[openssl-dev] Configure zlib broken in latest 1.1 git

https://github.com/openssl/openssl/commit/98fdbce09144a8addc6682a0ffd8ac92b2ce70b1 broke Configure zlib the required -lz never makes it into the produced Makefile I used Configure solaris64-x86_64-cc but I think this is more generic -- openssl-dev mailing list To unsubscribe: https://mta.open

[openssl-dev] [openssl.org #4372] [PATCH] Missing sanity check for OPENSSL_malloc() in openssl-1.0.2g in th-lock.c

th_lock is sample code :) fixed in 1.1 with the integration of ntive threads support. -- Rich Salz, OpenSSL dev team; rs...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4372 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubsc

[openssl-dev] [openssl.org #1364] index.txt corruptions

not enough information to reproduce this. the "ca" command does no locking, it does not support multiple simultaneous invocations. -- Rich Salz, OpenSSL dev team; rs...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=1364 Please log in as guest with password guest if prom

[openssl-dev] [openssl.org #3701] [PATCH] Use BUF_memdup where appropiate

addressed in the upcoming 1.1 we went with consistency and using OPENSSL_memdup, CRYPTO_memdup, etc. -- Rich Salz, OpenSSL dev team; rs...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3701 Please log in as guest with password guest if prompted -- openssl-dev mailing

[openssl-dev] [openssl.org #3700] [PATCH] remove CRYPTO_strdup, switch callers to BUF_strdup

addressed in upcoming 1.1 release. we went for consistency with OPENSLS_strdup, etc -- Rich Salz, OpenSSL dev team; rs...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3700 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscri

[openssl-dev] [openssl.org #3716] Patch for setting preferred cipher list

a minor utility, can just have in your own app, right? -- Rich Salz, OpenSSL dev team; rs...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3716 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/m

[openssl-dev] [openssl.org #3579] [PATCH] support building with MinGW under msys2

fixed in 1.1 -- Rich Salz, OpenSSL dev team; rs...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3579 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3197] Patch for config and darwin64 on Mac OS X

fixed in master with new config and build system. if there are still issues, please open a new ticket. -- Rich Salz, OpenSSL dev team; rs...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3197 Please log in as guest with password guest if prompted -- openssl-dev mailin

[openssl-dev] [openssl.org #3163] [PATCH] DSTU-4145-2002 engine implementation

If this is still of interest, please do it as an external engine, like GOSTnow is. -- Rich Salz, OpenSSL dev team; rs...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3163 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscrib

[openssl-dev] [openssl.org #2977] CVS still mentioned on openssl.org pages

fixed some time ago. :) -- Rich Salz, OpenSSL dev team; rs...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2977 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2967] Minor Bug - Options Missing from Application Usage

fixed in master; all options are always listed with -help -- Rich Salz, OpenSSL dev team; rs...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2967 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.or

[openssl-dev] [openssl.org #2815] Windows build with Cygwin perl redirecting output incorrectly

fixed in upcoming 1.1 with new build system. -- Rich Salz, OpenSSL dev team; rs...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2815 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/lis

[openssl-dev] [openssl.org #2217] OpenSSL_add_all_algorithms() (and similar) aren't very suitable for library use

addressed in master with the auto-init and thread-once facilities. -- Rich Salz, OpenSSL dev team; rs...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2217 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.o

[openssl-dev] [openssl.org #684] Memory Leaks in RSA_eay_private_decrypt

the code has changed a great deal in the past decade (!!!) -- Rich Salz, OpenSSL dev team; rs...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=684 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.or

[openssl-dev] [openssl.org #1743] crasher due to lack of threadsafety on names_lh

fixed with the new threads and init code. -- Rich Salz, OpenSSL dev team; rs...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=1743 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listin

[openssl-dev] [openssl.org #3536] [PATCH] make locking code in load_builtin_compressions() look less scary

This has been fixed in master with better init code, thread-portability, etc. -- Rich Salz, OpenSSL dev team; rs...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3536 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: ht

[openssl-dev] [openssl.org #2905] Double locking bug added in openssl-1.0.0h crypto/asn1/x_pubkey.c

Sorry we didn't get to this earlier, but 1.0.0 is in maintenance -- security fixes only -- mode. This is also fixed, really well, in master. -- Rich Salz, OpenSSL dev team; rs...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2905 Please log in as guest with password gue

