another.
> actually these 2 servers is mirrow relationship. 2. I checked the pem file
> (as attached), also is same on two servers3. I checked the error reason, but
> cannot find any description about it in the website.I am almost crazy for
> this issue, would you help to check what'
another.
> actually these 2 servers is mirrow relationship. 2. I checked the pem file
> (as attached), also is same on two servers3. I checked the error reason, but
> cannot find any description about it in the website.I am almost crazy for
> this issue, would you help to check what'
Key:%s", ERR_error_string( ERR_get_error(),
NULL ));
return false;
}
/* Check if the client certificate and private-key matches 验证私钥是否与证书一致*/
if (0 == SSL_CTX_check_private_key(m_pCtx))
{
ERRLOG("Private key does not match the certificate public key");
retur
not be
validated?
Also if i agrees with you i can say simply strlen(...) is also valid then but
its depreciated by MSFT and other strlen_l(...) is provided which accept size
For you convenience check this
http://linux.die.net/man/3/alloca<https://urldefense.proofpoint.com/v2/url?u=h
Fixed in master by b62b2454f and dfde4219f. Still needs cherry-picking to
1.0.2.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4621
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe:
On Mon Aug 22 15:05:17 2016, david...@google.com wrote:
> I may not have time to fully digest the change before the release date, but
> I'm not sure this snippet quite works:
>
> if (ctx->read_start == ctx->read_end) { /* time to read more data */
> ctx->read_end = ctx->read_start =
There are definitely some OpenSSL APIs which return
-2 expecting that the usual error-check patterns don't care.) Anyway, I
believe it gets stuck if non-blocking BIO causes BIO_read to fail on a
retryable error like EWOULDBLOCK and we try again. I see calls to
BIO_should_retry, so I gather thi
The krb5 PKINIT tests still pass.
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4628
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
There are two commits, one that addresses bio_enc problems and one
adding test. Please double-check.
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4628
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org
Fixed with commit a03f81f, will be part of next 1.0.2 release. Thanks!
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4382
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Fixed with commit a03f81f, will be part of next 1.0.2 release. Thanks!
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4371
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Fixed with commit a03f81f, will be part of next 1.0.2 release. Thanks!
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4384
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Hi,
As I obviously needed to improve my test program,
I am now encrypting and decrypting files trying all ciphers in all their
available modes.
( ChaCha20, AES-128, AES-192, AES-256, Blowfish, Cast5, Camellia-128,
Camellia-192, Camellia-256, IDEA, Seed, 3 Keys Triple-DES, 2 Keys Triple-DES
)
(
Hi David,
After checking you are obviously right.
Contrary to my belief, my internal buffer was always larger than the longest
line I read.
:-(
Sorry for the noise, but thanks David for the explanations.
It helps me to fix my software (even if I will keep some spare bytes for
some time)
;-(
--
Hi David,
After checking you are obviously right.
Contrary to my belief, my internal buffer was always larger than the longest
line I read.
:-(
Sorry for the noise, but thanks David for the explanations.
It helps me to fix my software (even if I will keep some spare bytes for
some time)
;-(
--
On Sun, Jul 31, 2016 at 6:18 PM Michel via RT wrote:
> > I was able to trigger a crash simply by chaining an encrypt BIO with a
> memory BIO containing a large plaintext and then stream 100 bytes out of it
> at a time. BIO_read would consistently return 128 and, by the time the
> I was able to trigger a crash simply by chaining an encrypt BIO with a
memory BIO containing a large plaintext and then stream 100 bytes out of it
at a time. BIO_read would consistently return 128 and, by the time the
function returned, the stack was thoroughly clobbered.
I am surprised. I
> I was able to trigger a crash simply by chaining an encrypt BIO with a
memory BIO containing a large plaintext and then stream 100 bytes out of it
at a time. BIO_read would consistently return 128 and, by the time the
function returned, the stack was thoroughly clobbered.
I am surprised. I
urn less than buf_len. That will
feed a partial block into the EVP_CIPHER_CTX and, the next time around, we
output more data than expected.
3. Actually, #2 even means the EVP_CIPHER overlapping buffers check is
wrong. The true requirement is not "if the buffers alias, then i
Resolved by Andy's fix. Closing.
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4628
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
: [openssl-dev] [openssl.org #4628] EVP_f_cipher regression due to
overlapping regions check
Does current master work? I think Andy checked in a fix.
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
: [openssl-dev] [openssl.org #4628] EVP_f_cipher regression due to
overlapping regions check
Does current master work? I think Andy checked in a fix.
