On Tue, Apr 17, 2012 at 9:46 PM, Lubomír Sedlář lubomir.sed...@gmail.comwrote:
Hello,
I would like to ask if any static analysis tool was ever used to detect
possible problems in OpenSSL source code. Is some tool used regularly?
I tried running Clang Static Analyzer [1] on the source of
On Fri, Apr 20, 2012 at 4:53 PM, Jean-Marc Desperrier jmd...@free.frwrote:
On Tue, 17 Apr 2012, Lubomír Sedlář wrote:
I would like to ask if any static analysis tool was ever used to detect
possible problems in OpenSSL source code. Is some tool used regularly?
I tried running Clang Static
LOL!
On Thu, May 31, 2012 at 7:41 PM, David Anthony via RT r...@openssl.org wrote:
Hello all,
There has been a new security vulnerability we have reported over at
Bugtraq (http://seclists.org/bugtraq/2012/May/155) and we feel that it
should also be reported to the OpenSSL dev team. If there
The point of these changes is to reduce the skew between versions.
They are not random.
On Mon, Jun 4, 2012 at 11:12 PM, Andy Polyakov ap...@openssl.org wrote:
OpenSSL CVS Repository
http://cvs.openssl.org/
On Sun, Jun 10, 2012 at 11:15 AM, Andy Polyakov ap...@openssl.org wrote:
The point of these changes is to reduce the skew between versions.
They are not random.
Consider my
http://cvs.openssl.org/filediff?f=openssl/crypto/x86cpuid.plv1=1.24v2=1.25.
What is the criteria for two changes
On Mon, Sep 17, 2012 at 6:24 PM, Bodo Moeller b...@openssl.org wrote:
OpenSSL CVS Repository
http://cvs.openssl.org/
Server: cvs.openssl.org Name: Bodo Moeller
Root: /v/openssl/cvs
On Tue, Sep 18, 2012 at 9:47 AM, Ben Laurie b...@links.org wrote:
On Mon, Sep 17, 2012 at 6:24 PM, Bodo Moeller b...@openssl.org wrote:
OpenSSL CVS Repository
http://cvs.openssl.org/
Server
On Mon, Oct 8, 2012 at 5:13 PM, Tomas Hoger tho...@redhat.com wrote:
Hi!
Are there any plans to apply any changes to OpenSSL related to the
recent CRIME attack? Unlike other libraries (e.g. GnuTLS or NSS),
OpenSSL enables zlib by default. Is there a plan to change the default
in response
On Sat, Oct 20, 2012 at 5:08 AM, Joe Pletcher joepletc...@gmail.com wrote:
Hello all,
I hope this question is more appropriate for this list. I tried openssl-users
with no luck. If not, I apologize in advance.
I'm working on an OpenSSL project, and I could use some help. I am writing a
Why go via SSL_CTX_ctrl and SSL_ctrl? In fact, why do those exist at all?
On Wed, Dec 26, 2012 at 2:25 PM, Dr. Stephen Henson st...@openssl.org wrote:
OpenSSL CVS Repository
http://cvs.openssl.org/
Server:
The sharp-eyed will have already noticed we're moving to git.
Well, it looks like that's actually happened now. We're also shifting
pretty much everything to new infrastructure.
So, there may be outages, unexpected changes and general weirdness for
a little while.
We'll let you know when we're
On 16 January 2013 13:55, Bruce Cran br...@cran.org.uk wrote:
We've been having regular build problems on Windows: sometimes nasm claims
there are unresolved symbols. For example:
set ASM=nasm -f win64 -DNEAR -Ox -g
perl crypto\x86_64cpuid.pl tmp32dll.dbg\x86_64cpuid.asm
nasm -f win64
On 11 February 2013 13:19, David Woodhouse dw...@infradead.org wrote:
On Mon, 2013-02-11 at 20:59 +, David Woodhouse wrote:
From 32cc2479b473c49ce869e57fded7e9a77b695c0d Mon Sep 17 00:00:00 2001
From: Dr. Stephen Henson st...@openssl.org
Date: Thu, 7 Feb 2013 21:06:37 +
Subject:
On 3 March 2013 04:36, Jonathan Buhacoff jonat...@buhacoff.net wrote:
Hi,
I have a school project to make use of a TPM to store the server's RSA
private key for use with openssl. Specifically, that private key would be
sealed to certain PCR values that are also encoded in the X509
Hey - why not make this a test?
