Re: [openssl-dev] Calculating DTLS payload MTU

On 05/10/16 00:39, David Woodhouse wrote: > I have the link MTU (typically 1500 bytes), and a DTLS session is > established. > > I call DTLS_set_link_mtu() to set the link MTU. > > I need to know the DTLS data MTU — the maximum payload size, which > depends on the cipher in use. > > For

[openssl-dev] Input on renegotiation behaviour

I recently implemented some tests for renegotiation that turned up a discrepancy between the way TLS and DTLS work. If a server sends a HelloRequest to the client, then the client responds by initiating a renegotiation handshake. We support two forms of renegotiation handshake: normal and

Re: [openssl-dev] APIs to convert a downloaded DER format CRL file to PEM format

On 06/09/16 08:00, Patel, Anirudh (Anirudh) wrote: > Now can I convert this dlCRL to PEM format? All this needs to be done > programmatically and not by executing openssl crl commands. Yes. Use PEM_write_bio_X509_CRL(), or PEM_write_X509_CRL():

Re: [openssl-dev] OpenSSL version 1.1.0 published

On 26/08/16 11:42, Steffen Nurpmeso wrote: > N'morning UK. (^.^) > > Matt Caswell <m...@openssl.org> wrote: > |On 25/08/16 22:14, Steffen Nurpmeso wrote: > |> OpenSSL <open...@openssl.org> wrote: > |>| OpenSSL version 1.1.0 released > |> &

Re: [openssl-dev] Fuzzer Patch(es)

On 25/08/16 22:33, Tom Ritter wrote: > NCC Group has prepared (or begun preparing) a patch that integrates > fuzzing of OpenSSL. This work was done primarily by Tim Newsham, > although the code is based on selftls by Hanno Böck, and it was modified > by me to fit into the OpenSSL tree. The

Re: [openssl-dev] OpenSSL version 1.1.0 published

On 25/08/16 22:14, Steffen Nurpmeso wrote: > Good evening. > > OpenSSL wrote: > | OpenSSL version 1.1.0 released > > A bit distressing that it is me again, as if i would have > something to do with that..., but: the tag is missing. Really? I seem to be able to see it

[openssl-dev] [openssl.org #4636] Are the point-at-infinity checks in ecp_nistz256 correct?

Fixed in master by e3057a57c and c74aea8d6. Still needs cherry-picking to 1.0.2. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4636 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4621] BUG: nistz256 point addition check for a = +/-b doesn't work for unreduced values

Fixed in master by b62b2454f and dfde4219f. Still needs cherry-picking to 1.0.2. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4621 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4641] [openssl-1.1.0-pre6] make test stops with solaris64-x86_64-gcc

On Thu Aug 11 17:12:10 2016, appro wrote: > Hi, > > > I have no time to check with debugger now, > > Then no progress will be made. Problem needs to be identified first, and > since similar problem was identified earlier, I'd have to insist on > confirmation whether or not it's the same. > > > but

[openssl-dev] [openssl.org #4362] chacha-x86.pl has stricter aliasing requirements than other files

Resolved by overlapping buffer checks. Closing. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4362 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4628] EVP_f_cipher regression due to overlapping regions check

On Mon Aug 22 15:05:17 2016, david...@google.com wrote: > I may not have time to fully digest the change before the release date, but > I'm not sure this snippet quite works: > > if (ctx->read_start == ctx->read_end) { /* time to read more data */ > ctx->read_end = ctx->read_start =

[openssl-dev] [openssl.org #4609] Configure does not honor requests for ld.gold

On Wed Aug 17 16:18:26 2016, levitte wrote: > On Fri Jul 08 09:36:42 2016, levitte wrote: > > On Fri Jul 08 09:33:01 2016, noloa...@gmail.com wrote: > > > Hmmm... If I want to use ld.gold as my linker, the easiest path is to > > > set LD=ld.gold. It makes perfect sense to some > > > > Did it

[openssl-dev] [openssl.org #4584] Self test failures under X32

On Tue Aug 16 08:05:06 2016, matt wrote: > On Thu Aug 11 16:36:42 2016, matt wrote: > > Could be this: > > > > https://github.com/openssl/openssl/pull/1432 > > > That MR has now been merged. > > Jeff - please can you confirm that it resolves the issue for this ticket? No response, so assuming

