Re: [openssl-dev] [openssl.org #4655] Openssl req seems not to work with precreated key

Dear Richard, Thank you, it works. On Mon, Aug 22, 2016 at 4:00 PM, Richard Levitte via RT wrote: > The issue isn't with the pre-created key, but because '-x509' doesn't fully > flag that something new is to be created. The freeze is because 'openssl > req' > tries to read a

[openssl-dev] [openssl.org #4655] Openssl req seems not to work with precreated key

Hello openssl team, I experience problems with openssl version OpenSSL 1.1.0-pre7-dev I use Debian GNU Linux, the version is 8.5 The kernel version is Linux vr-dev 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-2 (2016-04-08) x86_64 GNU/Linux I have created a private key with a command

Re: [openssl-dev] [openssl.org #3940] Missing CRL checks in cms/smime cmdline utilities

Thank you very much! 19 авг. 2016 г. 6:47 PM пользователь "Rich Salz via RT" написал: > For now we just added a comment to master, 1.0.2, 1.0.1 in the cms.pod and > smime.pod files: > > Note that no revocation check is done for the recipient cert, so if that > key has been

Re: [openssl-dev] [openssl.org #4545] Crash in crypto/rand/md_rand.c

Hello, I can confirm that I have seen a similar behavior in multi-thread environment. Unfortunately, I do not have a script to reproduce it either. On Fri, May 20, 2016 at 6:49 PM, Mick Saxton via RT wrote: > Hi > > Before going any further I would like to state that I have

Re: [openssl-dev] [openssl.org #4215] Results of regression for some apps

Dear Stephen, On Tue, May 17, 2016 at 3:26 AM, Stephen Henson via RT wrote: > On Mon May 16 22:17:57 2016, beld...@gmail.com wrote: > > Dear Stephen, > > > > There was one more bugreport merged to this ticket regarding the OCSP > > (#4216). > > Could you take a look at it? > >

Re: [openssl-dev] [openssl.org #4215] Resolved: Results of regression for some apps

Dear Stephen, There was one more bugreport merged to this ticket regarding the OCSP (#4216). Could you take a look at it? Thank you! On Mon, May 16, 2016 at 8:33 PM, Stephen Henson via RT wrote: > According to our records, your request has been resolved. If you have any >

Re: [openssl-dev] [openssl.org #4215] Results of regression for some apps

Dear Stephen, On Fri, May 13, 2016 at 2:41 PM, Stephen Henson via RT wrote: > On Mon Jan 04 14:07:23 2016, beld...@gmail.com wrote: > > Hello! > > > > I found the following problems running my cipher suite with openssl 1.1.0 > > > > 1. Some apps try to load the default config

Re: [openssl-dev] [openssl.org #4438] AutoReply: GOST ciphersuites and DTLS

Hello! The patch marking the GOST ciphersuites DTLS-uncapable is attached. Thank you! On Thu, Mar 17, 2016 at 4:28 PM, The default queue via RT wrote: > > Greetings, > > This message has been automatically generated in response to the > creation of a trouble ticket

[openssl-dev] [openssl.org #4438] GOST ciphersuites and DTLS

Hello OpenSSL team, The GOST ciphersuites currently defined are not DTLS-capable. So it should be fixed in the ssl/s3_lib.c file. Thank you! -- SY, Dmitry Belyavsky -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4438 Please log in as guest with password guest if prompted --

Re: [openssl-dev] [openssl.org #4267] Missing accessor to the EVP_CIPHER_CTX member oiv

Well, I think the ticket may be closed. Thank you! On Wed, Feb 24, 2016 at 8:47 PM, Richard Levitte via RT wrote: > If you're happy, I'm happy; it's that easy. If you think it's good, then > it's > time to close this ticket. You decide. > > Cheers, > Richard > > Vid Ons, 24

[openssl-dev] [openssl.org #4344] Re: Missing accessor to the EVP_CIPHER_CTX member oiv

