In message
Sorry, no, it's too late to get this into 1.1
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4410
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Sorry for no documentation.
In SRP6a, after the client and server calculate a common session key, they must
prove to each other that their keys are idential to finish authentication.
That is client send the M1, and server verifies M1 and responses with M2, then
client verifies M2.
I notice that
Hi Everyone,
Testing master on real hardware is showing some minor issues on a few
platforms, including ARM32, ARM64, PowerPC and i686. In addition,
there seems to be one-off issues on other combinations, like VIA's C7
processor on Linux.
In addition to the base issues, there are other minor
In message <20160310224038.ga5...@doctor.nl2k.ab.ca> on Thu, 10 Mar 2016
15:40:38 -0700, The Doctor said:
doctor> Here is your latest gaffe
doctor>
doctor> gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC
Here is your latest gaffe
gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE
-DOPENSSL_PIC -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM
-DRMD160_ASM -DAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
Hello,
With new thread model in some configurations openssl hands on unload of
engine.
Steps to reproduce:
1) after installation add following lines to openssl.cnf before section
[ new_oids ]
#begin
openssl_conf = config
[ config ]
engines = engine_section
[ engine_section ]
engine1 =
Hello ,
It seems to me unified build system work quite well with simultaneous
build jobs.
I would like to report a minor issue - I have to run make 3 times until
all decencies are resolved. Second make rebuild about 450 items. Third
time only speed is rebuild.
The build is in a clean source
Should be resolved now, commit 603358de576217812cb3d752e97c78e476cdc879
Cheers,
Richard
--
Richard Levitte
levi...@openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4412
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe:
Ah, it seems I didn't think of looking for '# *include', only for '#include'...
Fix coming up.
In message on Thu, 10
Mar 2016 20:41:11 +, "noloa...@gmail.com via RT" said:
rt> Working from Master on a BeagleBone
Working from Master on a BeagleBone Black...
$ git reset --hard HEAD && git pull
HEAD is now at 0d4d5ab check reviewer --reviewer=emilia
Already up-to-date.
$ ./config
...
$ make depend && make clean && make
...
gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS
-DOPENSSL_NO_STATIC_ENGINE
A new commit was just added to master, f0667b1430bac3b8c9c5b76985ad24cf9b13a0a9
It should solve this particular ticket and all future similar ones, I hope.
Please try a fresh pull of master and tell me how it goes.
Cheers,
Richard
--
Richard Levitte
levi...@openssl.org
--
Ticket here:
Working from Master:
$ git reset --hard HEAD && git pull
HEAD is now at fb04434 In the recipe using "makedepend", make sure the
object file extension is there
Already up-to-date.
$ ./config
...
$ make depend && make clean && make
...
$ make test
...
( cd test; \
SRCTOP=../. \
BLDTOP=../. \
On Thu, Mar 10, 2016 at 4:05 AM, Richard Levitte via RT
wrote:
> Sometimes, things happen fast.
>
> The diff I posted got into master just moments ago, commit
> d46057277f3b805e5f198e31fc81a892bf5c9141
>
> Still, please try it and report back so I can (hopefully) close this
On Thu, Mar 10, 2016 at 4:05 AM, Richard Levitte via RT
wrote:
> Sometimes, things happen fast.
>
> The diff I posted got into master just moments ago, commit
> d46057277f3b805e5f198e31fc81a892bf5c9141
>
> Still, please try it and report back so I can (hopefully) close this
On Thu, Mar 10, 2016 at 12:58:34PM +, Irena Johnson via RT wrote:
> Our clients are having trouble connecting to our GRAM server, which has a
> sha256 host certificate.
The reason for the connection failures may be unrelated to the
certificate signature algorithm. What specific symptoms
The current state is that, as far as I can tell, overlapping requirements
are undocumented (or is it somewhere and I missed it?) and, for ChaCha,
architecture-specific. I think something certainly needs to be done. Either
changing chacha-x86.pl and allowing any out <= in overlap, or declaring
that
The current state is that, as far as I can tell, overlapping requirements
are undocumented (or is it somewhere and I missed it?) and, for ChaCha,
architecture-specific. I think something certainly needs to be done. Either
changing chacha-x86.pl and allowing any out <= in overlap, or declaring
that
By the way, returning the original subject, I don't believe there is a leak
here.
If EC_GROUP_copy fails, dest still exists and is owned by the caller. It's
the caller's obligation to call EC_GROUP_free and that will release the
partially-copied EC_GROUP. (Which will, with this patch, cause a
256 encryption? You mean SHA-256? That's a digest, not encryption.
My guess, without more information like reproducible test, or a packet dump, is
that the client is configured to only use an earlier version of TLS/SSL, which
did not define SHA256 in its crypto-suites.
--
Ticket here:
Sorry I was not very clear. I meant to say our server has OpenSSL
1.0.1e-fips 11 Feb 2013, which supports 256 encryption.