Re: [openssl-dev] OpenSSL_1_0_2-stable Windows build

On 22/08/16 18:12, John Foley wrote: > Is anyone seeing the following error when building 1.0.2 stable on Windows: > > Creating library tmp32dll\junk.lib and object tmp32dll\junk.exp > IF EXIST out32dll\sslv2conftest.exe.manifest mt -nologo -manifest >

[openssl-dev] [openssl.org #4646] [1.0.2 stable branch] .\crypto\pem\pvkfmt.c(279): error C2065: 'PEM_R_HEADER_TOO_LONG': undeclared identifier

This should be fixed now. Closing. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4646 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4644] bug: cert verification always examining entire chain

Closing this - "working as designed". Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4644 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Missing API- SSL_CIPHER_get_mac_nid

On 16/08/16 23:26, Richard Moore wrote: > I noticed that we have: > > __owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); > __owur const char *SSL_CIPHER_get_version(const SSL_CIPHER *c); > __owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); > __owur uint32_t

Re: [openssl-dev] [openssl.org #4584] Self test failures under X32

On 11/08/16 13:29, Andy Polyakov via RT wrote: >> ( cd test; \ >> SRCTOP=../. \ >> BLDTOP=../. \ >> PERL="perl" \ >> EXE_EXT= \ >> OPENSSL_ENGINES=.././engines \ >> perl .././test/run_tests.pl test_afalg ) >> ../test/recipes/30-test_afalg.t .. >> 1..1 >> ALG_PERR:

Re: [openssl-dev] [openssl.org #4584] Self test failures under X32

On 02/08/16 01:26, noloa...@gmail.com via RT wrote: > On Tue, Jul 19, 2016 at 10:01 AM, Matt Caswell <m...@openssl.org> wrote: >> >> >> On 19/07/16 14:41, Richard Levitte via RT wrote: >>> Hi Jeff, >>> >>> I'm going to assume that a newer c

[openssl-dev] [openssl.org #4572] SSL_set_bio and friends

Closing this ticket. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4572 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4584] Self test failures under X32

On Mon Jul 25 08:49:27 2016, matt wrote: > Ping Jeff? Ping again? Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4584 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4638] Fwd: Missing const EC_KEY *EC_KEY_dup(EC_KEY *src);

Fix for this was merged as 4a9a0d9bcb. Closing. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4638 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4572] SSL_set_bio and friends

On 30/07/16 23:45, David Benjamin via RT wrote: > It is a behavior change, but > one I'm sure will break no one. Unfortunately I don't share your optimism that it won't break any one :-( Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4572 Please log in as guest with

[openssl-dev] OpenSSL 1.1.0 release dates

FYI, we have recently updated our release strategy for version 1.1.0: https://www.openssl.org/policies/releasestrat.html The change is to add the following two dates: - 4th August 2016, 1.1.0 beta 3 release - 25th August 2016, 1.1.0 public release Matt -- openssl-dev mailing list To

[openssl-dev] [openssl.org #4618] BUG: Crash in do_ssl3_write unless OPENSSL_NO_MULTIBLOCK

On Mon Jul 25 18:36:56 2016, d...@inky.com wrote: > Yes, that appears to fix it. Thanks! Fixed in 58c27c207dd. Closing ticket. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4618 Please log in as guest with password guest if prompted -- openssl-dev mailing list To

[openssl-dev] [openssl.org #4636] Are the point-at-infinity checks in ecp_nistz256 correct?