On 5 March 2013 18:31, Dr. Stephen Henson st...@openssl.org wrote:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project OpenSSL source code.
The branch,
On 6 March 2013 03:55, Nayna Jain naynj...@in.ibm.com wrote:
Hi all,
Are RAND_seed(), RAND_add() NIST SP 800-151A compliant ?
800-151 does not appear to exist, got a link?
__
OpenSSL Project
On 19 March 2013 18:53, Steve Marquess marqu...@opensslfoundation.com wrote:
On 03/19/2013 10:47 AM, Pierre DELAAGE wrote:
Dear Steve, I was wondering whether the wiki could be fed at the
beginning by all the Documents available at
http://www.openssl.org/docs/;.
Very often people are able to
On 19 March 2013 23:27, Steve Marquess marqu...@opensslfoundation.com wrote:
On 03/19/2013 04:59 PM, Matt Caswell wrote:
On 19 March 2013 19:38, Steve Marquess marqu...@opensslfoundation.com
wrote:
I took a quick look to see what utilities might be available to convert
between pod and
On 27 March 2013 12:04, Matt Caswell fr...@baggins.org wrote:
On 27 March 2013 11:52, Michael Sierchio ku...@tenebras.com wrote:
Does Phil still teach at UC Davis? You could always ask him directly
for clarification or a waiver.
Hi contact details are on the web page describing the various
...and don't intend to fix their broken ECDSA support in Safari.
It is therefore suggested that I pull this patch:
https://github.com/agl/openssl/commit/0d26cc5b32c23682244685975c1e9392244c0a4d
What do people think?
__
OpenSSL
On 14 June 2013 09:39, Rob Stradling rob.stradl...@comodo.com wrote:
On 13/06/13 17:39, Ben Laurie wrote:
...and don't intend to fix their broken ECDSA support in Safari.
Ben, you've got your wires a bit crossed there.
The ECDHE-ECDSA ciphersuites are indeed broken in Safari on OSX 10.8
On 14 June 2013 12:25, Rob Stradling rob.stradl...@comodo.com wrote:
On 14/06/13 10:20, Ben Laurie wrote:
On 14 June 2013 09:39, Rob Stradling rob.stradl...@comodo.com wrote:
On 13/06/13 17:39, Ben Laurie wrote:
...and don't intend to fix their broken ECDSA support in Safari.
Ben
On 14 June 2013 13:57, Rob Stradling rob.stradl...@comodo.com wrote:
On 14/06/13 12:31, Ben Laurie wrote:
On 14 June 2013 12:25, Rob Stradling rob.stradl...@comodo.com wrote:
snip
Ah, so you're criticizing Apple for not being willing to force all OSX
10.8.x users to update to 10.8.4
On 14 June 2013 13:54, The Doctor doc...@doctor.nl2k.ab.ca wrote:
On Thu, Jun 13, 2013 at 05:39:36PM +0100, Ben Laurie wrote:
...and don't intend to fix their broken ECDSA support in Safari.
It is therefore suggested that I pull this patch:
https://github.com/agl/openssl/commit
On 14 June 2013 14:08, Rob Stradling rob.stradl...@comodo.com wrote:
On 14/06/13 13:58, Ben Laurie wrote:
On 14 June 2013 13:57, Rob Stradling rob.stradl...@comodo.com wrote:
snip
Safari's User-Agent string reveals the OSX version that it is running on.
A
few weeks ago I analyzed some
On 14 June 2013 16:10, Bodo Moeller bmoel...@acm.org wrote:
Note that the patch changes the value of SSL_OP_ALL so if OpenSSL shared
libraries are updated to include the patch existing applications wont set
it:
they'd all need to be recompiled.
That's a valid point.