Dear Richard, The patch you suggested seems not to break at least self-compatibility for the smime -enc command. Is this enough or should I do some more tests? Thank you! On Fri, Feb 19, 2016 at 12:40 AM, Dmitry Belyavsky wrote: > Dear Richard, > > Sorry for the delay. I am

[openssl-dev] [openssl.org #4321] Re: Missing accessor to the EVP_CIPHER_CTX member oiv

Dear Richard, Sorry for the delay. I am out of office now so I will check it some days later. On Thursday, February 18, 2016, Richard Levitte via RT wrote: > Did that help, can we close this ticket now? > > Vid Ons, 17 Feb 2016 kl. 11.25.26, skrev levitte: > > May I suggest

Re: [openssl-dev] [openssl.org #4267] Missing accessor to the EVP_CIPHER_CTX member oiv

Dear Richard, I am not sure it will not break the compatibility. Both implementations of the GOST ciphers require access to this field. On Wed, Feb 17, 2016 at 12:42 PM, Richard Levitte via RT wrote: > Hi, > > I'm sorry, the oiv field is EVP private. Sure, it's been

Re: [openssl-dev] [openssl.org #4226] FIX: ADD IPv6 support for OCSP Responder

Dear Rich, On Mon, Jan 25, 2016 at 5:06 PM, Rich Salz via RT wrote: > We are working on full IPv6 support and it will appear in the next release. > Do you mean 1.1.0? Thank you! -- SY, Dmitry Belyavsky ___ openssl-dev mailing

[openssl-dev] [openssl.org #4267] Missing accessor to the EVP_CIPHER_CTX member oiv

Hello, After making the EVP_CIPHER_CTX struct opaque I found that there is a missing non-const accessor to the oiv member. It is used in GOST engine when we set the cipher parameters from the ASN1 parameters. Thank you! -- SY, Dmitry Belyavsky ___

[openssl-dev] [openssl.org #4215] Results of regression for some apps

Hello! I found the following problems running my cipher suite with openssl 1.1.0 1. Some apps try to load the default config file twice. In case when we load an engine via the config file and the engine prevents itself from loading more than once, it causes errors. The attached patch contains

[openssl-dev] [openssl.org #4216] ocsp 1.1.0/1.0.2 incompatibility

Hello, I found an incompatibility in behavior of the 'ocsp' utility in the 1.0.2 and 1.1.0 versions. The command line openssl ocsp -issuer cacert.pem -CAfile cacert.pem -md_gost94 -cert cert1.pem -sha1 -cert cert2.pem -reqout request.der returns an error in 1.1.0: ocsp: Digest must be before

[openssl-dev] [openssl.org #4213] Error defining ciphersuite 0x0300ff87

Hello, I've found I made a typo introducing the GOST ciphersuite 0x0300ff87. It's a ciphersuite with NULL encryption and so it is rarely used, that's why I did not catch this mistake during the testing. This specification requires using the "stream MAC" mode for this ciphersuite. The patch is

[openssl-dev] [openssl.org #4181] Error building openssl with REF_PRINT

Hello OpenSSL team, I get errors when I build openssl 1.0.2e with -DREF_PRINT -DREF_CHECK ./config -ggdb -DREF_PRINT -DREF_CHECK make ec_key.c: In function 'EC_KEY_free': ec_key.c:115:14: error: called object is not a function or function pointer REF_PRINT("EC_KEY", r); ^

[openssl-dev] [openssl.org #4158] GOST 2012 compatibility is broken by commit 28f4580c1e510ccf4278a20975c9bc3306f758d6

Hello OpenSSL Team, I found out that the commit 28f4580c1e510ccf4278a20975c9bc3306f758d6 breaks GOST 2012 client auth processing. If the call to the EVP_PKEY_get_default_digest_nid() function is unacceptable here, it can be replaced with the chain of if expressions (the patch is attached). BTW,

Re: [openssl-dev] [openssl.org #4158] GOST 2012 compatibility is broken by commit 28f4580c1e510ccf4278a20975c9bc3306f758d6

