Re: why does RAND_add() take "randomness" as a "double"?

>Then just set it to 1.0 and be done with it. >That hardly helps on systems that don't have floating point at all. No it doesn't. Such systems aren't supported by OpenSSL. There are many places were floating point is used/supported. Removing the second arg to RAND_add is the

Re: why does RAND_add() take "randomness" as a "double"?

"Salz, Rich via openssl-users" skrev: (21 maj 2019 17:27:44 CEST) >>If it's a sarcasm, I'm missing the point. > >I was't being sarcastic, I was trying to show that the team, recently, >still liked the use of floating point. > >>There are use cases when one wants to mix/add extra

RE: why does RAND_add() take "randomness" as a "double"?

Double makes sense. Entropy is often estimated as a real value. E.g. we have the aforementioned coin flipper feeding data serially. Adding each bit sequentially means 0.125 bytes of entropy per call. Not the best example Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security &

Forthcoming OpenSSL Releases

The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.1.1c, 1.1.0k and 1.0.2s. These releases will be made available on 28th May 2019 between approximately 1200-1600 UTC. OpenSSL 1.1.0k and 1.0.2s contain security hardening bug fixes only but do not

Re: why does RAND_add() take "randomness" as a "double"?

On 5/21/19 3:27 PM, Salz, Rich via openssl-users wrote: If it's a sarcasm, I'm missing the point. I was't being sarcastic, I was trying to show that the team, recently, still liked the use of floating point. There are use cases when one wants to mix/add extra randomness from,

Re: why does RAND_add() take "randomness" as a "double"?

On 5/21/19, 10:45 AM, "openssl-users on behalf of Salz, Rich via openssl-users" wrote: When I overhauled the RAND mechanism, I tried to deprecate this use of floating point, in favor of just a number from 0 to 100 but was voted down. If it's a sarcasm, I'm missing the point.

Re: why does RAND_add() take "randomness" as a "double"?

>If it's a sarcasm, I'm missing the point. I was't being sarcastic, I was trying to show that the team, recently, still liked the use of floating point. >There are use cases when one wants to mix/add extra randomness from, e.g., > an external source (that, for whatever reasons, is

RE: To get end point's IP address

> From: Chethan Kumar [mailto:chethan.ku...@toshiba-tsip.com] > Sent: Tuesday, May 21, 2019 03:53 > > I researched more and found that tlsext_hostname member variable in SSL > structure can be used to to get host name. That's the SNI hostname, which is set by the client to the hostname (or

Re: why does RAND_add() take "randomness" as a "double"?

When I overhauled the RAND mechanism, I tried to deprecate this use of floating point, in favor of just a number from 0 to 100 but was voted down. It *is* stupid. Luckily, on a modern system with system-provided randomness to seed the RNG, you never need this call.

Re: why does RAND_add() take "randomness" as a "double"?

On 5/21/2019 10:15 AM, Laszlo Ersek wrote: [snip] Can someone please explain what is gained by using a floating point type here? Is it really a relevant use case that entropy is fed from an external source to OpenSSL such that truncating the amount to a whole number of bits would cause

why does RAND_add() take "randomness" as a "double"?

(resending, with my subscription to completed) Hi OpenSSL Developers, (cross-posting and ,) OpenSSL commit [1] changed the representation of the "entropy amount" -- later renamed to "randomess" in [2] -- from "int" to "double". I've read the commit message: commit

Re: To get end point's IP address

On 5/21/2019 4:53 AM, Chethan Kumar wrote: Thanks for the information. I researched more and found that tlsext_hostname member variable in SSL structure can be used to to get host name. If applications set this using SSL_set_tlsext_host_name(), is it correct to print hostname/IP in

RE: To get end point's IP address

Thanks for the information. I researched more and found that tlsext_hostname member variable in SSL structure can be used to to get host name. If applications set this using SSL_set_tlsext_host_name(), is it correct to print hostname/IP in tlsext_hostname. Can I use this one to set hostname/Ip

Re: error while running openssl 1.1.1b config file

Ok, thanks. On Tue, May 21, 2019 at 2:15 PM Matt Caswell wrote: > > > On 21/05/2019 09:44, shiva kumar wrote: > > is Kerberos v5 is completely removed or depreciated from OpenSSL 1.1.0 > onwards ? > > It was completely removed. > > Matt > > -- *With Best Regards* *Shivakumar S* *Mysore,

Re: error while running openssl 1.1.1b config file

On 21/05/2019 09:44, shiva kumar wrote: > is Kerberos v5 is completely removed or depreciated from  OpenSSL  1.1.0 > onwards  ? It was completely removed. Matt

Re: error while running openssl 1.1.1b config file

is Kerberos v5 is completely removed or depreciated from OpenSSL 1.1.0 onwards ? On Tue, May 21, 2019 at 2:04 PM Matt Caswell wrote: > > > On 21/05/2019 09:28, shiva kumar wrote: > > Hi, > > when running openssl 1.1.1b config file with no-krb5 option > > I got as, > > > > * Unsupported

Re: error while running openssl 1.1.1b config file

On 21/05/2019 09:28, shiva kumar wrote: > Hi, > when running openssl 1.1.1b config file with no-krb5 option > I got as,  > > * Unsupported options: no-krb5 >   > can I know why I'am getting this error?  > when i remove the no-krb5 option it works. > This option was working on openssl

error while running openssl 1.1.1b config file

Hi, when running openssl 1.1.1b config file with no-krb5 option I got as, * Unsupported options: no-krb5 can I know why I'am getting this error? when i remove the no-krb5 option it works. This option was working on openssl 1.0.2r, but why this option is not working here ? can I know ?