This is true,
On 20 June 2013 21:46, Jeff Mendoza (MS OPEN TECH)
jemen...@microsoft.com wrote:
-Original Message-
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org]
On Behalf Of Piotr Sikora
Sent: Thursday, June 20, 2013 10:41 AM
To: openssl-dev@openssl.org
Subject: Re:
On 21 June 2013 02:29, Thor Lancelot Simon t...@panix.com wrote:
On Thu, Jun 20, 2013 at 09:30:32PM +, Jeff Mendoza (MS OPEN TECH) wrote:
Yeah, my point was that in the perfect world, you'd support both at
runtime (at least on the server-side) and either ALPN or NPN could be
used. I
On 22 June 2013 19:04, Mike Frysinger vap...@gentoo.org wrote:
On Wednesday 19 June 2013 07:21:39 Ben Laurie wrote:
On 18 June 2013 22:35, Mike Frysinger vap...@gentoo.org wrote:
On Tuesday 18 June 2013 07:37:55 Richard Weinberger wrote:
While building openssl-1.0.1e I noticed
On 22 June 2013 23:06, Mike Frysinger vap...@gentoo.org wrote:
On Saturday 22 June 2013 15:07:49 Ben Laurie wrote:
On 22 June 2013 19:04, Mike Frysinger vap...@gentoo.org wrote:
On Wednesday 19 June 2013 07:21:39 Ben Laurie wrote:
On 18 June 2013 22:35, Mike Frysinger vap...@gentoo.org wrote
On 24 June 2013 22:00, Jeff Mendoza (MS OPEN TECH)
jemen...@microsoft.com wrote:
We simply cannot drop support for NPN (i.e. SPDY) just to add support
for ALPN.
The idea is to have the choice as a ./config option. The default will
stay as NPN, as to not disrupt anyone. I don't have this
Since people are always complaining about OpenSSL docs, I thought this
might be of interest.
-- Forwarded message --
From: adam a...@flossmanuals.net
Date: 1 August 2013 08:23
Subject: [Foundations] 2013 Doc Camp CFP
To: Foundations List foundati...@lists.freedesktop.org
hi
If
I'm trying to figure out why bsdmake on MacOS does this using the
standard Makefiles:
cc -c -I. -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT
-DDSO_DLFCN -DHAVE_DLFCN_H -Wall -pedantic -DPEDANTIC -Wno-long-long
-Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror
-DCRYPTO_MDEBUG_ALL
On 15 August 2013 09:21, Tomas Mraz tm...@redhat.com wrote:
Hello OpenSSL developers,
in a review of the AES GCM code it was found that there might be some
requirements that are placed by SP800-38D document missing.
Especially there is no checking that the key is not used with more than
Thanks for this ... haven't had the chance to test it yet (travel) but will
do shortly.
On 12 August 2013 05:49, Andy Polyakov ap...@openssl.org wrote:
I'm trying to figure out why bsdmake on MacOS does this using the
standard Makefiles:
cc -c -I. -I.. -I../include -DOPENSSL_THREADS
FWIW, I pushed this to the openssl repo instead of my own by mistake, but I
guess since it is in a branch its not that big a deal.
On 5 September 2013 14:45, Ben Laurie b...@openssl.org wrote:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref
On 8 September 2013 13:35, Dr. Stephen Henson st...@openssl.org wrote:
To enable it set the appropriate extension number (0x10 for the test
server)
using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x10
That's unfortunate, 16 is already allocated:
I find these easier to deal with as pull requests...
On 12 September 2013 17:14, Kyle McMartin via RT r...@openssl.org wrote:
a | 1 is always true, regardless of OPENSSL_armcap_P, and
mrc cp15 will fail on = v6.
--- a/crypto/armcap.c
+++ b/crypto/armcap.c
@@ -23,7 +23,7 @@ unsigned int
On 12 September 2013 17:14, Arthur Mesh via RT r...@openssl.org wrote:
I am not 100% sure this is a real bug, hence first tried mailing
openssl-users instead of rt@. But since there was no reply, I am sending
this to rt@
641 if (is_sslv3)
642 {
snip
I just pushed 3cd8547a2018ada88a4303067a2aa15eadc17f39 to master, which
adds time to the random pool.
Before I cherry-pick back to earlier branches, it'd be nice if people let
me know about any platform dependencies...
I finally got around to taking another look at this.
The next weird thing is MacOS thinks it _is_ a .S file, even though
there's only mention of .s in the makefile.
MacOS is, of course, case-insensitive, which probably doesn't help.
On 19 August 2013 15:39, Ben Laurie b...@links.org wrote
On 22 October 2013 06:47, Nico Williams n...@cryptonector.com wrote:
On Monday, October 21, 2013, Salz, Rich wrote:
I like your proposal, but I'd prefer to see an already initialized
error code returned. Or a flag to the (new?) init api that says ignore if
already set
Thanks for your
On 11 December 2013 08:55, Tomas Mraz tm...@redhat.com wrote:
On Út, 2013-12-10 at 14:45 +0100, Dr. Stephen Henson wrote:
On Mon, Dec 09, 2013, geoff_l...@mcafee.com wrote:
Shouldn't the code read:
if (!FIPS_mode())
CRYPTO_w_[un]lock(CRYPTO_LOCK_RAND);
Note the '!'
