Re: [openssl-dev] [openssl.org #4594] openssl s_client issue on windows platform

2016-06-28 Thread Support via RT
Hi, This can be fixed using the patch attached in https://rt.openssl.org/Ticket/Display.html?id=3464 See also https://github.com/PeterMosmans/openssl/commit/68ab9b308e173072e5015063be7e194bec1f311f Cheers, Peter Mosmans On 29-06-2016 01:21, Matt Caswell via RT wrote: > > On 28/06/16 16:18,

Re: [openssl-dev] [openssl.org #4594] openssl s_client issue on windows platform

2016-06-28 Thread Support
Hi, This can be fixed using the patch attached in https://rt.openssl.org/Ticket/Display.html?id=3464 See also https://github.com/PeterMosmans/openssl/commit/68ab9b308e173072e5015063be7e194bec1f311f Cheers, Peter Mosmans On 29-06-2016 01:21, Matt Caswell via RT wrote: > > On 28/06/16 16:18,

[openssl-dev] [openssl.org #4597] Print Git repo information during configure

2016-06-28 Thread noloa...@gmail.com via RT
The attached adds Git repo information if its available. In the "things work as expected" case, the repo information is available. It will be submitted with bug reports when configuration information is provided. In the "its not a repo" case, then the call to system fails and nothing is printed.

Re: [openssl-dev] [openssl.org #4589] Resolved: simplifying writing code that is 1.0.x and 1.1.x compatible

2016-06-28 Thread Thomas Waldmann via RT
On 06/28/2016 11:18 PM, Kurt Roeckx via RT wrote: > On Mon, Jun 27, 2016 at 08:50:43PM +, Thomas Waldmann via RT wrote: >> I didn't ask where to get the missing code from, I asked whether you >> maybe want to make life simpler for people by adding this to 1.0.x >> rather than having a thousand

Re: [openssl-dev] [openssl.org #4589] Resolved: simplifying writing code that is 1.0.x and 1.1.x compatible

2016-06-28 Thread Kurt Roeckx via RT
On Mon, Jun 27, 2016 at 08:50:43PM +, Thomas Waldmann via RT wrote: > I didn't ask where to get the missing code from, I asked whether you > maybe want to make life simpler for people by adding this to 1.0.x > rather than having a thousand software developers copy and pasting it > into their

Re: [openssl-dev] Are the point-at-infinity checks in ecp_nistz256 correct?

2016-06-28 Thread Brian Smith
:sigh: I forgot the attachment with my test vectors. Here it is. On Tue, Jun 28, 2016 at 10:43 AM, Brian Smith wrote: > When doing math on short Weierstrass curves like P-256, we have to > special case points at infinity. In Jacobian coordinates (X, Y, Z), > points at

[openssl-dev] Are the point-at-infinity checks in ecp_nistz256 correct?

2016-06-28 Thread Brian Smith
When doing math on short Weierstrass curves like P-256, we have to special case points at infinity. In Jacobian coordinates (X, Y, Z), points at infinity have Z == 0. However, instead of checking for Z == 0, p256-x86-64 instead checks for (X, Y) == (0, 0). In other words, it does, in some sense,

Re: [openssl-dev] [openssl.org #4589] Resolved: simplifying writing code that is 1.0.x and 1.1.x compatible

2016-06-28 Thread Salz, Rich via RT
> and you will not accept pull requests that do that? So far, the team is not interested in doing that. Features are not added to stable branches. But, for myself, I would like to see something like a GitHub repo that built on top of 1.0.2 and made the 1.1 API's available. I think that for

Re: [openssl-dev] [openssl.org #4589] Resolved: simplifying writing code that is 1.0.x and 1.1.x compatible

2016-06-28 Thread Hubert Kario via RT
On Monday 27 June 2016 20:57:50 Salz, Rich via RT wrote: > > But obviously I was expecting too much... > > Sorry you're not pleased. Not sure what to say -- you get what you pay for? and you will not accept pull requests that do that? > Maybe someone will come up with a "openssl-102-compat"

[openssl-dev] [openssl.org #4596] OpenSSL TLS Version Handling Errors

2016-06-28 Thread Hubert Kario via RT
from RT#2777 On Monday 27 June 2016 20:43:07 Rich Salz via RT wrote: > please open a new ticket if this is still an issue with current (at least > 1.0.2, ideally master) sources. Current 1.0.2 still doesn't handle ClientHello.client_version set to 0x00,0x00 correctly in a 0x03, 0x00 record

Re: [openssl-dev] [openssl.org #4587] openssl on arm linux run err!

2016-06-28 Thread Salz, Rich via RT
> Also, under the x86 no problem.Now how to solve this problem? The same way you debug any C problem. Start by running it under the debugger? -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4587 Please log in as guest with password guest if prompted -- openssl-dev

Re: [openssl-dev] [openssl.org #4587] openssl on arm linux run err!