Dear Stephen, On Mon, Nov 30, 2015 at 4:17 AM, Stephen Henson via RT wrote: > On Sun Nov 29 09:04:03 2015, beld...@gmail.com wrote: > > Hello OpenSSL Team, > > > > I found out that the commit 28f4580c1e510ccf4278a20975c9bc3306f758d6 > breaks > > GOST 2012 client auth

Re: [openssl-dev] [openssl.org #4141] GOST ciphersuites

Dear Stephen, On Mon, Nov 16, 2015 at 5:22 PM, Stephen Henson via RT wrote: > On Sun Nov 15 10:04:28 2015, beld...@gmail.com wrote: > > Hello! > > > > In the commit 5e3d21fef150f020e2d33439401da8f7e311aa24 you set > > the SSL_SSLV3 for the GOST ciphersuites. But the GOST

[openssl-dev] [openssl.org #4141] GOST ciphersuites

Hello! In the commit 5e3d21fef150f020e2d33439401da8f7e311aa24 you set the SSL_SSLV3 for the GOST ciphersuites. But the GOST ciphersuites are not usable with SSLv3, they require TLSv1. Could you turn the flag back for the GOST ciphersuites? Thank you! -- SY, Dmitry Belyavsky

[openssl-dev] [openssl.org #4106] Bug in smime command in master

Hello! When I try to verify the signed message using the master branch, I get an error. The command line is: openssl smime -verify -inform der -in signed2_2_256.asn -noverify -signer signer.certs -out was_signed.dat STDERR CONTENTS: smime: Cannot open input file signer.certs, No such file or

[openssl-dev] [openssl.org #4104] A bug in the crl2pkc7 command in master

Hello, I've found a bug in the crl2pkc7 command in the master branch. openssl crl2pkcs7 -in test.crl -certfile cert.pem -out p7.pem Output: error opening the file, -in error loading certificates 140737354073768:error:02001002:system library:fopen:No such file or

[openssl-dev] [openssl.org #4099] Config is loaded twice in the openssl ts command line application

Hello, I found that the openssl ts command in master tries to load config file twice. To prevent it, the lines 323-324 should be removed. The patch is attached. Thank you! -- SY, Dmitry Belyavsky index 237dd01..222ca45 100644 --- a/apps/ts.c +++ b/apps/ts.c @@ -320,8 +320,6 @@ int

Re: [openssl-dev] [openssl.org #4093] AutoReply: Problem loading engine from config

Hello! The attached patch fixes it. On Wed, Oct 14, 2015 at 10:10 PM, The default queue via RT wrote: > > Greetings, > > This message has been automatically generated in response to the > creation of a trouble ticket regarding: > "Problem loading engine from config",

[openssl-dev] [openssl.org #4093] Problem loading engine from config

Hello, I have a problem when I load an engine from config file in master. OpenSSL cmdline: /home/build/openssl-shell/openssl/apps/openssl dgst -md_gost94 dgst.dat Error configuring OpenSSL modules 47445915269832:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared

Re: [openssl-dev] [openssl.org #4073] Segfault in engine processing

Hello Matt, On Mon, Oct 12, 2015 at 12:08 PM, Matt Caswell via RT wrote: > On Tue Oct 06 20:08:12 2015, beld...@gmail.com wrote: > > Hello! > > > > I get a segfault when executing the command > > > > openssl dgst -engine gost -md_gost94 -mac hmac -macop > >

Re: [openssl-dev] [openssl.org #4073] Segfault in engine processing

Hello! Thank you, I can't reproduce it either. Please close the ticket. Sorry for disturbing. On Mon, Oct 12, 2015 at 12:39 PM, Dmitry Belyavsky via RT <r...@openssl.org> wrote: > Hello Matt, > > On Mon, Oct 12, 2015 at 12:08 PM, Matt Caswell via RT <r...@openssl.org> >