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4628
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
> Does current master work? I think Andy checked in a fix.
Rich was few minutes ahead. Now it's committed. Provided test case was
verified to work. Thanks for report.
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4628
Please log in as guest with password guest if prompted
--
Does current master work? I think Andy checked in a fix.
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4628
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
The attached test program works in 1.0, but fails in master with:
a.out: crypto/evp/evp_enc.c:290: is_partially_overlapping: Assertion
`!condition' failed.
See also:
https://mta.openssl.org/pipermail/openssl-dev/2016-July/007953.html
--
Ticket here:
Brian Smith via RT wrote:
> Finally, as I mentioned on the mailing list, it seems the function is_zero
> is missing a comparison of the last limb in the 32-bit case.
>
And of course, when I said "is_zero" I meant "is_one":
Brian Smith via RT wrote:
> Finally, as I mentioned on the mailing list, it seems the function is_zero
> is missing a comparison of the last limb in the 32-bit case.
>
And of course, when I said "is_zero" I meant "is_one":
o be represented as either
0 or as P + 0. This brings into question whether is_zero is correct,
because it doesn't consider P to be zero. Here there was some disagreement
about whether it is necessary to check for P. I personally think that it is
safer to check for both 0 and P like the nistp256 code
With current OpenSSL master, the krb5 PKINIT tests are getting an
assertion failure which I can't attribute to our code (stack trace at
the end). It appears that EVP_EncryptUpdate() now insists on
non-overlapping regions, but bio_enc.c:enc_read() relies on being able
to decrypt an overlapping
fixed some time ago.,
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4175
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
https://github.com/openssl/openssl/pull/172 Closing ticket.
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3533
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
GOST is now a separate engine. Ping Dmitry :)
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3918
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
this is a "can't happen" kind of thing. If you pass in a NID_xxx value, you
MUST get back the object. They are two tables built in-sync.
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4381
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To
Wow, only 3 years to apply the simplest patch you have ever seen.
Well, better late than never... :)
Phillip
On Sun, Jun 12, 2016 at 5:55 AM, Rich Salz via RT <r...@openssl.org> wrote:
> OpenSSL_1_0_2-stable 63b2499 RT3053: Check for NULL before dereferencing
>
> master 6b3602
Wow, only 3 years to apply the simplest patch you have ever seen.
Well, better late than never... :)
Phillip
On Sun, Jun 12, 2016 at 5:55 AM, Rich Salz via RT <r...@openssl.org> wrote:
> OpenSSL_1_0_2-stable 63b2499 RT3053: Check for NULL before dereferencing
>
> master 6b3602
OpenSSL_1_0_2-stable 63b2499 RT3053: Check for NULL before dereferencing
master 6b36028 RT3053: Check for NULL before dereferencing
Author: Phillip Hellewell <ssh...@gmail.com>
Date: Sat Jun 11 20:04:21 2016 -0400
RT3053: Check for NULL before dereferencing
Reviewed-by: Tim Hud
Fixed in master with commit 0f91e1d.
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2877
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
dhparam will never generate parameters that fail DH_check(). It would be an
internal error if it did. I added a sanity check anyway and also brought the
documentation up to date. Commit eeb21772e.
Closing this ticket.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4244
Cool !
Many thanks Steve.
-Message d'origine-
De : Stephen Henson via RT [mailto:r...@openssl.org]
Envoyé : mardi 10 mai 2016 17:00
À : michel.sa...@free.fr
Cc : openssl-dev@openssl.org
Objet : [openssl.org #4173] help to check whether handshake negociates SRP or
PSK ciphersuite
The referenced pull request was merged.
Closing.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4494
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
This is now supported in the master branch with the SSL_CIPHER_get_auth_nid()
function.
The equivalent cannot be added to 1.0.2 as we do not add new features to stable
branches.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see:
This appears to have been fixed.
Closing.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4404
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Steve explained how this should be done.
Closing.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4343
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Applied after a bit of adaptation.
Thank you!
Vid Ons, 04 May 2016 kl. 21.52.21, skrev k...@x64architecture.com:
> Attached is the patch to fix the issue, also please close RT#4534 I
> sent an invalid reply which got translated into another RT issue.
