Re: [openssl-dev] [openssl-commits] [openssl] master update
Am 09.03.2016 um 22:53 schrieb Richard Levitte: The branch master has been updated via 64b9d84bfd0da0305a1df9b97ffbdc3898f59e62 (commit) from 2b8fa1d56cd3a41d666994a1b2ed9df0f5e5d1ec (commit) - Log - commit 64b9d84bfd0da0305a1df9b97ffbdc3898f59e62 Author: Richard Levitte Date: Wed Mar 9 22:34:27 2016 +0100 When grepping something starting with a dash, remember to use -e Strictly speaking "grep -e" has another meaning. If a leading dash is the only problem to fix, one can use "grep --", so the below would become if echo "$CONFIG_OPTS" | grep -- "--classic" >/dev/null; then Regards, Rainer Reviewed-by: Viktor Dukhovni --- Summary of changes: .travis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index ce7e208..0865817 100644 --- a/.travis.yml +++ b/.travis.yml @@ -60,7 +60,7 @@ matrix: before_script: - sh .travis-create-release.sh $TRAVIS_OS_NAME - tar -xvzf _srcdist.tar.gz -- if echo "$CONFIG_OPTS" | grep "--classic" >/dev/null; then +- if echo "$CONFIG_OPTS" | grep -e "--classic" >/dev/null; then srcdir=.; cd _srcdist; else @@ -83,7 +83,7 @@ before_script: - cd .. script: -- if echo "$CONFIG_OPTS" | grep "--classic" >/dev/null; then +- if echo "$CONFIG_OPTS" | grep -e "--classic" >/dev/null; then cd _srcdist; else cd _build; -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl-commits] [openssl] master update
> Please note that the patch in RT4247 also contains a hunk for > crypto/evp/e_camellia.c. This was not committed here, but without it one > gets the same type of compilation error on SPARC. Since the RT is already > closed I thought I better ask. Thanks for catching this. Fixed now. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl-commits] [openssl] master update
Oops, my mistake. -- Senior Architect, Akamai Technologies IM: richs...@jabber.at Twitter: RichSalz > -Original Message- > From: Rainer Jung [mailto:rainer.j...@kippdata.de] > Sent: Saturday, January 16, 2016 5:12 AM > To: openssl-dev@openssl.org > Subject: Re: [openssl-dev] [openssl-commits] [openssl] master update > > Please note that the patch in RT4247 also contains a hunk for > crypto/evp/e_camellia.c. This was not committed here, but without it one > gets the same type of compilation error on SPARC. Since the RT is already > closed I thought I better ask. > > The missing part is: > > Index: crypto/evp/e_camellia.c > --- crypto/evp/e_camellia.c 2016-01-14 10:51:32.0 +0100 > +++ crypto/evp/e_camellia.c 2016-01-16 04:01:44.443269000 +0100 > @@ -119,10 +119,10 @@ >const unsigned char *iv, int enc) >{ >int ret, mode, bits; > -EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; > +EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) > EVP_CIPHER_CTX_cipher_data(ctx); > > -mode = ctx->cipher->flags & EVP_CIPH_MODE; > -bits = ctx->key_len * 8; > +mode = EVP_CIPHER_CTX_mode(ctx); > +bits = EVP_CIPHER_CTX_key_length(ctx) * 8; > >cmll_t4_set_key(key, bits, &dat->ks); > > Thank a bunch, > > Rainer > > Am 16.01.2016 um 04:47 schrieb Rich Salz: > > The branch master has been updated > > via ecdd0ff733985fb573d687fe85fa533f62f6cfd8 (commit) > >from 25be7a0feacdbd3326774f0da8aaeb966c1f57f8 (commit) > > > > > > - Log > > - > > commit ecdd0ff733985fb573d687fe85fa533f62f6cfd8 > > Author: Rich Salz > > Date: Fri Jan 15 22:37:11 2016 -0500 > > > > RT4247: Fix EVP_CIPHER_CTX opaque on sparc > > > > Via Rainer Jung > > > > Reviewed-by: Dr. Stephen Henson > > > > -- > > - > > > > Summary of changes: > > crypto/evp/e_des.c | 2 +- > > crypto/evp/e_des3.c | 4 ++-- > > 2 files changed, 3 insertions(+), 3 deletions(-) > > > > diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c index > > 5536f62..929151c 100644 > > --- a/crypto/evp/e_des.c > > +++ b/crypto/evp/e_des.c > > @@ -247,7 +247,7 @@ static int des_init_key(EVP_CIPHER_CTX *ctx, const > unsigned