Ticket submitted by Brian Smith When doing math on short Weierstrass curves like P-256, we have to special case points at infinity. In Jacobian coordinates (X, Y, Z), points at infinity have Z == 0. However, instead of checking for Z == 0, p256-x86-64 instead checks for (X, Y) == (0, 0). In other

[openssl-dev] [openssl.org #4572] SSL_set_bio and friends

On Tue Jun 14 20:30:09 2016, david...@google.com wrote: > I recently made some changes around BoringSSL's SSL_set_bio, etc. > which you > all might be interested in. The BIO management has two weird behaviors > right now: > > 1. The existence of bbio is leaked in the public API when it should be >

[openssl-dev] [openssl.org #4618] BUG: Crash in do_ssl3_write unless OPENSSL_NO_MULTIBLOCK

nt with [inky](http://inky.com?kme=signature) Hi Dave Please could you try the attached patch and see if that resolves the issue? Thanks Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4618 Please log in as guest with password guest if prompted >From 32f6b811837e0279e8cbc13426

[openssl-dev] [openssl.org #4584] Self test failures under X32

Ping Jeff? -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4584 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] 1.1 release being delayed

On 21/07/16 09:56, Christian Hägele wrote: > Am 25.06.2016, 00:27 Uhr, schrieb Matt Caswell <m...@openssl.org>: > >> The current thinking is Thursday 7th July, although that is not set in >> stone as it depends on what happens between now and then. We don't >

[openssl-dev] [openssl.org #4591] asynctest: double free or corruption on hppa

On Tue Jul 19 16:22:22 2016, k...@roeckx.be wrote: > On Tue, Jul 19, 2016 at 02:12:41PM +0000, Matt Caswell via RT wrote: > > > > Is this still an issue? And if so are you able to provide a backtrace? > > This might be a combination of kernel, glibc and gcc bugs, some of &g

Re: [openssl-dev] [openssl.org #4614] pthread_once and malloc failures

On 19/07/16 16:23, Richard Levitte via RT wrote: > On Mon Jul 11 16:20:29 2016, k...@roeckx.be wrote: >> Hi, >> >> When trying to check what happens if we simulate malloc() >> returning NULL I'm running into a problem that I'm not sure how to >> deal with. >> >> We have CRYPTO_THREAD_run_once(),

[openssl-dev] [openssl.org #4591] asynctest: double free or corruption on hppa

On Mon Jun 27 09:51:21 2016, matt wrote: > > > On 26/06/16 15:44, Kurt Roeckx via RT wrote: > > Hi, > > > > My last upload of openssl to experimental show this on hppa: > > *** Error in `./asynctest': double free or corruption (out): > > 0x007307d8 *** > > ../util/shlib_wrap.sh ./asynctest => 134

Re: [openssl-dev] [openssl.org #4584] Self test failures under X32

On 19/07/16 14:41, Richard Levitte via RT wrote: > Hi Jeff, > > I'm going to assume that a newer checkout of the master branch won't change > much, so if you please, try this command and send mack the result: Who is Mack? ;-) > > make test TESTS='test_afalg test_rehash' Did you mean to

Re: [openssl-dev] [openssl.org #4584] Self test failures under X32

On 19/07/16 14:41, Richard Levitte via RT wrote: > Hi Jeff, > > I'm going to assume that a newer checkout of the master branch won't change > much, so if you please, try this command and send mack the result: Who is Mack? ;-) > > make test TESTS='test_afalg test_rehash' Did you mean to

[openssl-dev] [openssl.org #4606] BUG: Windows Startup Code in OpenSSL RAND_poll() Is Ineffective

Closing this ticket - fixed in 1.1.0. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4606 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4601] install_sw does not honor --openssldir

On 30/06/16 20:23, Salz, Rich wrote: > >> Specify neither if you want most stuff to be installed in /usr/local and >> config >> files/default cert/keystore in /usr/local/ssl >> >> Specify just --openssldir if you want just config files/default >> cert/keystore to >> go into and everything

Re: [openssl-dev] [openssl.org #4601] install_sw does not honor --openssldir

On 30/06/16 17:59, noloa...@gmail.com via RT wrote: > On Thu, Jun 30, 2016 at 12:52 PM, Salz, Rich via RT wrote: >>> I don't want either of them. I only want to install the library in the >>> directory of >>> my choosing :) >> >> #! /bin/sh >> make $* && cp *.a $MYDIR >> >>

Re: [openssl-dev] build issue with openssl 1.1.0-pre5

On 29/06/16 15:35, Jan Just Keijser wrote: > hi all, > > I'm the maintainer of grid-proxy-verify, a grid-tool that uses "plain" > openssl to verify a grid proxy (either RFC3820 or legacy Globus proxy). > This tool > http://www.nikhef.nl/~janjust/proxy-verify/ > and >