>
> --
> Kurt Cancemi
>
Closing this ticket at request of submitter. Erroneous duplicate of #4533
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4534
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe:
if prompted
>From c27b3a648532388cf59ee55c41ad433c8f323542 Mon Sep 17 00:00:00 2001
From: Kurt Cancemi <k...@x64architecture.com>
Date: Wed, 4 May 2016 17:34:23 -0400
Subject: [PATCH] Add missing NULL check in i2d_PrivateKey()
---
crypto/asn1/i2d_pr.c | 4 +++-
1 file changed, 3 inserti
ed, 4 May 2016 17:34:23 -0400
Subject: [PATCH] Add missing NULL check in i2d_PrivateKey()
---
crypto/asn1/i2d_pr.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/crypto/asn1/i2d_pr.c b/crypto/asn1/i2d_pr.c
index 7ca643f..8b6c92c 100644
--- a/crypto/asn1/i2d_pr.c
+++ b/cr
The attached patch adds a missing NULL check in i2d_PrivateKey(), it
also removes the parentheses around the last return value to be
consistent with the rest of the function.
--
Kurt Cancemi
https://www.x64architecture.com
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4533
The behavior of select() is undefined when the value of max_fd is bigger or
equal to FD_SETSIZE.
When using a big number of async_jobs in speed.c this condition might not be
satisfied.
The following pull request add a check and print an error message:
https://github.com/openssl/openssl/pull/926
On Friday 26 February 2016 17:37:11 Viktor Dukhovni wrote:
> On Fri, Feb 26, 2016 at 05:29:26PM +, Salz, Rich wrote:
> > As just about the only team member who trolls through RT and closes
> > things with any quantity, I am not sure that I agree that fixing a
> > bug requires documentation if
Hello All,
In reviewing code in directory 'crypto/conf', file 'conf_mod.c',
there is a call to OPENSSL_strdup() which is not checked for a
return value of NULL, indicating failure.
The patch file below adds the test, and releases the previously allocated
memory assigned to 'tmod':
---
Hello All,
In reviewing code in directory 'apps', file 'prime.c', there is a
call to BN_new() which is not checked for a return value of NULL,
indicating failure. The patch file below should address/correct this
issue:
--- prime.c.orig2016-03-08 16:13:24.841500061 -0800
+++ prime.c
Hello All,
In reviewing code in directory 'engines', file 'e_aep.c', there is a
call to function 'bn_expand()', but it is not checked for a return
value of NULL. However, a member of the variable 'bn' (bn->d) are used in
memset()/memcpy() calls, but if 'bn' is NULL, a segmentation
Hello All,
In reviewing source code in directory 'crypto/conf', file 'conf_mod.c',
there is a call to BUF_strdup() in function 'module_add()' which is not
checked for a return value of NULL, indicating failure.
The patch file below adds the check and calls OPENSSL_free(tmod) to
release
In reviewing code in directory 'crypto/asn1', file 'asn_moid.c', in
function 'do_create()', there is a call to 'OBJ_nid2obj()' which is
not checked for a return value of NULL.
The patch file below adds the check and returns 0 if NULL is returned:
--- asn_moid.c.orig 2016-03-06 17:09
th_lock is sample code :)
fixed in 1.1 with the integration of ntive threads support.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4372
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To
Hello All,
In reviewing code in OpenSSL-1.0.2g, in directory 'crypto/threads', file
'th-lock.c', in function 'CRYPTO_thread_setup', there is a call to
OPENSSL_malloc()
which is not checked for a return value of NULL, indicating failure.
The patch file below should address/correct this issue:
Hello All,
In reviewing source code for OpenSSL-1.0.2g, it would appear in file
'apps/speed.c', in function 'static int do_multi()', a call to malloc()
is made without being tested for a return value of NULL, indicating failure.
The patch file below should address/correct this issue:
---
he policy?
>
> In the past, we knew from the upper-case lower-case thing. I'm
> guessing that held until OpenSSL 1.0.2. I'm also guessing that's is
> going to change at 1.1.x.
>
> What do we use now? What are the actionable items or prescriptive
> items we can pivot on?
Those
FWIW, I agree with Viktor.
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
> On Feb 28, 2016, at 12:17 PM, Jeffrey Walton wrote:
>
> Thanks Viktor.
>
> Here's the practical problem I am trying to solve. Its a policy and
> procedure problem.
>
> Suppose an organization has a rule that says, "no private APIs shall
> be used". How do I tell an
On Sun, Feb 28, 2016 at 12:18 AM, Viktor Dukhovni
wrote:
>
>> On Feb 27, 2016, at 7:42 PM, Jeffrey Walton wrote:
>>
>> Please ensure this is documented somewhere. I'm having trouble finding
>> information on the new rules.
>>
>> There's 15 or 20
On Fri 2016-02-26 18:04:43 +0100, Viktor Dukhovni
wrote:
> I'd like to propose a policy of no bug fixes to undocumented public
> interfaces. If the interface is useful enough to fix, it has to be
> documented.
fwiw, i agree with Viktor on this proposal. Clear, sane
> On Feb 27, 2016, at 7:42 PM, Jeffrey Walton wrote:
>
> Please ensure this is documented somewhere. I'm having trouble finding
> information on the new rules.
>
> There's 15 or 20 years of using capitol and lower case identifiers to
> denote public and private APIs with
>> Correct me if I am wrong... API's that start with capitol letters are
>> public. Private interfaces use lowercase letters.
>> Documented/undocumented does not really factor things.
>
> You're wrong. Once OpenSSL's past sins are remediated, public
> interfaces are precisely those that are
>>> Nonsense. Source code is not API documentation, it is an
>> > implementation, not an interface contract.
>>
>> I'm not sure I'd consider it nonsense.
>
>Comments in source code are not documentation, they explain the
>internals of the implementation, not the contract.
Actually they can (and
On Fri, Feb 26, 2016 at 05:34:14PM +, Viktor Dukhovni wrote:
> On Fri, Feb 26, 2016 at 05:29:26PM +, Salz, Rich wrote:
>
> > As just about the only team member who trolls through RT and closes things
> > with any quantity, I am not sure that I agree that fixing a bug requires
> >
On Fri, Feb 26, 2016 at 12:50:24PM -0500, Jeffrey Walton wrote:
> > Nonsense. Source code is not API documentation, it is an
> > implementation, not an interface contract.
>
> I'm not sure I'd consider it nonsense.
Comments in source code are not documentation, they explain the
internals of
On Fri, Feb 26, 2016 at 12:42 PM, Viktor Dukhovni
wrote:
> On Fri, Feb 26, 2016 at 12:37:22PM -0500, Jeffrey Walton wrote:
>
>> It seems like (to me) the the most direct way to mark a function as
>> private is to add a comment in the source code stating such.
>
>
On Fri, Feb 26, 2016 at 12:37:22PM -0500, Jeffrey Walton wrote:
> It seems like (to me) the the most direct way to mark a function as
> private is to add a comment in the source code stating such.
Nonsense. Source code is not API documentation, it is an
implementation, not an interface
On Fri, Feb 26, 2016 at 12:29 PM, Salz, Rich wrote:
> As just about the only team member who trolls through RT and closes things
> with any quantity, I am not sure that I agree that fixing a bug requires
> documentation if the API isn't already documented.
+1. Concepts seem
On Fri, Feb 26, 2016 at 05:29:26PM +, Salz, Rich wrote:
> As just about the only team member who trolls through RT and closes things
> with any quantity, I am not sure that I agree that fixing a bug requires
> documentation if the API isn't already documented.
We should also get the word out
On Fri, Feb 26, 2016 at 05:29:26PM +, Salz, Rich wrote:
> As just about the only team member who trolls through RT and closes things
> with any quantity, I am not sure that I agree that fixing a bug requires
> documentation if the API isn't already documented.
Focus on fixing bugs in
As just about the only team member who trolls through RT and closes things with
any quantity, I am not sure that I agree that fixing a bug requires
documentation if the API isn't already documented.
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On Fri, Feb 26, 2016 at 05:10:42PM +, Salz, Rich wrote:
> > I'd like to propose a policy of no bug fixes to undocumented public
> > interfaces.
>
> That seems extreme, given how much of the API is undocumented and how much
> external stuff depends on private things.
Not at all. You're well
>> > I'd like to propose a policy of no bug fixes to undocumented public
>> > interfaces. If the interface is useful enough to fix, it has to be
>> > documented. Anyone care to produce manpages for EC_KEY_priv2buf or
>> > EC_KEY_priv2oct?
>> >
>> Correct me if I am wrong... API's that start with
On Fri, Feb 26, 2016 at 12:10:09PM -0500, Jeffrey Walton wrote:
> > I'd like to propose a policy of no bug fixes to undocumented public
> > interfaces. If the interface is useful enough to fix, it has to be
> > documented. Anyone care to produce manpages for EC_KEY_priv2buf or
> >
> I'd like to propose a policy of no bug fixes to undocumented public
> interfaces.
That seems extreme, given how much of the API is undocumented and how much
external stuff depends on private things. I understand the goal. I just want
to make sure you've thought about the proposal. (And
>> > I have PR https://github.com/openssl/openssl/pull/739 with the below
>> > changes, please have a look.
>> >
>> > - In EC_KEY_priv2buf(), check for pbuf sanity.
>> > - If invoked with NULL, gracefully returns the key length.
> ...
> I'd like
On Fri, Feb 26, 2016 at 04:50:27PM +, Stephen Henson via RT wrote:
> > I have PR https://github.com/openssl/openssl/pull/739 with the below
> > changes, please have a look.
> >
> > - In EC_KEY_priv2buf(), check for pbuf sanity.
> > - If invoked with NULL, gra
On Wed Feb 24 12:07:05 2016, mo...@computer.org wrote:
> Hi,
>
> I have PR https://github.com/openssl/openssl/pull/739 with the below
> changes, please have a look.
>
> - In EC_KEY_priv2buf(), check for pbuf sanity.
> - If invoked with NULL, gracefully returns the key lengt
commit acae59b pushed, thanks!
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4343
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe:
done, closing.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4340
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Hi,
I have PR https://github.com/openssl/openssl/pull/739 with the below
changes, please have a look.
- In EC_KEY_priv2buf(), check for pbuf sanity.
- If invoked with NULL, gracefully returns the key length.
Thanks,
Mohan
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4343
- In error paths, EVP_MD_CTX allocated by the callee is not released
(master)
- Checking method before access (in master and earlier versions)
Pull request with these changes (on master) are as below, please have a
look.
https://github.com/openssl/openssl/pull/737
Thanks,
Mohan
--
fixed in commit a2d0baa thanks!
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4334
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe:
Adding -nostdinc to the EDK2 showed that we were including
for some UEFI builds, because the check for __STDC_VERSION__ happens
before the check for OPENSSL_SYS_UEFI. Fix that.
---
include/openssl/e_os2.h | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/include
> If you say that removing the #ifdef instead of removing the whole code block
> that it contained was a mistake, then I shall take you at your word and
> refrain
> from harping on *too* much about how naughty it was to have a functional
> change hidden away in a commit which simply entitled
rue.
This always used to work; there was a "sanity" check for external data
being passed to PKCS7_verify() with a non-detached PKCS#7 signature, but
it was always #ifdef'd out.
It was broken in HEAD by commit 55500ea7c ("GH354: Memory leak fixes") and
in 1.0.2 by cherry-pi
nature.
In this case, we need to allow PKCS7_verify() to be called with external
data even though PKCS7_get_detached() is not true.
This always used to work; there was a "sanity" check for external data
being passed to PKCS7_verify() with a non-detached PKCS#7 signature, but
it was
can you make a PR (separate from the one you have for UEFI) that does the right
thing? Or attach it to this ticket?
I've kinda lost track :(
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4175
Please log in as guest with password
On Fri, 2016-02-05 at 17:31 +, Salz, Rich via RT wrote:
> And update the PR to say that it also closes this ticket :)
Well, it can be a separate PR if the first is already merged...
--
dwmw2
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4175
Please log in as guest with
On Fri, 2016-02-05 at 17:31 +, Salz, Rich via RT wrote:
> And update the PR to say that it also closes this ticket :)
Well, it can be a separate PR if the first is already merged...
--
dwmw2
smime.p7s
Description: S/MIME cryptographic signature
--
openssl-dev mailing list
To
And update the PR to say that it also closes this ticket :)
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4175
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On Fri, 2016-02-05 at 17:20 +, Rich Salz via RT wrote:
> can you make a PR (separate from the one you have for UEFI) that does
> the right
> thing? Or attach it to this ticket?
> I've kinda lost track :(
Oops, forgot this one in the set of patches I lined up today. Will add
it.
--
dwmw2
On Tue, 2015-12-08 at 12:56 +, Salz, Rich via RT wrote:
> I think that instead of the #ifdef being removed, the if() test
> should be removed.
> This was my mistake.
What was the verdict here?
I'm trying to update my builds, as promised this morning. But EDK2 has
updated to 1.0.2e and
On Tue, 2015-12-08 at 12:56 +, Salz, Rich via RT wrote:
> I think that instead of the #ifdef being removed, the if() test
> should be removed.
> This was my mistake.
What was the verdict here?
I'm trying to update my builds, as promised this morning. But EDK2 has
updated to 1.0.2e and
sureware engine is no longer supported.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
-
http://rt.openssl.org/Ticket/Display.html?id=2493
Please log in as guest with password guest if prompted
Resolved in ba2de73b185016e0a98e62f75b368ab6ae673919 for master (1.1.0). This
isn't really a bug so we won't be backporting to stable branches, though.
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
This is reported against 0.9.8; please open a new ticket if still a problem
with current releases.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
1 - 100 of 357 matches
Mail list logo