char *key, > > dat->stream.cbc = NULL; > > # if defined(SPARC_DES_CAPABLE) > > if (SPARC_DES_CAPABLE) { > > -int mode = ctx->cipher->flags & EVP_CIPH_MODE; > > +int mode = EVP_CIPHER_CTX_mode(ctx); > > > > if (mode == EVP_CIPH_CBC_MODE) { > > des_t4_key_expand(key, &dat->ks.ks); diff --git > > a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index 16407e8..8b6c2b5 > > 100644 > > --- a/crypto/evp/e_des3.c > > +++ b/crypto/evp/e_des3.c > > @@ -270,7 +270,7 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, > const unsigned char *key, > > dat->stream.cbc = NULL; > > # if defined(SPARC_DES_CAPABLE) > > if (SPARC_DES_CAPABLE) { > > -int mode = ctx->cipher->flags & EVP_CIPH_MODE; > > +int mode = EVP_CIPHER_CTX_mode(ctx); > > > > if (mode == EVP_CIPH_CBC_MODE) { > > des_t4_key_expand(&deskey[0], &dat->ks1); @@ -297,7 > > +297,7 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const > unsigned char *key, > > dat->stream.cbc = NULL; > > # if defined(SPARC_DES_CAPABLE) > > if (SPARC_DES_CAPABLE) { > > -int mode = ctx->cipher->flags & EVP_CIPH_MODE; > > +int mode = EVP_CIPHER_CTX_mode(ctx); > > > > if (mode == EVP_CIPH_CBC_MODE) { > > des_t4_key_expand(&deskey[0], &dat->ks1); > ___ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl-commits] [openssl] master update
Please note that the patch in RT4247 also contains a hunk for crypto/evp/e_camellia.c. This was not committed here, but without it one gets the same type of compilation error on SPARC. Since the RT is already closed I thought I better ask. The missing part is: Index: crypto/evp/e_camellia.c --- crypto/evp/e_camellia.c 2016-01-14 10:51:32.0 +0100 +++ crypto/evp/e_camellia.c 2016-01-16 04:01:44.443269000 +0100 @@ -119,10 +119,10 @@ const unsigned char *iv, int enc) { int ret, mode, bits; -EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; +EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) EVP_CIPHER_CTX_cipher_data(ctx); -mode = ctx->cipher->flags & EVP_CIPH_MODE; -bits = ctx->key_len * 8; +mode = EVP_CIPHER_CTX_mode(ctx); +bits = EVP_CIPHER_CTX_key_length(ctx) * 8; cmll_t4_set_key(key, bits, &dat->ks); Thank a bunch, Rainer Am 16.01.2016 um 04:47 schrieb Rich Salz: The branch master has been updated via ecdd0ff733985fb573d687fe85fa533f62f6cfd8 (commit) from 25be7a0feacdbd3326774f0da8aaeb966c1f57f8 (commit) - Log - commit ecdd0ff733985fb573d687fe85fa533f62f6cfd8 Author: Rich Salz Date: Fri Jan 15 22:37:11 2016 -0500 RT4247: Fix EVP_CIPHER_CTX opaque on sparc Via Rainer Jung Reviewed-by: Dr. Stephen Henson --- Summary of changes: crypto/evp/e_des.c | 2 +- crypto/evp/e_des3.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c index 5536f62..929151c 100644 --- a/crypto/evp/e_des.c +++ b/crypto/evp/e_des.c @@ -247,7 +247,7 @@ static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, dat->stream.cbc = NULL; # if defined(SPARC_DES_CAPABLE) if (SPARC_DES_CAPABLE) { -int mode = ctx->cipher->flags & EVP_CIPH_MODE; +int mode = EVP_CIPHER_CTX_mode(ctx); if (mode == EVP_CIPH_CBC_MODE) { des_t4_key_expand(key, &dat->ks.ks); diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index 16407e8..8b6c2b5 100644 --- a/crypto/evp/e_des3.c +++ b/crypto/evp/e_des3.c @@ -270,7 +270,7 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, dat->stream.cbc = NULL; # if defined(SPARC_DES_CAPABLE) if (SPARC_DES_CAPABLE) { -int mode = ctx->cipher->flags & EVP_CIPH_MODE; +int mode = EVP_CIPHER_CTX_mode(ctx); if (mode == EVP_CIPH_CBC_MODE) { des_t4_key_expand(&deskey[0], &dat->ks1); @@ -297,7 +297,7 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, dat->stream.cbc = NULL; # if defined(SPARC_DES_CAPABLE) if (SPARC_DES_CAPABLE) { -int mode = ctx->cipher->flags & EVP_CIPH_MODE; +int mode = EVP_CIPHER_CTX_mode(ctx); if (mode == EVP_CIPH_CBC_MODE) { des_t4_key_expand(&deskey[0], &dat->ks1); ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl-commits] [openssl] master update
