[openssl-dev] [openssl.org #4228] Feature request: Support AEAD ciphers in enc app

Is there any particiular reason, why AEAD ciphers are not supported in the enc app? https://github.com/openssl/openssl/blob/700b4a4/apps/enc.c#L294 I have implemented it as a small part of my Master thesis, maybe I could polish it and submit a PR. Regards, Jan Zak

[openssl-dev] [openssl.org #4227] openssl rand 10000000000 does not produce 10000000000 random bytes

1 GB works as expected: $ openssl rand 10 | wc -c 10 But 10 GB does not: $ apps/openssl rand 100 | wc -c 1410065408 2 GB +1 is also bad: $ openssl rand 2147483649 | wc -c rand: Use -help for summary. 0 2 GB -1 is good: $ apps/openssl

[openssl-dev] [openssl.org #4229] Bug - OpenSSL 1.0.2e on AIX has sha256p8-ppc.s assembler build issue...

Hi, I am attempting to build OpenSSL 1.0.2e on AIX and I'm seeing an issue with the "stvx" assembler instruction in the sha256p8-ppc.s module. I have built prior version OpenSSL packages on AIX without issue until now (prior was 1.0.1c), and I haven't varied the steps I typically use.

Re: [openssl-dev] [openssl.org #4228] Feature request: Support AEAD ciphers in enc app

> I have implemented it as a small part of my Master thesis, maybe I could > polish it and submit a PR. Please do this. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4227] openssl rand 10000000000 does not produce 10000000000 random bytes

And also opt_int and opt_long in apps/opt.c are useful. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4227] openssl rand 10000000000 does not produce 10000000000 random bytes

> On Jan 11, 2016, at 7:01 PM, Salz, Rich via RT wrote: > >> I am a bit worried when I see C-beginner mistakes like this in a security >> suite: >> When using sscanf on data you have not produced yourself, you should >> always assume they will be bigger that your largest

Re: [openssl-dev] [openssl.org #4227] openssl rand 10000000000 does not produce 10000000000 random bytes

> On Jan 11, 2016, at 7:01 PM, Salz, Rich via RT wrote: > >> I am a bit worried when I see C-beginner mistakes like this in a security >> suite: >> When using sscanf on data you have not produced yourself, you should >> always assume they will be bigger that your largest

Re: [openssl-dev] [openssl.org #4227] openssl rand 10000000000 does not produce 10000000000 random bytes

> I am a bit worried when I see C-beginner mistakes like this in a security > suite: > When using sscanf on data you have not produced yourself, you should > always assume they will be bigger that your largest buffer/variable and deal > correctly with that. That's a bit of an exaggeration here.

Re: [openssl-dev] Backporting opaque struct getter/setter functions

On Po, 2016-01-11 at 01:09 +, Peter Waltenberg wrote: > The point of using accessor FUNCTIONS is that the code doesn't break > if the structure size or offsets of fields in the underlying > structures change across binaries. > > Where that mainly has an impact is updating the crypto/ssl libs

[openssl-dev] [openssl.org #4201] Feature Request: Support dumping session keys in NSS key log format

On Mon Dec 28 23:53:02 2015, matt wrote: > On Mon Dec 28 22:01:04 2015, rs...@akamai.com wrote: > > Yes we would be interested in this but someone would almost > > definitely > > have to be provided as a complete patch because it seems unlikely > > anyone on the team will get around to doing it by

Re: [openssl-dev] [openssl.org #4227] openssl rand 10000000000 does not produce 10000000000 random bytes

On 01/11/2016 06:01 PM, Salz, Rich via RT wrote: >> I am a bit worried when I see C-beginner mistakes like this in a security >> suite: >> When using sscanf on data you have not produced yourself, you should >> always assume they will be bigger that your largest buffer/variable and deal >>

Re: [openssl-dev] [openssl.org #4227] openssl rand 10000000000 does not produce 10000000000 random bytes

On Tue, 12 Jan 2016 03:36:59 AM Kaduk, Ben via RT wrote: > There's also the part where asking 'openssl rand' for gigabytes of data > is not necessarily a good idea -- I believe in the default configuration > on unix, it ends up reading 32 bytes from /dev/random and using that to > seed EAY's

Re: [openssl-dev] [openssl.org #4227] openssl rand 10000000000 does not produce 10000000000 random bytes

On Tue, 12 Jan 2016 03:36:59 AM Kaduk, Ben via RT wrote: > There's also the part where asking 'openssl rand' for gigabytes of data > is not necessarily a good idea -- I believe in the default configuration > on unix, it ends up reading 32 bytes from /dev/random and using that to > seed EAY's

Re: [openssl-dev] [openssl.org #4227] openssl rand 10000000000 does not produce 10000000000 random bytes

On Tue, Jan 12, 2016 at 4:36 AM, Kaduk, Ben via RT wrote: > On 01/11/2016 06:01 PM, Salz, Rich via RT wrote: >>> I am a bit worried when I see C-beginner mistakes like this in a security >>> suite: >>> When using sscanf on data you have not produced yourself, you should >>>