Re: [openssl-dev] [openssl.org #4089] NULL ciphersuites do not work in master

Dear Kurt, On Sun, Oct 11, 2015 at 9:13 PM, Kurt Roeckx via RT <r...@openssl.org> wrote: > On Sun, Oct 11, 2015 at 05:54:16PM +0000, Dmitry Belyavsky via RT wrote: > > Hello! > > > > When I debug, I see that the cipher is forbidden by > > the ssl_security_

[openssl-dev] [openssl.org #4089] NULL ciphersuites do not work in master

Hello! I use the command lines for s_client ans s_server (built from master): openssl s_server -www -cert cert.pem -key seckey.pem -cipher NULL-SHA256 -tls1 openssl s_client -connect localhost:4433 -CAfile sslCA/cacert.pem -verify_return_error -verify 1 -state -cipher NULL-SHA256 -ign_eof

[openssl-dev] [openssl.org #4085] Bug in genpkey in master

Hello, I've found a bug in the genpkey command in the master branch. If we use an algorithm provided by an engine and the engine is loaded via config, the algorithm can't be found during the command line options processing. The solution I suggest is moving the app_load_modules() call before the

[openssl-dev] [openssl.org #4086] s_server bug in master

Hello, I've found a bug in s_server command line application in master branch. During apps_startup() the OpenSSL_add_ssl_algorithms() function is called before loading any engines. The OpenSSL_add_ssl_algorithms() is defined as SSL_library_init(). The SSL_library_init() builds a list of

[openssl-dev] [openssl.org #4073] Segfault in engine processing

Hello! I get a segfault when executing the command openssl dgst -engine gost -md_gost94 -mac hmac -macop key:123456901234567890123456789012 The stack trace is #0 0x in ?? () #1 0x7763420d in look_str_cb (arg=, sk=, nid=, def=) at tb_asnmth.c:217 #2 look_str_cb

[openssl-dev] [openssl.org #4059] Error processing set_serial parameter of the req command

Hello! Current master treats -set_serial as digest alg and expects -set-serial instead. It is the only place in apps, x509 and ca commands seem to accept -set_serial. -- SY, Dmitry Belyavsky ___ openssl-bugs-mod mailing list

[openssl-dev] [openssl.org #3994] make clean leaves extra files

Hello, After make make clean there are some files absent in the original archive: apps/CA.pl certs/demo/* crypto/ec/ecp_nistz256-x86_64.s engines/e_padlock-x86_64.s tools/c_rehash At least some of them should be removed. -- SY, Dmitry Belyavsky

[openssl-dev] [openssl.org #3947] Printing out X.509 extensions

Hello, there is a problem to print out X.509 extensions correctly using the cmdline utility. There is no way to pass the flags specified by the -nameopt cmdline option to printing callbacks so non-ASCII strings are always print like \xD0\x97\xD0\xB0\xD1 It concerns, for example, X509_NAME

[openssl-dev] [openssl.org #3941] Site: deprecated page

Hello! Content of the page at https://www.openssl.org/news/state.html seems to be deprecated. -- SY, Dmitry Belyavsky ___ openssl-bugs-mod mailing list openssl-bugs-...@openssl.org

[openssl-dev] [openssl.org #3940] Missing CRL checks in cms/smime cmdline utilities

Hello, There is a missing CRL check on encrypting the messages using the 'cms/smime -encrypt' commands. Encrypting the message for the owner of a compromised key is dangerous, so CRL check in these utilities will be useful enough. Thank you! -- SY, Dmitry Belyavsky

[openssl-dev] [openssl.org #3920] ECDSA_METHOD_new() argument should be constified?

