Re: [openssl-dev] [openssl-commits] [openssl] master update

[Rainer Jung]

Am 09.03.2016 um 22:53 schrieb Richard Levitte:

The branch master has been updated
via  64b9d84bfd0da0305a1df9b97ffbdc3898f59e62 (commit)
   from  2b8fa1d56cd3a41d666994a1b2ed9df0f5e5d1ec (commit)


- Log -
commit 64b9d84bfd0da0305a1df9b97ffbdc3898f59e62
Author: Richard Levitte 
Date:   Wed Mar 9 22:34:27 2016 +0100

 When grepping something starting with a dash, remember to use -e


Strictly speaking "grep -e" has another meaning. If a leading dash is 
the only problem to fix, one can use "grep --", so the below would become


if echo "$CONFIG_OPTS" | grep -- "--classic" >/dev/null; then

Regards,

Rainer


 Reviewed-by: Viktor Dukhovni 

---

Summary of changes:
  .travis.yml | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index ce7e208..0865817 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -60,7 +60,7 @@ matrix:
  before_script:
  - sh .travis-create-release.sh $TRAVIS_OS_NAME
  - tar -xvzf _srcdist.tar.gz
-- if echo "$CONFIG_OPTS" | grep "--classic" >/dev/null; then
+- if echo "$CONFIG_OPTS" | grep -e "--classic" >/dev/null; then
srcdir=.;
cd _srcdist;
else
@@ -83,7 +83,7 @@ before_script:
  - cd ..

  script:
-- if echo "$CONFIG_OPTS" | grep "--classic" >/dev/null; then
+- if echo "$CONFIG_OPTS" | grep -e "--classic" >/dev/null; then
cd _srcdist;
else
cd _build;

--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl-commits] [openssl] master update

[Salz, Rich]

> Please note that the patch in RT4247 also contains a hunk for
> crypto/evp/e_camellia.c. This was not committed here, but without it one
> gets the same type of compilation error on SPARC. Since the RT is already
> closed I thought I better ask.

Thanks for catching this.  Fixed now.
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl-commits] [openssl] master update

[Salz, Rich]

Oops, my mistake.

--  
Senior Architect, Akamai Technologies
IM: richs...@jabber.at Twitter: RichSalz


