Re: [openssl-dev] [openssl-commits] [openssl] master update
Am 09.03.2016 um 22:53 schrieb Richard Levitte: The branch master has been updated via 64b9d84bfd0da0305a1df9b97ffbdc3898f59e62 (commit) from 2b8fa1d56cd3a41d666994a1b2ed9df0f5e5d1ec (commit) - Log - commit 64b9d84bfd0da0305a1df9b97ffbdc3898f59e62 Author: Richard LevitteDate: Wed Mar 9 22:34:27 2016 +0100 When grepping something starting with a dash, remember to use -e Strictly speaking "grep -e" has another meaning. If a leading dash is the only problem to fix, one can use "grep --", so the below would become if echo "$CONFIG_OPTS" | grep -- "--classic" >/dev/null; then Regards, Rainer Reviewed-by: Viktor Dukhovni --- Summary of changes: .travis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index ce7e208..0865817 100644 --- a/.travis.yml +++ b/.travis.yml @@ -60,7 +60,7 @@ matrix: before_script: - sh .travis-create-release.sh $TRAVIS_OS_NAME - tar -xvzf _srcdist.tar.gz -- if echo "$CONFIG_OPTS" | grep "--classic" >/dev/null; then +- if echo "$CONFIG_OPTS" | grep -e "--classic" >/dev/null; then srcdir=.; cd _srcdist; else @@ -83,7 +83,7 @@ before_script: - cd .. script: -- if echo "$CONFIG_OPTS" | grep "--classic" >/dev/null; then +- if echo "$CONFIG_OPTS" | grep -e "--classic" >/dev/null; then cd _srcdist; else cd _build; -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl-commits] [openssl] master update
> Please note that the patch in RT4247 also contains a hunk for > crypto/evp/e_camellia.c. This was not committed here, but without it one > gets the same type of compilation error on SPARC. Since the RT is already > closed I thought I better ask. Thanks for catching this. Fixed now. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl-commits] [openssl] master update
Oops, my mistake. -- Senior Architect, Akamai Technologies IM: richs...@jabber.at Twitter: RichSalz > -Original Message- > From: Rainer Jung [mailto:rainer.j...@kippdata.de] > Sent: Saturday, January 16, 2016 5:12 AM > To: openssl-dev@openssl.org > Subject: Re: [openssl-dev] [openssl-commits] [openssl] master update > > Please note that the patch in RT4247 also contains a hunk for > crypto/evp/e_camellia.c. This was not committed here, but without it one > gets the same type of compilation error on SPARC. Since the RT is already > closed I thought I better ask. > > The missing part is: > > Index: crypto/evp/e_camellia.c > --- crypto/evp/e_camellia.c 2016-01-14 10:51:32.0 +0100 > +++ crypto/evp/e_camellia.c 2016-01-16 04:01:44.443269000 +0100 > @@ -119,10 +119,10 @@ >const unsigned char *iv, int enc) >{ >int ret, mode, bits; > -EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; > +EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) > EVP_CIPHER_CTX_cipher_data(ctx); > > -mode = ctx->cipher->flags & EVP_CIPH_MODE; > -bits = ctx->key_len * 8; > +mode = EVP_CIPHER_CTX_mode(ctx); > +bits = EVP_CIPHER_CTX_key_length(ctx) * 8; > >cmll_t4_set_key(key, bits, >ks); > > Thank a bunch, > > Rainer > > Am 16.01.2016 um 04:47 schrieb Rich Salz: > > The branch master has been updated > > via ecdd0ff733985fb573d687fe85fa533f62f6cfd8 (commit) > >from 25be7a0feacdbd3326774f0da8aaeb966c1f57f8 (commit) > > > > > > - Log > > - > > commit ecdd0ff733985fb573d687fe85fa533f62f6cfd8 > > Author: Rich Salz <rs...@akamai.com> > > Date: Fri Jan 15 22:37:11 2016 -0500 > > > > RT4247: Fix EVP_CIPHER_CTX opaque on sparc > > > > Via Rainer Jung > > > > Reviewed-by: Dr. Stephen Henson <st...