Re: Digest algorithms for Ruby

2019-10-31 Thread Matt Caswell
On 31/10/2019 11:59, Samuel Williams wrote: > I am maintaining the OpenSSL bindings for Ruby, and I'm considering > exposing SHA3 and BLAKE digests. > > In addition, for the first time, I wrote some tests to test ALL > algorithms we expose, and found that "DSS", "DSS1" and "SHA" no longer > exi

Re: Remove All Software Generators

2019-10-31 Thread Kurt Roeckx
On Wed, Oct 30, 2019 at 02:12:19PM -, Frederick Gotham wrote: > > It appears that OpenSSL will kick and scream and refuse to die not > matter how hard you hit it. If I try to generate a random number like > this: > > openssl rand -hex 8 > > Then it seems it will try in this order: > >

get serialnumber from X509_REQ

2019-10-31 Thread Tobias.Wolf
How can I get the serialnumber from X509_REQ pointer. I saw in the code that there is no getter function? Regard Tobi

Re: Digest algorithms for Ruby

2019-10-31 Thread Viktor Dukhovni
> On Oct 31, 2019, at 7:59 AM, Samuel Williams > wrote: > > I am maintaining the OpenSSL bindings for Ruby, and I'm considering exposing > SHA3 and BLAKE digests. > > In addition, for the first time, I wrote some tests to test ALL algorithms we > expose, and found that "DSS", "DSS1" and "SHA"

Re: Remove All Software Generators

2019-10-31 Thread Salz, Rich via openssl-users
Why not just change things so that if your module fails to load, the library exits? Don't change the RAND code, change the INIT code.

Digest algorithms for Ruby

2019-10-31 Thread Samuel Williams
I am maintaining the OpenSSL bindings for Ruby, and I'm considering exposing SHA3 and BLAKE digests. In addition, for the first time, I wrote some tests to test ALL algorithms we expose, and found that "DSS", "DSS1" and "SHA" no longer exist. I'm going to assume this algorithm is removed because

Re: Remove All Software Generators

2019-10-31 Thread Frederick Gotham
Frederick Gotham wrote: > static int drbg_bytes(unsigned char *out, int count) > { > int const retval = drbg_bytes_REAL(out, count); > > /* Try to get a semi-unique value for the first byte */ > char unsigned rotating_value = (unsigned)out ^ ((unsigned)count << > 4u); >

Re: Remove All Software Generators

2019-10-31 Thread Frederick Gotham
Frederick Gotham wrote: > > I will change the random number generator built into OpenSSL to always > return sequential numbers, something like: Here's what I have: static int drbg_bytes(unsigned char *out, int count) { int const retval = drbg_bytes_REAL(out, count); /*

Re: Remove All Software Generators

2019-10-31 Thread Frederick Gotham
Frederick Gotham wrote: > > And anyway this behaviour didn't come from deleting /dev/random, but > rather from making the default generator inside OpenSSL always give 0 > for a random byte. I will change the random number generator built into OpenSSL to always return sequential numbers, somet