Hello all, I try to provide my own ECDSA method using engine. I want to use common functions for verifying the signature and a custom one for signing. My code is ... const ECDSA_METHOD * meth1 = ECDSA_OpenSSL(); forwarder_ec_method = ECDSA_METHOD_new(meth1); ... Compiling it, I get an

Re: [openssl-dev] [openssl.org #3895] fprintf in ssl library

Dear Rich, Here are some clarifications regarding GOST. On Fri, Jun 5, 2015 at 1:36 AM, Rich Salz via RT r...@openssl.org wrote: Summarizing some email from the team-internal thread. rsalz In s3_srvr.c: rsalz if (i != 64) { rsalz fprintf(stderr, GOST signature length is %d, i); rsalz

Re: [openssl-dev] [openssl.org #3813] Fwd: Error building openssl on SUSE

Dear Andy, On Mon, May 25, 2015 at 5:26 PM, Andy Polyakov via RT r...@openssl.org wrote: ghash-x86_64.s:1383: Error: no such instruction: `vpclmulqdq $0,%xmm6,%xmm14,%xmm0' What does 'gcc -Wa,-v -c -o /dev/null -x assembler /dev/null' print on your system? $ gcc -Wa,-v -c -o

Re: [openssl-dev] [openssl.org #3813] Fwd: Error building openssl on SUSE

Dear Andy, On Mon, May 25, 2015 at 2:23 PM, Andy Polyakov via RT r...@openssl.org wrote: Hi, I got a problem building openssl 1.0.2a on SUSE. Platform: uname -a Linux b-sles11-64 2.6.27.19-5-default #1 SMP 2009-02-28 04:40:21 +0100 x86_64 x86_64 x86_64 GNU/Linux Compiler:

[openssl-dev] [openssl.org #3837] Bug in SSL_CTX_check_private_key?

Hello Openssl team, It seems to me there is a bug in the SSL_CTX_check_private_key function. The function ignores RSA_METHOD_FLAG_NO_CHECK flag and always tries to check public/private key match. The only place in real code where this function is used is in the set_cert_key_stuff function, just

[openssl-dev] [openssl.org #3813] Fwd: Error building openssl on SUSE

Hello openssl-dev, I got a problem building openssl 1.0.2a on SUSE. Platform: uname -a Linux b-sles11-64 2.6.27.19-5-default #1 SMP 2009-02-28 04:40:21 +0100 x86_64 x86_64 x86_64 GNU/Linux Compiler: gcc -v Using built-in specs. Target: x86_64-suse-linux Configured with: ../configure

[openssl-dev] [openssl.org #3702] openssl verify improvement

Hello openssl team, here is the patch providing -nameopt option to the openssl verify command. It makes possible to print certificate subject correctly in case of error. Thank you. -- SY, Dmitry Belyavsky --- ../openssl-1.0.1i/apps/verify.c 2014-08-07 01:10:56.0 +0400 +++

Re: [openssl.org #3556] Problem building openssl 1.0.1i in debug mode

Hello Andy, On Thu, Oct 23, 2014 at 5:34 PM, Andy Polyakov via RT r...@openssl.org wrote: I used the commands ./Configure shared debug I don't think this would be working build on a 64-bit platform such as one in question. Or rather even if it does work (make

[openssl.org #3557] -nameopt utf8 behaviour in openssl 1.0.1i

Hello OpenSSL Team, The x509 and req commands behave strangely when the nameopt utf8 is specified. beldmit@manul$ openssl x509 -text -noout -nameopt utf8 -in ./demos/cms/cacert.pem Certificate: Data: Version: 3 (0x2) Serial Number: 14395258657826892692 (0xc7c63b7adda36b94)

[openssl.org #3556] Problem building openssl 1.0.1i in debug mode

Hello openssl team, I've got a problem building openssl I used the commands ./Configure shared debug make and get an error gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat

Re: [openssl.org #3530] Problems measuring openssl speed

a quick fix to solve this problem (attached). The main problem with this fix is to move locally-defined engine constants to the level of evp.h, so if you suggest a better solution, I am ready to implement it. Thank you! On Tue, Sep 16, 2014 at 9:29 PM, Dmitry Belyavsky via RT r

[openssl.org #3530] Problems measuring openssl speed

Hello Openssl Team! I use openssl 1.0.1i with some patches in the GOST engine. The command line is openssl speed -engine gost -evp gost-mac I get an error: 3074107544:error:80073074:lib(128):GOST_IMIT_UPDATE:mac key not set:gost_crypt.c:654: (the line number where the error occurs may differ

