Saturday Nov 21, 2009

Solaris 10 Security Essentials book on Amazon

Solaris Security Essentials The "Solaris 10 Security Essentials" book is on sale, and you can get it from Amazon now. I was one of those about 20 engineers from the Solaris security organization who wrote the book. Looking forward to get my copy. 

Product Details
  * Paperback: 312 pages
  * Publisher: Prentice Hall PTR
    1st edition (November 19, 2009)
  * Language: English
  * ISBN-10: 0137012330
  * ISBN-13: 978-0137012336

Posted on: Nov 21, 2009

Posted by: janp

Category: Sun

Permanent link to this entry | Comments [0]

Thursday Nov 19, 2009

PKCS#11 Engine Patch (including the token access) for OpenSSL 0.9.8l (el)

I have generated a PKCS#11 patch for OpenSSL 0.9.8l. It includes one new feature I have recently integrated into Nevada - RSA Keys by Reference.[Read More]

Posted on: Nov 19, 2009

Posted by: janp

Category: Sun

Permanent link to this entry | Comments [0]

Wednesday Nov 11, 2009

RSA Keys by Reference (through the OpenSSL PKCS#11 Engine)

I have just done my putback to the SFW gate for the "RSA Keys by Reference" project. It will be part of the Nevada build 129. The CR was "6479874 OpenSSL should support RSA key by reference/hardware keystores". With this code, applications can access RSA keys stored in PKCS#11 tokens...[Read More]

Posted on: Nov 11, 2009

Posted by: janp

Category: Sun

Permanent link to this entry | Comments [0]

Wednesday Aug 12, 2009

SunSSH and OpenSSL Enhancements in OpenSolaris within 01/2008-06/2009

A presentation written in July 2009, covering all major enhancements we integrated into SunSSH and with OpenSSL within a period of 01/2008-06/2009. The presentation slides are here.

Posted on: Aug 12, 2009

Posted by: janp

Category: Sun

Permanent link to this entry | Comments [5]

Tuesday Jul 28, 2009

OpenSSL PKCS#11 Engine Internals

Vladimir, who made most of the latest changes to the PKCS#11 engine we ship as part of OpenSSL in Solaris, wrote a presentation on the PKCS#11 internals. It's a very interesting read, and since I believe some of you who use the patch actually read the code and modified it (I got some feedback during the last few years), I hope it might be a very useful thing. See Vladimir's OpenSSL PKCS#11 engine TOI blog entry on that. We also plan to properly document the engine directly in the code so that people can understand how it works without reverse engineering the code. However, there is no ETA for that yet.

Posted on: Jul 28, 2009

Posted by: janp

Category: Sun

Permanent link to this entry | Comments [0]

Wednesday Apr 15, 2009

PKCS#11 engine patch for OpenSSL 0.9.8k

I didn't generate the patch for OpenSSL 0.9.8k. Given the few changes between 0.9.8j and 0.9.8k it is no suprise that you can apply the PKCS#11 engine patch for 0.9.8j on 0.9.8k.[Read More]

Posted on: Apr 15, 2009

Posted by: janp

Category: Sun

Permanent link to this entry | Comments [5]

Monday Mar 23, 2009

The ChrootDirectory option resynced to SunSSH

I resynced the ChrootDirectory option from OpenSSH to SunSSH, and pushed the change to the repository today. It wasn't a straightforward resync since we have different privilege separation code. I also found a few very minor issues in the OpenSSH code, and filed bugs with patches (1562, 1564, and 1566). [Read More]

Posted on: Mar 23, 2009

Posted by: janp

Category: Sun

Permanent link to this entry | Comments [6]

Wednesday Mar 11, 2009

PKCS#11 engine patch update for OpenSSL 0.9.8j

I've updated the PKCS#11 patch for the latest OpenSSL 0.9.8j version. The patch also includes a few minor bug fixes integrated into OpenSolaris since the last patch release. I've also moved the README file out of the patch and created a tarball with those 2 files instead. You can now read the README before applying the patch. The patch is pkcs11_engine-0.9.8j.2009-03-11.tgz.

Posted on: Mar 11, 2009

Posted by: janp

Category: Sun

Permanent link to this entry | Comments [0]

This blog copyright 2009 by janp