[openssl-users] Two broken SSL_ERROR_WANT_READ/WRITE handling examples - how exploit cpu-hogging and zombification, and, how badly broken do you consider them to be?

Dear list, I have been given two example programs that I have been requested to provide exploits for. I would kindly ask you to suggest me the simplest way to cause as much cpu-hogging in the first one, and zombification in the second, as possible. For causing this, you may use * As serv

[openssl-users] Integrating openSSL with libuv's event loop

Hi lists I am in the process of enabling TLS support on top of libuv. The approach being employed is to feed the data ,received from stream, to a BIO from BIO pair. and write back the data from the BIO read using BIO_read after a call to BIO_pending. Will this read/write cycle drive the SSL handsh

[openssl-users] End of the line for the OpenSSL FIPS Object Module?

As always, if you don't know or care what FIPS 140-2 is count yourself very, very lucky and move on. The open source based OpenSSL FIPS module validations now date back over a decade, a period during which we've encountered many challenges. We have recently hit an issue that is apparently inconseq

Re: [openssl-users] X509_CINF_dup fails with "invalid object encoding" error

On Wed, Feb 25, 2015, Jaya Nageswar wrote: > I am also facing the same issue with the openssl 1.0.1l version. > > Appreciate if someone can provide their inputs on this particular problem. > OpenSSL 1.0.1l removed some invalid objects from the OID database. This would create broken encodings. N

Re: [openssl-users] FIPS methods and symlinks

On 02/24/2015 10:26 PM, Tom Francis wrote: > ... > > Steve Marquess: Is the document (which IIRC, you published back > before the first validation) on how/why the FIPS Object Module was > coded still available somewhere? If so, that’d probably be a good > starting point for people who post ques

Re: [openssl-users] X509_CINF_dup fails with "invalid object encoding" error

I am also facing the same issue with the openssl 1.0.1l version. Appreciate if someone can provide their inputs on this particular problem. Thanks in advance. Regards, -Jaya Nageswar. ​ ___ openssl-users mailing list To unsubscribe: https://mta.openss

Re: [openssl-users] Nonblocking IO: Kindly need your urgent authoritative confirmation that the OpenSSL API's SSL_read and SSL_write and select() must indeed be used together *exactly* like this, as t

Wait, On 2015-02-24 20:48, Graham Leggett wrote: [..] sense = READ; while (sense == READ ? if_ready_to_read() : if_ready_to_write()) { rc = SSL_read(); if (rc == SSL_WANT_WRITE) { sense = WRITE; } else { sense = READ; } // do stuff with what you read (you may

Re: [openssl-users] Nonblocking IO: Kindly need your urgent authoritative confirmation that the OpenSSL API's SSL_read and SSL_write and select() must indeed be used together *exactly* like this, as t

Hi Graham, Thank you a lot for your response! - Just to merge this properly with your previous response to another thread this past Sat the 21:st in https://mta.openssl.org/pipermail/openssl-users/2015-February/000608.html , It's not just “I want to read during SSL_write, are you ok with me

[openssl-users] building 0.9.8ze with fipscanister on solaris 10 fails

Hi, I am trying to build openssl 0.9.8ze with fipscansiter on solaris 10 (latest patches installed). I configure like this: ./config fipscanisterbuild --prefix=${OPENSSL_BASE} --openssldir=${OPENSSL_BASE} shared This worked until 0.9.8x, but stopped at 0.9.8y. When I try to build (make), I get