Re: [openssl-dev] [openssl.org #4589] Resolved: simplifying writing code that is 1.0.x and 1.1.x compatible

On 29/06/16 08:33, Tomas Mraz via RT wrote: > On Út, 2016-06-28 at 22:10 +, Thomas Waldmann via RT wrote: >> On 06/28/2016 11:18 PM, Kurt Roeckx via RT wrote: >>> >>> On Mon, Jun 27, 2016 at 08:50:43PM +, Thomas Waldmann via RT >>> wrote: I didn't ask where to get the missing

Re: [openssl-dev] Feedback on BIO API changes in 1.1

On 27/06/16 21:56, Timothy B. Terriberry wrote: > Because I am writing a library, which I > intend to be re-entrant, but which does not have any explicit threading > support (or dependencies), I don't have any convenient global place to > cache it. I haven't needed one for anything else. You

Re: [openssl-dev] [openssl.org #4594] openssl s_client issue on windows platform

On 28/06/16 16:18, Oleg Kukartsev via RT wrote: > Guys, > There is an issue with openssl s_client described here: > http://stackoverflow.com/questions/25760596/how-to-terminate-openssl-s-client-after-connection > Basically, it prevents openssl s_client automation on windows platform. > > And a

Re: [openssl-dev] global OpenSSL symbols in user apps

On 28/06/16 14:41, Richard Levitte wrote: > In message > > on Tue, 28 Jun 2016 12:38:20 +, Catalin Vasile > said: > > cata.vasile> Hi, > cata.vasile> > cata.vasile> Is there a way to

Re: [openssl-dev] Feedback on BIO API changes in 1.1

On 27/06/16 21:56, Timothy B. Terriberry wrote: >> Did you see BIO_meth_set_write etc ? > > I did. I also saw that exactly no code in OpenSSL itself uses this API. Not strictly true. s_server uses it as does asynciotest. We also use the similar RSA_METHOD functions and DSA_METHOD functions in

Re: [openssl-dev] [openssl.org #4591] asynctest: double free or corruption on hppa

On 26/06/16 15:44, Kurt Roeckx via RT wrote: > Hi, > > My last upload of openssl to experimental show this on hppa: > *** Error in `./asynctest': double free or corruption (out): 0x007307d8 *** > ../util/shlib_wrap.sh ./asynctest => 134 > > # Failed test 'running asynctest' > # at

Re: [openssl-dev] 1.1 release being delayed

On 24/06/16 22:28, Jouni Malinen wrote: > On Mon, May 23, 2016 at 01:15:45PM +, Salz, Rich wrote: >> ... in case you haven't noticed :) Our announced release date for 1.1 has >> come and gone. >> >> We want to close many more bugs before we release it. In the meantime, >> please test

Re: [openssl-dev] [openssl.org #4545] Crash in crypto/rand/md_rand.c

ed by > the same thread. > > It looks like state_index is going outside of the expected range. > > This is possible if one or more threads do >state_index += num_ceil; > > and then another thread reads it before >if ( state_index > state_num ) > state_

[openssl-dev] [openssl.org #4561] BUG: openssl-1.0.2h, evp_enc.c, non-portable bitwise operation

On Mon Jun 13 09:37:59 2016, loic.etie...@qnective.com wrote: > My claim about portability issues was wrong (sorry): The C-standard > ensures that positive values are handled in the two's complement > system, indeed. > > However, inl % block_size == inl & (block_size-1) is true if and only > if

[openssl-dev] [openssl.org #4378] Multiple warnings under OpenBSD 5.7/64-bit

Fixed in latest master. There are a few spurious warning left that I did not fix. They look like cases of the compiler being overly picky IMO. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4378 Please log in as guest with password guest if prompted -- openssl-dev mailing

Re: [openssl-dev] [openssl.org #4545] Crash in crypto/rand/md_rand.c

On 17/06/16 20:56, Matt Caswell via RT wrote: > > > On 17/06/16 19:43, Mick Saxton via RT wrote: >> Perhaps we should consider if there are any negative consequences to my >> solution? >> It does work. >> >> I am trying really hard to get conte