On 8/28/15, 10:34, "Salz, Rich" wrote: >TL;DR -- Don't read the diff, look at the revised code. > >> The comment and code here are a slight mismatch, since qsize is >>dynamically >> computed (but limited to three values, the largest of which is used to >>size the >> local variable). It's not clear that using SHA256_DIGEST_LENGTH for the >> check would actually be better, though. > >If you can think of a more-c lear comment, let me know. But checking >against qsize is the right thing to do. > >> >+int seed_is_random = seed_in == NULL; >> >> This part seems really bogus; seed_is_random is an int, but seed_in is >>const >> unsigned char *; the assignment makes no sense. > >No, it's like "seed_in == NULL ? 1 : 0" Sigh, need more coffee. Sorry for the noise :( -Ben > >> I guess the intent is to declare the variable in the outer loop? > >Nope. > >> and seed_in is never read after this point. > >It was set up before the loop. > >> The grammar here is slightly unusual; "for lengths of at least 2048 >>bits" >> or "for lengths 2048 bits and larger" would feel more natural to me. > >Open a ticket :) > > ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl-commits] [openssl] master update
TL;DR -- Don't read the diff, look at the revised code. > The comment and code here are a slight mismatch, since qsize is dynamically > computed (but limited to three values, the largest of which is used to size > the > local variable). It's not clear that using SHA256_DIGEST_LENGTH for the > check would actually be better, though. If you can think of a more-c lear comment, let me know. But checking against qsize is the right thing to do. > >+int seed_is_random = seed_in == NULL; > > This part seems really bogus; seed_is_random is an int, but seed_in is const > unsigned char *; the assignment makes no sense. No, it's like "seed_in == NULL ? 1 : 0" > I guess the intent is to declare the variable in the outer loop? Nope. > and seed_in is never read after this point. It was set up before the loop. > The grammar here is slightly unusual; "for lengths of at least 2048 bits" > or "for lengths 2048 bits and larger" would feel more natural to me. Open a ticket :) ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl-commits] [openssl] master update
Hi Rich, Ismo, I'm surprised this doesn't cause the compiler to warn/error out (inline) On 8/27/15, 21:57, "Rich Salz" wrote: >The branch master has been updated > via f00a10b89734e84fe80f98ad9e2e77b557c701ae (commit) > from 3c65047d30dacca345d30269b95af4a5c413e8d1 (commit) > > >- Log - >commit f00a10b89734e84fe80f98ad9e2e77b557c701ae >Author: Ismo Puustinen >Date: Fri Aug 7 22:14:47 2015 -0400 > >GH367: Fix dsa keygen for too-short seed > >If the seed value for dsa key generation is too short (< qsize), >return an error. Also update the documentation. > >Signed-off-by: Rich Salz >Reviewed-by: Emilia Käsper > >--- > >diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c >index e030cfa..a4fae17 100644 >--- a/crypto/dsa/dsa_gen.c >+++ b/crypto/dsa/dsa_gen.c >@@ -132,18 +132,15 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, >size_t qbits, > > bits = (bits + 63) / 64 * 64; > >-/* >- * NB: seed_len == 0 is special case: copy generated seed to seed_in >if >- * it is not NULL. >- */ >-if (seed_len && (seed_len < (size_t)qsize)) >-seed_in = NULL; /* seed buffer too small -- ignore */ >-if (seed_len > (size_t)qsize) >-seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger >- * SEED, but our internal buffers are >- * restricted to 160 bits */ >-if (seed_in != NULL) >+if (seed_in != NULL) { >+if (seed_len < (size_t)qsize) >+return 0; >+if (seed_len > (size_t)qsize) { >+/* Don't overflow seed local variable. */ The comment and code here are a slight mismatch, since qsize is dynamically computed (but limited to