[openssl-dev] [openssl.org #4438] GOST ciphersuites and DTLS

Hello OpenSSL team, The GOST ciphersuites currently defined are not DTLS-capable. So it should be fixed in the ssl/s3_lib.c file. Thank you! -- SY, Dmitry Belyavsky -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4438 Please log in as guest with password guest if prompted --

Re: [openssl-dev] OS X 10.8, x86_64: 01-test_abort.t... sh: line 1: 71522 Abort trap: 6

In message on Sat, 19 Mar 2016 21:11:03 -0400, Jeffrey Walton said: noloader> > Point is, if any of the the assertions are triggered into faulting, noloader> > there's a but in the library and it shouldn't

Re: [openssl-dev] OS X 10.8, x86_64: 01-test_abort.t... sh: line 1: 71522 Abort trap: 6

> Point is, if any of the the assertions are triggered into faulting, > there's a but in the library and it shouldn't get released. That's > the whole point. The tests are supposed to catch those and basically > raise a big red flag. > > Are you telling me that according to Apple's App Store

Re: [openssl-dev] OS X 10.8, x86_64: 01-test_abort.t... sh: line 1: 71522 Abort trap: 6

In message on Sat, 19 Mar 2016 20:09:34 -0400, Jeffrey Walton said: noloader> > noloader> Allowing a library to make policy decisions for the application is a noloader> > noloader> philosophical debate.

[openssl-dev] [openssl.org #4436] [Openssl 1.1.0] ECDSA_SIG_get0() for const ECDSA_SIG *

Fixed now. Closing ticket. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4436 Please log in as guest with password guest if prompted -- openssl-dev

Re: [openssl-dev] [openssl.org #4443] Re: VIA C7-D processor: Hang in 30-test_afalg.t

>> This is bad news... A 32-bit pointer's sign extension is >> implementation defined, which means it may as well be undefined >> behavior... >> >> GCC sign extends. I think you can get around it with an intermediate >> cast to uintptr_t: >> >>cb->aio_buf = (uint64_t)(uintptr_t)buf; > > The

[openssl-dev] [openssl.org #4440] Re: Openssl-SNAP-20160315 issue Re: Openssl-SNAP-20160314 Re: Openssl SNAP 20160313 issue Re: OPenSSL SNAP 20160312 issue

On Wed, Mar 16, 2016 at 08:09:15PM +0100, Richard Levitte wrote: > In message <20160316182629.ga10...@doctor.nl2k.ab.ca> on Wed, 16 Mar 2016 > 12:26:29 -0600, The Doctor said: > > doctor> On Tue, Mar 15, 2016 at 10:13:50PM +0100, Richard Levitte wrote: > doctor> > In

Re: [openssl-dev] OS X 10.8, x86_64: 01-test_abort.t... sh: line 1: 71522 Abort trap: 6

> noloader> Allowing a library to make policy decisions for the application is a > noloader> philosophical debate. > > The few places we're using something that drastic is when the internal > structures can only be seen as corrupt by our own fault. That's a > point where you can expect things to

Re: [openssl-dev] OS X 10.8, x86_64: 01-test_abort.t... sh: line 1: 71522 Abort trap: 6

In message on Sat, 19 Mar 2016 19:41:28 -0400, Jeffrey Walton said: noloader> On Sat, Mar 19, 2016 at 7:31 PM, Richard Levitte wrote: noloader> > In message

Re: [openssl-dev] OS X 10.8, x86_64: 01-test_abort.t... sh: line 1: 71522 Abort trap: 6

On Sat, Mar 19, 2016 at 7:31 PM, Richard Levitte wrote: > In message on Sat, 19 > Mar 2016 23:08:17 +, "noloa...@gmail.com via RT" said: > > rt> On Sat, Mar 19, 2016 at 6:44 AM, Richard Levitte via

Re: [openssl-dev] OS X 10.8, x86_64: 01-test_abort.t... sh: line 1: 71522 Abort trap: 6

In message on Sat, 19 Mar 2016 23:08:17 +, "noloa...@gmail.com via RT" said: rt> On Sat, Mar 19, 2016 at 6:44 AM, Richard Levitte via RT wrote: rt> > I think that's a discussion that deserves its own