[openssl.org #3360] Error building openssl with TLS_DEBUG

Hello, when we try to build openssl when TLS_DEBUG is on, we get an error: t1_enc.c: In function ‘tls1_mac’: t1_enc.c:1045: error: ‘mac_sec’ undeclared (first use in this function) t1_enc.c:1045: error: (Each undeclared identifier is reported only once t1_enc.c:1045: error: for each function it

Re: [openssl.org #3350] AutoReply: Problem using gost engine in Apache 2

Hello, Here are previous tickets related to this problem: http://rt.openssl.org/Ticket/Display.html?id=2598 http://rt.openssl.org/Ticket/Display.html?id=2745 See also the discussion in http://rt.openssl.org/Ticket/Display.html?id=3116 Thank you! On Sun, May 11, 2014 at 11:24 PM, The default

Re: [openssl.org #3116] Incostistency using GOST engine with openssl 1.0.1e

Greetings! After I have looked into the processing the default_algorithms and dynamic_path directives, I understand what you mean. Thank you! Can you provide a guideline for writing the patch which will allow to add the engine to the engine's list always? Thank you! On Mon, Aug 26, 2013 at

Re: [openssl.org #3116] Incostistency using GOST engine with openssl 1.0.1e

Greetings! Thank you for your explanation! But I'm sorry, I did not understand why the behaviour depends on the config option's order. In case 3 and 4 the behaviour differs but it is expected by me to be the same. And how difficult will it be to write a patch for avoiding the unlisted engines?

[openssl.org #2941] Memory leaks in ca.c

Greetings! In case of error updating ca database a memory leak occur: $ openssl ca -config z/caCA/ca.conf -in z/user1/req.pem -batch -notext ... skipped ... failed to update database TXT_DB error number 2 [19:00:30] 4957 file=ca.c, line=2199, thread=3074324104, number=28, address=086466F0

[openssl.org #2934] A set of fixes for non-working hardware RNG set as default

Greetings! We have own hardware RNG and software RNG, so in absence of the hardware RNG we found some errors that are ignored. The attached patch fix it, providing the return value check. Two other bugfixes are provided too: - the patch to crypto/ocsp/ocsp_srv.c is a workaround against the

[openssl.org #2932] smime cmdline utility ignores errors

Greetings! The result of functions writing PKCS#7 structure is ignored in smime cmdline utility. The patch fixing it is attached. Also I should mention that the result of RAND_pseudo_bytes in SMIME_write_ASN1 is ignored, and on failure the boundary data is incorrectly initialized. Thank you!

[openssl.org #2908] Double-free in dhparam application openssl 1.0.1c

Greetings! On RNG failure generating dhparams an segmentation fault occurs. The patch is attached. The example command to reproduce: openssl dhparam -outform PEM -out dhparam.pem 1024 Generating DH parameters, 1024 bit long safe prime, generator 2 This is going to take a long time [Rng

Re: [openssl.org #2745] Fwd: GOST engine memory problems

Greetings! It seems to be not enough. openssl is built with shared option the config is openssl_conf = openssl_def [openssl_def] engines = engine_section [engine_section] gost = gost_section [gost_section] engine_id = gost default_algorithms = ALL CRYPT_PARAMS =

[openssl.org #2821] Bug in GOST89-MAC implementation

Greetings! We have found a bug in GOST89-MAC implementation. In case when we calculate the mac for less then 8 bytes, we should provide zero-bytes padding to 16 bytes. In case of zero-length data, the MAC should be zero-bytes. The patches are attached, both for the engine and for the

[openssl.org #2744] CMS support for ccgost engine

Greetings! Here is the patch providing CMS support for ccgost engine. -- SY, Dmitry Belyavsky diff -u openssl-1.0.0e_orig/engines/ccgost//gost_ameth.c openssl-1.0.0e/engines/ccgost//gost_ameth.c --- openssl-1.0.0e_orig/engines/ccgost//gost_ameth.c 2012-02-26 00:04:16.0 +0400 +++

