at 6:35 AM, Gayathri Manoj wrote: > Hi Jeffrey, > > In this its not mentioned. > Then its not applicable or has not been fixed. > On Thu, Dec 11, 2014 at 4:46 PM, Jeffrey Walton wrote: >> >> On Thu, Dec 11, 2014 at 6:07 AM, Gayathri Manoj >> wrote: >> > Hi All, >> > >> > Pl

Re: [openssl-users] CVE-2011-1473 fixed version

Hi Jeffrey, In this its not mentioned. Thanks, Gayathri On Thu, Dec 11, 2014 at 4:46 PM, Jeffrey Walton wrote: > On Thu, Dec 11, 2014 at 6:07 AM, Gayathri Manoj > wrote: > > Hi All, > > > > Please let me know in which version CVE-2011-1473 got fixed. > > Is openssl-1.x is vulnerable to this i

Re: [openssl-users] Any way to create a large encrypted finish message?

One can't change the encrypted finished size unless one is using variable padding. encrypted finished size depends on 3 parameters: protocol version, cipher type, MAC type, Protocol version decides if explicit IV is included in the record and unencrypted finished message size. For SSL3 and TLS1.0,

Re: [openssl-users] CVE-2011-1473 fixed version

On Thu, Dec 11, 2014 at 6:07 AM, Gayathri Manoj wrote: > Hi All, > > Please let me know in which version CVE-2011-1473 got fixed. > Is openssl-1.x is vulnerable to this issue? > https://www.openssl.org/news/vulnerabilities.html ___ openssl-users mailing

[openssl-users] CVE-2011-1473 fixed version

Hi All, Please let me know in which version CVE-2011-1473 got fixed. Is openssl-1.x is vulnerable to this issue? Thanks, Gayathri ___ openssl-users mailing list openssl-users@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-users

[openssl-users] Error: A call to SSPI failed ...

Dear team, Can someone tell me why the error is happening as SSPI failed ? Am seeing this new today and when I searched the internet - it says whenever there is a BAD formed request or when there is no client certificate - we may get this error. Can someone shed more light here ? 12/11/2014 12

Re: [openssl-users] What is release date for openssl 1.0.2

On 11/12/14 09:04, Jerry OELoo wrote: > Hi All: > I wonder when openssl 1.0.2 will officially release? Is there any > exact schedule? Thanks! > There is no official date that I can give you. We had hoped to have already released it, however we have had some issues that have delayed it. I currently

[openssl-users] What is release date for openssl 1.0.2

Hi All: I wonder when openssl 1.0.2 will officially release? Is there any exact schedule? Thanks! -- Rejoice,I Desire! ___ openssl-users mailing list openssl-users@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-users