Re: [openssl-dev] [openssl.org #4545] Crash in crypto/rand/md_rand.c

On 17/06/16 19:43, Mick Saxton via RT wrote: > Perhaps we should consider if there are any negative consequences to my > solution? > It does work. > > I am trying really hard to get contention but I am only seeing this problem > in about 1 out of 100,000 successful TLSv1.2 connections > On a

Re: [openssl-dev] [openssl.org #4572] SSL_set_bio and friends

On 14/06/16 21:30, David Benjamin via RT wrote: > For OpenSSL master, I believe it'd also work to add an s->rbio != s->wbio > check to SSL_set_rbio, but I think those are worse semantics for > SSL_set_{rbio,wbio}. They are new APIs, so, before it's too late, give them > clear semantics like

[openssl-dev] [openssl.org #4456] Fedora 1, i386: error: field `next_timeout` has incomplete type

Jeff has confirmed that this issue has been fixed in latest master. Closing this ticket. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4456 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4565] Fatal error: Command failed for target `link_shlib.solaris'

This is fixed in latest master. Closing. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4565 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4526] bug: use of ExitProcess on Windows platforms, 1.0.2g

On Wed Jun 15 17:42:58 2016, rsalz wrote: > OpenSSL_1_0_2-stable 75f9068 RT4526: Call TerminateProcess, not ExitProcess > master 9c1a9cc RT4526: Call TerminateProcess, not ExitProcess > > Author: Rich Salz > Date: Tue Jun 14 16:19:37 2016 -0400 > > RT4526: Call

Re: [openssl-dev] [openssl.org #4038] SSLv2 session reuse is broken on the 1.0.2 branch

On 15/06/16 16:31, Daniel Kahn Gillmor wrote: > On Wed 2016-06-15 09:51:37 -0400, Salz, Rich wrote: >> I think OpenSSL needs to decide if SSLv2 bugs will be getting fixed. >> Matt and I disagree :) > > Isn't the existence of SSLv2 a bug? ;) Fixed in OpenSSL 1.1.0 :-) Matt -- openssl-dev

Re: [openssl-dev] [openssl.org #4038] SSLv2 session reuse is broken on the 1.0.2 branch

On 15/06/16 13:09, Salz, Rich via RT wrote: > So are we still fixing SSLv2 bugs? Or are they too low on the priority list? They're certainly low priority, but we are still fixing them. Matt -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4038] SSLv2 session reuse is broken on the 1.0.2 branch

On Tue Jun 14 20:42:36 2016, rsalz wrote: > SSLv2 is not supported any more. Uyes it is on the 1.0.2 branch? It is off by default though. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4038 Please log in as guest with password guest if prompted -- openssl-dev

[openssl-dev] [openssl.org #2388] out-of-date comment for renegotiation handling

Fixed in commit e7653f3bab. Closing ticket. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2388 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #597] SSL_set_session() problem (?)

Fixed in commit e70656cf1c. Closing ticket. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=597 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4434] Gentoo 13, x86_64: 4 failed self tests

On Wed Jun 01 22:20:38 2016, matt wrote: > Hi Jeff > > Please could you try the attached patch? Jeff confirmed to me that the patch solved the problem. Pushed as commit 25b9d11c0. Closing ticket. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4434 Please log in as guest

[openssl-dev] [openssl.org #4329] OpenSSL 1.1.0 pre3: internal error in tls_post_process_client_key_exchange during reneg

On Wed Jun 08 16:02:39 2016, matt wrote: > On Tue May 24 13:53:07 2016, steve wrote: > > On Sun Feb 21 13:55:35 2016, rainer.j...@kippdata.de wrote: > > > Running the Apache test suite for Apache 2.4 with OpenSSL 1.1.0 > > > adjustments, I get > > > > > > > Can you please check to see if this

[openssl-dev] [openssl.org #4558] Performance issue with DTLS packet reassembly

On Thu Jun 02 23:24:44 2016, paul.d...@oracle.com wrote: > The DTLS packet reassembly code has a performance problem that could > result in a DoS attack being possible. > > > > The DTLS packet reassembly uses the data structure defined in > ssl/pqueue.c for the purpose (it is the only user of this