Our client's side have a more recent version of OpenSSL ( 1.0.1p 9 Jul
2015 ), which apparently does not support 256 encryption. This is the
reason I thought this is a bug (if
We need a little more explanation.
Is this a new feature? Being added to 1.0.2? (That won't be accepted, only
fixes go into released branches.) Or is this something that was dropped and
should be restored?
Unfortunately, the 1.1 freeze deadline is in 24 hours. This won't make it into
1.1
> I am a bit confused, as on our server the openssl version is OpenSSL
> 1.0.1e-fips 11 Feb 2013
>
> I am not quite sure why a more recent version of openssl ( 1.0.1p 9 Jul
> 2015 ) does not support sha256.
SHA-256 is in 1.0.1 You said you had issues and asked what to upgrade to, I
gave a
Richard Levitte - VMS Whacker-2 wrote
> The issue is easily fixed by adding a parameter in the problematic
> call, like this:
>
> if(!bind_helper(ret, engine_e_rsax_id))
Yes, indeed it was simple, I totally missed that.
And now something really weird...
Remember my first post in this topic
Hello Rich,
Thank you for your quick response.
I am a bit confused, as on our server the openssl version is OpenSSL
1.0.1e-fips 11 Feb 2013
I am not quite sure why a more recent version of openssl ( 1.0.1p 9 Jul
2015 ) does not support sha256.
Thanks,
Irena
On Thu, Mar 10, 2016 at 8:00 AM,
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4410
Please log in as guest with password guest if prompted
add_srp_m1_m2.patch
Description: Binary data
add_srp_m1_m2.patch
Description: Binary data
--
openssl-dev mailing list
To unsubscribe:
This is not a bug, it's a question :)
They should install the most recent 1.0.2 release
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4409
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To
Dear OpenSSL Support,
Our clients are having trouble connecting to our GRAM server, which has a
sha256 host certificate.
The version of openssl on their site is:
OpenSSL 1.0.1p 9 Jul 2015
and it appears it's not compatible with sha256 encryption:
The command "openssl ciphers -v | grep 256"
On Friday 26 February 2016 17:37:11 Viktor Dukhovni wrote:
> On Fri, Feb 26, 2016 at 05:29:26PM +, Salz, Rich wrote:
> > As just about the only team member who trolls through RT and closes
> > things with any quantity, I am not sure that I agree that fixing a
> > bug requires documentation if
In message <1457603265658-64536.p...@n7.nabble.com> on Thu, 10 Mar 2016
02:47:45 -0700 (MST), danigrosu said:
dni.grosu> Ok Richard, I figured it out how the md5 engine works, and, I also
dni.grosu> realized that it is a bit different from the RSA engine:
dni.grosu>
In message <1457601549609-64535.p...@n7.nabble.com> on Thu, 10 Mar 2016
02:19:09 -0700 (MST), danigrosu said:
dni.grosu> Blumenthal, Uri - 0553 - MITLL wrote
dni.grosu> > But autotools setup did not work (see my
dni.grosu> > previous post in this thread). Perhaps Richard
Ok Richard, I figured it out how the md5 engine works, and, I also
realized that it is a bit different from the RSA engine:
---different structure (EVP_MD vs RSA_METHOD)
---missing the dynamic bind part, and I have no idea how to do it (see the
above post)
Maybe I should try something else in
Blumenthal, Uri - 0553 - MITLL wrote
> But autotools setup did not work (see my
> previous post in this thread). Perhaps Richard could shed some light on
> that.
I just did what that guy said and it worked. Basically I created a "m4"
directory
and I copied the "ax_check_openssl.m4" file to the
Commit 2e52e7df5 ("Remove the old threading API") left a dummy definition
of the CRYPTO_dynlock for compatibility, if OPENSSL_API_COMPAT < 1.1.0.
However, there's still a DEFINE_STACK_OF(CRYPTO_dynlock) in cryptlib.h
which isn't so masked, and breaks the build if you disable the API
Sometimes, things happen fast.
The diff I posted got into master just moments ago, commit
d46057277f3b805e5f198e31fc81a892bf5c9141
Still, please try it and report back so I can (hopefully) close this ticket.
--
Richard Levitte
levi...@openssl.org
--
Ticket here:
Hi,
so I wonder, would you mind trying the attached patch for size, see if it makes
your build better?
Cheers,
Richard
Vid Ons, 09 Mar 2016 kl. 22.39.57, skrev noloa...@gmail.com:
> Working from Master:
>
> $ git reset --hard HEAD
> HEAD is now at 64b9d84 When grepping something starting with a
do you know anybody who can help? an email or a forum?
Sent from my BlackBerry 10 smartphone.
Original Message
From: Salz, Rich via RT
Sent: miércoles, 9 de marzo de 2016 20:27
To: mario.scalabr...@andifyou.com
Reply To: r...@openssl.org
Cc: openssl-dev@openssl.org
Subject: RE: [openssl-dev]
37 matches
Mail list logo