[openssl-dev] [openssl.org #4444] [openssl-1.1.0-pre4] Make fails with "recipe for target 'depend' failed" on solaris64-x86_64

% ./config --prefix=/opt/openssl Operating system: i86pc-whatever-solaris2 Configuring for solaris64-x86_64-gcc Configuring OpenSSL version 1.1.0-pre4 (0x0x1014L)     no-crypto-mdebug [default]  OPENSSL_NO_CRYPTO_MDEBUG (skip dir)     no-crypto-mdebug-backtrace [forced]  

Re: [openssl-dev] [openssl.org #4451] OS X 10.8, x86_64: 01-test_abort.t... sh: line 1: 71522 Abort trap: 6

On Sat, Mar 19, 2016 at 6:44 AM, Richard Levitte via RT wrote: > I think that's a discussion that deserves its own new thread on openssl-dev. > > A RT ticket is *not* the right place for a philosophical discussion. Closing > this. Please don't respond on this message, create a

Re: [openssl-dev] [openssl.org #4451] OS X 10.8, x86_64: 01-test_abort.t... sh: line 1: 71522 Abort trap: 6

On Sat, Mar 19, 2016 at 6:44 AM, Richard Levitte via RT wrote: > I think that's a discussion that deserves its own new thread on openssl-dev. > > A RT ticket is *not* the right place for a philosophical discussion. Closing > this. Please don't respond on this message, create a

Re: [openssl-dev] [openssl.org #4453] openssl-1.1.0-pre4: make fails with 'wrong ELF class: ELFCLASS64' on solaris64-x86_64-cc

Hello, > Already done. > >> It seems to be better to change '-xarch=generic64' to > '-m64' in line >> 196 & 201 of the same file, too. > > Hmm, not in line 191? Sorry, not 196 but 191. Regards, --- Kiyoshi -- Ticket here:

[openssl-dev] [openssl.org #4453] openssl-1.1.0-pre4: make fails with 'wrong ELF class: ELFCLASS64' on solaris64-x86_64-cc

Vid Sat, 19 Mar 2016 kl. 10.56.00, skrev yoi_no_myou...@yahoo.co.jp: > Patch for this: > diff ../openssl-1.1.0-pre4.orig/Configurations/10-main.conf > Configurations/10-main.conf > 196c196 > < lflags => add(threads("-mt")), > --- > > lflags => add(threads("-mt -m64")), Already done. > It seems

[openssl-dev] [openssl.org #4452] openssl-1.1.0-pre4: undefined symbol for solaris-x86-cc

If you have the possibility, please try a fresh checkout of the master branch and see if this is fixed. Cheers, Richard Vid Sat, 19 Mar 2016 kl. 10.55.59, skrev yoi_no_myou...@yahoo.co.jp: > With patch for #, > > % mkdir build_solaris-x86-cc > % cd build_solaris-x86-cc > % ../Configure

[openssl-dev] [openssl.org #4434] Gentoo 13, x86_64: 4 failed self tests

Working from Master on a Gentoo 13 machine, x86_64. The test was run as root which explains one of the failures (I don't have users or SSH set up yet). Kernel is 4.1.15, GCC is 4.9.3. $ make test ... ( cd test; \ SRCTOP=../. \ BLDTOP=../. \ EXE_EXT= \ /usr/bin/perl

Re: [openssl-dev] configure results in conflicting CRT switches for win DLL

Hi Richard, I believe I am just doing what I read in the 'NOTES.WIN' file : PERL Configure ... VC-WIN32 --classic --prefix=... CALL ms\do_nasm nmake -f ms\ntdll.mak nmake -f ms\ntdll.mak install And each time I got a new nt[dll].mak file. I first missed the '--classic'

[openssl-dev] [openssl.org #4447] Missing generators for sparcv8plus.s, sparcv8.s and sparccpuid.s (OpenSSL 1.1.0 pre4)

Commit 674d5858df6cd3dc5cafa25875861f4742d64608, merged to master. Closing ticket. Cheers, Richard Vid Sat, 19 Mar 2016 kl. 13.38.57, skrev rainer.j...@kippdata.de: > Hi Richard, > > Am 19.03.2016 um 12:49 schrieb Richard Levitte via RT: > > So I'm wondering, what happens if you apply the

[openssl-dev] [openssl.org #4444] [openssl-1.1.0-pre4] Make fails with "recipe for target 'depend' failed" on solaris64-x86_64

Vid Fre, 18 Mar 2016 kl. 19.10.42, skrev rainer.j...@kippdata.de: > Your suggested fix would mean on platforms without "-nt" we would > always > rebuild and that's in fact what I observed (make test rebuilds a lot > of > object files) whereas the "find" variant should work on all platforms > and

[openssl-dev] [openssl.org #4443] Re: VIA C7-D processor: Hang in 30-test_afalg.t

> I think the [mostly] portable way to turn a pointer into an integral > is a uintptr_t or size_t. I'm not sure about uintptr_t availability > because of std=c89/90. size_t will work for most platforms; but the > one I am aware it will fail is older hardware like i386/i486 with > 16-bit segments

Re: [openssl-dev] [openssl.org #4437] invalid free() by ENGINE_cleanup()

On 17/03/16 10:49, Daniel Stenberg via RT wrote: > Hey, > > In curl we call ENGINE_cleanup() as part of our OpenSSL specific cleanup > function. When I do this with OpenSSL from git master as of right now > (OpenSSL_1_1_0-pre4-7-ga717738) valgrind catches an illegal free: Auto deinit

Re: [openssl-dev] [openssl.org #4439] poly1305-x86.pl produces incorrect output

On Thu, Mar 17, 2016 at 5:22 PM David Benjamin via RT wrote: > I'm probably going to write something to generate random inputs and stress > all your other poly1305 codepaths against a reference implementation. I > recommend doing the same in your own test harness, to make sure

Re: [openssl-dev] [openssl.org #4445] Configure does not honor enable-afalgeng

On Fri, Mar 18, 2016 at 9:18 AM, Matt Caswell via RT wrote: > > > On 18/03/16 12:52, noloa...@gmail.com via RT wrote: >> I've configured with: >> >> ./config enable-afalgeng >> >> When I run the self tests, I see: >> >> ../test/recipes/30-test_afalg.t ... skipped:

Re: [openssl-dev] configure results in conflicting CRT switches for win DLL

Hi, As per my previous post, this is still the case with OpenSSL version 1.1.0 pre release 4. The configure script generate the ntdll.mak file containing CFLAG* with conflicting CRT switches. De : openssl-dev [mailto:openssl-dev-boun...@openssl.org] De la part de Michel Envoyé : mardi 15

[openssl-dev] [openssl.org #4444] [openssl-1.1.0-pre4] Make fails with "recipe for target 'depend' failed" on solaris64-x86_64

Perfect. Thanks for confirming. Closing this ticket now. Cheers, Richard Vid Sat, 19 Mar 2016 kl. 13.39.02, skrev rainer.j...@kippdata.de: > Works here. No more "-nt" error, no warnings or other STDERR output. > Tested on Solaris 10 Sparc using GCC doing a 32 bit build and another > 64 > bit

Re: [openssl-dev] [openssl.org #4444] [openssl-1.1.0-pre4] Make fails with "recipe for target 'depend' failed" on solaris64-x86_64

I had the same problem. /bin/sh on Solaris does not understand the "-nt" operator used in the definition of the "depend" target in the top-level Makefile, e.g. in line if [ Makefile -nt Makefile ] ... and elsewhere. From "man test" on Solaris: ... file1 -nt file2 True if file1

Re: [openssl-dev] [openssl.org #4434] Gentoo 13, x86_64: 4 failed self tests

What happens if you run the afalgtest directly? $ cd test $ ./afalgtest Matt On 16/03/16 13:52, noloa...@gmail.com via RT wrote: > Working from Master on a Gentoo 13 machine, x86_64. The test was run > as root which explains one of the failures (I don't have users or SSH > set up yet). > >

[openssl-dev] openssl 1.0.1p PEM_write_bio_RSAPrivateKey fail. error: ASN1_get_object:too long

Hi Folks, Need help. I’m not able to encrypt a key using passphrase, below is the error message. **"error:0D07209B:asn1 encoding routines:ASN1_get_object:too long"** Have already googled for error but couldn't got much info Snippet of my code: unsigned char pass[] = "123456";

Re: [openssl-dev] [openssl.org #4443] Re: VIA C7-D processor: Hang in 30-test_afalg.t

On Thu, Mar 17, 2016 at 8:43 PM, Viktor Dukhovni wrote: > >> On Mar 17, 2016, at 8:25 PM, noloa...@gmail.com via RT >> wrote: >> >> Yeah, this looks fishy... According to the libc manual, 13.10 Perform >> I/O Operations in Parallel >>

[openssl-dev] [openssl.org #4436] [Openssl 1.1.0] ECDSA_SIG_get0() for const ECDSA_SIG *

We can't overload functions -- this is C not C++ :) So cast your pointer. Other accessors in OpenSSL have the same issue. We're not solving it right now. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4436 Please log in as guest with password guest if prompted -- openssl-dev

Re: [openssl-dev] [openssl.org #4398] BUG / 1.0.2g breaks CURL extension

Hello ! I build a release package with the suggested fix in github but php wont load curl anyway. Any other suggestions ? I used MS VC2013 with NASM when using 1.0.2 branch. PHP Warning: PHP Startup: Unable to load dynamic library '\php5\php_curl.dll' - Das Betriebssystem kann php[1912] nicht

Re: [openssl-dev] configure results in conflicting CRT switches for win DLL

The Configure script generates 'makefile', not 'ntdll.mak'. Are you sure you haven't confused things? Could you please show us the exact commands you used from configuration to making? Cheers, Richard In message <001b01d17fcd$109d9100$31d8b300$@sa...@free.fr> on Wed, 16 Mar 2016 22:44:48

Re: [openssl-dev] [openssl.org #4445] Configure does not honor enable-afalgeng

On 18/03/16 12:52, noloa...@gmail.com via RT wrote: > I've configured with: > > ./config enable-afalgeng > > When I run the self tests, I see: > > ../test/recipes/30-test_afalg.t ... skipped: test_afalg not > supported for this build You should not need to use enable-afalgeng

Re: [openssl-dev] [openssl.org #4444] [openssl-1.1.0-pre4] Make fails with "recipe for target 'depend' failed" on solaris64-x86_64

I had the same problem. /bin/sh on Solaris does not understand the "-nt" operator used in the definition of the "depend" target in the top-level Makefile, e.g. in line if [ Makefile -nt Makefile ] ... and elsewhere. From "man test" on Solaris: ... file1 -nt file2 True if file1

Re: [openssl-dev] configure results in conflicting CRT switches for win DLL

Well, I am not lucky ! For once that documentation exists and was recently updated, it is not accurate :-( I saw that '--classic' was temporary, but I did not realize that an alternative build scheme was already there for Windows. You cannot imagine how many times I have manually modified the

Re: [openssl-dev] [openssl.org #4436] [Openssl 1.1.0] ECDSA_SIG_get0() for const ECDSA_SIG *

Hi Felix, I have seen the same warning during the compilation and I agree with you that it would be nice to have an API that takes const variable. Regards, Andrea -Original Message- From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of Schüller Felix via RT Sent:

Re: [openssl-dev] [openssl.org #4444] [openssl-1.1.0-pre4] Make fails with "recipe for target 'depend' failed" on solaris64-x86_64

Works here. No more "-nt" error, no warnings or other STDERR output. Tested on Solaris 10 Sparc using GCC doing a 32 bit build and another 64 bit build. Builds succeed, tests pass. Am 19.03.2016 um 12:34 schrieb Richard Levitte via RT: > Fixed in commit 243a98d4a03a411dfe6db727dbf90adbfa2e7474.

Re: [openssl-dev] [openssl.org #4447] Missing generators for sparcv8plus.s, sparcv8.s and sparccpuid.s (OpenSSL 1.1.0 pre4)

Hi Richard, Am 19.03.2016 um 12:49 schrieb Richard Levitte via RT: > So I'm wondering, what happens if you apply the attached patch? Works like a charm, tested on Solaris 10 Sparc doing a 32bit build and a 64bit build. The intermediate ".s" (lower case) file no longer gets generated and

Re: [openssl-dev] [openssl.org #4447] Missing generators for sparcv8plus.s, sparcv8.s and sparccpuid.s (OpenSSL 1.1.0 pre4)

Hi Richard, Am 19.03.2016 um 12:49 schrieb Richard Levitte via RT: So I'm wondering, what happens if you apply the attached patch? Works like a charm, tested on Solaris 10 Sparc doing a 32bit build and a 64bit build. The intermediate ".s" (lower case) file no longer gets generated and

[openssl-dev] [openssl.org #4446] [openssl 1.1.0] Memory handling inside ASN1_item_sign_ctx()

Your fix has now been applied to the master branch. Thanks for the report. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4446 Please log in as guest

Re: [openssl-dev] [openssl.org #4444] [openssl-1.1.0-pre4] Make fails with "recipe for target 'depend' failed" on solaris64-x86_64

Am 18.03.2016 um 19:33 schrieb Richard Levitte via RT: > Vid Fre, 18 Mar 2016 kl. 18.07.31, skrev rainer.j...@kippdata.de: >> Am 18.03.2016 um 17:49 schrieb Richard Levitte via RT: >>> Vid Fre, 18 Mar 2016 kl. 16.34.05, skrev rainer.j...@kippdata.de: I had the same problem. /bin/sh on Solaris

Re: [openssl-dev] website inconsistent between start page and /source - beta1 vs pre4

Yes, it is. We should clarify that. "Hanno Böck" skrev: (19 mars 2016 13:41:01 CET) >Hi, > >The latest news on the openssl start page is >16-Mar-2016Beta 1 of OpenSSL 1.1.0 is now available: please download >and test it > >However the latest download on /source is >

[openssl-dev] website inconsistent between start page and /source - beta1 vs pre4

Hi, The latest news on the openssl start page is 16-Mar-2016Beta 1 of OpenSSL 1.1.0 is now available: please download and test it However the latest download on /source is 2016-Mar-16 17:43:30openssl-1.1.0-pre4.tar.gz Is pre4 supposed to be the same as beta1? -- Hanno Böck

[openssl-dev] [openssl.org #4447] Missing generators for sparcv8plus.s, sparcv8.s and sparccpuid.s (OpenSSL 1.1.0 pre4)

So I'm wondering, what happens if you apply the attached patch? Vid Sat, 19 Mar 2016 kl. 11.02.09, skrev levitte: > Hmmm... > > Actually, I'm thinkg that src2obj() should check if the original file > exists as > given before changing .S to .s... That should work, since we're always > generating

[openssl-dev] [openssl.org #4444] [openssl-1.1.0-pre4] Make fails with "recipe for target 'depend' failed" on solaris64-x86_64

Fixed in commit 243a98d4a03a411dfe6db727dbf90adbfa2e7474. Can we close this ticket for good now? Vid Sat, 19 Mar 2016 kl. 10.14.25, skrev levitte: > Right. A little 'exit 0' in the right spot should fix that. > > It's true that the dependencies that are generated depend quite a lot > on what >

Re: [openssl-dev] openssl 1.0.1p PEM_write_bio_RSAPrivateKey fail. error: ASN1_get_object:too long

On 17/03/2016 06:32, Ranjith Kumar A. wrote: > Need help. This is a question about using the OpenSSL libraries, further discussion should be on openssl-users; I've set 'reply-to' appropriately, but I don't know what the mailing list will do with it. I’m not able to encrypt a key using

[openssl-dev] [openssl.org #4448] Solaris pod install "sed" problem for OpenSSL 1.1.0 pre4

Applied in commit 5287761bfc34d32572b1acfd6e64fd8c0fb2f799. Closing ticket. Vid Sat, 19 Mar 2016 kl. 10.23.09, skrev levitte: > Right. Thanks! Will apply. > > Cheers, > Richard > > Vid Fre, 18 Mar 2016 kl. 22.03.22, skrev rainer.j...@kippdata.de: > > The following line in

[openssl-dev] [openssl.org #4450] OpenSSL 1.1.0 pre4 podpath: cannot find suitable replacement path, cannot resolve link

Fixed in commit c1e350577fe14e3e124cc258f742cb77a14b6ce8. Closing ticket. Vid Sat, 19 Mar 2016 kl. 10.41.01, skrev levitte: > Thank you. Those are caused by some improperly written L<> links. Fix coming > up. > > Cheers, > Richard > > Vid Sat, 19 Mar 2016 kl. 00.28.21, skrev

[openssl-dev] [openssl.org #4439] poly1305-x86.pl produces incorrect output

Hi folks, You know the drill. See the attached poly1305_test2.c. $ OPENSSL_ia32cap=0 ./poly1305_test2 PASS $ ./poly1305_test2 Poly1305 test failed. got: 2637408fe03086ea73f971e3425e2820 expected: 2637408fe13086ea73f971e3425e2820 I believe this affects both the SSE2 and AVX2 code. It does

Re: [openssl-dev] configure results in conflicting CRT switches for win DLL

I just would like to add that, for me, 'CALL ms\do_nasm' is part of the 'configure scripts'. Please excuse my poor english, Michel -Message d'origine- De : openssl-dev [mailto:openssl-dev-boun...@openssl.org] De la part de Richard Levitte Envoyé : mercredi 16 mars 2016 23:37 À :

Re: [openssl-dev] [openssl.org #4443] Re: VIA C7-D processor: Hang in 30-test_afalg.t

>> Yeah, this looks fishy... According to the libc manual, 13.10 Perform >> I/O Operations in Parallel >> (https://www.gnu.org/software/libc/manual/html_node/Asynchronous-I_002fO.html): >> >>volatile void *aio_buf >> >>This is a pointer to the buffer with the data to >>be

Re: [openssl-dev] [openssl.org #4428] Gentoo 12.1, x86_64: crypto/aes/aes_cfb.c:1:0: error: CPU you selected does not support x86-64 instruction set

>> Is it possible that real target is so called x32, i.e. x86_64 with >> 32-bit address space limitation? In such case linux-x32 would be the >> right target... > > I don't believe this is x32 since {x86_64|amd64} and __ILP32__ are not > defined; see preprocessor output below. Got it. But just

[openssl-dev] [openssl.org #4452] openssl-1.1.0-pre4: undefined symbol for solaris-x86-cc

With patch for #, % mkdir build_solaris-x86-cc % cd build_solaris-x86-cc % ../Configure solaris-x86-cc % make     : Undefined   first referenced  symbol in file padlock_xstore  ./libcrypto.a(e_padlock.o) padlock_capability

[openssl-dev] [openssl.org #4447] Missing generators for sparcv8plus.s, sparcv8.s and sparccpuid.s (OpenSSL 1.1.0 pre4)

Hmmm... Actually, I'm thinkg that src2obj() should check if the original file exists as given before changing .S to .s... That should work, since we're always generating 'foo.s' from 'asm/foo.S' (or 'asm/foo.pl', but that's not applicable here)... The directory difference should make it safe.

Re: [openssl-dev] libcryto 1.1 leaks since old locks are removed

Hi Matt, Thank you very much for keeping me informed ! Regards, Michel. -Message d'origine- De : openssl-dev [mailto:openssl-dev-boun...@openssl.org] De la part de Matt Caswell Envoyé : jeudi 17 mars 2016 10:37 À : openssl-dev@openssl.org Objet : Re: [openssl-dev] libcryto 1.1 leaks

[openssl-dev] [openssl.org #4453] openssl-1.1.0-pre4: make fails with 'wrong ELF class: ELFCLASS64' on solaris64-x86_64-cc

Hello, Tested with patch for #, and removing gcc from path. % ./config Operating system: i86pc-whatever-solaris2 Configuring for solaris64-x86_64-cc Configuring OpenSSL version 1.1.0-pre4 (0x0x1014L)     no-crypto-mdebug [default]  OPENSSL_NO_CRYPTO_MDEBUG (skip dir)    

Re: [openssl-dev] OpenSSL 1.1.0-pre4 change in SSL_get_version() return value

On Thu, Mar 17, 2016 at 12:37:41AM +0200, Jouni Malinen wrote: > Was the SSL_get_version() behavior changed on purpose in the Beta 1 > release? This function used to return "TLSv1" when TLS v1.0 was used > while it is now in Beta 1 returning "TLSv1.0" for that case. I missed this change in the

[openssl-dev] [openssl.org #4442] PATCH: fix typo in AF_ALG engine name

$ git diff engines/afalg/e_afalg.c > e_afalg.patch $ cat e_afalg.patch diff --git a/engines/afalg/e_afalg.c b/engines/afalg/e_afalg.c index 90d7602..4674bcf 100644 --- a/engines/afalg/e_afalg.c +++ b/engines/afalg/e_afalg.c @@ -127,7 +127,7 @@ static int afalg_chk_platform(void); /* Engine Id

[openssl-dev] [openssl.org #4451] OS X 10.8, x86_64: 01-test_abort.t... sh: line 1: 71522 Abort trap: 6

I think that's a discussion that deserves its own new thread on openssl-dev. A RT ticket is *not* the right place for a philosophical discussion. Closing this. Please don't respond on this message, create a new thread instead. Vid Sat, 19 Mar 2016 kl. 01.49.13, skrev noloa...@gmail.com: > On

[openssl-dev] [openssl.org #4450] OpenSSL 1.1.0 pre4 podpath: cannot find suitable replacement path, cannot resolve link

Thank you. Those are caused by some improperly written L<> links. Fix coming up. Cheers, Richard Vid Sat, 19 Mar 2016 kl. 00.28.21, skrev rainer.j...@kippdata.de: > Errors during make install: > > Cannot find "EXAMPLES" in podpath: cannot find suitable replacement > path, cannot resolve link >

[openssl-dev] [openssl.org #4448] Solaris pod install "sed" problem for OpenSSL 1.1.0 pre4

Right. Thanks! Will apply. Cheers, Richard Vid Fre, 18 Mar 2016 kl. 22.03.22, skrev rainer.j...@kippdata.de: > The following line in Configurations/unix-Makefile.tmpl is non > standards-conforming and breaks using Solaris sed: > > ... > sed -e ':a;{N;s/\n/ /;ba}' | \ > ... > > The man page tells

[openssl-dev] [openssl.org #4444] [openssl-1.1.0-pre4] Make fails with "recipe for target 'depend' failed" on solaris64-x86_64

Right. A little 'exit 0' in the right spot should fix that. It's true that the dependencies that are generated depend quite a lot on what you've built so far, I hope that's not an enormous bother. Cheers, Richard Vid Sat, 19 Mar 2016 kl. 01.31.53, skrev e...@efca.com: > still not working right.

Re: [openssl-dev] [openssl.org #4445] Configure does not honor enable-afalgeng

On 18/03/16 22:59, Kurt Roeckx via RT wrote: > On Fri, Mar 18, 2016 at 01:18:04PM +, Matt Caswell wrote: >> >> >> On 18/03/16 12:52, noloa...@gmail.com via RT wrote: >>> I've configured with: >>> >>> ./config enable-afalgeng >>> >>> When I run the self tests, I see: >>> >>>

Re: [openssl-dev] [openssl.org #4445] Configure does not honor enable-afalgeng

On 18/03/16 22:59, Kurt Roeckx via RT wrote: > On Fri, Mar 18, 2016 at 01:18:04PM +, Matt Caswell wrote: >> >> >> On 18/03/16 12:52, noloa...@gmail.com via RT wrote: >>> I've configured with: >>> >>> ./config enable-afalgeng >>> >>> When I run the self tests, I see: >>> >>>

Re: [openssl-dev] [openssl.org #4366] OS X 10.5, 64-bit PPC, no-asm, and "Failed test 'running asynctest'"

> Jeff - please can you try the attached alternative patch? > It tested OK under both 'KERNEL_BITS=32' and 'KERNEL_BITS=64': ... ../test/recipes/25-test_verify.t .. ok ../test/recipes/25-test_x509.t ok ../test/recipes/30-test_afalg.t ... skipped: test_afalg not

Re: [openssl-dev] [openssl.org #4443] Re: VIA C7-D processor: Hang in 30-test_afalg.t

> On Mar 17, 2016, at 8:25 PM, noloa...@gmail.com via RT > wrote: > > Yeah, this looks fishy... According to the libc manual, 13.10 Perform > I/O Operations in Parallel > (https://www.gnu.org/software/libc/manual/html_node/Asynchronous-I_002fO.html): > >volatile void