[openssl-dev] [openssl.org #4562] Possible bug in OPENSSL_config - ignore input parameter

On Fri Jun 10 13:02:57 2016, z...@ua7.net wrote: > Hello > > Looks like OPENSSL_config have a bug as result users can't set > alternative path to openssl.cnf file. > If you take a look on implementation of void OPENSSL_config(const char > *config_name) it call a > CONF_modules_load_file(NULL,

[openssl-dev] [openssl.org #1051] SSL_CTX_set_default_paths

Fixed in f5de06aae. Closing. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=1051 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] CNG support for OpenSSL CAPI Engine

On 10/06/16 10:00, Matt Hart wrote: > Hi, > > I took the CAPI engine and extended it to give preference to NCrypt, > otherwise to revert to Crypto API. Implemented for RSA so far (no DSA or ECC > support though BoringSSL have done some ECC work for Windows I could look > at). Tested with RSA,

[openssl-dev] [openssl.org #3720] Patch for "Increment SSL session miss counter appropriately"

Patch applied - thanks. Closing. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3720 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4561] BUG: openssl-1.0.2h, evp_enc.c, non-portable bitwise operation

On Mon Jun 06 18:26:50 2016, loic.etie...@qnective.com wrote: > crypto/evp/evp_enc.c, EVP_EncryptUpdate > line 337: inl & (ctx->block_mask) > line 367: inl & (bl - 1) /* with bl = ctx->cipher->block_size */ Why do you consider this a problem? Matt -- Ticket here:

[openssl-dev] [openssl.org #4456] Fedora 1, i386: error: field `next_timeout` has incomplete type

On Tue May 31 16:49:23 2016, rsalz wrote: > Re-Ping Jeff to take a look and see if things are fixed now. Ping Jeff. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4456 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4479] OS X 10.8 (x86_64): Compile errors when using "no-asm -ansi"

Status as per ticket 4480. Closing this ticket. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4479 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4480] Ubuntu 14 (x86_64): Compile errors and warnings when using "no-asm -ansi"

I applied the original roll up patch. I wasn't keen on adding all the __STRICT_ANSI__ ifdefs from the later patch. That seems excessive to me for little benefit - we are generally trying to reduce the ifdef code as much as possible. I also didn't add the __WORDSIZE bit. I believe that symbol is an

[openssl-dev] [openssl.org #4434] Gentoo 13, x86_64: 4 failed self tests

On Wed Jun 01 22:20:38 2016, matt wrote: > Hi Jeff > > Please could you try the attached patch? Any update on this? Thanks Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4434 Please log in as guest with password guest if prompted -- openssl-dev mailing list To

[openssl-dev] [openssl.org #4329] OpenSSL 1.1.0 pre3: internal error in tls_post_process_client_key_exchange during reneg

On Tue May 24 13:53:07 2016, steve wrote: > On Sun Feb 21 13:55:35 2016, rainer.j...@kippdata.de wrote: > > Running the Apache test suite for Apache 2.4 with OpenSSL 1.1.0 > > adjustments, I get > > > > Can you please check to see if this issue is still present in the latest > OpenSSL 1.1.0? Hi

Re: [openssl-dev] [openssl.org #4496] [PATCH] ssl_cert: use the recommended minimum hash from RFC 5480 for EC

On 08/06/16 11:25, Hubert Kario wrote: > On Tuesday 07 June 2016 19:22:00 Matt Caswell via RT wrote: >> On Sat Apr 02 14:05:50 2016, sebast...@breakpoint.cc wrote: >>> A TLS1.2 connetion with openssl server and gnutls-cli using a >>> SECP384R1 >>> key ends

[openssl-dev] [openssl.org #4395] OpenSSL doesn't reject out-of-context empty records

On Mon Mar 07 22:27:23 2016, david...@google.com wrote: > ssl3_get_record silently discards empty records without much context, > which > means OpenSSL will happily accept, e.g., empty app data records > mid-handshake or empty records of bogus type. They get silently > discarded > and never

[openssl-dev] [openssl.org #4501] bug in BN_mod_word

On Thu Apr 07 11:44:09 2016, peter.chernys...@gmail.com wrote: > Hello! > BN part program > > BN_ULONG BN_mod_word (const BIGNUM * a, BN_ULONG w); > > does not work properly on 64-bit machine with some w> 2 ^ 32, although > declared as BN_ULONG (64 bits). Fixed in commit e82fd1b4 (1.0.2) and