Re: [openssl.org #2742] Resolved: Problems with cms -resign

Greetings! Sorry, the request can't be resolved without changes in openssl core. The problem occurs with RSA algorythm too. The patch I have provided in #2744 add the support of the cms command with ccgost engine, but the problem regarding the command itself is not fixed. Thank you! On Wed,

Re: [openssl.org #2742] Problems with cms -resign

Greetings! Thank you! What about the patches to ccgost engine (2744 and recently resend letter first sent in Nov 2011)? On Wed, Feb 29, 2012 at 6:52 PM, Stephen Henson via RT r...@openssl.org wrote: [beld...@gmail.com - Wed Feb 29 15:20:51 2012]: Greetings! Sorry, the request can't be

[openssl.org #2745] Fwd: GOST engine memory problems

-- Forwarded message -- From: Dmitry Belyavsky beld...@gmail.com Date: Mon, Sep 12, 2011 at 12:51 PM Subject: GOST engine memory problems To: r...@openssl.org, openssl-dev@openssl.org Greetings! When we load the GOST engine twice (because of misconfiguration or so), the problems

Re: [openssl.org #2745] Fwd: GOST engine memory problems

Greetings! If I implement the patch you describe would it be accepted? On Wed, Feb 29, 2012 at 10:29 PM, Stephen Henson via RT r...@openssl.org wrote: I think the best way to deal with this is to cope attempts to load the ENGINE multiple times. This could be treated as a hard error or just

Re: [openssl.org #2745] Fwd: GOST engine memory problems

Greetings! I see, thank you! What about #2744? On Wed, Feb 29, 2012 at 10:56 PM, Stephen Henson via RT r...@openssl.org wrote: [beld...@gmail.com - Wed Feb 29 19:41:11 2012]: Greetings! If I implement the patch you describe would it be accepted? Yes. One way is to check with

[openssl.org #2742] Problems with cms -resign

Greetings! The problem occurs with cms resign command (openssl-1.0.0e). $ openssl cms -sign -binary -inform der -inkey U_cms_1/seckey.pem -signer U_cms_1/cert.pem -in signed_cms2.dat -out signed_cms2_1_det.msg -outform smime $ openssl cms -resign -binary -inkey U_cms_2/seckey.pem -signer

[openssl.org #2743] Memory leak in dgst

Greetings! A memory leak occurs in openssl 1.0.0e OpenSSL cmdline: /home/beldmit/cengine/openssl-1.0.0e/apps/openssl dgst -mac gost-mac -macopt hexkey:414243444546474849404142434445464748494041424344454647484940 dgst.dat STDERR CONTENTS: MAC parameter error

[openssl.org #2598] GOST engine memory problems

Greetings! When we load the GOST engine twice (because of misconfiguration or so), the problems with memory management occurs, either double-free or memory leaks. Here is the patch fixing the problem but I suspect it should be fixed not in the GOST engine, but in the OpenSSL engine-managing

[openssl.org #1300] TSA test fails

Greetings! TSA tests fails with current CVS. Log is: === Setting up TSA test directory... Creating CA for TSA tests... Creating a new CA for the TSA tests... CA certificate filename (or enter to create) Making CA certificate ... unknown option ../CAtsa.cnf req [options]

RE: [openssl.org #1204] bug report - 0.9.8 and bad record mac because of wrong SSL_OP_TLS_BLOCK_PADDING_BUG handling

Greetings! On Fri, 2 Dec 2005, [EMAIL PROTECTED] via RT wrote: The bug seems to be reproduced without compression (s_client reports than both Compression and Expansion are equal to 'NONE'). I'm sorry, I don't understand your remark. I was stepping also inside the compression handling

RE: [openssl.org #1204] bug report - 0.9.8 and bad record mac because of wrong SSL_OP_TLS_BLOCK_PADDING_BUG handling