> -Original Message-
> From: Rainer Jung [mailto:rainer.j...@kippdata.de]
> Sent: Saturday, January 16, 2016 5:12 AM
> To: openssl-dev@openssl.org
> Subject: Re: [openssl-dev] [openssl-commits] [openssl] master update
> 
> Please note that the patch in RT4247 also contains a hunk for
> crypto/evp/e_camellia.c. This was not committed here, but without it one
> gets the same type of compilation error on SPARC. Since the RT is already
> closed I thought I better ask.
> 
> The missing part is:
> 
> Index: crypto/evp/e_camellia.c
> --- crypto/evp/e_camellia.c 2016-01-14 10:51:32.0 +0100
> +++ crypto/evp/e_camellia.c 2016-01-16 04:01:44.443269000 +0100
> @@ -119,10 +119,10 @@
>const unsigned char *iv, int enc)
>{
>int ret, mode, bits;
> -EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data;
> +EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *)
> EVP_CIPHER_CTX_cipher_data(ctx);
> 
> -mode = ctx->cipher->flags & EVP_CIPH_MODE;
> -bits = ctx->key_len * 8;
> +mode = EVP_CIPHER_CTX_mode(ctx);
> +bits = EVP_CIPHER_CTX_key_length(ctx) * 8;
> 
>cmll_t4_set_key(key, bits, >ks);
> 
> Thank a bunch,
> 
> Rainer
> 
> Am 16.01.2016 um 04:47 schrieb Rich Salz:
> > The branch master has been updated
> > via  ecdd0ff733985fb573d687fe85fa533f62f6cfd8 (commit)
> >from  25be7a0feacdbd3326774f0da8aaeb966c1f57f8 (commit)
> >
> >
> > - Log
> > -
> > commit ecdd0ff733985fb573d687fe85fa533f62f6cfd8
> > Author: Rich Salz <rs...@akamai.com>
> > Date:   Fri Jan 15 22:37:11 2016 -0500
> >
> >  RT4247: Fix EVP_CIPHER_CTX opaque on sparc
> >
> >  Via Rainer Jung
> >
> >  Reviewed-by: Dr. Stephen Henson <st...@openssl.org>
> >
> > --
> > -
> >
> > Summary of changes:
> >   crypto/evp/e_des.c  | 2 +-
> >   crypto/evp/e_des3.c | 4 ++--
> >   2 files changed, 3 insertions(+), 3 deletions(-)
> >
> > diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c index
> > 5536f62..929151c 100644
> > --- a/crypto/evp/e_des.c
> > +++ b/crypto/evp/e_des.c
> > @@ -247,7 +247,7 @@ static int des_init_key(EVP_CIPHER_CTX *ctx, const
> unsigned char *key,
> >   dat->stream.cbc = NULL;
> >   # if defined(SPARC_DES_CAPABLE)
> >   if (SPARC_DES_CAPABLE) {
> > -int mode = ctx->cipher->flags & EVP_CIPH_MODE;
> > +int mode = EVP_CIPHER_CTX_mode(ctx);
> >
> >   if (mode == EVP_CIPH_CBC_MODE) {
> >   des_t4_key_expand(key, >ks.ks); diff --git
> > a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index 16407e8..8b6c2b5
> > 100644
> > --- a/crypto/evp/e_des3.c
> > +++ b/crypto/evp/e_des3.c
> > @@ -270,7 +270,7 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx,
> const unsigned char *key,
> >   dat->stream.cbc = NULL;
> >   # if defined(SPARC_DES_CAPABLE)
> >   if (SPARC_DES_CAPABLE) {
> > -int mode = ctx->cipher->flags & EVP_CIPH_MODE;
> > +int mode = EVP_CIPHER_CTX_mode(ctx);
> >
> >   if (mode == EVP_CIPH_CBC_MODE) {
> >   des_t4_key_expand([0], >ks1); @@ -297,7
> > +297,7 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const
> unsigned char *key,
> >   dat->stream.cbc = NULL;
> >   # if defined(SPARC_DES_CAPABLE)
> >   if (SPARC_DES_CAPABLE) {
> > -int mode = ctx->cipher->flags & EVP_CIPH_MODE;
> > +int mode = EVP_CIPHER_CTX_mode(ctx);
> >
> >   if (mode == EVP_CIPH_CBC_MODE) {
> >   des_t4_key_expand([0], >ks1);
> ___
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl-commits] [openssl] master update

[Kaduk, Ben]

Hi Rich, Ismo,

I'm surprised this doesn't cause the compiler to warn/error out (inline)

On 8/27/15, 21:57, Rich Salz rs...@openssl.org wrote:

The branch master has been updated
   via  f00a10b89734e84fe80f98ad9e2e77b557c701ae (commit)
  from  3c65047d30dacca345d30269b95af4a5c413e8d1 (commit)


- Log -
commit f00a10b89734e84fe80f98ad9e2e77b557c701ae
Author: Ismo Puustinen ismo.puusti...@intel.com
Date:   Fri Aug 7 22:14:47 2015 -0400

GH367: Fix dsa keygen for too-short seed

If the seed value for dsa key generation is too short ( qsize),
return an error. Also update the documentation.

Signed-off-by: Rich Salz rs...@akamai.com
Reviewed-by: Emilia Käsper emi...@openssl.org

---

diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index e030cfa..a4fae17 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -132,18 +132,15 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits,
size_t qbits,
 
 bits = (bits + 63) / 64 * 64;
 
-/*
- * NB: seed_len == 0 is special case: copy generated seed to seed_in
if
- * it is not NULL.
- */
-if (seed_len  (seed_len  (size_t)qsize))
-seed_in = NULL; /* seed buffer too small -- ignore */
-if (seed_len  (size_t)qsize)
-seed_len = qsize;   /* App. 2.2 of FIPS PUB 186 allows larger
- * SEED, but our internal buffers are
- * restricted to 160 bits */
-if (seed_in != NULL)
+if (seed_in != NULL) {
+if (seed_len  (size_t)qsize)
+return 0;
+if (seed_len  (size_t)qsize) {
+/* Don't overflow seed local variable. */

The comment and code here are a slight mismatch, since qsize is
dynamically computed (but limited to three values, the largest of which is
used to size the local variable).  It's not clear that using
SHA256_DIGEST_LENGTH for the check would actually be better, though.

