Displaying 20 results from an estimated 21 matches for "boringssl".
2015 Jul 09
2
Openssl security patch
...sing client authentication.
This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o.
OpenSSL 1.0.2b/1.0.2c users should upgrade to 1.0.2d
OpenSSL 1.0.1n/1.0.1o users should upgrade to 1.0.1p
This issue was reported to OpenSSL on 24th June 2015 by Adam Langley/David
Benjamin (Google/BoringSSL). The fix was developed by the BoringSSL project.
Note
====
As per our previous announcements and our Release Strategy
(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions
1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these
releases will be p...
2023 Apr 19
3
FIPS compliance efforts in Fedora and RHEL
...'m sure this is good for RHEL/rawhide users who care about FIPS,
> > > Portable OpenSSH won't be able to merge this. We explictly aim to support
> > > LibreSSL's libcrypto as well as openssl-1.1.x and neither supports the
> > > OSSL_PARAM_BLD API (neither does BoringSSL, though our support for that
> > > I'd describe as "best effort").
> > >
> > > If this changes we can look again.
> >
> > Yes, we understand and respect your choice.
> > Would it be acceptable in any form being wrapped in necessary #ifdefs...
2015 Oct 26
2
How to pass march flag to GCC Assembler arch64-linux-gnu-as
I am trying to cross compile an assembly file using clang but with "
-fno-integrated-as" so that clang does not use its own assembler.
Clangs calls the command: /usr/bin/aarch64-linux-gnu-as -o Myfile.o
Myfile.s but it fails because of missing *-march=armv8-a+crypto *which is
required to build build my source file Myfile.s
I am passing "-march=armv8-a+crypto" to clang command
2017 Mar 23
2
Linking android with lld: aarch64 target
It would be great if anyone can share your thoughts about the cause and
possibly fix of the error below ?
I would like to know why it is caused and how it can be fixed (if possible)
?
The error message is:
~/llvm/build/install_android/linux-x86/clang-3688880/bin/ld.lld: error:
external/boringssl/linux-aarch64/crypto/sha/sha1-armv8.S:1202: can't create
dynamic relocation R_AARCH64_PREL64 against symbol 'OPENSSL_armcap_P'
defined in out/target/product/hikey/obj/STATIC_LIBRARIES/libcrypto_
intermediates/libcrypto.a(sha1-armv8.o)
clang-5.0: error: linker command failed with exit co...
2015 Oct 26
2
How to pass march flag to GCC Assembler arch64-linux-gnu-as
...no-dwarf-directory-asm -fdebug-compilation-dir ./out/Release
-ferror-limit 19 -fmessage-length 205 -fallow-half-arguments-and-returns
-fno-signed-char -fobjc-runtime=gcc -fdiagnostics-show-option
-fcolor-diagnostics -vectorize-loops -vectorize-slp -o MyFile.s -x
assembler-with-cpp
../../third_party/boringssl/linux-aarch64/crypto/modes/MyFile.S
clang -cc1 version 3.8.0 based upon LLVM 3.8.0svn default target
x86_64-unknown-linux-gnu
#include "..." search starts here:
#include <...> search starts here:
gen
../../third_party/boringssl/src/include
../lib/clang/3.8.0/include
./debian_jess...
2023 Apr 19
1
FIPS compliance efforts in Fedora and RHEL
...he change is needed for the new API.
While I'm sure this is good for RHEL/rawhide users who care about FIPS,
Portable OpenSSH won't be able to merge this. We explictly aim to support
LibreSSL's libcrypto as well as openssl-1.1.x and neither supports the
OSSL_PARAM_BLD API (neither does BoringSSL, though our support for that
I'd describe as "best effort").
If this changes we can look again.
-d
2023 Apr 19
1
FIPS compliance efforts in Fedora and RHEL
...the new API.
>
> While I'm sure this is good for RHEL/rawhide users who care about FIPS,
> Portable OpenSSH won't be able to merge this. We explictly aim to support
> LibreSSL's libcrypto as well as openssl-1.1.x and neither supports the
> OSSL_PARAM_BLD API (neither does BoringSSL, though our support for that
> I'd describe as "best effort").
>
> If this changes we can look again.
Yes, we understand and respect your choice.
Would it be acceptable in any form being wrapped in necessary #ifdefs ?
--
Dmitry Belyavskiy
2015 Jul 09
0
Openssl security patch
...This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o.
>
> OpenSSL 1.0.2b/1.0.2c users should upgrade to 1.0.2d
> OpenSSL 1.0.1n/1.0.1o users should upgrade to 1.0.1p
>
> This issue was reported to OpenSSL on 24th June 2015 by Adam Langley/David
> Benjamin (Google/BoringSSL). The fix was developed by the BoringSSL project.
>
> Note
> ====
>
> As per our previous announcements and our Release Strategy
> (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions
> 1.0.0 and 0.9.8 will cease on 31st December 2015. No security upd...
2023 Apr 19
1
FIPS compliance efforts in Fedora and RHEL
...t; > While I'm sure this is good for RHEL/rawhide users who care about FIPS,
> > Portable OpenSSH won't be able to merge this. We explictly aim to support
> > LibreSSL's libcrypto as well as openssl-1.1.x and neither supports the
> > OSSL_PARAM_BLD API (neither does BoringSSL, though our support for that
> > I'd describe as "best effort").
> >
> > If this changes we can look again.
>
> Yes, we understand and respect your choice.
> Would it be acceptable in any form being wrapped in necessary #ifdefs ?
No, I think it would be to...
2017 Mar 24
2
Linking android with lld: aarch64 target
...possibly fix of the error below ?
