Re: [openssl-dev] memory leaks detected using libSSL 1.1

Hi Matt, Thanks for the suggestion. This is what was printed to stderr : OPENSSL_INIT: ossl_init_base: Setting up stop handlers OPENSSL_INIT: ossl_init_add_all_ciphers: openssl_add_all_ciphers_internal() OPENSSL_INIT: ossl_init_add_all_digests: openssl_add_all_digests_internal() OPENSSL_INIT:

Re: [openssl-dev] [openssl.org #4320] [Patch] OpenSSL 1.1.0-pre3: "unable to load Key" error in PEM_get_EVP_CIPHER_INFO()

Yes, thanks, I was being dumb :( -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4320] [Patch] OpenSSL 1.1.0-pre3: "unable to load Key" error in PEM_get_EVP_CIPHER_INFO()

Am 17.02.2016 um 19:51 schrieb Salz, Rich: > >>*header = c; >> +header++; > > Header isn't used after that assignment. How does this line change anything? The call to load_iv() that occurs next, has as its first argument header_pp which is a pointer to header: char **header_pp =

Re: [openssl-dev] [openssl.org #4320] [Patch] OpenSSL 1.1.0-pre3: "unable to load Key" error in PEM_get_EVP_CIPHER_INFO()

Am 17.02.2016 um 19:51 schrieb Salz, Rich: *header = c; +header++; Header isn't used after that assignment. How does this line change anything? The call to load_iv() that occurs next, has as its first argument header_pp which is a pointer to header: char **header_pp =

Re: [openssl-dev] [openssl.org #4320] [Patch] OpenSSL 1.1.0-pre3: "unable to load Key" error in PEM_get_EVP_CIPHER_INFO()

> *header = c; > +header++; Header isn't used after that assignment. How does this line change anything? -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4320] [Patch] OpenSSL 1.1.0-pre3: "unable to load Key" error in PEM_get_EVP_CIPHER_INFO()

> *header = c; > +header++; Header isn't used after that assignment. How does this line change anything? -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4320 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3628] [PATCH] NDEBUG macro and redundant strings

fixed in 90fddb380977fa4f0a5de75b8fa889f29e34 pushed to master, thanks. -- Rich Salz, OpenSSL dev team; rs...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3628 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4310] Fix various no-XXX build options

fixed with commit 1288f26 pushed to master. thanks! -- Rich Salz, OpenSSL dev team; rs...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4310 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4320] [Patch] OpenSSL 1.1.0-pre3: "unable to load Key" error in PEM_get_EVP_CIPHER_INFO()

Change https://github.com/openssl/openssl/commit/33a6d5a0e565e08758bcb6af456ec657c3a7a76a introduced a bug in crypto/pem/pem_lib.c function PEM_get_EVP_CIPHER_INFO(). One line was removed that is actually needed. The following patch fixes it: --- crypto/pem/pem_lib.c 2016-02-15

Re: [openssl-dev] [openssl.org #3964] Fix OPENSSL_NO_STDIO build

> It looks like we're in fairly good shape for the OpenSSL 1.1.0 release > to work "out of the box". That will be great. > I would like to see what we can do in the way of automated testing, > though. It should be possible to at least have Travis-CI make > libcrypto.so for the Linux target,

Re: [openssl-dev] [openssl.org #3964] Fix OPENSSL_NO_STDIO build

On Tue, 2016-02-09 at 02:57 +, Long, Qin wrote: > these two weeks.> > > David, I agree it's really horrid to include those _lcl.h to meet > EDK2 API requirement.  I am thinking it's better to re-design some > APIs to align the new opaque structure style. E.g. replacing the >

Re: [openssl-dev] ECDH engine

Yea, my nice email server decided that it needed to re-send that piece. ;) But there have been changes since our conversation in January. I’d greatly appreciate if you could take a look at the current Github master of openssl/libp11 (it now has subsumed engine_pkcs11, and integrated ECDH support)

[openssl-dev] [openssl.org #4319] openssl-1.1.0-pre3 Configure does not set cflags correctly on Solaris10 x64

Configure does not set cflags correctly on Solaris10 x64. In Configurations/10-main.conf line 75, it is written as cflags   => add_before("-m64 -Wall -DL_ENDIAN"), but, it is not set to CFLAGS. Make does not generate 64-bits code (-m64 is not used). Configure log is attached. %