+seed_len = qsize;
+}
 memcpy(seed, seed_in, seed_len);
+}
 
 if ((ctx = BN_CTX_new()) == NULL)
 goto err;
@@ -166,20 +163,18 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits,
size_t qbits,
 
 for (;;) {
 for (;;) {  /* find q */
-int seed_is_random;
+int seed_is_random = seed_in == NULL;

This part seems really bogus; seed_is_random is an int, but seed_in is
const unsigned char *; the assignment makes no sense.

 
 /* step 1 */
 if (!BN_GENCB_call(cb, 0, m++))
 goto err;
 
-if (!seed_len) {
+if (seed_is_random) {

and this chunk can never execute since seed_is_random was just set to 0
(er, NULL).
I guess the intent is to declare the variable in the outer loop?

 if (RAND_bytes(seed, qsize) = 0)
 goto err;
-seed_is_random = 1;
 } else {
-seed_is_random = 0;
-seed_len = 0;   /* use random seed if 'seed_in' turns
out to
- * be bad */
+/* If we come back through, use random seed next time. */
+seed_in = NULL;

and seed_in is never read after this point.

 }
 memcpy(buf, seed, qsize);
 memcpy(buf2, seed, qsize);
diff --git a/doc/crypto/DSA_generate_parameters.pod
b/doc/crypto/DSA_generate_parameters.pod
index d2a0418..92c89a0 100644
--- a/doc/crypto/DSA_generate_parameters.pod
+++ b/doc/crypto/DSA_generate_parameters.pod
@@ -23,13 +23,12 @@ Deprecated:
 DSA_generate_parameters_ex() generates primes p and q and a generator g
 for use in the DSA and stores the result in Bdsa.
 
-Bbits is the length of the prime to be generated; the DSS allows a
-maximum of 1024 bits.
+Bbits is the length of the prime p to be generated.
+For lengths under 2048 bits, the length of q is 160 bits; for lengths
+at least 2048, it is set to 256 bits.

The grammar here is slightly unusual; for lengths of at least 2048 bits
or for lengths 2048 bits and larger would feel more natural to me.

-Ben

 
-If Bseed is BNULL or Bseed_len Elt 20, the primes will be
-generated at random. Otherwise, the seed is used to generate
-them. If the given seed does not yield a prime q, a new random
-seed is chosen and placed at Bseed.
+If Bseed is NULL, the primes will be generated at random.
+If Bseed_len is less than the length of q, an error is returned.
 
 DSA_generate_parameters_ex() places the iteration count in
 *Bcounter_ret and a counter used for finding a generator in
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits



___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl-commits] [openssl] master update

[Kaduk, Ben]

On 8/28/15, 10:34, Salz, Rich rs...@akamai.com wrote:

TL;DR -- Don't read the diff, look at the revised code.

 The comment and code here are a slight mismatch, since qsize is
dynamically
 computed (but limited to three values, the largest of which is used to
size the
 local variable).  It's not clear that using SHA256_DIGEST_LENGTH for the
 check would actually be better, though.

If you can think of a more-c lear comment, let me know.  But checking
against qsize is the right thing to do.

 +int seed_is_random = seed_in == NULL;
 
 This part seems really bogus; seed_is_random is an int, but seed_in is
const
 unsigned char *; the assignment makes no sense.

No, it's like seed_in == NULL ? 1 : 0

Sigh, need more coffee.

Sorry for the noise :(

-Ben


 I guess the intent is to declare the variable in the outer loop?

Nope.  

 and seed_in is never read after this point.

It was set up before the loop.

 The grammar here is slightly unusual; for lengths of at least 2048
bits
 or for lengths 2048 bits and larger would feel more natural to me.

Open a ticket :)




___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl-commits] [openssl] master update

[Salz, Rich]

TL;DR -- Don't read the diff, look at the revised code.