three values, the largest of which is used to size the local variable). It's not clear that using SHA256_DIGEST_LENGTH for the check would actually be better, though. >+seed_len = qsize; >+} > memcpy(seed, seed_in, seed_len); >+} > > if ((ctx = BN_CTX_new()) == NULL) > goto err; >@@ -166,20 +163,18 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, >size_t qbits, > > for (;;) { > for (;;) { /* find q */ >-int seed_is_random; >+int seed_is_random = seed_in == NULL; This part seems really bogus; seed_is_random is an int, but seed_in is const unsigned char *; the assignment makes no sense. > > /* step 1 */ > if (!BN_GENCB_call(cb, 0, m++)) > goto err; > >-if (!seed_len) { >+if (seed_is_random) { and this chunk can never execute since seed_is_random was just set to 0 (er, NULL). I guess the intent is to declare the variable in the outer loop? > if (RAND_bytes(seed, qsize) <= 0) > goto err; >-seed_is_random = 1; > } else { >-seed_is_random = 0; >-seed_len = 0; /* use random seed if 'seed_in' turns >out to >- * be bad */ >+/* If we come back through, use random seed next time. */ >+seed_in = NULL; and seed_in is never read after this point. > } > memcpy(buf, seed, qsize); > memcpy(buf2, seed, qsize); >diff --git a/doc/crypto/DSA_generate_parameters.pod >b/doc/crypto/DSA_generate_parameters.pod >index d2a0418..92c89a0 100644 >--- a/doc/crypto/DSA_generate_parameters.pod >+++ b/doc/crypto/DSA_generate_parameters.pod >@@ -23,13 +23,12 @@ Deprecated: > DSA_generate_parameters_ex() generates primes p and q and a generator g > for use in the DSA and stores the result in B. > >-B is the length of the prime to be generated; the DSS allows a >-maximum of 1024 bits. >+B is the length of the prime p to be generated. >+For lengths under 2048 bits, the length of q is 160 bits; for lengths >+at least 2048, it is set to 256 bits. The grammar here is slightly unusual; "for lengths of at least 2048 bits" or "for lengths 2048 bits and larger" would feel more natural to me. -Ben > >-If B is B or B E 20, the primes will be >-generated at random. Otherwise, the seed is used to generate >-them. If the given seed does not yield a prime q, a new random >-seed is chosen and placed at B. >+If B is NULL, the primes will be generated at random. >+If B is less than the length of q, an error is returned. > > DSA_generate_parameters_ex() places the iteration count in > *B and a counter used for finding a generator in >_ >openssl-commits mailing list >To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits > ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl-commits] [openssl] master update
Rats. Looked at the wrong build output ;( thanks. Will fix shortly. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl-commits] [openssl] master update
Am 22.06.2015 um 21:49 schrieb Rich Salz: The branch master has been updated via 75ba5c58c6b3b3326a6c3198100830afa120e7c3 (commit) from 389ebcecae2575188a4ff9566389ce694352be43 (commit) - Log - commit 75ba5c58c6b3b3326a6c3198100830afa120e7c3 Author: Rich Salz Date: Sat Jun 13 17:18:47 2015 -0400 RT3907: avoid "local" in testssl script Reviewed-by: Richard Levitte --- Summary of changes: test/testssl | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/test/testssl b/test/testssl index 7e834a7..cb8e56a 100644 --- a/test/testssl +++ b/test/testssl @@ -118,11 +118,10 @@ echo test sslv2/sslv3 with both client and server authentication via BIO pair an $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1 test_cipher() { - local cipher=$1 - local protocol=$2 +_cipher=$1 It seems "_cipher" is never used and instead the function still uses "cipher" (which is the variable which is set elsewhere before calling the function "test_cipher"). echo "Testing $cipher" prot="" -if [ $protocol = "SSLv3" ] ; then +if [ $2 = "SSLv3" ] ; then prot="-ssl3" fi $ssltest -cipher $cipher $prot Regards, Rainer ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl-commits] [openssl] master update
