[openssl-dev] [openssl.org #4575] 1.0.2 stable branch: .\apps\speed.c(335): error C2065: 'err': undeclared identifier

Thanks. Fixup currently in https://github.com/openssl/openssl/pull/1220, pending approval. Cheers, Richard On Thu Jun 16 02:29:22 2016, simon.rich...@hogyros.de wrote: > Hi, > > the 1.0.2 branch fails to compile on VC-WIN32: > > .\apps\speed.c(335): error C2065: 'err': undeclared identifier > >

Re: [openssl-dev] Split libcrypto.so for coreutils optimization

In message on Wed, 15 Jun 2016 18:05:04 -0500, Victor Rodriguez said: vm.rod25> HI team vm.rod25> vm.rod25> I am enabeling the optimized coreutils sha*sum utils as metioned in vm.rod25> this thread:

[openssl-dev] [openssl.org #4575] 1.0.2 stable branch: .\apps\speed.c(335): error C2065: 'err': undeclared identifier

Hi, the 1.0.2 branch fails to compile on VC-WIN32: .\apps\speed.c(335): error C2065: 'err': undeclared identifier The responsible commit is https://github.com/openssl/openssl/commit/75f90688fb2dec0f897cad8be8b92be725c5016b -ExitProcess(ret); +

Re: [openssl-dev] [openssl.org #4574] Crash introduced in openssl 1.0.2 for non-blocking calls to SSL_write that change the write size

Yes, I realize that this is an error in API use on our part, and we will adjust our logic.    I just filed this issue because what was an error return in 1.0.1 has become a seg fault in 1.0.2, and it looks like the segfault could be avoided with minor effort, which I noted in the bug

Re: [openssl-dev] [openssl.org #4558] Performance issue with DTLS packet reassembly

> It still seems like pqueue out to be excised from the source base and replace > with something simpler. Agree. Could you go to Github and open an issue on this? -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4558 Please log in as guest with password guest if prompted --

Re: [openssl-dev] [openssl.org #4558] Performance issue with DTLS packet reassembly

> It still seems like pqueue out to be excised from the source base and replace > with something simpler. Agree. Could you go to Github and open an issue on this? -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4574] Crash introduced in openssl 1.0.2 for non-blocking calls to SSL_write that change the write size

Please look at the WARNINGS section in SSL_write.pod; you must call it with the exact same arguments (it has been there sincethe turn of the century :). -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4574 Please log in as guest with password guest if prompted -- openssl-dev

[openssl-dev] Split libcrypto.so for coreutils optimization

HI team I am enabeling the optimized coreutils sha*sum utils as metioned in this thread: https://lists.clearlinux.org/pipermail/dev/2016-April/000278.html However the libcrypto.so.1.0.0 is too heavy for our base distro ( 2.2MB ) I am looking for a way to make a patch for our distro (

[openssl-dev] [openssl.org #4346] poly1305-x86.pl's AVX2 code

Some better comments on pre- and post-conditions would be useful. But the fix (the second one) has been commit'd Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4346 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4526] bug: use of ExitProcess on Windows platforms, 1.0.2g

OpenSSL_1_0_2-stable 75f9068 RT4526: Call TerminateProcess, not ExitProcess master 9c1a9cc RT4526: Call TerminateProcess, not ExitProcess Author: Rich Salz Date: Tue Jun 14 16:19:37 2016 -0400 RT4526: Call TerminateProcess, not ExitProcess Reviewed-by: Richard Levitte

[openssl-dev] [openssl.org #4574] Crash introduced in openssl 1.0.2 for non-blocking calls to SSL_write that change the write size

From the Apache Traffic Server community, we have observed a new crash moving from openssl 1.0.1 to openssl 1.0.2.  The issue from our perspective is discussed in https://issues.apache.org/jira/browse/TS-4424.  The last couple comments are relevant to openssl. Specifically, we are using a

Re: [openssl-dev] [openssl.org #4362] chacha-x86.pl has stricter aliasing requirements than other files

Not defined means we make no guarantees. OpenSSL can depend on what it knows to be true. In the next release we can revisit this. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4362 Please log in as guest with password guest if prompted -- openssl-dev mailing list To

Re: [openssl-dev] [openssl.org #4362] chacha-x86.pl has stricter aliasing requirements than other files

I don't think that will work. The SSL code uses in-place buffers extensively, so in == out definitely needs to be defined. The question is only whether out < in is also acceptable. Either way, for BoringSSL, I've gone ahead and tightened our aliasing constraints to forbid out < in and require

Re: [openssl-dev] [openssl.org #4038] SSLv2 session reuse is broken on the 1.0.2 branch

On Wed 2016-06-15 09:51:37 -0400, Salz, Rich wrote: > I think OpenSSL needs to decide if SSLv2 bugs will be getting fixed. > Matt and I disagree :) Isn't the existence of SSLv2 a bug? ;) --dkg -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4038] SSLv2 session reuse is broken on the 1.0.2 branch

On 15/06/16 16:31, Daniel Kahn Gillmor wrote: > On Wed 2016-06-15 09:51:37 -0400, Salz, Rich wrote: >> I think OpenSSL needs to decide if SSLv2 bugs will be getting fixed. >> Matt and I disagree :) > > Isn't the existence of SSLv2 a bug? ;) Fixed in OpenSSL 1.1.0 :-) Matt -- openssl-dev