Greetings! On Fri, 2 Dec 2005, [EMAIL PROTECTED] via RT wrote: I've reproduced this bug with s_client and apache as server requesting page which requires client certificate. So I'm not sure that this bug is completely zlib-related. Aah, now I understand a little bit more. .. requires

[openssl.org #1242] [BUG] engines try to load once per command

Greetings! I use openssl 0.9.8a and specify my engine in openssl.cnf using engine_section. When I use openssl in command-line, everything is ok, but when I use it in interactive mode, I can not execute more than one command - I get error messages during the execution of any command:

[openssl.org #1231] [BUG]Illegal instruction in 0.9.8a

Greetings! I've got a segmentation fault in openssl-0.9.8a. ../util/shlib_wrap.sh ./sha512t make[2]: *** [test_sha] Illegal instruction OpenSSL self-test report: OpenSSL version: 0.9.8a Last change: Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDI... Options: -g

Re: [openssl.org #1146] [BUG] Segfault on FreeBSD 4.8-RELEASE #0

Hello! On Thu, 7 Jul 2005, Andy Polyakov via RT wrote: Sorry, I've forgotten to mention I use 20050627 snapshot and ./config -g shared zlib works fine. Yet I find it a bit too puzzling... After I've replied I came to realize that no-sse2/386 shouldn't actually affect the referred test

Re: [openssl.org #1146] [BUG] Segfault on FreeBSD 4.8-RELEASE #0

Hello! On Tue, 5 Jul 2005, Andy Polyakov via RT wrote: Sorry, I've forgotten to mention I use 20050627 snapshot and ./config -g shared zlib works fine. Yet I find it a bit too puzzling... After I've replied I came to realize that no-sse2/386 shouldn't actually affect the referred test

Re: [openssl.org #1146] [BUG] Segfault on FreeBSD 4.8-RELEASE #0

Hello! On Mon, 4 Jul 2005, Andy Polyakov via RT wrote: Sorry, I've forgotten to mention I use 20050627 snapshot and ./config -g shared zlib works fine. Run ./config -t. Does it suggest any extra flags to ./Configure, such as 386? If it does, then I'd recommend to pass it down to

[openssl.org #1146] [BUG] Segfault on FreeBSD 4.8-RELEASE #0

Hello! I've found a SEGFAULT using FreeBSD 4.8-RELEASE #0: Thu Apr 3 10:53:38 GMT 2003 in bntest. Build is configured with ./Configure -ggdb BSD-x86-elf shared zlib make report: = OpenSSL self-test report: OpenSSL version: 0.9.8-beta7-dev Last change: Correct

[openssl.org #1145] Bug in openssl interactive mode

Hello! We've found a bug in openssl interactive mode. When chopup_args() reallocates memory for splitted args, it doesn't initialize freshly allocated memory with NULL. Patch fixing this problem is attached. Thank you. -- SY, Dmitry Belyavsky (ICQ UIN 6575)

[openssl.org #1090] [BUG] Segfault in dgst signing with rsa private key

Hello! I use 0.9.8-stable-SNAP-20050601 snapshot. Problem occurs on digest signing. make report: OpenSSL self-test report: OpenSSL version: 0.9.8-beta4-dev Last change: Correct naming of the 'chil' and '4758cca' ENGINEs. Thi... Options: -g enable-shared enable-zlib

[openssl.org #1070] PATCH: fix for memory leaks in smime verification

Hello! I use openssl-0.9.8 dev. There is a memory leak on verification of signed messages. This leak exist in snapshots 20050404 and 20050511. I've tested it using Debian Linux. I sign a file in default format with export OPENSSL_DEBUG_MEMORY=on LD_LIBRARY_PATH=. apps/openssl smime -sign

[openssl.org #1059] Bug report: AES in debug linkage

Hello! I have a problem with aes. I use 0.9.8 branch, 20050503 snapshot. The error is reproduced on 20050506 snapshot too. I didn't have such problem with 20050404 snapshot. I configure openssl with ./config -d shared zlib, config log is attached. gcc version is gcc 3.3.5 (Debian 1:3.3.5-12),