@openssl.org> > > > > -- > > - > > > > Summary of changes: > > crypto/evp/e_des.c | 2 +- > > crypto/evp/e_des3.c | 4 ++-- > > 2 files changed, 3 insertions(+), 3 deletions(-) > > > > diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c index > > 5536f62..929151c 100644 > > --- a/crypto/evp/e_des.c > > +++ b/crypto/evp/e_des.c > > @@ -247,7 +247,7 @@ static int des_init_key(EVP_CIPHER_CTX *ctx, const > unsigned char *key, > > dat->stream.cbc = NULL; > > # if defined(SPARC_DES_CAPABLE) > > if (SPARC_DES_CAPABLE) { > > -int mode = ctx->cipher->flags & EVP_CIPH_MODE; > > +int mode = EVP_CIPHER_CTX_mode(ctx); > > > > if (mode == EVP_CIPH_CBC_MODE) { > > des_t4_key_expand(key, >ks.ks); diff --git > > a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index 16407e8..8b6c2b5 > > 100644 > > --- a/crypto/evp/e_des3.c > > +++ b/crypto/evp/e_des3.c > > @@ -270,7 +270,7 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, > const unsigned char *key, > > dat->stream.cbc = NULL; > > # if defined(SPARC_DES_CAPABLE) > > if (SPARC_DES_CAPABLE) { > > -int mode = ctx->cipher->flags & EVP_CIPH_MODE; > > +int mode = EVP_CIPHER_CTX_mode(ctx); > > > > if (mode == EVP_CIPH_CBC_MODE) { > > des_t4_key_expand([0], >ks1); @@ -297,7 > > +297,7 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const > unsigned char *key, > > dat->stream.cbc = NULL; > > # if defined(SPARC_DES_CAPABLE) > > if (SPARC_DES_CAPABLE) { > > -int mode = ctx->cipher->flags & EVP_CIPH_MODE; > > +int mode = EVP_CIPHER_CTX_mode(ctx); > > > > if (mode == EVP_CIPH_CBC_MODE) { > > des_t4_key_expand([0], >ks1); > ___ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl-commits] [openssl] master update
Hi Rich, Ismo, I'm surprised this doesn't cause the compiler to warn/error out (inline) On 8/27/15, 21:57, Rich Salz rs...@openssl.org wrote: The branch master has been updated via f00a10b89734e84fe80f98ad9e2e77b557c701ae (commit) from 3c65047d30dacca345d30269b95af4a5c413e8d1 (commit) - Log - commit f00a10b89734e84fe80f98ad9e2e77b557c701ae Author: Ismo Puustinen ismo.puusti...@intel.com Date: Fri Aug 7 22:14:47 2015 -0400 GH367: Fix dsa keygen for too-short seed If the seed value for dsa key generation is too short ( qsize), return an error. Also update the documentation. Signed-off-by: Rich Salz rs...@akamai.com Reviewed-by: Emilia Käsper emi...@openssl.org --- diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index e030cfa..a4fae17 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -132,18 +132,15 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, bits = (bits + 63) / 64 * 64; -/* - * NB: seed_len == 0 is special case: copy generated seed to seed_in if - * it is not NULL. - */ -if (seed_len (seed_len (size_t)qsize)) -seed_in = NULL; /* seed buffer too small -- ignore */ -if (seed_len (size_t)qsize) -seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger - * SEED, but our internal buffers are - * restricted to 160 bits */ -if (seed_in != NULL) +if (seed_in != NULL) { +if (seed_len (size_t)qsize) +return 0; +if (seed_len (size_t)qsize) { +/* Don't overflow seed local variable. */ The comment and code here are a slight mismatch, since qsize is dynamically computed (but limited to three values, the largest of which is used to size the local variable). It's not clear that using SHA256_DIGEST_LENGTH for the check would actually be better, though. +seed_len = qsize; +} memcpy(seed, seed_in, seed_len); +} if ((ctx = BN_CTX_new()) == NULL) goto err; @@ -166,20 +163,18 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, for (;;) { for (;;) { /* find q */ -int seed_is_random; +int seed_is_random = seed_in == NULL; This part seems really bogus; seed_is_random is an int, but seed_in is const unsigned char *; the assignment makes no sense. /* step 1 */ if (!BN_GENCB_call(cb, 0, m++)) goto err; -if (!seed_len) { +if (seed_is_random) { and this chunk can never execute since seed_is_random was just set to 0 (er, NULL). I guess the intent is to declare the variable in the outer loop? if (RAND_bytes(seed, qsize) = 0) goto err; -seed_is_random = 1; } else { -seed_is_random = 0; -seed_len = 0; /* use random seed if 'seed_in' turns out to - * be bad */ +/* If we come back through, use random seed next time. */ +seed_in = NULL; and seed_in is never read after this point. } memcpy(buf, seed, qsize); memcpy(buf2, seed, qsize); diff --git a/doc/crypto/DSA_generate_parameters.pod b/doc/crypto/DSA_generate_parameters.pod index d2a0418..92c89a0 100644 --- a/doc/crypto/DSA_generate_parameters.pod +++ b/doc/crypto/DSA_generate_parameters.pod @@ -23,13 +23,12 @@ Deprecated: DSA_generate_parameters_ex() generates primes p and q and