[openssl-dev] [openssl.org #3388] Locking inefficiency

fixed in master with the new locking and thread-local-storage facility. -- Rich Salz, OpenSSL dev team; rs...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3388 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://

[openssl-dev] 答复: 答复: [openssl.org #4360] [BUG] OpenSSL-1.0.1 crash on sha1_block_data_order_ssse3 asm

Here is the info reg: (gdb) info reg rax0x745dd1f0 1952305648 rbx0xf92ba6dd 4180387549 rcx0x7b69e2f6 2070536950 rdx0x86dab00c 2262478860 rsi0x6436d580 1681315200 rdi0x4763c5a8 1197721000 rbp

[openssl-dev] [openssl.org #4373] OS X 10.5, 32-bit PPC, and missing symbols (_ASYNC_get_current_job, _EVP_MD_meth_set_init, _RSA_PKCS1_OpenSSL, _EVP_MD_meth_new...)

Working from master: $ git reset --hard HEAD && git pull HEAD is now at e9b1c42 make errors Then: $ KERNEL_BITS=32 ./config ... $ make depend && make clean && make ... $ make ... LD_LIBRARY_PATH=..: cc -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC

[openssl-dev] Test 80 fails in the current 1.1 build

$ ./Configure darwin64-x86_64-cc enable-rfc3779 threads zlib enable-ec_nistp_64_gcc_128 shared --prefix=/Users/ur20980/src/openssl-1.1 --openssldir=/Users/ur20980/src/openssl-1.1/etc --unified ../test/recipes/80-test_cms.t . 3/4 # Failed test 'compressed content test streaming

[openssl-dev] [openssl.org #4370] [PATCH] Potential for NULL pointer dereferences in OpenSSL-1.0.2g (CWE-476)

Hello All, In reviewing source code in directory 'openssl-1.0.2g/apps', in file 'ca.c', there are a few instances where OPENSSL_malloc() is called, but immediately afterwards a call to memcpy() is made with the return value from the call, but the check for NULL is made AFTER the memcpy(). However

[openssl-dev] [openssl.org #4372] [PATCH] Missing sanity check for OPENSSL_malloc() in openssl-1.0.2g in th-lock.c

Hello All, In reviewing code in OpenSSL-1.0.2g, in directory 'crypto/threads', file 'th-lock.c', in function 'CRYPTO_thread_setup', there is a call to OPENSSL_malloc() which is not checked for a return value of NULL, indicating failure. The patch file below should address/correct this issue: ---

Re: [openssl-dev] 答复: [openssl.org #4360] [BUG] OpenSSL-1.0.1 crash on sha1_block_data_order_ssse3 asm

> 0x2b41740e8da7 <+2967>: je 0x2b41740e8f40 > > 0x2b41740e8dad <+2973>: movdqa 0x40(%r11),%xmm6 > 0x2b41740e8db3 <+2979>: movdqa (%r11),%xmm9 > => 0x2b41740e8db8 <+2984>: movdqu (%r9),%xmm0 >

[openssl-dev] [openssl.org #4371] [PATCH] Missing Sanity Check for malloc() in openssl-1.0.2g for 'apps/speed.c'

Hello All, In reviewing source code for OpenSSL-1.0.2g, it would appear in file 'apps/speed.c', in function 'static int do_multi()', a call to malloc() is made without being tested for a return value of NULL, indicating failure. The patch file below should address/correct this issue: --- speed.c

[openssl-dev] 'make test' broken in 1.0.2g/1.0.1s...

This isn't the most correct fix, however the new release broke the testfipsssl ability to verify that -ssl2 is not accepted for SSLFIPS_ENABLE requests, since this check now fails OK instead of failing NOK as it is supposed to... --- 1.0.2g/test/testfipsssl 2016-03-01 12:29:25 UTC (rev 8415) +

Re: [openssl-dev] [openssl.org #4369] OS X 10.5, 32-bit PPC, and "passing argument 2 of 'cmov' discards qualifiers from pointer target type"

On Wed, Mar 02, 2016 at 04:16:37PM +, noloa...@gmail.com via RT wrote: > curve25519.c: In function 'table_select': > curve25519.c:3323: warning: passing argument 2 of 'cmov' discards That should be fixed shortly. Kurt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4369 Pleas

