Re: [openssl-dev] Please consider delaying the Beta-1 freeze for a week or two

In message

Re: [openssl-dev] [openssl.org #4410] [PATCH] add calculation of M1, M2 in srp, based on 1_0_2g(Internet mail)

Sorry, no, it's too late to get this into 1.1 -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4410 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4410] [PATCH] add calculation of M1, M2 in srp, based on 1_0_2g(Internet mail)

Sorry for no documentation. In SRP6a, after the client and server calculate a common session key, they must prove to each other that their keys are idential to finish authentication. That is client send the M1, and server verifies M1 and responses with M2, then client verifies M2. I notice that

[openssl-dev] Please consider delaying the Beta-1 freeze for a week or two

Hi Everyone, Testing master on real hardware is showing some minor issues on a few platforms, including ARM32, ARM64, PowerPC and i686. In addition, there seems to be one-off issues on other combinations, like VIA's C7 processor on Linux. In addition to the base issues, there are other minor

Re: [openssl-dev] openssl-SNAP-20160310 issues

In message <20160310224038.ga5...@doctor.nl2k.ab.ca> on Thu, 10 Mar 2016 15:40:38 -0700, The Doctor said: doctor> Here is your latest gaffe doctor> doctor> gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC

[openssl-dev] openssl-SNAP-20160310 issues

Here is your latest gaffe gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM

[openssl-dev] OPENSSL_cleanup new issue

Hello, With new thread model in some configurations openssl hands on unload of engine. Steps to reproduce: 1) after installation add following lines to openssl.cnf before section [ new_oids ] #begin openssl_conf = config [ config ] engines = engine_section [ engine_section ] engine1 =

[openssl-dev] unified build dependencies

Hello , It seems to me unified build system work quite well with simultaneous build jobs. I would like to report a minor issue - I have to run make 3 times until all decencies are resolved. Second make rebuild about 450 items. Third time only speed is rebuild. The build is in a clean source

[openssl-dev] [openssl.org #4412] Debian and ARM32 (armv7l): fatal error: arm_arch.h: No such file or directory

Should be resolved now, commit 603358de576217812cb3d752e97c78e476cdc879 Cheers, Richard -- Richard Levitte levi...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4412 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] [openssl.org #4412] Debian and ARM32 (armv7l): fatal error: arm_arch.h: No such file or directory

Ah, it seems I didn't think of looking for '# *include', only for '#include'... Fix coming up. In message on Thu, 10 Mar 2016 20:41:11 +, "noloa...@gmail.com via RT" said: rt> Working from Master on a BeagleBone

[openssl-dev] [openssl.org #4412] Debian and ARM32 (armv7l): fatal error: arm_arch.h: No such file or directory

Working from Master on a BeagleBone Black... $ git reset --hard HEAD && git pull HEAD is now at 0d4d5ab check reviewer --reviewer=emilia Already up-to-date. $ ./config ... $ make depend && make clean && make ... gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE

[openssl-dev] [openssl.org #4406] Linaro and ARM/64/AARCH64: fatal error: arm_arch.h: No such file or directory

A new commit was just added to master, f0667b1430bac3b8c9c5b76985ad24cf9b13a0a9 It should solve this particular ticket and all future similar ones, I hope. Please try a fresh pull of master and tell me how it goes. Cheers, Richard -- Richard Levitte levi...@openssl.org -- Ticket here:

[openssl-dev] [openssl.org #4411] VIA C7-D processor: Hang in 30-test_afalg.t

Working from Master: $ git reset --hard HEAD && git pull HEAD is now at fb04434 In the recipe using "makedepend", make sure the object file extension is there Already up-to-date. $ ./config ... $ make depend && make clean && make ... $ make test ... ( cd test; \ SRCTOP=../. \ BLDTOP=../. \

Re: [openssl-dev] [openssl.org #4406] Linaro and ARM/64/AARCH64: fatal error: arm_arch.h: No such file or directory

On Thu, Mar 10, 2016 at 4:05 AM, Richard Levitte via RT wrote: > Sometimes, things happen fast. > > The diff I posted got into master just moments ago, commit > d46057277f3b805e5f198e31fc81a892bf5c9141 > > Still, please try it and report back so I can (hopefully) close this

Re: [openssl-dev] [openssl.org #4406] Linaro and ARM/64/AARCH64: fatal error: arm_arch.h: No such file or directory