Am 10.04.2015 um 18:28 schrieb Viktor Dukhovni: The branch master has been updated via 34b0a927ab5c9232bcf864d524a9bf2558411700 (commit) from e71cecd551f1d8beca20681184d94f7000a5e333 (commit) - Log - commit 34b0a927ab5c9232bcf864d524a9bf2558411700 Author: Viktor Dukhovni Date: Fri Apr 10 12:25:30 2015 -0400 Polish shell script to avoid needless complexity. No need for here documents, just use "yes" or Reviewed-by: Richard Levitte --- Summary of changes: test/testca | 32 +--- 1 file changed, 9 insertions(+), 23 deletions(-) diff --git a/test/testca b/test/testca index d4d0159..4bcb1fd 100644 --- a/test/testca +++ b/test/testca @@ -1,5 +1,7 @@ #!/bin/sh So this is a /bin/sh script, not necessarily bash or ksh, and thus ... @@ -9,35 +11,19 @@ else fi export PATH -SSLEAY_CONFIG="-config CAss.cnf" -export SSLEAY_CONFIG - -OPENSSL="`pwd`/../util/opensslwrap.sh" -export OPENSSL +export SSLEAY_CONFIG="-config CAss.cnf" +export OPENSSL="`pwd`/../util/opensslwrap.sh" ... -SSLEAY_CONFIG="-config Uss.cnf" -export SSLEAY_CONFIG -$PERL ../apps/CA.pl -newreq || exit 1 +export SSLEAY_CONFIG="-config Uss.cnf" +$PERL ../apps/CA.pl -newreq SSLEAY_CONFIG="-config ../apps/openssl.cnf" -export SSLEAY_CONFIG - Combining X=Y export X into export X=Y does not work for all plain Shells. E.g. /bin/sh on Solaris is a Bourne Shell, which does not support this shortcut: $ export X=Y X=Y: is not an identifier Regards, Rainer ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl-commits] [openssl] master update ("Add Camellia CTR mode", dda8199922f9d52087d2c41b22a61eb4f9671385)
On 02/12/15 12:49, Rainer Jung wrote: > Am 12.02.2015 um 12:00 schrieb Andy Polyakov: diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c index 174a419..7ae36d7 100644 --- a/crypto/evp/c_allc.c +++ b/crypto/evp/c_allc.c @@ -245,5 +245,8 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher(EVP_camellia_256_ofb()); EVP_add_cipher_alias(SN_camellia_256_cbc, "CAMELLIA256"); EVP_add_cipher_alias(SN_camellia_256_cbc, "camellia256"); +EVP_add_cipher(EVP_camellia_128_ctr()); +EVP_add_cipher(EVP_camellia_192_ctr()); +EVP_add_cipher(EVP_camellia_256_ctr()); #endif } >>> >>> We get build warnings and crashes during run in EVP_add_cipher(). >> >> Thanks. I'm on it. Out of curiosity, with which config do you get >> crashes? I don't mean that this doesn't need fixing, I only want to have >> a reference. > > Thanks to you. > > The crash occurred while using it during a CI build for Tomcat plus > Tomcat native connector (tcnative) which in turn uses OpenSSL. Question was rather about OS. The question I seek answer to is how did it evade the usual test and/or what is so special about your environment. > OpenSSL was build with "config --prefix=... shared enable-deprecated". > > I don't have a full stack available. The Java HS-Error file says: > > [junit] # > [junit] # A fatal error has been detected by the Java Runtime > Environment: > [junit] # > [junit] # SIGSEGV (0xb) at pc=0x7fb882f66ef9, pid=32437, > tid=140431064893184 Ah! Keyword is likely to be that it was shared build. I mean implicit cast can slip through in non-shared case, because in such case code is loaded in lower 2GB, while shared libraries tend to be mapped far above 4GB. Thanks. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl-commits] [openssl] master update ("Add Camellia CTR mode", dda8199922f9d52087d2c41b22a61eb4f9671385)
Am 12.02.2015 um 12:00 schrieb Andy Polyakov: diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c index 174a419..7ae36d7 100644 --- a/crypto/evp/c_allc.c +++ b/crypto/evp/c_allc.c @@ -245,5 +245,8 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher(EVP_camellia_256_ofb()); EVP_add_cipher_alias(SN_camellia_256_cbc, "CAMELLIA256"); EVP_add_cipher_alias(SN_camellia_256_cbc, "camellia256"); +EVP_add_cipher(EVP_camellia_128_ctr()); +EVP_add_cipher(EVP_camellia_192_ctr()); +EVP_add_cipher(EVP_camellia_256_ctr()); #endif } We get build warnings and crashes during run in EVP_add_cipher(). Thanks. I'm on it. Out of curiosity, with which config do you get crashes? I don't mean that this doesn't need fixing, I only want to have a reference. Thanks to you. The crash occurred while using it during a CI build for Tomcat plus Tomcat native connector (tcnative) which in turn uses OpenSSL. OpenSSL was build with "config --prefix=... shared enable-deprecated". I don't have a full stack available. The Java HS-Error file says: [junit] # [junit] # A fatal error has been detected by the Java Runtime Environment: [junit] # [junit] # SIGSEGV (0xb) at pc=0x7fb882f66ef9, pid=32437, tid=140431064893184 [junit] # [junit] # JRE version: Java(TM) SE Runtime Environment (8.0_25-b17) (build 1.8.0_25-b17) [junit] # Java VM: Java HotSpot(TM) 64-Bit Server VM (25.25-b02 mixed mode linux-amd64 compressed oops) [junit] # Problematic frame: [junit] # C [libcrypto.so.1.1.0+0x14fef9] EVP_add_cipher+0x9 [junit] # Regards, Rainer ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl-commits] [openssl] master update ("Add Camellia CTR mode", dda8199922f9d52087d2c41b22a61eb4f9671385)
>> diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c >> index 174a419..7ae36d7 100644 >> --- a/crypto/evp/c_allc.c >> +++ b/crypto/evp/c_allc.c >> @@ -245,5 +245,8 @@ void OpenSSL_add_all_ciphers(void) >> EVP_add_cipher(EVP_camellia_256_ofb()); >> EVP_add_cipher_alias(SN_camellia_256_cbc, "CAMELLIA256"); >> EVP_add_cipher_alias(SN_camellia_256_cbc, "camellia256"); >> +EVP_add_cipher(EVP_camellia_128_ctr()); >> +EVP_add_cipher(EVP_camellia_192_ctr()); >> +EVP_add_cipher(EVP_camellia_256_ctr()); >> #endif >> } > > We get build warnings and crashes during run in EVP_add_cipher(). Thanks. I'm on it. Out of curiosity, with which config do you get crashes? I don't mean that this doesn't need fixing, I only want to have a reference. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl-commits] [openssl] master update ("Add Camellia CTR mode", dda8199922f9d52087d2c41b22a61eb4f9671385)
Am 11.02.2015 um 20:30 schrieb Andy Polyakov: The branch master has been updated via dda8199922f9d52087d2c41b22a61eb4f9671385 (commit) via c79e17731f462d6d42b917027a7085c0f59a2214 (commit) from b7c9187b32a14b5b4a850161aed5c044d2130d5a (commit) - Log - commit dda8199922f9d52087d2c41b22a61eb4f9671385 Author: Andy Polyakov Date: Wed Feb 11 20:30:13 2015 +0100 Add Camellia CTR mode. Reviewed-by: Rich Salz ... --- Summary of changes: crypto/evp/c_allc.c|3 ++ crypto/evp/e_camellia.c|9 ++--- crypto/evp/evptests.txt| 64 ++ crypto/objects/obj_dat.h | 82 +--- crypto/objects/obj_mac.h | 60 crypto/objects/obj_mac.num | 12 +++ crypto/objects/objects.txt | 12 +++ 7 files changed, 231 insertions(+), 11 deletions(-) diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c index 174a419..7ae36d7 100644 --- a/crypto/evp/c_allc.c +++ b/crypto/evp/c_allc.c @@ -245,5 +245,8 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher(EVP_camellia_256_ofb()); EVP_add_cipher_alias(SN_camellia_256_cbc, "CAMELLIA256"); EVP_add_cipher_alias(SN_camellia_256_cbc, "camellia256"); +EVP_add_cipher(EVP_camellia_128_ctr()); +EVP_add_cipher(EVP_camellia_192_ctr()); +EVP_add_cipher(EVP_camellia_256_ctr()); #endif } We get build warnings and crashes during run in EVP_add_cipher(). It seems EVP_camellia_128_ctr(), EVP_camellia_192_ctr() and EVP_camellia_256_ctr() are missing from crypto/evp/evp.h: c_allc.c:248:5: warning: implicit declaration of function "EVP_camellia_128_ctr" [-Wimplicit-function-declaration] EVP_add_cipher(EVP_camellia_128_ctr()); etc. Thanks, Rainer ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev