Rich Salz via RT | 4 Sep 04:04 2015
Picon

[openssl.org #4028] about the chipersuite for CoAP

It's a new feature, not a bug-fix, so it would not appear in 1.0.2 It is
already implemented in master, which will become version 1.1
--
Rich Salz, OpenSSL dev team; rsalz <at> openssl.org

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

林书帆 via RT | 4 Sep 04:00 2015
Picon

[openssl.org #4028] about the chipersuite for CoAP

Constrained Application Protocol (CoAP) [RFC7252] currently specifies TLS_PSK_WITH_AES_128_CCM_8/TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
 as the mandatory to implement cipher suite for use with shared secrets.

REF URL:http://datatracker.ietf.org/doc/draft-ietf-dice-profile/?include_text=1 <http://datatracker.ietf.org/doc/draft-ietf-dice-profile/?include_text=1>

So, is there any plan about it for openssl? or there is some other consideration?
I extremely hope it will be implemented in next version 1.0.2e, thanks!
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-mod <at> openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Rich Salz via RT | 3 Sep 22:36 2015
Picon

[openssl.org #3965] Restore OPENSSL_NO_RFC3779

done in master. Nice work on updating the default to be 'yes' not 'no' :)
--
Rich Salz, OpenSSL dev team; rsalz <at> openssl.org

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Benjamin Kaduk | 3 Sep 22:34 2015

Re: [openssl-commits] [openssl] memset(0, ...) and NULL assignment

On 09/03/2015 03:26 PM, Rich Salz wrote:
> The branch master has been updated
>        via  64b25758edca688a30f02c260262150f7ad0bc7d (commit)
>       from  fb4844bbc62fb014c115cd8fd2fc4304cba6eb89 (commit)
>
>
> - Log -----------------------------------------------------------------
> commit 64b25758edca688a30f02c260262150f7ad0bc7d
> Author: Rich Salz <rsalz <at> akamai.com>
> Date:   Thu Sep 3 09:15:26 2015 -0400
>
>     remove 0 assignments.
>     
>     After openssl_zalloc, cleanup more "set to 0/NULL" assignments.
>     Many are from github feedback.

Interestingly, Viktor had just added some explicit NULL assignments
after memset-to-zero a few days ago in
a0724ef1c9b9e2090bdd96b784f492b6a3952957.  It is permitted for the NULL
pointer to have a representation other than all-zeros, but such
platforms are rare, and are explicitly excluded from the supported
platforms list for, e.g., MIT krb5.  Does openssl want to try to support
such platforms?

-Ben
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

(Continue reading)

Rich Salz via RT | 3 Sep 21:42 2015
Picon

[openssl.org #3952] [PATCH] Introduce OPENSSL_SYS_UEFI for rand configuration

done, for master.
--
Rich Salz, OpenSSL dev team; rsalz <at> openssl.org

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Rich Salz via RT | 3 Sep 20:46 2015
Picon

[openssl.org #3674] Bug report - cannot compile 1.0.2 with no-cms

Done in master-only.
--
Rich Salz, OpenSSL dev team; rsalz <at> openssl.org

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Salz, Rich via RT | 3 Sep 20:44 2015
Picon

[openssl.org #4027] Return value in dh_pmeth.c

A non-matching kdf_type moves from return 1 to return 0 if NO_CMS compiles out the KDF_X9_42 change - that is
a different error return and that seems incorrect to be making that change as part of handling conditional
compilation additions.
Although it looks like that change is one that should be made - and attention drawn to it - in that returning 1
== success for this function and not deriving anything because you don't know or support the kdf type
should return an error condition (<= 0 for this function).

_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-mod <at> openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Alessandro Ghedini via RT | 3 Sep 11:23 2015
Picon

Re: [openssl.org #3985] [PATCH] Fix potential memory leaks

The corresponding GitHub pull request was merged, so this can be closed now.

Cheers

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Rich Salz via RT | 3 Sep 05:41 2015
Picon

[openssl.org #3927] regression in 1.0.2c spotted by Net-SSLeay

Not a bug, incorrect usage.
--
Rich Salz, OpenSSL dev team; rsalz <at> openssl.org

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Rich Salz via RT | 3 Sep 05:35 2015
Picon

[openssl.org #3938] Website ciphers.html specifies DHE-RSA-DES-CBC3-SHA, OpenSSL needs EDH-RSA-DES-CBC3-SHA

We do now publish all manpage versions. If there's an error in a specific
manpage, please create a new ticket.
--
Rich Salz, OpenSSL dev team; rsalz <at> openssl.org

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Salz, Rich | 3 Sep 04:38 2015

Cleanup and changing the malloc routines

We are considering a big cleanup to the memory-allocation API’s in the next release.

Please take a look at the attached documentation, which describes *ALL* of the public functions, and let us know if it will cause a problem.

 

Thanks.

 

-- 

Senior Architect, Akamai Technologies

IM: richsalz <at> jabber.at Twitter: RichSalz

 

Attachment (OPENSSL_malloc.pod): application/octet-stream, 7563 bytes
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Gmane