Re: [openssl-dev] [openssl.org #4227] openssl rand 10000000000 does not produce 10000000000 random bytes

> The worry is not about this particular case (where it does not seem to be > possible to abuse), but as a general observation: If the rest of the code has > the same quality, then we will be screwed. Shrug. We do the best we can. We try to do a good job. Almost everyone would agree that the

[openssl-dev] [openssl.org #4227] openssl rand 10000000000 does not produce 10000000000 random bytes

Fixed in bd4850df648bee9d8e0595b7e1147266e6f55a3e Strict range-checking was added to all app number-parsing. It was mostly already all there (except for, sigh, rand) but range-checking was not done. Now it is. -- Rich Salz, OpenSSL dev team; rs...@openssl.org

Re: [openssl-dev] [openssl-users] Do you need EGD support?

On 11.01.2016 21:32, Salz, Rich wrote: >>> Will you still support PRNGD? I need PRNGD, as I’m on a platform without a >>> built-in random device or cpu instructions. >> PRNGD is a direct replacement for EGD, so if the interface to EGD is removed >> from OpenSSL, PRNGD stops to work for it as

Re: [openssl-dev] [openssl-users] Do you need EGD support?

On 11.01.2016 17:02, Scott Neugroschl wrote: > > Will you still support PRNGD? I need PRNGD, as I’m on a platform > without a built-in random device or cpu instructions. > PRNGD is a direct replacement for EGD, so if the interface to EGD is removed from OpenSSL, PRNGD stops to work for it as

Re: [openssl-dev] [openssl-users] Do you need EGD support?

>>Will you still support PRNGD?  I need PRNGD, as I’m on a platform without a >>built-in random device or cpu instructions. > PRNGD is a direct replacement for EGD, so if the interface to EGD is removed > from OpenSSL, PRNGD stops to work for it as well. Thanks. That means we should not

Re: [openssl-dev] [openssl.org #4201] Feature Request: Support dumping session keys in NSS key log format

Here is an OpenSSL port of a patch in BoringSSL. It requires a call from the application to set a file BIO. You could probably do this from within SSL_CTX_new or something like that if you want a solution that doesn't change the application.

Re: [openssl-dev] [openssl.org #4201] Feature Request: Support dumping session keys in NSS key log format

Here is an OpenSSL port of a patch in BoringSSL. It requires a call from the application to set a file BIO. You could probably do this from within SSL_CTX_new or something like that if you want a solution that doesn't change the application.

Re: [openssl-dev] Still seeing errors in Openssl 1.1 pre

I posted a patch and asked if that fixes the issue. Did you not see it? -- Senior Architect, Akamai Technologies IM: richs...@jabber.at Twitter: RichSalz > -Original Message- > From: The Doctor [mailto:doc...@doctor.nl2k.ab.ca] > Sent: Monday, January 11, 2016 11:52 AM > To:

[openssl-dev] Still seeing errors in Openssl 1.1 pre

Still seeing jpaketest.c: In function `main': jpaketest.c:119: warning: implicit declaration of function `CRYPTO_set_mem_debug_functions' jpaketest.c:120: parse error before "CRYPTO_mem_ctrl" Please fix. -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca

[openssl-dev] Do you need EGD support?

We are considering removing EGD support in 1.1 If your platform still needs it, please reply soon. -- Senior Architect, Akamai Technologies IM: richs...@jabber.at Twitter: RichSalz ___ openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] Still seeing errors in Openssl 1.1 pre

> Not yet Rich. > > Please repost. Steve fixed it already :) So the next snapshot won't fail for this. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Still seeing errors in Openssl 1.1 pre

On Mon, Jan 11, 2016 at 05:08:40PM +, Salz, Rich wrote: > I posted a patch and asked if that fixes the issue. Did you not see it? > > -- > Senior Architect, Akamai Technologies > IM: richs...@jabber.at Twitter: RichSalz > > > > -Original Message- > > From: The Doctor

Re: [openssl-dev] Backporting opaque struct getter/setter functions

> On Jan 10, 2016, at 8:09 PM, Peter Waltenberg wrote: > > The point of using accessor FUNCTIONS is that the code doesn't break if the > structure size or offsets of fields in the underlying structures change > across binaries. > > Where that mainly has an impact is

Re: [openssl-dev] Backporting opaque struct getter/setter functions

> On Jan 11, 2016, at 5:23 AM, Tomas Mraz wrote: > > On Po, 2016-01-11 at 01:09 +, Peter Waltenberg wrote: >> The point of using accessor FUNCTIONS is that the code doesn't break >> if the structure size or offsets of fields in the underlying >> structures change across

Re: [openssl-dev] Backporting opaque struct getter/setter functions

On 11/01/16 18:29, Viktor Dukhovni wrote: > >> On Jan 11, 2016, at 5:23 AM, Tomas Mraz wrote: >> >> On Po, 2016-01-11 at 01:09 +, Peter Waltenberg wrote: >>> The point of using accessor FUNCTIONS is that the code doesn't break >>> if the structure size or offsets of