[openssl-dev] [openssl.org #4158] GOST 2012 compatibility is broken by commit 28f4580c1e510ccf4278a20975c9bc3306f758d6

2015-11-29 Thread Dmitry Belyavsky via RT
Hello OpenSSL Team, I found out that the commit 28f4580c1e510ccf4278a20975c9bc3306f758d6 breaks GOST 2012 client auth processing. If the call to the EVP_PKEY_get_default_digest_nid() function is unacceptable here, it can be replaced with the chain of if expressions (the patch is attached). BTW,

[openssl-dev] [openssl.org #4160] Candidate bug, malloc failure related issues in s3_enc.c, hm_pmeth.c

2015-11-29 Thread Trevor Larock via RT
Hi folks, Can I ask about malloc failure handling issues, seems affecting OpenSSL 1.0.1p and 1.0.2d, 1. In s3_enc.c::ssl3_digest_cached_records, we have the below code. s->s3->handshake_dgst = OPENSSL_malloc(SSL_MAX_DIGEST * sizeof(EVP_MD_CTX *)); memset(s->s3->handshake_dgst,

Re: [openssl-dev] [openssl-team] Discussion: design issue: async and -lpthread

2015-11-29 Thread Paul Dale
On Mon, 23 Nov 2015 11:11:37 PM Alessandro Ghedini wrote: > Is this TLS connections? Yes, this is just measuring the TLS handshake. Renegotiations predominately. We deliberately didn't test the bulk symmetric crypto phase of the connection. > I'd like to know more... The data are a bit rough

[openssl-dev] [openssl.org #4159] BUG ::: Null dereference in ssl3_free

2015-11-29 Thread Srinivas Koripella via RT
Description. We are dereferencing s->s3 in ssl3_free without checking if s->s3 is null or not. s->s3 can be null because of the below code path. SSL_new--> ssl3_new/tls1_new (via s->method->ssl_new) which allocates s3 and assigns s->s3 if successful. If not s->s3 will remain null as we memset

Re: [openssl-dev] [openssl.org #4159] BUG ::: Null dereference in ssl3_free

2015-11-29 Thread Srinivas Koripella via RT
Yes. Malloc failed in our case. Srinivas -Original Message- From: Kurt Roeckx via RT [mailto:r...@openssl.org] Sent: Sunday, November 29, 2015 6:59 PM To: Srinivas Koripella Cc: openssl-dev@openssl.org Subject: Re: [openssl-dev] [openssl.org #4159] BUG ::: Null dereference in ssl3_free

Re: [openssl-dev] [openssl.org #4158] GOST 2012 compatibility is broken by commit 28f4580c1e510ccf4278a20975c9bc3306f758d6

2015-11-29 Thread Dmitry Belyavsky
Dear Stephen, On Mon, Nov 30, 2015 at 4:17 AM, Stephen Henson via RT wrote: > On Sun Nov 29 09:04:03 2015, beld...@gmail.com wrote: > > Hello OpenSSL Team, > > > > I found out that the commit 28f4580c1e510ccf4278a20975c9bc3306f758d6 > breaks > > GOST 2012 client auth

Re: [openssl-dev] [openssl.org #4158] GOST 2012 compatibility is broken by commit 28f4580c1e510ccf4278a20975c9bc3306f758d6

2015-11-29 Thread Dmitry Belyavsky via RT
Dear Stephen, On Mon, Nov 30, 2015 at 4:17 AM, Stephen Henson via RT wrote: > On Sun Nov 29 09:04:03 2015, beld...@gmail.com wrote: > > Hello OpenSSL Team, > > > > I found out that the commit 28f4580c1e510ccf4278a20975c9bc3306f758d6 > breaks > > GOST 2012 client auth