2016-06-28 Thread Salz, Rich
> Also, under the x86 no problem.Now how to solve this problem? The same way you debug any C problem. Start by running it under the debugger? -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4594] openssl s_client issue on windows platform

2016-06-28 Thread Oleg Kukartsev via RT
Matt, >It would be interesting to try this on OpenSSL 1.1.0. >I have a suspicion this issue is fixed there. I hope so. I cannot find a OpenSSL 1.1.0 compiled version anywhere to try. I'm not that good to compile it myself. I'll try to contact slproweb.com guys, hopefully they can help. Thanks

[openssl-dev] [openssl.org #4595] Enhancement Request - FPE (FF1 and FF3)

2016-06-28 Thread Robert Wagner via RT
Dear OpenSSL, As you may be aware, NIST recently approved two Format Preserving Encryption (FPE) methods - FF1 and FF3. See: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38G.pdf The field of tokenization and fixed format encryption (FFX) has taken off due to PCI compliance.

Re: [openssl-dev] CVE-2016-2177

2016-06-28 Thread Salz, Rich
>Will you be releasing 1.0.2i soon to address this issue? > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2177 Please see https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ Short answer: this is a LOW issue, and does not justify a release by itself. --

Re: [openssl-dev] [openssl.org #4594] openssl s_client issue on windows platform

2016-06-28 Thread Matt Caswell via RT
On 28/06/16 16:18, Oleg Kukartsev via RT wrote: > Guys, > There is an issue with openssl s_client described here: > http://stackoverflow.com/questions/25760596/how-to-terminate-openssl-s-client-after-connection > Basically, it prevents openssl s_client automation on windows platform. > > And a

[openssl-dev] [openssl.org #4594] openssl s_client issue on windows platform

2016-06-28 Thread Oleg Kukartsev via RT
Guys, There is an issue with openssl s_client described here: http://stackoverflow.com/questions/25760596/how-to-terminate-openssl-s-client-after-connection Basically, it prevents openssl s_client automation on windows platform. And a similar question here:

[openssl-dev] CVE-2016-2177

2016-06-28 Thread Philip Bellino
Hello, Will you be releasing 1.0.2i soon to address this issue? https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2177 openssl -- openssl OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of

Re: [openssl-dev] global OpenSSL symbols in user apps

2016-06-28 Thread Richard Levitte
In message <5772803f.3060...@openssl.org> on Tue, 28 Jun 2016 14:48:47 +0100, Matt Caswell said: matt> matt> matt> On 28/06/16 14:41, Richard Levitte wrote: matt> > Practically speaking, it depends. Provided we're talking about shared matt> > libraries, it's a definite "no"

Re: [openssl-dev] global OpenSSL symbols in user apps

2016-06-28 Thread Matt Caswell
On 28/06/16 14:41, Richard Levitte wrote: > In message > > on Tue, 28 Jun 2016 12:38:20 +, Catalin Vasile > said: > > cata.vasile> Hi, > cata.vasile> > cata.vasile> Is there a way to

Re: [openssl-dev] arch (ARM) capabilities

2016-06-28 Thread Hubert Kario
On Tuesday 28 June 2016 14:35:52 Andy Polyakov wrote: > >>> But when I've tested it on AArch64 with openssl-1.1.0-pre5 and > >>> current master (./configure no-shared no-engine) I'm getting > >>> 100524.03k vs 52172.12k/s in favour of the non-EVP version. > >>> > >>> Is that really expected? > >>

Re: [openssl-dev] global OpenSSL symbols in user apps

2016-06-28 Thread Richard Levitte
In message on Tue, 28 Jun 2016 12:38:20 +, Catalin Vasile said: cata.vasile> Hi, cata.vasile> cata.vasile> Is there a way to use global non-API functions or variables in user apps?

[openssl-dev] global OpenSSL symbols in user apps

2016-06-28 Thread Catalin Vasile
Hi, Is there a way to use global non-API functions or variables in user apps? For example: Is there a way to use OpenSSL_armcap_P in your user apps? I tried declaring it as "extern" variable, but at linking the linker says it cannot find the symbol. Cata -- openssl-dev mailing list To

Re: [openssl-dev] arch (ARM) capabilities

2016-06-28 Thread Andy Polyakov
>>> But when I've tested it on AArch64 with openssl-1.1.0-pre5 and >>> current master (./configure no-shared no-engine) I'm getting >>> 100524.03k vs 52172.12k/s in favour of the non-EVP version. >>> >>> Is that really expected? >> >> Depends on your system. Not all AArch64 processors were born

Re: [openssl-dev] arch (ARM) capabilities

2016-06-28 Thread Hubert Kario
On Monday 27 June 2016 17:20:39 Andy Polyakov wrote: > >> Is there an option when making an app that uses OpenSSL to verify > >> that is uses Crypto Extensions (like checking a flag or something > >> like that) ? > > > > With x86_64, ciphers like aes-128-cbc are much faster with AES-NI, > > so a

Re: [openssl-dev] arch (ARM) capabilities

2016-06-28 Thread Andy Polyakov
>> I want something more programmatic, more general. I want to deliver >> a piece of software that will run on ARM architectures and will >> issue a warning or something like that if the user does not have an >> OpenSSL library set to work with ARM Crypto Extension. > > What does "set to work"