> >
> > I would like to know why it is caused and how it can be fixed (if
> possible)
> > ?
> >
> > The error message is:
> >
> > ~/llvm/build/install_android/linux-x86/clang-3688880/bin/ld.lld: error:
> > external/boringssl/linux-aarch64/crypto/sha/sha1-armv8.S:1202: can't
> create
> > dynamic relocation R_AARCH64_PREL64 against symbol 'OPENSSL_armcap_P'
> > defined in
> > out/target/product/hikey/obj/STATIC_LIBRARIES/libcrypto_
> intermediates/libcrypto.a(sha1-armv8.o)
> > cl...
2015 Jul 09
3
C-6.6 - sshd_config chroot SELinux issues
CentOS-6.6
We have sshd chroot working, mostly, for a particular groupid.
However, we have two things that remain u/s, no doubt due to some
omission on my part.
Basically, we would like our users to be able to tunnel their https
over the ssh connection to this server and be able to do X11
forwarding as well. At the moment both work when the user connects
without chroot and neither works if
2019 Sep 12
2
Side-channel resistant values
On 9/12/19 5:06 AM, David Zarzycki via llvm-dev wrote:
I think adding a builtin to force CMOV or similar instructions on other architectures is long overdue. It’s generally useful, even if one isn’t mitigating speculative execution.
I believe that you can currently get this effect using __builtin_unpredictable in Clang. __builtin_unpredictable wasn't added for this purpose, and it's a
2019 Sep 13
2
Side-channel resistant values
...nd part of that will involve adding support to LLVM as well, so I suspect he'd be interested in this topic as well. Not sure what the timelines on any of our lpans are at this point though, so can't really promise much.
>
> For now, I'd really suggest using the techniques used by BoringSSL and OpenSSL. Sadly, these predominantly rely on assembly. They do have some constructs to use C/C++ code and ensure it remains data-invariant, but it isn't because the constructs are actually reliable. Instead, they have testing infrastructure that they continually run and that checks the speci...
2019 Feb 01
3
[cfe-dev] [Github] RFC: linear history vs merge commits
...cherry-pick / rebase and merge with no merge commit):
unfortunately loses the review information.
- Gerrit: developers cannot merge directly, instead they use the web
interface to submit a change. This will add a "Reviewed-on" link that
references the review. (Used by Wireshark, Qt, boringssl, etc.)
Projects that are use mailing lists to review patches (like Linux and
QEMU) commonly include a Message-Id tag in the commit message that
references the original mailing list discussion.
The curl project also uses Github for reviews, but encourages developers
with push permissions to manual...
2016 Nov 14
4
OpenSSL 1.1.0 support
On Mon, 14 Nov 2016, Jakub Jelen wrote:
> Thank you for the comments. I understand the upstream directions and
> that the OpenSSL step is not ideal. The distros will probably have to
> carry these patches until the changes will settle down a bit.
AFAIK Red Hat employs at least one OpenSSL maintainer. What is their
view on this situation?
> Other possible solution we were discussing
2023 Apr 18
3
FIPS compliance efforts in Fedora and RHEL
Hi OpenSSH mailing list,
I would like to announce the newly introduced patch in Fedora rawhide [0]
for
FIPS compliance efforts. The change will be introduced in an upcoming RHEL 9
version.
The patch targets OpenSSL support of OpenSSH, specifically the usage of
old low level API. The new OpenSSL version 3.0 introduces a FIPS
module (going through FIPS 140-2 validation and to be FIPS 140-3
2017 Oct 16
6
Status of OpenSSL 1.1 support
On Mon, Oct 16, 2017 at 12:40:54AM +0200, Ingo Schwarze wrote:
> Colin Watson wrote on Sun, Oct 15, 2017 at 10:51:46PM +0100:
> > Is it actually a requirement that an API compatibility layer be
> > maintained by the OpenSSL team, or could a hypothetical group of
> > external developers interested in breaking this stalemate fork
> > openssl-compat.tar.gz, stick it in a
2016 Feb 29
0
Announce: OpenSSH 7.2 released
...hat/openssh.spec, removing deprecated options and
syntax.
* configure: allow --without-ssl-engine with --without-openssl
* sshd(8): fix multiple authentication using S/Key. bz#2502
* sshd(8): read back from libcrypto RAND_* before dropping
privileges. Avoids sandboxing violations with BoringSSL.
* Fix name collision with system-provided glob(3) functions.
bz#2463
* Adapt Makefile to use ssh-keygen -A when generating host keys.
bz#2459
* configure: correct default value for --with-ssh1 bz#2457
* configure: better detection of _res symbol bz#2259
* support getrandom() sysca...
2019 Feb 01
2
[cfe-dev] [Github] RFC: linear history vs merge commits
Oh, I'm completely in favor of making bad commits much less likely. I
simply think there is a decent solution between "let everything in" and
"don't let everything in unless its proven to work everywhere" that gets
90% of the improvement. The complexity of guaranteeing a buildable
branch is high. If someone wants to take that on, great! I just don't
think we
2016 Feb 29
5
Announce: OpenSSH 7.2 released
...hat/openssh.spec, removing deprecated options and
syntax.
* configure: allow --without-ssl-engine with --without-openssl
* sshd(8): fix multiple authentication using S/Key. bz#2502
* sshd(8): read back from libcrypto RAND_* before dropping
privileges. Avoids sandboxing violations with BoringSSL.
* Fix name collision with system-provided glob(3) functions.
bz#2463
* Adapt Makefile to use ssh-keygen -A when generating host keys.
bz#2459
* configure: correct default value for --with-ssh1 bz#2457
* configure: better detection of _res symbol bz#2259
* support getrandom() sysca...