Re: [openssl-dev] [openssl.org #4116] [PATCH] Reimplement non-asm OPENSSL_cleanse()

(sorry for the delay, but I've been travelling and moving) On Sat, Oct 31, 2015 at 11:01:22pm +, Brian Smith via RT wrote: > On Sat, Oct 31, 2015 at 11:50 AM, Alessandro Ghedini via RT > The point is to let the person building OPENSSL say "I want the build to > fail if

Re: [openssl-dev] [openssl.org #4115] [PATCH] Remove remaining FIPS code

On Sat, Oct 31, 2015 at 08:34:33am -0400, Steve Marquess wrote: > On 10/31/2015 08:26 AM, Alessandro Ghedini via RT wrote: > > Hi, > > > > I don't know what your intentions are with FIPS support in master, ... > > We would like to continue to provide a FIPS validated module for the 1.1 > (and

Re: [openssl-dev] [openssl.org #4116] [PATCH] Reimplement non-asm OPENSSL_cleanse()

On Wed, Nov 11, 2015 at 05:15:06PM +, Kaduk, Ben via RT wrote: > On 11/11/2015 07:06 AM, Kurt Roeckx via RT wrote: > > On Wed, Nov 11, 2015 at 12:37:56PM +, Alessandro Ghedini via RT wrote: > >> On Wed, Nov 11, 2015 at 11:52:56AM +, Kurt Roeckx via RT wrote: > >>> On Wed, Nov 11, 2015

[openssl-dev] Fwd: [saag] Standard Crypto API + Symmetric Crypto At Rest

Hi OpenSSL Community, I originally posted this message on the security area ML at IETF and I am trying to reach out to a broad audience of experts, implementers, and vendors. I would love to have contributions and implementations (once we have some initial specs) around this initiative. I am

Re: [openssl-dev] [openssl.org #4116] [PATCH] Reimplement non-asm OPENSSL_cleanse()

On 11/11/2015 07:06 AM, Kurt Roeckx via RT wrote: > On Wed, Nov 11, 2015 at 12:37:56PM +, Alessandro Ghedini via RT wrote: >> On Wed, Nov 11, 2015 at 11:52:56AM +, Kurt Roeckx via RT wrote: >>> On Wed, Nov 11, 2015 at 11:16:56AM +, Alessandro Ghedini via RT wrote: Also, FTR,

Re: [openssl-dev] [openssl.org #4116] [PATCH] Reimplement non-asm OPENSSL_cleanse()

On Wed, Nov 11, 2015 at 01:06:54PM +, Kurt Roeckx via RT wrote: > On Wed, Nov 11, 2015 at 12:37:56PM +, Alessandro Ghedini via RT wrote: > > On Wed, Nov 11, 2015 at 11:52:56AM +, Kurt Roeckx via RT wrote: > > > On Wed, Nov 11, 2015 at 11:16:56AM +, Alessandro Ghedini via RT wrote:

Re: [openssl-dev] [openssl.org #4116] [PATCH] Reimplement non-asm OPENSSL_cleanse()

On Wed, Nov 11, 2015 at 11:52:56AM +, Kurt Roeckx via RT wrote: > On Wed, Nov 11, 2015 at 11:16:56AM +, Alessandro Ghedini via RT wrote: > > > > I also added support for explicit_bzero() on OpenBSD. > > An explicit_bzero() call is no better than whatever > OPENSSL_cleanse() does, because

Re: [openssl-dev] [openssl.org #4116] [PATCH] Reimplement non-asm OPENSSL_cleanse()

On Wed, Nov 11, 2015 at 11:16:56AM +, Alessandro Ghedini via RT wrote: > > I also added support for explicit_bzero() on OpenBSD. An explicit_bzero() call is no better than whatever OPENSSL_cleanse() does, because it has exactly the same problems. So I don't think this is useful to do. >

Re: [openssl-dev] [openssl.org #4116] [PATCH] Reimplement non-asm OPENSSL_cleanse()

On Wed, Nov 11, 2015 at 12:37:56PM +, Alessandro Ghedini via RT wrote: > On Wed, Nov 11, 2015 at 11:52:56AM +, Kurt Roeckx via RT wrote: > > On Wed, Nov 11, 2015 at 11:16:56AM +, Alessandro Ghedini via RT wrote: > > > Also, FTR, apparently SecureZeroMemory() doesn't work on the mingw