[openssl-dev] [openssl.org #4496] [PATCH] ssl_cert: use the recommended minimum hash from RFC 5480 for EC

On Sat Apr 02 14:05:50 2016, sebast...@breakpoint.cc wrote: > A TLS1.2 connetion with openssl server and gnutls-cli using a > SECP384R1 > key ends up with SHA256 as the hash algorithm for signing the key > exchange. > This is because gnutls sends the hash algorithms from weak to strong > and by

[openssl-dev] [openssl.org #3198] [PATCH] Fix missing NULL pointer checks and memory leaks in crypto/asn1 files

The last patches from this have now been applied so closing this ticket. Thanks! Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3198 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] DTLS retransmission api

On 03/06/16 10:52, Alfred E. Heggestad wrote: > Hi Matt, > > thanks for the suggested API and code. Please find below a suggested > patch that implements this new callback. > > > the patch is based on 1.0.2-dev from GIT: > > url: git://git.openssl.org/openssl.git > branch:

Re: [openssl-dev] DTLS retransmission api

On 02/06/16 14:33, Alfred E. Heggestad wrote: > > > On 01/06/16 13:58, Matt Caswell wrote: >> >> >> On 01/06/16 11:15, Alfred E. Heggestad wrote: >>> hi, >>> >>> we are using DTLS from OpenSSL to implement DTLS-SRTP in our >>> prod

[openssl-dev] [openssl.org #4434] Gentoo 13, x86_64: 4 failed self tests

Hi Jeff Please could you try the attached patch? Thanks Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4434 Please log in as guest with password guest if prompted >From 199bf71fb68a26a9d7ff52af7233bd0b52d0f824 Mon Sep 17 00:00:00 2001 From: Matt Caswell <m...@opens

[openssl-dev] [openssl.org #4244] dhparam -check should

dhparam will never generate parameters that fail DH_check(). It would be an internal error if it did. I added a sanity check anyway and also brought the documentation up to date. Commit eeb21772e. Closing this ticket. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4244

Re: [openssl-dev] DTLS retransmission api

On 01/06/16 11:15, Alfred E. Heggestad wrote: > hi, > > we are using DTLS from OpenSSL to implement DTLS-SRTP in our > product (Wire.com) .. The code and implementation works really well > and is very robust. We are using OpenSSL version 1.0.2g > > > since our product is deployed globally on

[openssl-dev] [openssl.org #4379] "arch/async_posix.h:67:24: error: ucontext.h: No such file or directory" under OpenBSD 5.7/64-bit

On Wed Jun 01 09:17:18 2016, noloa...@gmail.com wrote: > > Please could you try the attached patch? > > It tested OK. 'make test' executed without any problems. Ship it and > close the ticket. Pushed in commit e51329d38. Closing ticket. Thanks Matt -- Ticket here:

[openssl-dev] [openssl.org #4149] [PATCH] ssl_set_pkey() unnecessarily updates certificates

Steve fixed this via commit f72f00d495. Closing. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4149 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4189] PR #512: Clean up Windows RNG

On Mon Dec 21 11:07:24 2015, dra...@dancingdragon.be wrote: > https://github.com/openssl/openssl/pull/512 > > This PR removes all of the dangerous Windows entropy gathering routines > in favor of standard CryptGenRandom calls, as was discussed in the > "Improving OpenSSL default RNG" thread on

Re: [openssl-dev] [openssl.org #4255] OpenSSL-1.1.0-pre2 failures using MinGW-W64

On 28/05/16 16:49, sav...@ukr.net wrote: > > > --- Исходное сообщение --- > От кого: "Matt Caswell" <m...@openssl.org> > Дата: 27 мая 2016, 18:03:50 > > > 2. Results for some tests using MSVC there are: > > > > skipped: TLSPro

Re: [openssl-dev] [openssl.org #4255] OpenSSL-1.1.0-pre2 failures using MinGW-W64

