On Tue, Jun 10, 2014 at 11:35:06PM +0100, Matt Caswell wrote:
> On 10 June 2014 21:52, Kurt Roeckx wrote:
> >> As far as I can see this is SSLv3 only, and only about the Finish
> >> message.
> >>
> >> So it seems that function return the length of the digest, and in
> >> some error cases 0. We'l
>> ...
>> Can you confirm that this resolves your problem:
>> https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=5a0d057e49a6f7b5ee5ff6f8af5ae395abc7b918
>> ...
I applied that patch, which corrected the problem on IRIX and didn't
break anything on the other OSes I build on.
Thanks,
Pieter
On 10 June 2014 21:52, Kurt Roeckx wrote:
>> As far as I can see this is SSLv3 only, and only about the Finish
>> message.
>>
>> So it seems that function return the length of the digest, and in
>> some error cases 0. We'll end up with a wrong value in
>> (peer_)finish_md_len.
>>
>> It should the
On Tue, Jun 10, 2014 at 11:29:02PM +0200, dcrue...@qualitesys.com wrote:
> Hello
>
> In version openssl-1.0.h
>
> In case of malloc error, the buffer is not tested here
I think there are already patches available for most of those
issues. See github pull request #131.
Kurt
__
Hello
In version openssl-1.0.h
In case of malloc error, the buffer is not tested here
In ssl/d1_both.c
int
dtls1_process_heartbeat(SSL *s)
{
.
/* Allocate memory for the response, size is 1 byte
* message type, plus 2 bytes payload length, plus
On Tue, Jun 10, 2014 at 10:33:32PM +0200, Kurt Roeckx wrote:
> On Tue, Jun 10, 2014 at 01:03:17PM -0700, Kyle Hamilton wrote:
> > http://opensslrampage.org/post/88383880093
> >
> > I don't know if this has in fact been given to the OpenSSL team yet. I
> > am not jsing, and I am not involved in th
On Tue, Jun 10, 2014 at 01:03:17PM -0700, Kyle Hamilton wrote:
> http://opensslrampage.org/post/88383880093
>
> I don't know if this has in fact been given to the OpenSSL team yet. I
> am not jsing, and I am not involved in the OpenBSD audit.
>
> However, this is important. If MD5 passes, but S
> http://opensslrampage.org/post/88383880093
The rampager is wrong; see Adam Langley's comments on twitter;
https://twitter.com/agl__/status/476420434095648768
/r$
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rs...@jabber.me; Twitter: RichSalz
___
On 10/06/14 21:59, Kurt Roeckx via RT wrote:
On Tue, Jun 10, 2014 at 09:48:19PM +0200, Jonas Maebe via RT wrote:
On 13/12/13 11:54, The default queue via RT wrote:
In attachment you can find 7 patches against git master (generated via git
format-patch) to fix a number of memory leaks (in case
Should have added: I did not include the issue around SRP and aNULL.
I thought this was a bit odd myself, so after a bit of investigation have
decided this is a bug. Raised as #3396
Matt
__
OpenSSL Project
http://opensslrampage.org/post/88383880093
I don't know if this has in fact been given to the OpenSSL team yet. I
am not jsing, and I am not involved in the OpenBSD audit.
However, this is important. If MD5 passes, but SHA1 fails, then the MAC
verification will pass. This reduces the security
Hi Hubert
Many thanks for your contribution. I have merged all 3 of your pull requests.
Nice work!
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=343e5cf194b7baf244ed24efa4b8e6d9fc5d4921
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4ceddeea6c626a922e1b8f54b6fe1d2b89f8ef90
ht
On Tue, Jun 10, 2014 at 09:48:19PM +0200, Jonas Maebe via RT wrote:
> On 13/12/13 11:54, The default queue via RT wrote:
>
> > In attachment you can find 7 patches against git master (generated via git
> > format-patch) to fix a number of memory leaks (in case of failures) and
> > missing NULL p
On 13/12/13 11:54, The default queue via RT wrote:
> In attachment you can find 7 patches against git master (generated via git
> format-patch) to fix a number of memory leaks (in case of failures) and
> missing NULL pointer checks (generally for malloc results) for source files
> under crypto/
On Tue, Jun 10, 2014 at 09:02:18PM +0200, Matt Caswell via RT wrote:
> Steve Henson says:
>
> "Looks like the SRP cipher decriptions are broken and we need an SSL_aSRP to
> do
> the same as SSL_aPSK."
Also looks like he already fixed the issue in 1.0.0 and later.
Which is all the branches that
RFC5054 says:
"Cipher suites that begin with TLS_SRP_SHA_RSA or TLS_SRP_SHA_DSS
require the server to send a certificate message containing a
certificate with the specified type of public key, and to sign the
server key exchange message using a matching private key.
