On Sun, Mar 27, 2016 at 10:41 AM, Salz, Rich wrote:
> Is this a real problem or a theoretical one?
UEFI will be a problem on non 32-bit systems as it assume 32-bit
environment. I don't know if there are any of them in the wild,
however.
non-UEFI code is a problem in some restricted environments,
> # if defined(OPENSSL_SYS_UEFI) && !defined(ssize_t) # define ossl_ssize_t
> int # define OSSL_SSIZE_MAX INT_MAX # endif
>
> It's testing for a #define, not a typedef.
>
>
> Then I suppose this comes down to understanding precisely what the test is
> trying to achieve. Do you mean it's explicitl
This patch can be tightened further, if interested.
According to MS docs, the define _CRT_NONSTDC_NO_DEPRECATE is
available for Visual Studio 2005 (cl.exe=14.00). Also see
http://msdn.microsoft.com/en-us/library/ms235384(v=vs.80).aspx.
Testing on Visual Studio 2003 (cl.exe=13.10) shows the change
I'm trying to test an out-of-tree build. Configure does not appear to
document the switch; cf.,
http://github.com/openssl/openssl/blob/master/Configure.
There are $blddir and $srcdir variables, but searching for the
variables, 'tree' and 'build' don't appear to provide a hint.
Using a naive "--bl
>>> $ cat conf_lib.patch
>>> diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c
>>> index f197714..7bc3ac0 100644
>>> --- a/crypto/conf/conf_lib.c
>>> +++ b/crypto/conf/conf_lib.c
>>> @@ -392,7 +392,7 @@ void
>>> OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings,
>>>
On Tue, Mar 29, 2016 at 4:28 AM, Richard Levitte wrote:
> I suggest you read the docs, such as INSTALL. If you go down a bit,
> you'll find the section "Installation in Detail", and a little bit
> further, you'll find "1c. Configure OpenSSL for building outside of
> the source tree."
Perfect, th
On Tue, Mar 29, 2016 at 9:53 AM, Salz, Rich via RT wrote:
> We use strdup because none of the openssl machinery (error stack, etc) might
> be set up yet.
>
> The comment a few lines above says this!
Thanks.
That does not explain why this had not effect on Windows, even after
including "openssl/
Hi Everyone,
I'm working from Master, and testing an i686 build on x86_64. Is
building for i686 on x86_64 a supported configuration?
If so, I'm not sure what to make of this. Does this require a
full-blown cross-compile? (I feel like adding `-m32` is the wrong
thing to do because the configuratio
On Mon, Apr 4, 2016 at 9:59 AM, Richard Levitte wrote:
> In message
> on
> Mon, 4 Apr 2016 13:56:03 +, "Salz, Rich" said:
>
> rsalz>
> rsalz> > I think we're deleting all engine code from LibreSSL, but at least
> one hunk of
> rsalz> > this diff is relevant to OpenSSL:
> rsalz> >
> rsalz>
I *think* this question on Stack Overflow is due to changing the
define associated with protocol negotiations: "Building curl from
sources - undefined reference to SSL_CTX_set_alpn_protos"
(http://stackoverflow.com/q/36404426). That is, OpenSSL 1.0.2 used
'no-npn' and OPENSSL_NO_NPN, while 1.1.0 us
Hi Doctor,
Thanks very much for a reply (I did not expect one for a suggestion).
> It should be possible to exclude algorithms from the FIPS capable
> version of OpenSSL, apart from the DES related algorithms. If not that's
> a bug that will be fixed.
Please don't take this as a bug report. I was
On Fri, Dec 17, 2010 at 7:31 AM, Stephen Henson via RT wrote:
>> [noloa...@gmail.com - Fri Dec 17 11:56:52 2010]:
>>
>> When the OpenSSL source code is re-validated, please consider allow
>> folks to remove the algorithms. There are a few reasons to allow the
>> removal of unused algorithms:
>>
>
On Mon, Dec 20, 2010 at 10:30 PM, Brad Hards wrote:
> On Monday, December 20, 2010 08:02:39 pm noloa...@gmail.com via RT wrote:
> -page of the "openssl x509" command line tool for details. The old behaviour
> +page of the "openssl x509" commandline tool for details. The old behaviour
>
> I think e
On Tue, Feb 21, 2012 at 3:51 PM, Andy Polyakov wrote:
>> Another option (but shoot it down if its bogus :-): I noticed that if I
>> compile
>> fipscanister.o without "-fPIC", then the const variables do get placed in
>> the (really readonly) .rodata section as desired. I thought maybe if I did
>>
On Thu, Nov 15, 2012 at 6:03 AM, Pravesh Rai wrote:
> Hi,
>
> At one place, we are using following logic for generating self-signed
> certificate:
>
> #define SEED_SIZE 128
>
> k = RAND_status();
> while(k == 0)
> {
> // custom logic for getting random numbers from system variables
> ...
>
> Crypt
On Thu, Nov 15, 2012 at 10:41 AM, Jeffrey Walton wrote:
> On Thu, Nov 15, 2012 at 6:03 AM, Pravesh Rai wrote:
>>
>> CryptGenRandom(hCryptProv, SEED_SIZE, buf); // On Windows OS
>> apr_generate_random_bytes(buf, SEED_SIZE); // On Linux OS
>>
Speaking of poor d
On Fri, Nov 16, 2012 at 9:17 AM, Graham Leggett wrote:
> On 16 Nov 2012, at 4:36 AM, Jeffrey Walton wrote:
>
>> On Thu, Nov 15, 2012 at 10:41 AM, Jeffrey Walton wrote:
>>> On Thu, Nov 15, 2012 at 6:03 AM, Pravesh Rai wrote:
>>>>
>>>> CryptGen
On Fri, Nov 16, 2012 at 12:57 PM, Jeffrey Walton wrote:
> On Fri, Nov 16, 2012 at 9:17 AM, Graham Leggett wrote:
>> On 16 Nov 2012, at 4:36 AM, Jeffrey Walton wrote:
>>
>>> On Thu, Nov 15, 2012 at 10:41 AM, Jeffrey Walton wrote:
>>>> On Thu, Nov 15,
On Tue, Nov 20, 2012 at 6:16 PM, Santhosh Kokala
wrote:
> Hi,
> I am trying to build an application with the FIPS Object module. I followed
> the build instructions mentioned in FIPS User Guide 2.0.
>
> FIPS Object Module:
>
> ./config
> Make
> make install
>
> Open SSL:
>
> ./config fips
> make d
On Thu, Dec 13, 2012 at 12:34 AM, jeetendra gangele
wrote:
> Hi i tried to load private key into 224 curve for ecdsa and I am
> getting below error.
>
> EC_KEY_check_key failed:
> error:100B1043:lib(16):func(177):reason(67).
>
> Bleow is my fun to load key.
>
> Can anybody guide me?
$ openssl errs
On Thu, Dec 13, 2012 at 4:04 AM, jeetendra gangele wrote:
> HI,
>
> I am trying to sign the data using EC-DSA algorithm.
> i have the private key to sign the data and I could load using
> EC_KEY_set_private_key.
> But when check the loaded key its failing with the error code below.
> error:100B104
On Mon, Dec 17, 2012 at 11:16 PM, jeetendra gangele
wrote:
> Hi,
> Do we have support for 448 bit hash value generation in openssl.?
> I looked into the header file and I did not find functiobn related to that.
>
> Actually I need to compute shared key for ecdh and that should be 56 Bytes
> long.
0 additional modules have not yet read the
manual, including a couple of GTK modules.
Jeffrey Walton
Baltimore, MD, US
[1] Switch to warn of global variables in a C++ shared object,
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=46097
[2] Global variable in static library - double free or co
Hi All,
Forgot to mention. If you have so global data that is being cleaned up
prematurely, see
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=46097#c17. One of the GCC
folks made the recommendations.
Jeff
On Fri, Oct 22, 2010 at 2:21 AM, Jeffrey Walton wrote:
> Hi All,
>
> I helpe
On Fri, Oct 22, 2010 at 5:01 PM, Andy Polyakov wrote:
>> I helped Wei Dai wrestle with a similar problem for Crypto++. We wrote
>> a couple audit tools, one of which is attached. I just completed an
>> audit on my /usr/lib. The following OpenSSL modules crashed during a
>> simple load/unload cycle
On Sun, May 31, 2015 at 12:27 PM, Richard Levitte via RT
wrote:
> Nice idea, I'm however thinking that much of the trying different formats
> could
> be moved to load_key / load_pubkey, all that would be needed is a keyformat
> denoting "try anything". -1, perhaps?
>
I like the idea, and I was
On Mon, Jun 1, 2015 at 12:56 PM, Daniel Kahn Gillmor
wrote:
> On Mon 2015-06-01 07:36:01 -0400, Krzysztof Kwiatkowski wrote:
>
>> Yes, that's exactly what we do in our configuration. We have 24 servers
>> with rather high workload. SSL is offloaded on F5 load balancer and
>> servers behind load ba
Thanks Kurt. I think I'll need to think about this some more because I
don't recall EVP_PKEY_id.
I think I never considered it because I could not find it when
searching for something to return the inner type ('id' does not make a
lot of sense to me, even now).
Maybe I should back up a bit. What
> ALL BINARY ELLIPTIC CURVES
This one may be premature.
I understand the TLS WG is moving against it. However, I am aware of
implementations of Shoup's ECIES, and they, in turn, depend on
OpenSSL. I don't know if the ECIES implementations rely solely on
prime fields or not, however.
> BLOWFISH -
> MD2 - (The argument that someone somewhere may want to keep verifying old
> MD2 signatures on self-signed certs doesn't seem like a compelling enough
> reason to me. It's been disabled by default since OpenSSL 1.0.0.)
> ...
Apple still provides two Verisign certificates using
md2WithRSAEncryption
On Mon, Nov 16, 2015 at 9:06 PM, Peter Waltenberg
wrote:
> Why not offer another set of get_XYZ_byname() which resticts the caller to
> socially acceptable algorithms. Or allows the opposite, it really doesn't
> matter but restricted being the newer API breaks less code by default.
>
This is an i
On Tue, Nov 17, 2015 at 7:21 AM, Emilia Käsper wrote:
>
>
> On Tue, Nov 17, 2015 at 11:12 AM, Jeffrey Walton wrote:
>>
>> > MD2 - (The argument that someone somewhere may want to keep verifying
>> > old
>> > MD2 signatures on self-signed certs
On Tue, Nov 17, 2015 at 12:43 PM, Jun Sun via RT wrote:
> Hi,
>
> I just found the perl script for x86_64 assembly failed to detect Xcode 7
> environment (Apple LLVM 7.x), and skipped generating AVX code for MAC OS
> ($avx variable is always false). The reason is Apple since Xcode 7.0 removed
>
101 - 133 of 133 matches
Mail list logo