On 27/05/16 15:58, sav...@ukr.net wrote: > > > --- Исходное сообщение --- > От кого: "Matt Caswell via RT" <r...@openssl.org> > Дата: 27 мая 2016, 17:45:28 > > The "make test" hang issue on mingw should now be resolved in the head of >

[openssl-dev] [openssl.org #4255] OpenSSL-1.1.0-pre2 failures using MinGW-W64

On Tue May 10 12:36:40 2016, matt wrote: > Re-opening. OP reports there are still issues with "make test" hanging. The "make test" hang issue on mingw should now be resolved in the head of master. Unfortunately there is now a completely different issue preventing compilation for mingw :-( That is

Re: [openssl-dev] [openssl.org #4545] Crash in crypto/rand/md_rand.c

On 27/05/16 11:07, Mick Saxton via RT wrote: > Hi Matt > > The test program runs against our major new development so I cannot share it > as is. > > I will try to produce a skeleton version which I could let you have. > > - But that will be end if next week as I am away for a few

Re: [openssl-dev] [openssl.org #4545] Crash in crypto/rand/md_rand.c

On 27/05/16 11:07, Mick Saxton via RT wrote: > Hi Matt > > The test program runs against our major new development so I cannot share it > as is. > > I will try to produce a skeleton version which I could let you have. > > - But that will be end if next week as I am away for a few

[openssl-dev] [openssl.org #4545] Crash in crypto/rand/md_rand.c

On Fri May 20 15:49:49 2016, mi...@1e.com wrote: > Hi > > Before going any further I would like to state that I have only seen > this problem when we have 1 or more concurrent connections. > > Mostly we notice it on Windows but I have seen it on linux (Ubuntu). > > I first noticed it when

[openssl-dev] [openssl.org #2270] CVS HEAD: bugfix for BIO printf() code: floating point does not print + other wrongs in that code path

I applied this patch in part. The code has moved on since this was written and this was from pre-reformat times so I added the changes that were still applicable "manually". See commit 242073bdbc. Also properly implemented the %e and %g format specifiers in commit d6056f085d. Finally I added a

Re: [openssl-dev] How to get SSL version from SSL_SESSION using OpenSSL-1.1.x?

On 26/05/16 22:48, TJ Saunders wrote: > > >>> I'm currently working on updating proftpd and its various modules to >>> work with the changed APIs in OpenSSL-1.1.x. My current obstacle(?) is >>> to determine the SSL protocol version, given an SSL_SESSION pointer. >>> >>> Using OpenSSL-1.0.x, I

Re: [openssl-dev] How to get SSL version from SSL_SESSION using OpenSSL-1.1.x?

On 26/05/16 22:27, TJ Saunders wrote: > > I'm currently working on updating proftpd and its various modules to > work with the changed APIs in OpenSSL-1.1.x. My current obstacle(?) is > to determine the SSL protocol version, given an SSL_SESSION pointer. > > Using OpenSSL-1.0.x, I currently

[openssl-dev] [openssl.org #4180] Isses with respect to malloc failures handling.

You don't say what version of OpenSSL you were testing. It seems to be either 1.0.2 or 1.0.1 (not master). Anyway, comments inserted. On Mon Dec 14 13:45:20 2015, skoripe...@juniper.net wrote: > Issue 1) > We could have failed to allocate the ctx->cipher_data in > EVP_CipherInit_ex > >

[openssl-dev] [openssl.org #4501] bug in BN_mod_word

On Thu Apr 07 11:44:09 2016, peter.chernys...@gmail.com wrote: > Добрый день! > программа библиотеки BN_mod_word > BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); > > работает неверно на 64 бит машине при некоторых w>2^32, хотя объявлена как > BN_ULONG (64 бита). > > Петр > > Hello! > BN part

[openssl-dev] [openssl.org #4430] #1852: [BUG] Invalid Proxy Certificates Pass Validation

This ticket was opened in error. The correct ticket that remains open is #1852. Closing,. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4430 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4525] [PATCH] SRP client key computation (PR #1017)

This got merged recently. Closing. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4525 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4537] [PATCH] Fix a NULL dereference in chacha20_poly1305_init_key()

This got merged recently. Closing. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4537 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

<    1   2   3   4   5   6   7   8   9   10   >