On 20 December 2013 18:51, Stephen Henson via RT r...@openssl.org wrote:
On Fri Dec 20 19:04:32 2013, d...@fifthhorseman.net wrote:
I can do whatever you think is most useful, but i need a bit more
guidance to be sure i'm giving you what will be most useful for you.
I've pulled the update
On 1 January 2014 21:39, Daniel Kahn Gillmor d...@fifthhorseman.net wrote:
On 01/01/2014 12:48 PM, Ben Laurie wrote:
Pull requests on Github are quite useful - that way they also get
tracked (so long as we remember to close them when applied, that is!).
OK, i've rebased the series against
Note that this is just how to help me, not a consensus view from the
whole team, though I have no doubt much of it will be helpful to the
team, too.
1. Triage RT (https://rt.openssl.org/).
RT has been neglected for a long time. People could usefully go
through it and identify:
a) Tickets that
your.patch
On 24 April 2014 10:06, Ben Laurie b...@links.org wrote:
Note that this is just how to help me, not a consensus view from the
whole team, though I have no doubt much of it will be helpful to the
team, too.
1. Triage RT (https://rt.openssl.org/).
RT has been neglected for a long
I just noticed that if I merge a pull request, then both author and
committer are set to whoever made the pull request.
From the POV of figuring out what went wrong, when things go wrong,
that seems bad.
Is there an easy way to fix that? That is, I would expect it to show
me as the committer and
On 24 April 2014 18:44, Mike Bland mbl...@acm.org wrote:
On Thu, Apr 24, 2014 at 1:31 PM, Ben Laurie b...@links.org wrote:
6. Write new tests
Our test suite sucks. More tests is better.
Shall I send a pull request for this:
https://github.com/mbland/openssl/commit
On 25 April 2014 00:08, Matt Caswell fr...@baggins.org wrote:
Ben - Is it possible for some of us to get RT users created? The above
assumes we can configure RT statuses - is this possible?
I think you now have RT access, right?
On 24 April 2014 19:54, Kurt Roeckx k...@roeckx.be wrote:
On Thu, Apr 24, 2014 at 06:31:34PM +0100, Ben Laurie wrote:
Note that this is just how to help me, not a consensus view from the
whole team, though I have no doubt much of it will be helpful to the
team, too.
1. Triage RT (https
On 26 April 2014 12:16, Kurt Roeckx k...@roeckx.be wrote:
On Sat, Apr 26, 2014 at 11:29:39AM +0100, Ben Laurie wrote:
Is there an easy way to fix that? That is, I would expect it to show
me as the committer and the original author as the author.
That is how it should always work, and I'm
On 20 May 2014 06:40, The Doctor,3328-138 Ave Edmonton AB T5Y
1M4,669-2000,473-4587 doc...@doctor.nl2k.ab.ca wrote:
Found that strndup would not work.
I had to add
#if !HAVE_STRNDUP
#include stdio.h
#include string.h
#include sys/types.h
#include malloc.h
/* Find the length of STRING,
-- Forwarded message --
From: Martin Haufschild martin.haufsch...@uni-rostock.de
Date: 23 May 2014 07:34
Subject: Using Frankencerts for Automated Adversarial,Testing of
Certificate Validation,in SSL/TLS Implementations
Hello,
FYI
On 27 May 2014 09:16, Joseph Birr-Pixton jpix...@gmail.com wrote:
On 27 May 2014 08:45, Peter Waltenberg pwal...@au1.ibm.com wrote:
...
I did change the RNG sources for some of the OpenSSL code in our hacked
version to help with the performance problems using the wrong source causes,
for
Nice idea.
It inspired my son, Felix, and I to think about a related idea:
generate random numbers which are inherently coprime to small primes.
Felix went on to implement the idea, and include benchmarks and tests.
Not finished - while implementing, we noticed that the existing prime
number
Also, I should note that this approach is not portable. You need to
operate in the same base as BIGNUM does, or account for endianness is
the byte-level operations.