 The comment and code here are a slight mismatch, since qsize is dynamically
 computed (but limited to three values, the largest of which is used to size 
 the
 local variable).  It's not clear that using SHA256_DIGEST_LENGTH for the
 check would actually be better, though.

If you can think of a more-c lear comment, let me know.  But checking against 
qsize is the right thing to do.

 +int seed_is_random = seed_in == NULL;
 
 This part seems really bogus; seed_is_random is an int, but seed_in is const
 unsigned char *; the assignment makes no sense.

No, it's like seed_in == NULL ? 1 : 0

 I guess the intent is to declare the variable in the outer loop?

Nope.  

 and seed_in is never read after this point.

It was set up before the loop. 

 The grammar here is slightly unusual; for lengths of at least 2048 bits
 or for lengths 2048 bits and larger would feel more natural to me.

Open a ticket :)

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl-commits] [openssl] master update

[Salz, Rich]

Rats.  Looked at the wrong build output ;(  thanks.  Will fix shortly.


___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl-commits] [openssl] master update

[Rainer Jung]

Am 22.06.2015 um 21:49 schrieb Rich Salz:

The branch master has been updated
via  75ba5c58c6b3b3326a6c3198100830afa120e7c3 (commit)
   from  389ebcecae2575188a4ff9566389ce694352be43 (commit)


- Log -
commit 75ba5c58c6b3b3326a6c3198100830afa120e7c3
Author: Rich Salz rs...@akamai.com
Date:   Sat Jun 13 17:18:47 2015 -0400

 RT3907: avoid local in testssl script

 Reviewed-by: Richard Levitte levi...@openssl.org

---

Summary of changes:
  test/testssl | 5 ++---
  1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/test/testssl b/test/testssl
index 7e834a7..cb8e56a 100644
--- a/test/testssl
+++ b/test/testssl
@@ -118,11 +118,10 @@ echo test sslv2/sslv3 with both client and server 
authentication via BIO pair an
  $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1

  test_cipher() {
-  local cipher=$1
-  local protocol=$2
+_cipher=$1


It seems _cipher is never used and instead the function still uses 
cipher (which is the variable which is set elsewhere before calling 
the function test_cipher).



  echo Testing $cipher
  prot=
-if [ $protocol = SSLv3 ] ; then
+if [ $2 = SSLv3 ] ; then
prot=-ssl3
  fi
  $ssltest -cipher $cipher $prot


Regards,

Rainer
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl-commits] [openssl] master update

[Rainer Jung]

Am 10.04.2015 um 18:28 schrieb Viktor Dukhovni:

The branch master has been updated
via  34b0a927ab5c9232bcf864d524a9bf2558411700 (commit)
   from  e71cecd551f1d8beca20681184d94f7000a5e333 (commit)


- Log -
commit 34b0a927ab5c9232bcf864d524a9bf2558411700
Author: Viktor Dukhovni openssl-us...@dukhovni.org
Date:   Fri Apr 10 12:25:30 2015 -0400

 Polish shell script to avoid needless complexity.

 No need for here documents, just use yes or /dev/null.
 No need for || exit 1 clauses, just use set -e.

 Reviewed-by: Rich Salz rs...@openssl.org
 Reviewed-by: Richard Levitte levi...@openssl.org

---

Summary of changes:
  test/testca | 32 +---
  1 file changed, 9 insertions(+), 23 deletions(-)

diff --git a/test/testca b/test/testca
index d4d0159..4bcb1fd 100644
--- a/test/testca
+++ b/test/testca
@@ -1,5 +1,7 @@
  #!/bin/sh


So this is a /bin/sh script, not necessarily bash or ksh, and thus ...


@@ -9,35 +11,19 @@ else
  fi
  export PATH

-SSLEAY_CONFIG=-config CAss.cnf
-export SSLEAY_CONFIG
-
-OPENSSL=`pwd`/../util/opensslwrap.sh
-export OPENSSL
+export SSLEAY_CONFIG=-config CAss.cnf
+export OPENSSL=`pwd`/../util/opensslwrap.sh


...