Re: [openssl-dev] ECDH engine

Hi Uri, On Wed, Jan 27, 2016 at 9:25 AM, Blumenthal, Uri - 0553 - MITLL < u...@ll.mit.edu> wrote: > When I started to write the ECDSA code for engine_pkcs11 in 2011 the code > to support the method hooks was not > in the code. So I used internal OpenSSL header files to copy the > ECDSA_METHOD

Re: [openssl-dev] memory leaks detected using libSSL 1.1

On 16/02/16 23:25, Michel wrote: > Hi Matt, > > Yes I am linking statically and I read the man about OPENSSL_init_crypto(), > thanks. > However I still have leaks reported. > :-( > > What I have changed to adapt to v1.1 is calling OPENSSL_thread_stop() in > each thread before it leaves, >

[openssl-dev] [openssl.org #4318] [PATCH] Fix OSSL_SSIZE_MAX for UEFI build

checked into master at 21b80f9 thanks! -- Rich Salz, OpenSSL dev team; rs...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4318 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] Openssl-SNAP-20160216 issues

On Tue, Feb 16, 2016 at 10:42:21AM +0100, Richard Levitte wrote: > In message <20160216090030.ga11...@doctor.nl2k.ab.ca> on Tue, 16 Feb 2016 > 02:00:30 -0700, The Doctor said: > > doctor> In the make test I am getting > doctor> > doctor> What can do to see why these

[openssl-dev] [openssl.org #4318] [PATCH] Fix OSSL_SSIZE_MAX for UEFI build

Commit e634b448c ("Defines OSSL_SSIZE_MAX") introduced a definition of OSSL_SSIZE_MAX which broke the UEFI build. Fix that by making UEFI take the same definition as Ultrix (ssize_t == int). ---  include/openssl/e_os2.h | 2 +-  1 file changed, 1 insertion(+), 1 deletion(-) diff --git

[openssl-dev] [openssl.org #4315] [PATCH] Fix UEFI build in crypto/init.c

Fixed in master with commit c7b7938 thank you! -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4315 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4317] openssl-1.1.0-pre3 make error with Configure option "zlib-dynamic"

Openssl-1.1.0-pre3 make fails with Configure option "zlib-dynamic". Without "zlib-dynamic", make & make check passed. With "zlib", make & make check also passed. Tried on Solaris10 x86, with #4314 fix. % ./Configure solaris-x86-gcc threads shared zlib-dynamic no-ssl3 % make   : gcc -DDSO_DLFCN

[openssl-dev] [openssl.org #4315] [PATCH] Fix UEFI build in crypto/init.c

We don't have atexit() in the EDK2 environment. Firmware never exits. ---  crypto/init.c | 2 ++  1 file changed, 2 insertions(+) diff --git a/crypto/init.c b/crypto/init.c index 25e3dc7..c7eff8b 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -270,7 +270,9 @@ static void ossl_init_base(void)    

[openssl-dev] [openssl.org #4316] Build failure with OPENSSL_NO_DES or OPENSSL_NO_AES defined

Affected version: 1.0.2f crypto/cms/cms_kari.c calls EVP_des_ede3_wrap without checking whether OPENSSL_NO_DES is defined, and EVP_aes_XXX_wrap without checking if OPENSSL_NO_AES is defined. See the attached patch for the fix -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4316

[openssl-dev] [openssl.org #4313] [PATCH] Fix build for !IMPLEMENTED code path in CRYPTO_secure_free()

commit 6a78ae2821e89a8838714496524fd39d9d21fb1b is in master now, thanks! -- Rich Salz, OpenSSL dev team; rs...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4313 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4314] openssl-1.1.0-pre3 make error on Solaris 10 x86

fixed in mater. commit 29620124ff1624af5411d8d2998fdd7b102a5d48 Author: Richard Levitte Date: Tue Feb 16 10:27:16 2016 +0100 On solaris, the variable name sun clashes, use s_un instead For orthogonality, we change sin -> s_in and sin6 -> s_in6 as well. Reviewed-by: Matt

Re: [openssl-dev] [openssl.org #4175] Add new macro or PKCS7 flag to disable the check for both data and content

> If you say that removing the #ifdef instead of removing the whole code block > that it contained was a mistake, then I shall take you at your word and > refrain > from harping on *too* much about how naughty it was to have a functional > change hidden away in a commit which simply entitled

[openssl-dev] [openssl.org #4314] openssl-1.1.0-pre3 make error on Solaris 10 x86

Hello, Openssl-1.1.0-pre3 make fails on Solaris 10 x86, such as make[2]: Entering directory '/tmp/openssl-1.1.0-pre3/crypto/bio' gcc -I.. -I../.. -I../modes -I../include -I../../include  -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_T HREADS -DOPENSSL_PIC -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2

Re: [openssl-dev] OpenSSL 1.1.0 and OCSP stapling with status_request_v2 (RFC 6961)

A GitHub Pull Request to do this would be very helpful. We have a month and the team is busy... -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4313] [PATCH] Fix build for !IMPLEMENTED code path in CRYPTO_secure_free()

Commit 05c7b1631 ("Implement the use of heap manipulator implementions") added 'file' and 'line' arguments to CRYPTO_free() and friends, but neglected to fix up the !IMPLEMENTED case within CRYPTO_secure_free(). Add the missing arguments there too. ---  crypto/mem_sec.c | 2 +-  1 file changed, 1

Re: [openssl-dev] [openssl.org #4175] Add new macro or PKCS7 flag to disable the check for both data and content

On Tue, 2015-12-08 at 12:56 +, Salz, Rich via RT wrote: > I think that instead of the #ifdef being removed, the if() test > should be removed. This was my mistake. Like this, then...  https://github.com/openssl/openssl/pull/694 for HEAD https://github.com/openssl/openssl/pull/695 for 1.0.2

Re: [openssl-dev] [openssl.org #4175] Add new macro or PKCS7 flag to disable the check for both data and content

On Tue, 2015-12-08 at 12:56 +, Salz, Rich via RT wrote: > I think that instead of the #ifdef being removed, the if() test > should be removed. This was my mistake. Like this, then...  https://github.com/openssl/openssl/pull/694 for HEAD https://github.com/openssl/openssl/pull/695 for 1.0.2

[openssl-dev] [openssl.org #4267] Missing accessor to the EVP_CIPHER_CTX member oiv

May I suggest that you use EVP_CIPHER_set_asn1_iv() and/or EVP_CIPHER_get_asn1_iv()? With a temporary ASN1_TYPE to which you assign gcp->iv, that should be perfectly possible, no? Cheers, Richard Vid Ons, 17 Feb 2016 kl. 09.53.04, skrev beld...@gmail.com: > Dear Richard, > > I am not sure it

Re: [openssl-dev] [openssl.org #4267] Missing accessor to the EVP_CIPHER_CTX member oiv

Dear Richard, I am not sure it will not break the compatibility. Both implementations of the GOST ciphers require access to this field. On Wed, Feb 17, 2016 at 12:42 PM, Richard Levitte via RT wrote: > Hi, > > I'm sorry, the oiv field is EVP private. Sure, it's been

Re: [openssl-dev] [openssl.org #4267] Missing accessor to the EVP_CIPHER_CTX member oiv

Dear Richard, I am not sure it will not break the compatibility. Both implementations of the GOST ciphers require access to this field. On Wed, Feb 17, 2016 at 12:42 PM, Richard Levitte via RT wrote: > Hi, > > I'm sorry, the oiv field is EVP private. Sure, it's been

[openssl-dev] [openssl.org #4267] Missing accessor to the EVP_CIPHER_CTX member oiv

Hi, I'm sorry, the oiv field is EVP private. Sure, it's been accessible (and thoroughly misused in some cases) when EVP_CIPHER_CTX was open, but in essence, it's a EVP private store of the IV that was given at EVP_CipherInit(). If you want to retain a copy of the original IV, I suggest you have

[openssl-dev] OpenSSL 1.1.0 and OCSP stapling with status_request_v2 (RFC 6961)

It looks like there are some upcoming use cases that would need to be able to use OCSP stapling to verify both the server certificate and the intermediate CA certificate that issued that server certificate. This would require support for RFC 6961 extensions to OCSP stapling. Since the actual OCSP

Re: [openssl-dev] [openssl-users] OpenSSL version 1.1.0 pre release 3 published

Dear Rich, > Just to emphasize one important point: Our next release is planned to be > Beta-1, in about a month. After that, no new API's or features will be > added to OpenSSL 1.1 > > If so, could you take a look at RT#4267? Thank you! -- SY, Dmitry Belyavsky -- openssl-dev mailing list