On Thu, Mar 10, 2016 at 4:05 AM, Richard Levitte via RT wrote: > Sometimes, things happen fast. > > The diff I posted got into master just moments ago, commit > d46057277f3b805e5f198e31fc81a892bf5c9141 > > Still, please try it and report back so I can (hopefully) close this

Re: [openssl-dev] [openssl.org #4409] bug OpenSSL 1.0.1p 9 Jul 2015

On Thu, Mar 10, 2016 at 12:58:34PM +, Irena Johnson via RT wrote: > Our clients are having trouble connecting to our GRAM server, which has a > sha256 host certificate. The reason for the connection failures may be unrelated to the certificate signature algorithm. What specific symptoms

Re: [openssl-dev] [openssl.org #4362] chacha-x86.pl has stricter aliasing requirements than other files

The current state is that, as far as I can tell, overlapping requirements are undocumented (or is it somewhere and I missed it?) and, for ChaCha, architecture-specific. I think something certainly needs to be done. Either changing chacha-x86.pl and allowing any out <= in overlap, or declaring that

Re: [openssl-dev] [openssl.org #4362] chacha-x86.pl has stricter aliasing requirements than other files

The current state is that, as far as I can tell, overlapping requirements are undocumented (or is it somewhere and I missed it?) and, for ChaCha, architecture-specific. I think something certainly needs to be done. Either changing chacha-x86.pl and allowing any out <= in overlap, or declaring that

Re: [openssl-dev] [openssl.org #4401] [PATCH] plug potential memory leak(s) in OpenSSL 1.1 pre 4 in 'ec_lib.c'

By the way, returning the original subject, I don't believe there is a leak here. If EC_GROUP_copy fails, dest still exists and is owned by the caller. It's the caller's obligation to call EC_GROUP_free and that will release the partially-copied EC_GROUP. (Which will, with this patch, cause a

Re: [openssl-dev] [openssl.org #4409] bug OpenSSL 1.0.1p 9 Jul 2015

256 encryption? You mean SHA-256? That's a digest, not encryption. My guess, without more information like reproducible test, or a packet dump, is that the client is configured to only use an earlier version of TLS/SSL, which did not define SHA256 in its crypto-suites. -- Ticket here:

Re: [openssl-dev] [openssl.org #4409] bug OpenSSL 1.0.1p 9 Jul 2015

Sorry I was not very clear. I meant to say our server has OpenSSL 1.0.1e-fips 11 Feb 2013, which supports 256 encryption. Our client's side have a more recent version of OpenSSL ( 1.0.1p 9 Jul 2015 ), which apparently does not support 256 encryption. This is the reason I thought this is a bug (if

Re: [openssl-dev] [openssl.org #4410] [PATCH] add calculation of M1, M2 in srp, based on 1_0_2g

We need a little more explanation. Is this a new feature? Being added to 1.0.2? (That won't be accepted, only fixes go into released branches.) Or is this something that was dropped and should be restored? Unfortunately, the 1.1 freeze deadline is in 24 hours. This won't make it into 1.1

Re: [openssl-dev] [openssl.org #4409] bug OpenSSL 1.0.1p 9 Jul 2015

> I am a bit confused, as on our server the openssl version is OpenSSL > 1.0.1e-fips 11 Feb 2013 > > I am not quite sure why a more recent version of openssl ( 1.0.1p 9 Jul > 2015 ) does not support sha256. SHA-256 is in 1.0.1 You said you had issues and asked what to upgrade to, I gave a

Re: [openssl-dev] Errors when loading an OpenSSL RSA Engine

Richard Levitte - VMS Whacker-2 wrote > The issue is easily fixed by adding a parameter in the problematic > call, like this: > > if(!bind_helper(ret, engine_e_rsax_id)) Yes, indeed it was simple, I totally missed that. And now something really weird... Remember my first post in this topic

Re: [openssl-dev] [openssl.org #4409] bug OpenSSL 1.0.1p 9 Jul 2015

Hello Rich, Thank you for your quick response. I am a bit confused, as on our server the openssl version is OpenSSL 1.0.1e-fips 11 Feb 2013 I am not quite sure why a more recent version of openssl ( 1.0.1p 9 Jul 2015 ) does not support sha256. Thanks, Irena On Thu, Mar 10, 2016 at 8:00 AM,

[openssl-dev] [openssl.org #4410] [PATCH] add calculation of M1, M2 in srp, based on 1_0_2g

-- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4410 Please log in as guest with password guest if prompted add_srp_m1_m2.patch Description: Binary data add_srp_m1_m2.patch Description: Binary data -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4409] bug OpenSSL 1.0.1p 9 Jul 2015

This is not a bug, it's a question :) They should install the most recent 1.0.2 release -- Rich Salz, OpenSSL dev team; rs...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4409 Please log in as guest with password guest if prompted -- openssl-dev mailing list To

[openssl-dev] [openssl.org #4409] bug OpenSSL 1.0.1p 9 Jul 2015

Dear OpenSSL Support, Our clients are having trouble connecting to our GRAM server, which has a sha256 host certificate. The version of openssl on their site is: OpenSSL 1.0.1p 9 Jul 2015 and it appears it's not compatible with sha256 encryption: The command "openssl ciphers -v | grep 256"

Re: [openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity

On Friday 26 February 2016 17:37:11 Viktor Dukhovni wrote: > On Fri, Feb 26, 2016 at 05:29:26PM +, Salz, Rich wrote: > > As just about the only team member who trolls through RT and closes > > things with any quantity, I am not sure that I agree that fixing a > > bug requires documentation if

Re: [openssl-dev] Errors when loading an OpenSSL RSA Engine

In message <1457603265658-64536.p...@n7.nabble.com> on Thu, 10 Mar 2016 02:47:45 -0700 (MST), danigrosu said: dni.grosu> Ok Richard, I figured it out how the md5 engine works, and, I also dni.grosu> realized that it is a bit different from the RSA engine: dni.grosu>

Re: [openssl-dev] Errors when loading an OpenSSL RSA Engine

In message <1457601549609-64535.p...@n7.nabble.com> on Thu, 10 Mar 2016 02:19:09 -0700 (MST), danigrosu said: dni.grosu> Blumenthal, Uri - 0553 - MITLL wrote dni.grosu> > But autotools setup did not work (see my dni.grosu> > previous post in this thread). Perhaps Richard

Re: [openssl-dev] Errors when loading an OpenSSL RSA Engine

Ok Richard, I figured it out how the md5 engine works, and, I also realized that it is a bit different from the RSA engine: ---different structure (EVP_MD vs RSA_METHOD) ---missing the dynamic bind part, and I have no idea how to do it (see the above post) Maybe I should try something else in

Re: [openssl-dev] Errors when loading an OpenSSL RSA Engine

Blumenthal, Uri - 0553 - MITLL wrote > But autotools setup did not work (see my > previous post in this thread). Perhaps Richard could shed some light on > that. I just did what that guy said and it worked. Basically I created a "m4" directory and I copied the "ax_check_openssl.m4" file to the

[openssl-dev] [openssl.org #4408] [PATCH] Remove last traces of CRYPTO_dynlock for non-compatibility build

Commit 2e52e7df5 ("Remove the old threading API") left a dummy definition of the CRYPTO_dynlock for compatibility, if OPENSSL_API_COMPAT < 1.1.0. However, there's still a DEFINE_STACK_OF(CRYPTO_dynlock) in cryptlib.h which isn't so masked, and breaks the build if you disable the API

[openssl-dev] [openssl.org #4406] Linaro and ARM/64/AARCH64: fatal error: arm_arch.h: No such file or directory

Sometimes, things happen fast. The diff I posted got into master just moments ago, commit d46057277f3b805e5f198e31fc81a892bf5c9141 Still, please try it and report back so I can (hopefully) close this ticket. -- Richard Levitte levi...@openssl.org -- Ticket here:

[openssl-dev] [openssl.org #4406] Linaro and ARM/64/AARCH64: fatal error: arm_arch.h: No such file or directory

Hi, so I wonder, would you mind trying the attached patch for size, see if it makes your build better? Cheers, Richard Vid Ons, 09 Mar 2016 kl. 22.39.57, skrev noloa...@gmail.com: > Working from Master: > > $ git reset --hard HEAD > HEAD is now at 64b9d84 When grepping something starting with a

Re: [openssl-dev] [openssl.org #4276] AutoReply: Possible bug - ts -verify -digest, error:ts_rsp_verify.c:291:

do you know anybody who can help? an email or a forum? Sent from my BlackBerry 10 smartphone.   Original Message   From: Salz, Rich via RT Sent: miércoles, 9 de marzo de 2016 20:27 To: mario.scalabr...@andifyou.com Reply To: r...@openssl.org Cc: openssl-dev@openssl.org Subject: RE: [openssl-dev]