[openssl-dev] [openssl.org #4075] Enhancement request: Camellia ECDHE+GCM suites

Re-closing this; nobody on the team is interested. Kurt also pointed out some concerns. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4075 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3882] [BUGFIX] lh_SSL_SESSION_delete() not checked

It appears to be defensive programming against a buggy compare routine. So closing this as requested. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3882 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] [openssl.org #4568] Enhancement request: Capability vector accessor function for arm and ppc

Two more observations. OPENSSL_ia32cap_loc() alters the underlying OPENSSL_ia32cap_P, the bits not fitting into the expected integer size being zeroed. I do not know if it is practically relevant, but it is strange that a read has side effects. It would be a good reason for dedicated,

[openssl-dev] [openssl.org #4362] chacha-x86.pl has stricter aliasing requirements than other files

I think for now, we just note this in the documentation: behavior for overlapping buffers, and even in-place buffers, is not defined. It's like memcpy() vs memmove(). -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4362 Please log in as guest with password guest if prompted --

[openssl-dev] [openssl.org #4487] Dirty compile under Windows 7 and MSVC 2012 (four to six non-trivial)

Believe fixed. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4487 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3875] [PATCH] Add external X509_STORE to SSL_CTX

This can be done with the (now finally documented) EXDATA facility. Closing this ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3875 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3882]

Based on discussion, it does not appear as this will be fixed, and requires an unusual set of circumstances for it to happen. It can probably be closed. -- -Todd Short // tsh...@akamai.com // "One if by land, two if by sea, three if by the Internet." -- Ticket here:

Re: [openssl-dev] [openssl.org #4038] SSLv2 session reuse is broken on the 1.0.2 branch

I think OpenSSL needs to decide if SSLv2 bugs will be getting fixed. Matt and I disagree :) -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3729] Patch to add support for iovec-based IO in OpenSSL

I like the idea; let's keep it open for the future. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3729 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4038] SSLv2 session reuse is broken on the 1.0.2 branch

We are patched locally and don’t really need the patch integrated upstream; I mostly just wanted to note the issue in the bugtracker in case someone else ran into it. -Ben On 6/15/16, 08:09, "Salz, Rich via RT" wrote: >So are we still fixing SSLv2 bugs? Or are they too low

Re: [openssl-dev] [openssl.org #4038] SSLv2 session reuse is broken on the 1.0.2 branch

We are patched locally and don’t really need the patch integrated upstream; I mostly just wanted to note the issue in the bugtracker in case someone else ran into it. -Ben On 6/15/16, 08:09, "Salz, Rich via RT" wrote: >So are we still fixing SSLv2 bugs? Or are they too low

[openssl-dev] [openssl.org #3780]

The async changes on master/1.1.0 obsolete this patch. -- -Todd Short // tsh...@akamai.com // "One if by land, two if by sea, three if by the Internet." -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3780 Please log in as guest with password guest if

[openssl-dev] [openssl.org #3722]

This could be closed, as it’s now on GitHub: https://github.com/openssl/openssl/pull/946 -- -Todd Short // tsh...@akamai.com // "One if by land, two if by sea, three if by the Internet." -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3722 Please log in

[openssl-dev] [openssl.org #3867]

This could be closed, as it’s now on GitHub: https://github.com/openssl/openssl/pull/941 -- -Todd Short // tsh...@akamai.com // "One if by land, two if by sea, three if by the Internet." -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3867 Please log in

[openssl-dev] [openssl.org #3877]

This could be closed, as it’s now on GitHub: https://github.com/openssl/openssl/pull/941 -- -Todd Short // tsh...@akamai.com // "One if by land, two if by sea, three if by the Internet." -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3877 Please log in

[openssl-dev] [openssl.org #3729]

The changes to master/1.1.0 for pipelining completely break this patch. So, there’s little point in trying to add this. -- -Todd Short // tsh...@akamai.com // "One if by land, two if by sea, three if by the Internet." -- Ticket here:

[openssl-dev] [openssl.org #3724]

The new async feature in master/1.1.0 makes complete breaks this patch. This can probably be closed. -- -Todd Short // tsh...@akamai.com // "One if by land, two if by sea, three if by the Internet." -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3724

Re: [openssl-dev] [openssl.org #4074] [PATCH] Fixes for when PSK, SRP, SRTP and DTLS1 are disabled

This has been resolved master, and can be closed. -- -Todd Short // tsh...@akamai.com // "One if by land, two if by sea, three if by the Internet." -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4074 Please log in as guest with password guest if prompted

Re: [openssl-dev] [openssl.org #4038] SSLv2 session reuse is broken on the 1.0.2 branch

On 15/06/16 13:09, Salz, Rich via RT wrote: > So are we still fixing SSLv2 bugs? Or are they too low on the priority list? They're certainly low priority, but we are still fixing them. Matt -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4038] SSLv2 session reuse is broken on the 1.0.2 branch

So are we still fixing SSLv2 bugs? Or are they too low on the priority list? -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4038 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] [openssl.org #4568] Enhancement request: Capability vector accessor function for arm and ppc

Identifying the bits relevant to openssl for each architecture and making them available through architecture-independent functions (getter and setters) would be very convenient, indeed. At the risk that future architectures do not fit into the pattern defined today. If this approach is