Re: [openssl-dev] [openssl.org #4366]: OS X 10.5, 64-bit PPC, and chacha-ppc.s:454:Parameter syntax error (parameter 1)

The fix is rather trivial, but I'm not sure how to make PERL script do it: std r30,448(r1) std r31,456(r1) -li12,-1 +lir12,-1 std r0, 480(r1) I don't know if it worked as expected because I don't see a self test that explicitly e

[openssl-dev] [openssl.org #4287] Option -attime for "openssl ts -verify"

Hi, On Tue Feb 02 Stephen Henson wrote: > On Tue Feb 02 15:56:01 2016, frank.br...@ipb-halle.de wrote: > > Hi, > > please find my pull request on > > https://github.com/openssl/openssl/pull/610 > > > > These two patches add an -attime option to "openssl ts -verify" > > similar to the same option i

[openssl-dev] [openssl.org #4369] OS X 10.5, 32-bit PPC, and "passing argument 2 of 'cmov' discards qualifiers from pointer target type"

Compiling on OS X 10.5/32-bit PowerPC. This is Apple's GCC 4.0.1, and not Clang in disguise. $ KERNEL_BITS=32 ./config ... $ make depend && make clean && make ... cc -I.. -I../.. -I../modes -I../include -I../../include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DO

[openssl-dev] Visibility of OPENSSL_ia32cap, OPENSSL_armcap and friends

Hi Andy, On Wed, Mar 2, 2016 at 6:59 AM, Andy Polyakov via RT wrote: >> Patch attached. This is just a little cleanup change to fix not everything >> using the OPENSSL_armcap constants. (Existing ones already are using them, >> so I'm assuming this is okay.) > > Applied. Thanks. Forgive my ignor

[openssl-dev] [openssl.org #3676] [PATCH] Export ASN1 templates for DH and ECDH groups

Steve, what do you thnk? -- Rich Salz, OpenSSL dev team; rs...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3676 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] OpenSSL Security Advisory

On Tuesday 01 March 2016 19:50:51 Nounou Dadoun wrote: > I'm interested in your tlsfuzzer tool (of which this appears to be a > part), is there a larger test suite available? Is there any > documentation out there? > Thanks again .. N No, for now there isn't one. The plan is to have a full featur

Re: [openssl-dev] [openssl.org #4341] [PATCH] Consistently use arm_arch.h constants in armcap assembly code.

> Patch attached. This is just a little cleanup change to fix not everything > using the OPENSSL_armcap constants. (Existing ones already are using them, > so I'm assuming this is okay.) Applied. Thanks. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4341 Please log in as guest wi

Re: [openssl-dev] [openssl.org #3667] [PATCH] Faster GLV elliptic curves

Ported from 1.0 to 1.1 -- PR: https://github.com/openssl/openssl/pull/776 On Tue, Jan 20, 2015 at 4:02 PM, Billy Brumley via RT wrote: > This patch gives about 50% speed improvement for existing GLV elliptic > curves in OpenSSL. Read about it here: > > http://eprint.iacr.org/2015/036 > > It coul

Re: [openssl-dev] [openssl.org #3667] [PATCH] Faster GLV elliptic curves

Ported from 1.0 to 1.1 -- PR: https://github.com/openssl/openssl/pull/776 On Tue, Jan 20, 2015 at 4:02 PM, Billy Brumley via RT wrote: > This patch gives about 50% speed improvement for existing GLV elliptic > curves in OpenSSL. Read about it here: > > http://eprint.iacr.org/2015/036 > > It coul

[openssl-dev] [openssl.org #4368] ESSCertIDv2 Update for RFC 3161

Hello, This patch https://github.com/openssl/openssl/pull/771 adds support for ESSCertIDv2 to ts module as defined in RFC5816 (Update for RFC 3161), thus it removes another hardcoded SHA-1 usage from ts module. It is possible to choose the hash algorithm that is used to calculate certificate id

[openssl-dev] 答复: [openssl.org #4360] [BUG] OpenSSL-1.0.1 crash on sha1_block_data_order_ssse3 asm

Thank you very much for your reply! Here is my complement: 1. I use the OpenSSL 1.0.1q, not 1.0.1r, sorry. 2.> I mean did you experience crash with openssl command (which one if so), or is it a web (or some other tls) server facing network? --our system is C/S structure, client and serv