[openssl.org #2874] Missing initialization of str in aes_ccm_init_key

2012-09-12 Thread Tomas Mraz via RT
The str member of EVP_AES_CCM_CTX structure stays uninitialized when aes ccm is used with the vpaes backend causing it to crash when the str is later called as it is non-NULL. The attached patch fixes the problem. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back.

[openssl.org #2876] SSL reports Too many open files

2012-09-12 Thread Thodika, Najmudheen via RT
Hi SSL support team, We are using openssl 9.8l. We phase a problem of Too many open files when we run our application for some time on a Solaris host. The error is always reported from SSL lib with a signature like below error:02001018:system library:fopen:Too many open files Error

[openssl.org #2877] openssl rand does not check write(2) return code

2012-09-12 Thread Christian Vogel via RT
{note: I'm not subscribed to any openssl-mailinglist, please contact me directly if necessary} Hi, I used openssl rand to create random data blocks for filesystem and disk testing and noticed that on a full filesystem openssl rand does not return a non-zero exit status when the filesystem is

[openssl.org #2875] Limited rsa keysize

2012-09-12 Thread Stephen Henson via RT
[daniel-marsch...@viathinksoft.de - Wed Sep 12 14:14:40 2012]: Hello, I found out that the rsa keysize is limited. Here is my script: http://www.viathinksoft.de/~daniel- marschall/asn.1/rsa-keysize-check/openssl_rsa32768_bug/ I cannot create a 32768 bits certificate which I want to create

[openssl.org #2878] [PATCH] s_client -fd

2012-09-12 Thread Serge van den Boom via RT
Hi, The attached patch adds the -fd parameter to s_client, to use SSL/TLS over an already established connection. This could then be used like this from Bash: openssl s_client -fd 9 9 /dev/tcp/encrypted.google.com/443 One application would be to negotiate the use of SSL/TLS in plain text

Re: [openssl.org #2836] [PATCH] Staple the correct OCSP Response when multiple certs are configured

2012-09-12 Thread Rob Stradling via RT
On 07/09/12 11:51, Rob Stradling wrote: Attached is an updated patch for CVS HEAD, plus a patch for the 1.0.2 branch. Are you still accepting patches for 1.0.1? Attached is a patch for 1.0.1. -- Rob Stradling Senior Research Development Scientist COMODO - Creating Trust Online Index:

Re: [openssl.org #2875] Limited rsa keysize

2012-09-12 Thread Daniel Marschall via RT
Thanks for your reply! Ok, this is an understandable reason. But I still think this is an issue because the error message (''keys do not match'') is very misleading and does not point to the actual problem - the intentionally limitation. There should be an error message which describes that

Re: [PATCH] Fix sparcv9 sha512 build with binutils.

2012-09-12 Thread David Miller
From: David Miller da...@davemloft.net Date: Mon, 10 Sep 2012 13:53:26 -0400 (EDT) Ping? It won't accept: cmp CONSTANT, REG It will only allow these two forms: cmp REG, CONSTANT cmp REG, REG This is with binutils-2.22 under Linux. diff --git