Hi all,
Just to see if I can help prompt a response... :-)
Danış is working with me to try see how hard it is to
reproduce meltdown and snarf a private key. Problem-N
of many in doing that is knowing where private key
bits are used in OpenSSL - so far gdb seems to be showing
no accesses to p,q
Thanks Matt,
On 10/03/2021 09:12, Matt Caswell wrote:
On 10/03/2021 00:53, Stephen Farrell wrote:
Hiya,
On 09/03/2021 03:09, Benjamin Kaduk wrote:
I would have expected that the API should hide the differences
other than the group name ... but these APIs are still pretty
new to me, too
Hiya,
On 09/03/2021 03:09, Benjamin Kaduk wrote:
I would have expected that the API should hide the differences
other than the group name ... but these APIs are still pretty
new to me, too. If you can point me at your code I might have
more to say.
So again it's probably my fault but I'm sti
Hiya,
On 09/03/2021 03:09, Benjamin Kaduk wrote:
I would have expected that the API should hide the differences
other than the group name ... but these APIs are still pretty
new to me, too. If you can point me at your code I might have
more to say.
Will check it out some more, tidy the code
n
On Mon, Mar 08, 2021 at 02:23:36AM +, Stephen Farrell wrote:
Hiya,
My question: how does one setup an EVP_PKEY for a NIST
curve (e.g. p256) key pair when one has the private key
in an octet string using the latest OpenSSL 3.0.0 high
level APIs?
I'm trying to get rid of deprecation wa
Hiya,
My question: how does one setup an EVP_PKEY for a NIST
curve (e.g. p256) key pair when one has the private key
in an octet string using the latest OpenSSL 3.0.0 high
level APIs?
I'm trying to get rid of deprecation warnings from my
code for HPKE [1] when dealing with NIST curves using
the
Hiya,
On 11/11/2019 16:50, Michael Wojcik wrote:
>> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On
>> Behalf Of Stephen Farrell Sent: Monday, November 11, 2019 09:53
>>
>> I'm seeing some errors from valgrind when running s_client from a
>>
Hiya,
I'm seeing some errors from valgrind when running s_client
from a clean build from the tip. (Details of that below.)
In another build, (for ESNI), when I do a GCM encrypt and
then read the tag, it looks like the error is coming from
some sha256 assembler code:
==27027== Uninitialised val
Hiya,
I just cloned from the tip and after:
$ ./config enable-ssl-trace enable-trace --debug
I get a compile error (see below). I didn't see an
immediately obvious fix, but (for me) just setting
"-no-cmp" in addition to the above seems to work
fine, so I've stopped delving into it for now.
Che
Hiya,
On 22/10/2019 17:09, Yann Ylavic wrote:
> Sorry for the shortcut, by "tlsext_hostname" I meant the name of the
> field in SSL_SESSION_ASN1.
> My observation is that when browsers resume a session, s->hit is set
> but s->session->ext.hostname is NULL, which I interpret as no SNI
> found in t
Hiya,
We've done some work on an openssl fork [1] that has ESNI
support and on a curl fork [2] that uses that. It's early
days, but if anyone wants to try play with the build and
give us feedback that'd be great. There's a HOWTO at [3].
If you find any issues with that you'd like to raise then
pl
11 matches
Mail list logo