On 26 May 2014 02:31, Russell Harkins russ...@russellharkins.info wrote:
Hi SSL Team,
I was looking for ways to make calculating
On 28 May 2014 00:03, Viktor Dukhovni openssl-us...@dukhovni.org wrote:
On Tue, May 27, 2014 at 09:04:20PM +0100, Ben Laurie wrote:
It inspired my son, Felix, and I to think about a related idea:
generate random numbers which are inherently coprime to small primes.
Felix went on to implement
On 28 May 2014 01:47, mancha manc...@zoho.com wrote:
Fouque and Tibouchi [3] offer the differing view that it's preferable to
minimize bias and generate primes that are almost uniform even if it is
not immediately clear how such biases can help an adversary. They
suggest a few algorithms that
incremental search
This is just an idea as I didn't implement anything yet
however with full optimization this could be quicker than incremental search
And sorry if I'm mistaking anyhow
Nico
- Mail d'origine -
De: Ben Laurie b...@links.org
À: OpenSSL development openssl-dev@openssl.org
You didn't update the test...
On 1 June 2014 21:26, Viktor Dukhovni openssl-us...@dukhovni.org wrote:
On Sun, Jun 01, 2014 at 08:14:00PM +, Viktor Dukhovni wrote:
The new prime generator does not ensure that generated primes are
safe modulo 2, 3, 5, 7 or 11. In particular (p-1)/2 might
On 6 June 2014 22:21, Zoltan Arpadffy z...@polarhome.com wrote:
Hi,
after some testing the new release I realized that 1.0.1h does not build nor
run HEARBEAT bug unit test on OpenVMS.
The following patch corrects the problem.
Best as a pull request on github.
Thanks,
Z
-
You should be using 1.0.1h.
Also, not familiar with MacOS X heap checking, but it looks like heap
corruption, which may or may not be OpenSSL's fault. Probably hard to
diagnose without a test case!
On 10 June 2014 07:25, Navneet Kumar (navneeku) navne...@cisco.com wrote:
Update : Crashes are
On 12 June 2014 23:15, Matt Caswell m...@openssl.org wrote:
On 12/06/14 22:43, Otto Moerbeek wrote:
On Thu, Jun 12, 2014 at 10:26:56PM +0200, Matt Caswell via RT wrote:
Patch applied:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=abfb989fe0b749ad61f1aa4cdb0ea4f952fc13e0
Many
I've been trying to figure out why my make depend differs from other
developers, and why it appears to be wrong.
For example, apps/dsa.o depends, according to makedepend, on dh.o, but
with the standard developer flags ($gcc_devteam_warn) it should not.
AFAICS, makedepend gets passed the right
On 1 July 2014 06:52, Zoltan Arpadffy z...@polarhome.com wrote:
Hi,
I see that Rich is doing a fantastic job by cleaning up the backlog...
I absolutely agree that very old releases cannot be supported, but what about
the platforms?
I thought until now, that as long there are developers who
In case people haven't noticed, Google has announced a reward program
for this (last year, in fact):
https://www.google.com/about/appsecurity/patch-rewards/
__
OpenSSL Project
AM, Ben Laurie b...@links.org wrote:
I've been trying to figure out why my make depend differs from other
developers, and why it appears to be wrong.
For example, apps/dsa.o depends, according to makedepend, on dh.o, but
with the standard developer flags ($gcc_devteam_warn) it should
On 1 July 2014 18:34, Tim Rice t...@multitalents.net wrote:
On Tue, 1 Jul 2014, Ben Laurie wrote:
Aha! Well done.
I suspect there's not really any reason to support makedepend anymore
- should perhaps just switch to always using gcc/clang for
dependencies?
So now gcc/clang is required
On 1 July 2014 19:15, Salz, Rich rs...@akamai.com wrote:
I was wondering why 'make depend' output was saved in the Makefiles.
Because way back when (think like early X and xmkmf) that's the way things
were done.
So I guess adding the .d files to the repository and using include statements
On 2 July 2014 23:17, Rich Salz via RT r...@openssl.org wrote:
Fixed, added -servername to the pod file.
Looks to me like you've only fixed this (and many others) in master -
surely should also go to 1.0.2 at least (and probably older branches,
too)?
Also, we generally rebase rather than
On 3 July 2014 12:04, Salz, Rich rs...@akamai.com wrote:
Looks to me like you've only fixed this (and many others) in master - surely
should also go to 1.0.2 at least (and probably older branches, too)?
Okay, tell me which branches.
Since this is a bug, all active branches (that it applies to
: rs...@jabber.me; Twitter: RichSalz
-Original Message-
From: owner-openssl-...@openssl.org [mailto:owner-openssl-
d...@openssl.org] On Behalf Of Ben Laurie
Sent: Thursday, July 03, 2014 7:15 AM
To: OpenSSL development
Cc: Jeffrey Walton
Subject: Re: [openssl.org #3277] OpenSSL
On 3 July 2014 14:13, Theodore Ts'o ty...@mit.edu wrote:
However, in the kernel we are much more lax about who gets access to
the Coverity project. Part of this is the sure and certain knowledge
that the bad guys are quite willing to pay for a Coverity license, and
so for us the balance of
On 3 July 2014 15:28, Salz, Rich rs...@akamai.com wrote:
release processes at various distributions. (Given that Microsoft has weekly
patch Tuesdays, if even slow moving *Microsoft* can turn around a
security update in a week, what's your excuse? :-)
They have a regular release train, but
https://www.google.com/about/appsecurity/patch-rewards/
Refactorings that make it easier to reason about the security
properties of the code.
__
OpenSSL Project http://www.openssl.org
Development
On 3 July 2014 20:06, Kurt Roeckx via RT r...@openssl.org wrote:
On Thu, Jul 03, 2014 at 07:51:28PM +0200, Toralf Förster via RT wrote:
I think cppcheck is right here in void DES_ofb64_encrypt(), line 84, 85
and 96, or ?:
The line before that:
dp=d;
l2c(v0,dp);---
On 3 July 2014 22:35, Kurt Roeckx k...@roeckx.be wrote:
On Thu, Jul 03, 2014 at 09:28:47PM +0100, Ben Laurie wrote:
On 3 July 2014 20:06, Kurt Roeckx via RT r...@openssl.org wrote:
On Thu, Jul 03, 2014 at 07:51:28PM +0200, Toralf Förster via RT wrote:
I think cppcheck is right here in void
It'd be nice, btw, if someone would report the bug to cppcheck.
On 4 July 2014 10:15, Ben Laurie b...@links.org wrote:
On 3 July 2014 22:35, Kurt Roeckx k...@roeckx.be wrote:
On Thu, Jul 03, 2014 at 09:28:47PM +0100, Ben Laurie wrote:
On 3 July 2014 20:06, Kurt Roeckx via RT r...@openssl.org
Interesting paper by David Wheeler:
http://www.dwheeler.com/essays/heartbleed.html.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
On 4 July 2014 15:20, Toralf Förster toralf.foers...@gmx.de wrote:
On 07/04/2014 11:17 AM, Ben Laurie wrote:
It'd be nice, btw, if someone would report the bug to cppcheck.
http://5.150.254.56:443/trac-cppcheck/ticket/5970#ticket
Thanks.
Thx
On 4 July 2014 10:15, Ben Laurie b...@links.org
I've been experimenting with more type correctness and less casting.
Some of the big casting culprits are the various _ctrl() functions,
e.g. SSL_ctrl().
Does anyone have any clue why these exist?
Is there any reason to not replace them with direct function calls
(other than API stability)?
On 5 July 2014 18:46, Zoltan Arpadffy z...@polarhome.com wrote:
Hi,
I absolutely agree, that other less popular platforms need support.
Unfortunately, reading the conversation in the last few days, I got a
feeling that the OpenSSL core development is not willing to support those
platforms
On 5 July 2014 12:37, Kurt Roeckx k...@roeckx.be wrote:
But then I found some MSDN documentation that says that Windows
allows others to hijack your socket when you've set SO_REUSEADDR
and the results are non-deterministic. They also created an
SO_EXCLUSIVEADDRUSE and I'm getting confused
Does anyone use it?
We're considering removing or refactoring it...
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List
On 9 July 2014 14:38, Paul Morriss paul.morr...@tokenbay.co.uk wrote:
I am keen to get more involved in the development of OpenSSL, I am curious,
has the code been run through a static analysis tool (such as Coverity)?
Coverity do run OpenSSL through their tool. The false positive rate is
On 11 July 2014 11:56, Andy Polyakov ap...@openssl.org wrote:
Bottom line [still] is that enc is not the place to perform XTS,
*unless* it's treated specially. In other words question should not be
about setting IV, but about *if* XTS should be supported by enc, and if
so, how exactly.
It
On 16 August 2014 19:50, Dominyk Tiller dominyktil...@gmail.com wrote:
Ah! That's where my confusion lies, I'm getting myself tied up between
development stable. Thanks for the clarity on that.
Homebrew is currently on 1.0.1i stable. These are the ssl2 ciphers active:
On 17 August 2014 06:44, Rich Salz via RT r...@openssl.org wrote:
This will be fixed in the post-1.0.2 release.
Why not fix in 1.0.2?
Thanks. (rsalz-monolith branch on github, akamai/openssl)
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
Workaround (I wasn't sure if the functions were intended to be used
somewhere, so not deleted yet):
diff --git a/crypto/constant_time_test.c b/crypto/constant_time_test.c
index 1b4b18d..78e7fca 100644
--- a/crypto/constant_time_test.c
+++ b/crypto/constant_time_test.c
@@ -195,7 +195,7 @@ static
Building 1.0.2 with gcc 4.9 and no-asm, I get a lot of:
ADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H
-DL_ENDIAN -DTERMIOS -O3 -Wall -c sha256.c
In file included from sha256.c:115:0:
sha256.c: In function 'sha256_block_data_order':
../md32_common.h:248:41: warning:
On 8 June 2015 at 13:27, John Foley fol...@cisco.com wrote:
Is anyone having problems building 1.0.2-stable on FreeBSD? It appears
the following commit may have broken the build:
https://github.com/openssl/openssl/commit/f877da9cedb95df94105d7292f8e0963175e58dc
Here's the error we're
On Sat, 22 Aug 2015 at 01:56 Salz, Rich rs...@akamai.com wrote:
Thanks! We have several cross-compile builds running on Cisco's build
farm. The more the merrier. I am sure ARM would be appreciated.
Are these linked from the website somewhere?
___
On Mon, 24 Aug 2015 at 03:56 Salz, Rich rs...@akamai.com wrote:
On Sat, 22 Aug 2015 at 01:56 Salz, Rich rs...@akamai.com wrote:
Thanks! We have several cross-compile builds running on Cisco's build
farm. The more the merrier. I am sure ARM would be appreciated.
Are these linked from the
On Mon, 24 Aug 2015 at 09:53 Alessandro Ghedini alessan...@ghedini.me
wrote:
On Sat, Aug 22, 2015 at 12:55:43am +, Salz, Rich wrote:
Thanks! We have several cross-compile builds running on Cisco's build
farm.
The more the merrier. I am sure ARM would be appreciated.
Does this mean
On Sat, 1 Aug 2015 at 14:22 mancha manc...@zoho.com wrote:
On Fri, Jul 31, 2015 at 06:46:22PM +, Viktor Dukhovni wrote:
On Fri, Jul 31, 2015 at 11:19:39AM -0700, Bill Cox wrote:
Cool observation. From running a bit of Python code, it looks like
the probability that GCD(p-1, p-q)
On Thu, 6 Aug 2015 at 14:14 David Woodhouse via RT r...@openssl.org wrote:
This code does open-coded division on 64-bit quantities and thus when
building with GCC on 32-bit platforms will require functions such as
__umoddi3 and __udivdi3 from libgcc.
In constrained environments such as
On Fri, 16 Oct 2015 at 01:32 Matt Caswell via RT wrote:
>
>
> On 15/10/15 20:53, Alexander Cherepanov via RT wrote:
> > On 2015-10-15 15:41, Matt Caswell via RT wrote:
> >> The purpose of the sanity check is not then for security, but to guard
> >> against programmer error. For
On Sat, 17 Oct 2015 at 06:35 Kurt Roeckx via RT wrote:
> On Fri, Oct 16, 2015 at 09:44:22PM +, Kaduk, Ben via RT wrote:
> > On 10/16/2015 04:35 PM, Kurt Roeckx via RT wrote:
> > > On Fri, Oct 16, 2015 at 06:50:36PM +, Kurt Roeckx via RT wrote:
> > >> On Fri, Oct 16,
On Mon, 24 Aug 2015 at 19:35 Matt Caswell m...@openssl.org wrote:
On 24/08/2015 10:08, Ben Laurie wrote:
On Mon, 24 Aug 2015 at 03:56 Salz, Rich rs...@akamai.com
mailto:rs...@akamai.com wrote:
On Sat, 22 Aug 2015 at 01:56 Salz, Rich rs...@akamai.com
mailto:rs
501 - 600 of 636 matches
Mail list logo