-SSLEAY_CONFIG=-config Uss.cnf
-export SSLEAY_CONFIG
-$PERL ../apps/CA.pl -newreq || exit 1
+export SSLEAY_CONFIG=-config Uss.cnf
+$PERL ../apps/CA.pl -newreq

  SSLEAY_CONFIG=-config ../apps/openssl.cnf
-export SSLEAY_CONFIG
-


Combining

  X=Y
  export X

into

  export X=Y

does not work for all plain Shells. E.g. /bin/sh on Solaris is a Bourne 
Shell, which does not support this shortcut:


  $ export X=Y
  X=Y: is not an identifier

Regards,

Rainer
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl-commits] [openssl] master update (Add Camellia CTR mode, dda8199922f9d52087d2c41b22a61eb4f9671385)

[Andy Polyakov]

On 02/12/15 12:49, Rainer Jung wrote:
 Am 12.02.2015 um 12:00 schrieb Andy Polyakov:
 diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c
 index 174a419..7ae36d7 100644
 --- a/crypto/evp/c_allc.c
 +++ b/crypto/evp/c_allc.c
 @@ -245,5 +245,8 @@ void OpenSSL_add_all_ciphers(void)
EVP_add_cipher(EVP_camellia_256_ofb());
EVP_add_cipher_alias(SN_camellia_256_cbc, CAMELLIA256);
EVP_add_cipher_alias(SN_camellia_256_cbc, camellia256);
 +EVP_add_cipher(EVP_camellia_128_ctr());
 +EVP_add_cipher(EVP_camellia_192_ctr());
 +EVP_add_cipher(EVP_camellia_256_ctr());
#endif
}

 We get build warnings and crashes during run in EVP_add_cipher().

 Thanks. I'm on it. Out of curiosity, with which config do you get
 crashes? I don't mean that this doesn't need fixing, I only want to have
 a reference.
 
 Thanks to you.
 
 The crash occurred while using it during a CI build for Tomcat plus
 Tomcat native connector (tcnative) which in turn uses OpenSSL.

Question was rather about OS. The question I seek answer to is how did
it evade the usual test and/or what is so special about your environment.

 OpenSSL was build with config --prefix=... shared enable-deprecated.
 
 I don't have a full stack available. The Java HS-Error file says:
 
 [junit] #
 [junit] # A fatal error has been detected by the Java Runtime
 Environment:
 [junit] #
 [junit] #  SIGSEGV (0xb) at pc=0x7fb882f66ef9, pid=32437,
 tid=140431064893184

Ah! Keyword is likely to be that it was shared build. I mean implicit
cast can slip through in non-shared case, because in such case code is
loaded in lower 2GB, while shared libraries tend to be mapped far above
4GB. Thanks.

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl-commits] [openssl] master update (Add Camellia CTR mode, dda8199922f9d52087d2c41b22a61eb4f9671385)

[Rainer Jung]

Am 11.02.2015 um 20:30 schrieb Andy Polyakov:

The branch master has been updated
via  dda8199922f9d52087d2c41b22a61eb4f9671385 (commit)
via  c79e17731f462d6d42b917027a7085c0f59a2214 (commit)
   from  b7c9187b32a14b5b4a850161aed5c044d2130d5a (commit)


- Log -
commit dda8199922f9d52087d2c41b22a61eb4f9671385
Author: Andy Polyakov ap...@openssl.org
Date:   Wed Feb 11 20:30:13 2015 +0100

 Add Camellia CTR mode.

 Reviewed-by: Rich Salz rs...@openssl.org



...


---

Summary of changes:
  crypto/evp/c_allc.c|3 ++
  crypto/evp/e_camellia.c|9 ++---
  crypto/evp/evptests.txt|   64 ++
  crypto/objects/obj_dat.h   |   82 +---
  crypto/objects/obj_mac.h   |   60 
  crypto/objects/obj_mac.num |   12 +++
  crypto/objects/objects.txt |   12 +++
  7 files changed, 231 insertions(+), 11 deletions(-)

diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c
index 174a419..7ae36d7 100644
--- a/crypto/evp/c_allc.c
+++ b/crypto/evp/c_allc.c
@@ -245,5 +245,8 @@ void OpenSSL_add_all_ciphers(void)
  EVP_add_cipher(EVP_camellia_256_ofb());
  EVP_add_cipher_alias(SN_camellia_256_cbc, CAMELLIA256);
  EVP_add_cipher_alias(SN_camellia_256_cbc, camellia256);
+EVP_add_cipher(EVP_camellia_128_ctr());
+EVP_add_cipher(EVP_camellia_192_ctr());
+EVP_add_cipher(EVP_camellia_256_ctr());
  #endif
  }


