I was trying to generate random numbers to a pipe yesterday,
and was surprised by the openssl command's handling of EPIPE.
Consider:
strace openssl rand -base64 1000 | head -n1
That will redundantly write all the data (ignoring the EPIPE error),
even when the pipe is closed.
For the enc
On Tue, Feb 10, 2015 at 10:52:02PM +, Salz, Rich wrote:
I'd further suggest to move everything that's not PFSAEAD from HIGH to
MEDIUM.
I think it's a little early to do that. But once TLS 1.3 is out, then yes :)
This is NOT a decision a library should be making on behalf of
On Tue, Feb 10, 2015 at 4:25 PM, Salz, Rich rs...@akamai.com wrote:
Please continue to make it possible to build the crypto part of OpenSSL,
without the X.509 and SSL/TLS code. There are lots of uses of OpenSSL that
don't need that code.
You can build crypto without ssl. And the only place
Please continue to make it possible to build the crypto part of OpenSSL,
without the X.509 and SSL/TLS code. There are lots of uses of OpenSSL that
don't need that code.
You can build crypto without ssl. And the only place OPENSSL_NO_X509 appeared
was, strangely, in ssl. So crypto builds,
On Wed, Feb 11, 2015 at 12:22:44AM +, Salz, Rich wrote:
RC4 in LOW has a bit of pushback so far. My cover for it is that
the IETF says don't use it. So I think saying if you want it,
say so is the way to go.
By all means, don't use it, but it is not OpenSSL's choice to make
by breaking
By all means, don't use it, but it is not OpenSSL's choice to make by breaking
the meaning of existing interfaces.
Except that we've explicitly stated we're breaking things with this new release.
Those magic cipher keywords are point-in-time statements. And time has moved
on.
On Tue, Feb 10, 2015 at 06:17:38PM -0500, Daniel Kahn Gillmor wrote:
On Tue 2015-02-10 16:15:36 -0500, Salz, Rich wrote:
I would like to make the following changes in the cipher specs, in the
master branch, which is planned for the next release after 1.0.2
Anything that uses RC4 or MD5
Not all applications are browsers folks, and libraries need to provide stable
interfaces that mirror the application's intent consistent with expected
behaviour of existing interfaces.
Please point to where it is documented what the value of MEDIUM means and what
interface is being broken?
On Wed, Feb 11, 2015 at 03:30:57AM +, Salz, Rich wrote:
By all means, don't use it, but it is not OpenSSL's choice to make by
breaking
the meaning of existing interfaces.
Except that we've explicitly stated we're breaking things with this new
release.
Those magic cipher
currently, this is an error:
0 dkg@alice:~$ openssl ciphers -v ALL:!NO-SUCH-CIPHER
bash: !NO-SUCH-CIPHER: event not found
0 dkg@alice:~$
Yeah, but that's coming from bash, not openssl :)
; openssl ciphers -v ALL | wc
111 6758403
; openssl ciphers -v ALL:!FOOBAR | wc
111
Version: 1.0.2
Platform: Windows x86 (VC-WIN32)
Compiled with: openssl-fips-2.0.5
Hi all,
I browsed the open bug list for a little while, but i didn't find this.
I've got 3 compilation errors on OpenSSL (details above) on Windows 32bit.
I didn't test it yet, but the first 2 errors (*size_t*
Bug report
OS: Red hat enterprise Linux 6.5
OpenSSL Version: 1.0.1e-30
While doing DTLS testing with openssl-1.0.1e-30 Version and patches
for RT3327, RT3470 and RT3483 on top of that, we are facing an issue
where our process is crashing during the duration run of 24 hours.
Use Case:
*
I was successful at compiling the FIPS 2.0.8 module for Windows CE exactly as
provided without any modifications.
Additionally, I built fips_algvs.exe to successfully validate the canister on
the target system.
After tweaking some #ifdef directives in the openSSL 1.0.1L, I was able to get
it
Hello everyone,
I sent a mail to r...@openssl.org 3 days ago, subject OpenSSL 1.0.2 make
test bus error in evp_test (Solaris 10 Sparc, sun4u).
The mail didn't create a new ticket in RT, nor was it forwarded to the
dev list.
Should I resend or simply be more patient?
Thanks and regards,
Matt tried to explain this before.
1.0.1e-30 is not a version that OpenSSL provides. You will have to contact
your vendor.
The backtrace information is not usable as there are no function names; you
will have to build a debugging version.
We cannot help you.
--
Principal Security Engineer,
Matt tried to explain this before.
1.0.1e-30 is not a version that OpenSSL provides. You will have to contact
your vendor.
The backtrace information is not usable as there are no function names; you
will have to build a debugging version.
We cannot help you.