Cipher suites that do not incl
OpenSSL Support;
I issued the command ms\do_fips (also tried w/ ‘no-ec’ option,) it compiles
for about 5 minutes, and then throws this error…
Creating library tmp32dll\junk.lib and object tmp32dll\junk.exp
fipscanister.lib(rsa_oaep.obj) : error LNK2019: unresolved external symbol
_CR
Hi Pieter
Can you confirm that this resolves your problem:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=5a0d057e49a6f7b5ee5ff6f8af5ae395abc7b918
Thanks
Matt
__
OpenSSL Project http://
On Tue, Jun 10, 2014 at 12:10:23PM -0400, Hubert Kario wrote:
> > > * aRSA, kRSA and RSA groups behave differently in master and 1.0.x
> >
> > Which differences did you have in mind specificically for the above?
>
> On second look, there is no difference in behaviour between 1.0.2 and master.
>
- Original Message -
> From: "Viktor Dukhovni"
> To: openssl-dev@openssl.org
> Sent: Tuesday, June 10, 2014 4:54:26 PM
> Subject: Re: [openssl.org #3384] Patch: add ECC strings to ciphers(1), point
> out difference between DH and ECDH
>
> On Tue, Jun 10, 2014 at 02:33:00PM +0200, Hubert
- Original Message -
> From: "Viktor Dukhovni"
> To: openssl-dev@openssl.org
> Sent: Tuesday, June 10, 2014 4:54:26 PM
> Subject: Re: [openssl.org #3384] Patch: add ECC strings to ciphers(1), point
> out difference between DH and ECDH
>
> On Tue, Jun 10, 2014 at 02:33:00PM +0200, Hubert
On Tue, Jun 10, 2014 at 02:33:00PM +0200, Hubert Kario via RT wrote:
> Note that I've included also few other simple changes already present in
> master that are applicable to either the 1.0.1 or 1.0.2 code base.
> The differences between master and 1.0.x which I taken into account while
> backpor
Thanks for the guidance, much appreciated.
On 06/10/2014 10:31 AM, Dr. Stephen Henson wrote:
> On Tue, Jun 10, 2014, John Foley wrote:
>
>> Can we imply from this commit that the 1.0.2 release is imminent? If
>> not, can anyone provide a rough estimate on when 1.0.2 will be released
>> (1 month,
On Tue, Jun 10, 2014, John Foley wrote:
> Can we imply from this commit that the 1.0.2 release is imminent? If
> not, can anyone provide a rough estimate on when 1.0.2 will be released
> (1 month, 3 months, 6 months from now)?
>
A 1.0.2-beta2 release will happen shortly (the next day or so). So
Can we imply from this commit that the 1.0.2 release is imminent? If
not, can anyone provide a rough estimate on when 1.0.2 will be released
(1 month, 3 months, 6 months from now)?
On 06/10/2014 10:17 AM, Dr. Stephen Henson wrote:
> This is an automated email from the git hooks/post-receive scri
Thor, can you quantify what you mean by "much more expensive"? (And
qualify it - what platform, what operations?)
The way we use the locks, in heavily multi-threaded applications, you can
have a lot of contention with mutexes that wouldn't exist with read/write
locks, because often all threads wo
On Mon, Jun 09, 2014 at 09:15:15PM +0200, Bodo Moeller wrote:
> Geoffrey Thorpe :
>
> First, you're right, pthreads_locking_callback() is collapsing everything
> > to a mutex.
> >
>
> I was well aware of this and thought we did this for compatibility reasons
> (because I couldn't think of any oth
- Original Message -
> From: "Hubert Kario via RT"
> Cc: openssl-dev@openssl.org
> Sent: Monday, June 9, 2014 2:12:28 PM
> Subject: Re: [openssl.org #3384] Patch: add ECC strings to ciphers(1), point
> out difference between DH and ECDH
>
> - Original Message -
> > From: "Matt Ca
- Original Message -
> From: "Hubert Kario via RT"
> Cc: openssl-dev@openssl.org
> Sent: Monday, June 9, 2014 2:12:28 PM
> Subject: Re: [openssl.org #3384] Patch: add ECC strings to ciphers(1), point
> out difference between DH and ECDH
>
> - Original Message -
> > From: "Matt Ca
You should be using 1.0.1h.
Also, not familiar with MacOS X heap checking, but it looks like heap
corruption, which may or may not be OpenSSL's fault. Probably hard to
diagnose without a test case!
On 10 June 2014 07:25, Navneet Kumar (navneeku) wrote:
> Update : Crashes are seen only on MAC OS
Hi,
I have a query for Ca-Cert list.
If at gateway we have configured two CA-certs A1 and A2 both having same
subject and content except time-stamp of generation.
If peer sends Cert matching to A2, gateway tries to validate it with
A1(subject being same and configured first in list) and validatio
Geoffrey Thorpe :
So I'm going to propose that we initially put this patch into the
> development head only, and defer a decision on whether to cherry-pick it
> into stable branches until that testing is in place.
>
Sure, sounds right. (Will you go ahead and handle the patch?)
I certainly don'
32 matches
Mail list logo