We get build warnings and crashes during run in EVP_add_cipher(). It 
seems EVP_camellia_128_ctr(), EVP_camellia_192_ctr() and 
EVP_camellia_256_ctr() are missing from crypto/evp/evp.h:


c_allc.c:248:5: warning: implicit declaration of function 
EVP_camellia_128_ctr [-Wimplicit-function-declaration]

 EVP_add_cipher(EVP_camellia_128_ctr());
etc.

Thanks,

Rainer

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl-commits] [openssl] master update (Add Camellia CTR mode, dda8199922f9d52087d2c41b22a61eb4f9671385)

[Rainer Jung]

Am 12.02.2015 um 12:00 schrieb Andy Polyakov:

diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c
index 174a419..7ae36d7 100644
--- a/crypto/evp/c_allc.c
+++ b/crypto/evp/c_allc.c
@@ -245,5 +245,8 @@ void OpenSSL_add_all_ciphers(void)
   EVP_add_cipher(EVP_camellia_256_ofb());
   EVP_add_cipher_alias(SN_camellia_256_cbc, CAMELLIA256);
   EVP_add_cipher_alias(SN_camellia_256_cbc, camellia256);
+EVP_add_cipher(EVP_camellia_128_ctr());
+EVP_add_cipher(EVP_camellia_192_ctr());
+EVP_add_cipher(EVP_camellia_256_ctr());
   #endif
   }


We get build warnings and crashes during run in EVP_add_cipher().


Thanks. I'm on it. Out of curiosity, with which config do you get
crashes? I don't mean that this doesn't need fixing, I only want to have
a reference.


Thanks to you.

The crash occurred while using it during a CI build for Tomcat plus 
Tomcat native connector (tcnative) which in turn uses OpenSSL.


OpenSSL was build with config --prefix=... shared enable-deprecated.

I don't have a full stack available. The Java HS-Error file says:

[junit] #
[junit] # A fatal error has been detected by the Java Runtime 
Environment:

[junit] #
[junit] #  SIGSEGV (0xb) at pc=0x7fb882f66ef9, pid=32437, 
tid=140431064893184

[junit] #
[junit] # JRE version: Java(TM) SE Runtime Environment (8.0_25-b17) 
(build 1.8.0_25-b17)
[junit] # Java VM: Java HotSpot(TM) 64-Bit Server VM (25.25-b02 
mixed mode linux-amd64 compressed oops)

[junit] # Problematic frame:
[junit] # C  [libcrypto.so.1.1.0+0x14fef9]  EVP_add_cipher+0x9
[junit] #

Regards,

Rainer
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl-commits] [openssl] master update (Add Camellia CTR mode, dda8199922f9d52087d2c41b22a61eb4f9671385)

[Andy Polyakov]

 diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c
 index 174a419..7ae36d7 100644
 --- a/crypto/evp/c_allc.c
 +++ b/crypto/evp/c_allc.c
 @@ -245,5 +245,8 @@ void OpenSSL_add_all_ciphers(void)
   EVP_add_cipher(EVP_camellia_256_ofb());
   EVP_add_cipher_alias(SN_camellia_256_cbc, CAMELLIA256);
   EVP_add_cipher_alias(SN_camellia_256_cbc, camellia256);
 +EVP_add_cipher(EVP_camellia_128_ctr());
 +EVP_add_cipher(EVP_camellia_192_ctr());
 +EVP_add_cipher(EVP_camellia_256_ctr());
   #endif
   }
 
 We get build warnings and crashes during run in EVP_add_cipher().

Thanks. I'm on it. Out of curiosity, with which config do you get
crashes? I don't mean that this doesn't need fixing, I only want to have
a reference.

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev