Is there any particiular reason, why AEAD ciphers are not supported in the
enc app? https://github.com/openssl/openssl/blob/700b4a4/apps/enc.c#L294
I have implemented it as a small part of my Master thesis, maybe I could
polish it and submit a PR.
Regards,
Jan Zak
1 GB works as expected:
$ openssl rand 10 | wc -c
10
But 10 GB does not:
$ apps/openssl rand 100 | wc -c
1410065408
2 GB +1 is also bad:
$ openssl rand 2147483649 | wc -c
rand: Use -help for summary.
0
2 GB -1 is good:
$ apps/openssl
Hi,
I am attempting to build OpenSSL 1.0.2e on AIX and I'm seeing an issue with the
"stvx" assembler instruction in the sha256p8-ppc.s module. I have built prior
version OpenSSL packages on AIX without issue until now (prior was 1.0.1c), and
I haven't varied the steps I typically use.
> I have implemented it as a small part of my Master thesis, maybe I could
> polish it and submit a PR.
Please do this.
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
And also opt_int and opt_long in apps/opt.c are useful.
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
> On Jan 11, 2016, at 7:01 PM, Salz, Rich via RT wrote:
>
>> I am a bit worried when I see C-beginner mistakes like this in a security
>> suite:
>> When using sscanf on data you have not produced yourself, you should
>> always assume they will be bigger that your largest
> On Jan 11, 2016, at 7:01 PM, Salz, Rich via RT wrote:
>
>> I am a bit worried when I see C-beginner mistakes like this in a security
>> suite:
>> When using sscanf on data you have not produced yourself, you should
>> always assume they will be bigger that your largest
> I am a bit worried when I see C-beginner mistakes like this in a security
> suite:
> When using sscanf on data you have not produced yourself, you should
> always assume they will be bigger that your largest buffer/variable and deal
> correctly with that.
That's a bit of an exaggeration here.
On Po, 2016-01-11 at 01:09 +, Peter Waltenberg wrote:
> The point of using accessor FUNCTIONS is that the code doesn't break
> if the structure size or offsets of fields in the underlying
> structures change across binaries.
>
> Where that mainly has an impact is updating the crypto/ssl libs
On Mon Dec 28 23:53:02 2015, matt wrote:
> On Mon Dec 28 22:01:04 2015, rs...@akamai.com wrote:
> > Yes we would be interested in this but someone would almost
> > definitely
> > have to be provided as a complete patch because it seems unlikely
> > anyone on the team will get around to doing it by
On 01/11/2016 06:01 PM, Salz, Rich via RT wrote:
>> I am a bit worried when I see C-beginner mistakes like this in a security
>> suite:
>> When using sscanf on data you have not produced yourself, you should
>> always assume they will be bigger that your largest buffer/variable and deal
>>
On Tue, 12 Jan 2016 03:36:59 AM Kaduk, Ben via RT wrote:
> There's also the part where asking 'openssl rand' for gigabytes of data
> is not necessarily a good idea -- I believe in the default configuration
> on unix, it ends up reading 32 bytes from /dev/random and using that to
> seed EAY's
On Tue, 12 Jan 2016 03:36:59 AM Kaduk, Ben via RT wrote:
> There's also the part where asking 'openssl rand' for gigabytes of data
> is not necessarily a good idea -- I believe in the default configuration
> on unix, it ends up reading 32 bytes from /dev/random and using that to
> seed EAY's
On Tue, Jan 12, 2016 at 4:36 AM, Kaduk, Ben via RT wrote:
> On 01/11/2016 06:01 PM, Salz, Rich via RT wrote:
>>> I am a bit worried when I see C-beginner mistakes like this in a security
>>> suite:
>>> When using sscanf on data you have not produced yourself, you should
>>>
> The worry is not about this particular case (where it does not seem to be
> possible to abuse), but as a general observation: If the rest of the code has
> the same quality, then we will be screwed.
Shrug. We do the best we can. We try to do a good job. Almost everyone would
agree that the
Fixed in bd4850df648bee9d8e0595b7e1147266e6f55a3e
Strict range-checking was added to all app number-parsing. It was mostly
already all there (except for, sigh, rand) but range-checking was not done. Now
it is.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
On 11.01.2016 21:32, Salz, Rich wrote:
>>> Will you still support PRNGD? I need PRNGD, as I’m on a platform without a
>>> built-in random device or cpu instructions.
>> PRNGD is a direct replacement for EGD, so if the interface to EGD is removed
>> from OpenSSL, PRNGD stops to work for it as
On 11.01.2016 17:02, Scott Neugroschl wrote:
>
> Will you still support PRNGD? I need PRNGD, as I’m on a platform
> without a built-in random device or cpu instructions.
>
PRNGD is a direct replacement for EGD, so if the interface to EGD is
removed from OpenSSL, PRNGD stops to work for it as
>>Will you still support PRNGD? I need PRNGD, as I’m on a platform without a
>>built-in random device or cpu instructions.
> PRNGD is a direct replacement for EGD, so if the interface to EGD is removed
> from OpenSSL, PRNGD stops to work for it as well.
Thanks. That means we should not
Here is an OpenSSL port of a patch in BoringSSL. It requires a call from
the application to set a file BIO. You could probably do this from within
SSL_CTX_new or something like that if you want a solution that doesn't
change the application.
Here is an OpenSSL port of a patch in BoringSSL. It requires a call from
the application to set a file BIO. You could probably do this from within
SSL_CTX_new or something like that if you want a solution that doesn't
change the application.
I posted a patch and asked if that fixes the issue. Did you not see it?
--
Senior Architect, Akamai Technologies
IM: richs...@jabber.at Twitter: RichSalz
> -Original Message-
> From: The Doctor [mailto:doc...@doctor.nl2k.ab.ca]
> Sent: Monday, January 11, 2016 11:52 AM
> To:
Still seeing
jpaketest.c: In function `main':
jpaketest.c:119: warning: implicit declaration of function
`CRYPTO_set_mem_debug_functions'
jpaketest.c:120: parse error before "CRYPTO_mem_ctrl"
Please fix.
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
We are considering removing EGD support in 1.1 If your platform still needs
it, please reply soon.
--
Senior Architect, Akamai Technologies
IM: richs...@jabber.at Twitter: RichSalz
___
openssl-dev mailing list
To unsubscribe:
> Not yet Rich.
>
> Please repost.
Steve fixed it already :) So the next snapshot won't fail for this.
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On Mon, Jan 11, 2016 at 05:08:40PM +, Salz, Rich wrote:
> I posted a patch and asked if that fixes the issue. Did you not see it?
>
> --
> Senior Architect, Akamai Technologies
> IM: richs...@jabber.at Twitter: RichSalz
>
>
> > -Original Message-
> > From: The Doctor
> On Jan 10, 2016, at 8:09 PM, Peter Waltenberg wrote:
>
> The point of using accessor FUNCTIONS is that the code doesn't break if the
> structure size or offsets of fields in the underlying structures change
> across binaries.
>
> Where that mainly has an impact is
> On Jan 11, 2016, at 5:23 AM, Tomas Mraz wrote:
>
> On Po, 2016-01-11 at 01:09 +, Peter Waltenberg wrote:
>> The point of using accessor FUNCTIONS is that the code doesn't break
>> if the structure size or offsets of fields in the underlying
>> structures change across
On 11/01/16 18:29, Viktor Dukhovni wrote:
>
>> On Jan 11, 2016, at 5:23 AM, Tomas Mraz wrote:
>>
>> On Po, 2016-01-11 at 01:09 +, Peter Waltenberg wrote:
>>> The point of using accessor FUNCTIONS is that the code doesn't break
>>> if the structure size or offsets of
29 matches
Mail list logo