--
Principal Security Engineer,
On 10/02/15 19:23, Rainer Jung wrote:
Hello everyone,
I sent a mail to r...@openssl.org 3 days ago, subject OpenSSL 1.0.2 make
test bus error in evp_test (Solaris 10 Sparc, sun4u).
The mail didn't create a new ticket in RT, nor was it forwarded to the
dev list.
Should I resend or
On Tue 2015-02-10 19:22:44 -0500, Salz, Rich wrote:
currently, this is an error:
0 dkg@alice:~$ openssl ciphers -v ALL:!NO-SUCH-CIPHER
bash: !NO-SUCH-CIPHER: event not found
0 dkg@alice:~$
Yeah, but that's coming from bash, not openssl :)
; openssl ciphers -v ALL | wc
111 675
On Wed, Feb 11, 2015 at 06:11:08AM +, Viktor Dukhovni wrote:
I think these definitions should stay the same, but I have no
objection to disabling RC4 in DEFAULT, or entirely removing
EXPORT/LOW.
And also MD5 (which subsumes all SSLv2 cipher-suites).
Note that for most applications the
On Wed, Feb 11, 2015 at 01:50:07AM -0500, Daniel Kahn Gillmor wrote:
RC4 in LOW has a bit of pushback so far. My cover for it is that the
IETF says don't use it. So I think saying if you want it, say so is
the way to go.
I think that's the correct position. People who want to be able
On Wed, Feb 11, 2015 at 03:33:03AM +, Salz, Rich wrote:
Not all applications are browsers folks, and libraries need to provide
stable
interfaces that mirror the application's intent consistent with expected
behaviour of existing interfaces.
Please point to where it is documented
On Tue, 10 Feb 2015 21:15:36 +
Salz, Rich rs...@akamai.com wrote:
Comments?
Sounds good.
I'd further suggest to move everything that's not PFSAEAD
from HIGH to MEDIUM.
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
pgpwviI3Wtd4z.pgp
Description: OpenPGP
On Tue, Feb 10, 2015 at 09:15:36PM +, Salz, Rich wrote:
I would like to make the following changes in the cipher specs, in the master
branch, which is planned for the next release after 1.0.2
Anything that uses RC4 or MD5 what was in MEDIUM is now moved to LOW
Note, that RC4 is already
On 07/02/15 14:41, Richard Moore wrote:
On 3 February 2015 at 22:02, Rich Salz rs...@openssl.org
mailto:rs...@openssl.org wrote:
As we've already said, we are moving to making most OpenSSL data
structures opaque. We deliberately used a non-specific term. :)
As of Matt's
On Tue, Feb 10, 2015 at 10:38:01PM +0100, Hanno B?ck wrote:
On Tue, 10 Feb 2015 21:15:36 +
Salz, Rich rs...@akamai.com wrote:
Comments?
Sounds good.
I'd further suggest to move everything that's not PFSAEAD
from HIGH to MEDIUM.
Thus breaking applications that were previously
Salz, Rich rs...@akamai.com wrote:
OPENSSL_NO_CHAIN_VERIFY
OPENSSL_NO_RFC3779
OPENSSL_NO_TLS
OPENSSL_NO_TLS1
OPENSSL_NO_TLS1_2_CLIENT
OPENSSL_NO_TLSEXT
OPENSSL_NO_X509
OPENSSL_NO_X509_VERIFY
Please continue to make it
Sounds good.
Thanks.
I'd further suggest to move everything that's not PFSAEAD from HIGH to
MEDIUM.
I think it's a little early to do that. But once TLS 1.3 is out, then yes :)
___
openssl-dev mailing list
To unsubscribe:
On Tue 2015-02-10 16:15:36 -0500, Salz, Rich wrote:
I would like to make the following changes in the cipher specs, in the master
branch, which is planned for the next release after 1.0.2
Anything that uses RC4 or MD5 what was in MEDIUM is now moved to LOW
yes, please!
Anything that was
Hi Lior,
One thing to try would be to try both ways of the define for __thumb. This can
explain the fingerprint failure.
In fips_canister.c around line 188
# if defined(__thumb__) || defined(__thumb)
return (void *)((size_t)instruction_pointer~1);
# else
return (void
Hi Lior,
One thing to try would be to try both ways of the define for __thumb. This can
explain the fingerprint failure.
In fips_canister.c around line 188
# if defined(__thumb__) || defined(__thumb)
return (void *)((size_t)instruction_pointer~1);
# else
return (void
On Tue Feb 10 14:44:18 2015, cristifa...@gmail.com wrote:
Version: 1.0.2
Platform: Windows x86 (VC-WIN32)
Compiled with: openssl-fips-2.0.5
Hi all,
I browsed the open bug list for a little while, but i didn't find
this.
This was raised in ticket 3673 and fixed by this commit:
6fa805f516f
31 matches
Mail list logo