a generator g for use in the DSA and stores the result in Bdsa. -Bbits is the length of the prime to be generated; the DSS allows a -maximum of 1024 bits. +Bbits is the length of the prime p to be generated. +For lengths under 2048 bits, the length of q is 160 bits; for lengths +at least 2048, it is set to 256 bits. The grammar here is slightly unusual; for lengths of at least 2048 bits or for lengths 2048 bits and larger would feel more natural to me. -Ben -If Bseed is BNULL or Bseed_len Elt 20, the primes will be -generated at random. Otherwise, the seed is used to generate -them. If the given seed does not yield a prime q, a new random -seed is chosen and placed at Bseed. +If Bseed is NULL, the primes will be generated at random. +If Bseed_len is less than the length of q, an error is returned. DSA_generate_parameters_ex() places the iteration count in *Bcounter_ret and a counter used for finding a generator in _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl-commits] [openssl] master update
On 8/28/15, 10:34, Salz, Rich rs...@akamai.com wrote: TL;DR -- Don't read the diff, look at the revised code. The comment and code here are a slight mismatch, since qsize is dynamically computed (but limited to three values, the largest of which is used to size the local variable). It's not clear that using SHA256_DIGEST_LENGTH for the check would actually be better, though. If you can think of a more-c lear comment, let me know. But checking against qsize is the right thing to do. +int seed_is_random = seed_in == NULL; This part seems really bogus; seed_is_random is an int, but seed_in is const unsigned char *; the assignment makes no sense. No, it's like seed_in == NULL ? 1 : 0 Sigh, need more coffee. Sorry for the noise :( -Ben I guess the intent is to declare the variable in the outer loop? Nope. and seed_in is never read after this point. It was set up before the loop. The grammar here is slightly unusual; for lengths of at least 2048 bits or for lengths 2048 bits and larger would feel more natural to me. Open a ticket :) ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl-commits] [openssl] master update
TL;DR -- Don't read the diff, look at the revised code. The comment and code here are a slight mismatch, since qsize is dynamically computed (but limited to three values, the largest of which is used to size the local variable). It's not clear that using SHA256_DIGEST_LENGTH for the check would actually be better, though. If you can think of a more-c lear comment, let me know. But checking against qsize is the right thing to do. +int seed_is_random = seed_in == NULL; This part seems really bogus; seed_is_random is an int, but seed_in is const unsigned char *; the assignment makes no sense. No, it's like seed_in == NULL ? 1 : 0 I guess the intent is to declare the variable in the outer loop? Nope. and seed_in is never read after this point. It was set up before the loop. The grammar here is slightly unusual; for lengths of at least 2048 bits or for lengths 2048 bits and larger would feel more natural to me. Open a ticket :) ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl-commits] [openssl] master update
Rats. Looked at the wrong build output ;( thanks. Will fix shortly. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl-commits] [openssl] master update
Am 22.06.2015 um 21:49 schrieb Rich Salz: The branch master has been updated via 75ba5c58c6b3b3326a6c3198100830afa120e7c3 (commit) from 389ebcecae2575188a4ff9566389ce694352be43 (commit) - Log - commit 75ba5c58c6b3b3326a6c3198100830afa120e7c3 Author: Rich Salz rs...@akamai.com Date: Sat Jun 13 17:18:47 2015 -0400 RT3907: avoid local in testssl script Reviewed-by: Richard Levitte levi...@openssl.org --- Summary of changes: test/testssl | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/test/testssl b/test/testssl index 7e834a7..cb8e56a 100644 --- a/test/testssl +++ b/test/testssl @@ -118,11 +118,10 @@ echo test sslv2/sslv3 with both client and server authentication via BIO pair an $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1 test_cipher() { - local cipher=$1 - local protocol=$2 +_cipher=$1 It seems _cipher is never used and instead the function still uses cipher (which is the variable which is set elsewhere before calling the function test_cipher). echo Testing $cipher prot= -if [ $protocol = SSLv3 ] ; then +if [ $2 = SSLv3 ] ; then prot=-ssl3 fi $ssltest -cipher $cipher $prot Regards, Rainer ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl-commits] [openssl] master update
Am 10.04.2015 um 18:28 schrieb Viktor Dukhovni: The branch master has been updated via 34b0a927ab5c9232bcf864d524a9bf2558411700 (commit) from e71cecd551f1d8beca20681184d94f7000a5e333 (commit) - Log - commit 34b0a927ab5c9232bcf864d524a9bf2558411700 Author: Viktor Dukhovni openssl-us...@dukhovni.org Date: Fri Apr 10 12:25:30 2015 -0400 Polish shell script to avoid needless complexity. No need for here documents, just use yes or /dev/null. No need for || exit 1 clauses, just use set -e. Reviewed-by: Rich Salz rs...@openssl.org Reviewed-by: Richard Levitte levi...@openssl.org --- Summary of changes: test/testca | 32 +--- 1 file changed, 9 insertions(+), 23 deletions(-) diff --git a/test/testca b/test/testca index d4d0159..4bcb1fd 100644 --- a/test/testca +++ b/test/testca @@ -1,5 +1,7 @@ #!/bin/sh So this is a /bin/sh script, not necessarily bash or ksh, and thus ... @@ -9,35 +11,19 @@ else fi export PATH -SSLEAY_CONFIG=-config CAss.cnf -export SSLEAY_CONFIG - -OPENSSL=`pwd`/../util/opensslwrap.sh -export OPENSSL +export SSLEAY_CONFIG=-config CAss.cnf +export OPENSSL=`pwd`/../util/opensslwrap.sh ... -SSLEAY_CONFIG=-config Uss.cnf -export SSLEAY_CONFIG -$PERL ../apps/CA.pl -newreq || exit 1 +export SSLEAY_CONFIG=-config Uss.cnf +$PERL ../apps/CA.pl -newreq SSLEAY_CONFIG=-config ../apps/openssl.cnf -export SSLEAY_CONFIG - Combining X=Y export X into export X=Y does not work for all plain Shells. E.g. /bin/sh on Solaris is a Bourne Shell, which does not support this shortcut: $ export X=Y X=Y: is not an identifier Regards, Rainer ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl-commits] [openssl] master update (Add Camellia CTR mode, dda8199922f9d52087d2c41b22a61eb4f9671385)
On 02/12/15 12:49, Rainer Jung wrote: Am 12.02.2015 um 12:00 schrieb Andy Polyakov: diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c index 174a419..7ae36d7 100644 --- a/crypto/evp/c_allc.c +++ b/crypto/evp/c_allc.c @@ -245,5 +245,8 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher(EVP_camellia_256_ofb()); EVP_add_cipher_alias(SN_camellia_256_cbc, CAMELLIA256); EVP_add_cipher_alias(SN_camellia_256_cbc, camellia256); +EVP_add_cipher(EVP_camellia_128_ctr()); +EVP_add_cipher(EVP_camellia_192_ctr()); +EVP_add_cipher(EVP_camellia_256_ctr()); #endif } We get build warnings and crashes during run in EVP_add_cipher(). Thanks. I'm on it. Out of curiosity, with which config do you get crashes? I don't mean that this doesn't need fixing, I only want to have a reference. Thanks to you. The crash occurred while using it during a CI build for Tomcat plus Tomcat native connector (tcnative) which in turn uses OpenSSL. Question was rather about OS. The question I seek answer to is how did it evade the usual test and/or what is so special about your environment. OpenSSL was build with config --prefix=... shared enable-deprecated. I don't have a full stack available. The Java HS-Error file says: [junit] # [junit] # A fatal error has been detected by the Java Runtime Environment: [junit] # [junit] # SIGSEGV (0xb) at pc=0x7fb882f66ef9, pid=32437, tid=140431064893184 Ah! Keyword is likely to be that it was shared build. I mean implicit cast can slip through in non-shared case, because in such case code is loaded in lower 2GB, while shared libraries tend to be mapped far above 4GB. Thanks. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl-commits] [openssl] master update (Add Camellia CTR mode, dda8199922f9d52087d2c41b22a61eb4f9671385)
Am 11.02.2015 um 20:30 schrieb Andy Polyakov: The branch master has been updated via dda8199922f9d52087d2c41b22a61eb4f9671385 (commit) via c79e17731f462d6d42b917027a7085c0f59a2214 (commit) from b7c9187b32a14b5b4a850161aed5c044d2130d5a (commit) - Log - commit dda8199922f9d52087d2c41b22a61eb4f9671385 Author: Andy Polyakov ap...@openssl.org Date: Wed Feb 11 20:30:13 2015 +0100 Add Camellia CTR mode. Reviewed-by: Rich Salz rs...@openssl.org ... --- Summary of changes: crypto/evp/c_allc.c|3 ++ crypto/evp/e_camellia.c|9 ++--- crypto/evp/evptests.txt| 64 ++ crypto/objects/obj_dat.h | 82 +--- crypto/objects/obj_mac.h | 60 crypto/objects/obj_mac.num | 12 +++ crypto/objects/objects.txt | 12 +++ 7 files changed, 231 insertions(+), 11 deletions(-) diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c index 174a419..7ae36d7 100644 --- a/crypto/evp/c_allc.c +++ b/crypto/evp/c_allc.c @@ -245,5 +245,8 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher(EVP_camellia_256_ofb()); EVP_add_cipher_alias(SN_camellia_256_cbc, CAMELLIA256); EVP_add_cipher_alias(SN_camellia_256_cbc, camellia256); +EVP_add_cipher(EVP_camellia_128_ctr()); +EVP_add_cipher(EVP_camellia_192_ctr()); +EVP_add_cipher(EVP_camellia_256_ctr()); #endif } We get build warnings and crashes during run in EVP_add_cipher(). It seems EVP_camellia_128_ctr(), EVP_camellia_192_ctr() and EVP_camellia_256_ctr() are missing from crypto/evp/evp.h: c_allc.c:248:5: warning: implicit declaration of function EVP_camellia_128_ctr [-Wimplicit-function-declaration] EVP_add_cipher(EVP_camellia_128_ctr()); etc. Thanks, Rainer ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl-commits] [openssl] master update (Add Camellia CTR mode, dda8199922f9d52087d2c41b22a61eb4f9671385)
Am 12.02.2015 um 12:00 schrieb Andy Polyakov: diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c index 174a419..7ae36d7 100644 --- a/crypto/evp/c_allc.c +++ b/crypto/evp/c_allc.c @@ -245,5 +245,8 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher(EVP_camellia_256_ofb()); EVP_add_cipher_alias(SN_camellia_256_cbc, CAMELLIA256); EVP_add_cipher_alias(SN_camellia_256_cbc, camellia256); +EVP_add_cipher(EVP_camellia_128_ctr()); +EVP_add_cipher(EVP_camellia_192_ctr()); +EVP_add_cipher(EVP_camellia_256_ctr()); #endif } We get build warnings and crashes during run in EVP_add_cipher(). Thanks. I'm on it. Out of curiosity, with which config do you get crashes? I don't mean that this doesn't need fixing, I only want to have a reference. Thanks to you. The crash occurred while using it during a CI build for Tomcat plus Tomcat native connector (tcnative) which in turn uses OpenSSL. OpenSSL was build with config --prefix=... shared enable-deprecated. I don't have a full stack available. The Java HS-Error file says: [junit] # [junit] # A fatal error has been detected by the Java Runtime Environment: [junit] # [junit] # SIGSEGV (0xb) at pc=0x7fb882f66ef9, pid=32437, tid=140431064893184 [junit] # [junit] # JRE version: Java(TM) SE Runtime Environment (8.0_25-b17) (build 1.8.0_25-b17) [junit] # Java VM: Java HotSpot(TM) 64-Bit Server VM (25.25-b02 mixed mode linux-amd64 compressed oops) [junit] # Problematic frame: [junit] # C [libcrypto.so.1.1.0+0x14fef9] EVP_add_cipher+0x9 [junit] # Regards, Rainer ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl-commits] [openssl] master update (Add Camellia CTR mode, dda8199922f9d52087d2c41b22a61eb4f9671385)
diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c index 174a419..7ae36d7 100644 --- a/crypto/evp/c_allc.c +++ b/crypto/evp/c_allc.c @@ -245,5 +245,8 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher(EVP_camellia_256_ofb()); EVP_add_cipher_alias(SN_camellia_256_cbc, CAMELLIA256); EVP_add_cipher_alias(SN_camellia_256_cbc, camellia256); +EVP_add_cipher(EVP_camellia_128_ctr()); +EVP_add_cipher(EVP_camellia_192_ctr()); +EVP_add_cipher(EVP_camellia_256_ctr()); #endif } We get build warnings and crashes during run in EVP_add_cipher(). Thanks. I'm on it. Out of curiosity, with which config do you get crashes? I don't mean that this doesn't need fixing, I only want to have a reference. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev