Hi,
> My executable loads a DLL (A) which loads a second DLL (B), and that
> second DLL is linked with the OpenSSL libraries, so the libeay32.dll
> and ssleay32.dll are loaded automatically when B loads. However,
> libeay32.dll does not always load at the right address, an
> You're still playing "my security level is bigger than yours".
> There is no benefit in excluding RC4-SHA1 from the default list.
> When servers support stronger algorithms, those will be negotiated.
But that is only true as long as there is no new attack which succesfully
downgrades the cipher
Hi,
> I have "checked" the current source code of 'crpyto/mem.c' and I'm a
> little bit suprised that no memset()-calls are made before the free_*()
> functions are entered. I think a "zeroing" of the previous used memory
> is a good solutions to beware for accessing old memory content.
Hi,
> I just noted that the latest openssl 1.0.2 beta1 version was released
> before the heartbleed bug became public and is thus vulnerable.
(snipp)
> Can the openssl devs create a new beta2 version that includes the
> heartbleed fix?
Quoting from the security advisory (see
https://www
Hi,
> > Which platforms are deprecaded an could/should be removed in the
> > sourcecode?
> > MS-DOS?
> > Windows 16 Bit?
> > OS/2?
> > Windows 95/98/ME?
> > Windows NT/2000/XP?
>
> Necessary criteria for a platform to be included in the first list would be:
> * Currency, i.e. a platfo
> Does anyone want to speak up for the requirement that we continue to support
> BEOS (apparently B/1 and R5?), OS/2, or pre-Windows MSDOS?
Which timeframe do we look at? E.g. if 1.0.2 is released this year and it's
successor
where OS/2 support is removed maybe 2-3 years later (say beginning
Hi,
> There are 70 files that have OS2 in them, for a total of 130 instances.
Strange. Here, I obtain:
> grep -r OS2 * | wc -l
52
> grep -r OS2 * | sed "s/\([^:]*\)\:.*/\1/" | uniq | wc -l
22
i.e. 22 files with a total of 52 instances.
Did I miss something, or did you happen to count the
Hello,
> I think that my patched version for WCE should work for windows phone :
> https://www.mail-archive.com/openssl-dev@openssl.org/msg35958.html
Mostly (probably) yes, however (see my patch), I don't think the random
number generation used for WCE works for Windows Phone and I reall
Hi,
>> About random numbers generation, see that (still open) discussion and
>> suggestions...:
>> https://www.mail-archive.com/openssl-dev@openssl.org/msg36812.html
>
> But that's only relevant for standard windows desktop and neither for
> WCE nor for windows phone, isn't it? At le
Hi,
> > I have just produced a patch against the upstream HEAD version, to
> > seek a way to fight against DoS attack in openssl itself,
> > the logic is simple, get client's ip address in BIO layer,
> > and send this info to upper SSL layer; In SSL layer,
> > according to the cl
Hi,
> A .dylib is a shared library - not a loadable module (.bundle/.so).
> MacOSX treats those differently, so trying to dlopen a .dylib is
> wrong.
I rather see this as a bug in early releases of MacOS X, up-to-date
version (AFAIK at least 10.4 and up) don't make such a
Hi,
I tried to comment on the ticket via rt, but apparently there's more
to it than just sending it to r...@openssl.org using a magic subject line
(or maybe it doesn't like "subject:" being replaced by the localized
"Betreff:" as the webmail-frontend I'm using apparently does?
Anyway, le
Hi,
While looking at the Configure script, I found that there is the armv4_asm
variable, which seems to promise a speedup for ARM architectures (and the "4"
in ARMv4 sounds like it should work "everywhere"?).
However, further looking at that Configure file, I see it's only used fo
Hi,
Thanks for the answers to my questions - here come some more.
> Apple assembler uses a little bit different syntax and you can't
> assemble current modules as they are.
... as I found out myself just after asking the original question, but
of course, the following is good to know:
>
Hi,
> For other programs, after setting the environment variables
according to this guide, it is enough to run:
>> > ./configure --host=mips-linux > make
> > I really need your help, because it doesn't wotk with OPENSSL.
That's because OpenSSL is not using a
Hi,
> Absolutely right! Except that given context OP is more likely to have to
> use --cross-compile-prefix=mips-linux-, i.e. with additional dash.
Yes, right, sorry about that..
> Stefan, if it appears as nitpicking, I apologize.
No need to apologize. On the contrary, if one doesn't know t
> And I use both gcc and clang with command “cc -g -Wall
-I../../include -lcrypto aesgcm.c" to compile the source code. Long
version: Note that the linker processes its libraries from left to
right, e.g. if you have an object file object.o and to libraries
liba.a and libb.a, then "cc object.o -la -
Hi,
Kurt Roeckx wrote:
> 1.0.2 long term support
> ===
>
> The OpenSSL project team would like to announce that the 1.0.2
> version will be supported until 2019-12-31.
Looking at the release date of 1.0.2 (22 Jan 2015) that seems to
be (very slightly) less than the "at
Hi,
> Does OpenSSL support TLS with SHA2-512?
No, since there is no such thing as a TLS cipher suite with SHA512.
Cipher suites need to be registered and assigned IDs, so servers/clients
can exchange those IDs to announce what cipher suites they support.
And if you look at the probably mos
Hi,
> I downloaded OpenSSL 1.0.0s.tar.gz and extracted files using following three
> ways.
> The header files in "openssl 1.0.0s\include\openssl" folder are different.
> (snipp)
> Is this a bug in packaging? What is the expected results on Windows?
At first glance, one could say, it's a b
Hi,
You might want to upgrade to OpenSSL-1.0.2 which seems to support the
RSA PSS algorithm, see https://openssl.org/news/changelog.html#x5.
Regards,
Stefan
___
openssl-dev mailing list
To unsubscribe: https://mta.ope
Hi,
> We are considering removing from OpenSSL 1.1 known broken
> or outdated cryptographic primitives. As you may know the forks
> have already done this but I'd like to seek careful feedback for
> OpenSSL first to ensure we won't be breaking any major applications.
[...]
> My preference woul
Hi,
> This is fixed post-1.0.2, where the message says "any supported digest"
> See https://github.com/akamai/openssl/tree/rsalz-monolith for a preview.
Sorry to say something you apparently don't want to hear (for completely
understandable reasons), but as much as I appreciate getti
Hi,
While everyone is talking about removing old platforms and cleaning code,
I'm going to suggest adding yet another (sub-)platform and adding (a bit)
to all those #ifdef's (talk about bad timing...).
I have a complete patch which at least gets everything to compile, but for
Hi,
> I downloaded OpenSSL 1.0.0s.tar.gz and extracted files using following three
> ways.
> The header files in "openssl 1.0.0s\include\openssl" folder are different.
> (snipp)
> Is this a bug in packaging? What is the expected results on Windows?
At first glance, one could say, it's a b
Hi,
Wouldn't
if ( UINTPTR_MAX - (uintptr_t) buffer < len)
be closer to the intention of the original check?
Or is this undefined behaviour as well and I
stupidly missed that fact?
Regards,
Stefan
___
openssl-dev mailing
26 matches
Mail list logo