Re: [openssl-dev] OpenSSL 1.1.0-pre4 change in SSL_get_version() return value

> On Mar 18, 2016, at 4:40 PM, Richard Moore wrote: > > I think it is reasonable to preserve the backwards compatible "TLSv1" > > for the string protocol version, but do we also need to preserve the > > "TLSv1.0" in ciphers(1) output? If so, the code needs an exception

Re: [openssl-dev] configure results in conflicting CRT switches for win DLL

> Looks like some of these options are broken on Windows. Ouf, In some ways, that's good to hear. :-) I tried the patch and I was able to build the shared, debug and release version of OpenSSL 1.1. I was able to fully appreciate the new build system. Thanks Matt, merci bien Richard, Michel.

Re: [openssl-dev] [openssl.org #4444] [openssl-1.1.0-pre4] Make fails with "recipe for target 'depend' failed" on solaris64-x86_64

Am 18.03.2016 um 17:49 schrieb Richard Levitte via RT: > Vid Fre, 18 Mar 2016 kl. 16.34.05, skrev rainer.j...@kippdata.de: >> I had the same problem. /bin/sh on Solaris does not understand the "- >> nt" >> operator used in the definition of the "depend" target in the top- >> level >> Makefile,

Re: [openssl-dev] OpenSSL 1.1.0-pre4 change in SSL_get_version() return value

> On Mar 16, 2016, at 6:44 PM, Viktor Dukhovni > wrote: > >> Was the SSL_get_version() behavior changed on purpose in the Beta 1 >> release? This function used to return "TLSv1" when TLS v1.0 was used >> while it is now in Beta 1 returning "TLSv1.0" for that case. >

Re: [openssl-dev] configure results in conflicting CRT switches for win DLL

On 17/03/16 09:56, Michel wrote: > Hello again Richard, > > And thanks for your help and answers. > but as I said, I am not lucky at all :-( > > Hope I am not again missing something, I would not be particularly proud to > win the trophy of the dumbest user on this list ;-) > > Doing : >

[openssl-dev] 1.1.0-pre4: ALPN mismatch terminates connection

Hi, I think I found a regression in 1.1.0-pre4's ALPN code. I'm currently porting Python's ssl module to OpenSSL 1.1.0-pre4. One of Python's unit tests for ALPN is failing. In the test case both client and server advertise ALPN but have no overlapping protocols. In OpenSSL 1.1.0-pre3 and all

[openssl-dev] [openssl.org #4444] [openssl-1.1.0-pre4] Make fails with "recipe for target 'depend' failed" on solaris64-x86_64

Perhaps with said attachment this time... Vid Fre, 18 Mar 2016 kl. 16.49.13, skrev levitte: > Vid Fre, 18 Mar 2016 kl. 16.34.05, skrev rainer.j...@kippdata.de: > > I had the same problem. /bin/sh on Solaris does not understand the "- > > nt" > > operator used in the definition of the "depend"

Re: [openssl-dev] 1.1.0-pre4: ALPN mismatch terminates connection

The change was actually introduced earlier (see: https://github.com/openssl/openssl/commit/0621786). GH891 (https://github.com/openssl/openssl/commit/817cd0d52f0462039d1fe60462150be7f59d2002) moved the ALPN processing later so that the SSL_CTX determined from SNI can be used, rather than the

Re: [openssl-dev] [openssl.org #4436] [Openssl 1.1.0] ECDSA_SIG_get0() for const ECDSA_SIG *

Hi Felix, I have seen the same warning during the compilation and I agree with you that it would be nice to have an API that takes const variable. Regards, Andrea -Original Message- From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of Schüller Felix via RT Sent:

Re: [openssl-dev] [openssl.org #4445] Configure does not honor enable-afalgeng

On 18/03/16 12:52, noloa...@gmail.com via RT wrote: > I've configured with: > > ./config enable-afalgeng > > When I run the self tests, I see: > > ../test/recipes/30-test_afalg.t ... skipped: test_afalg not > supported for this build You should not need to use enable-afalgeng

[openssl-dev] [openssl.org #4444] [openssl-1.1.0-pre4] Make fails with "recipe for target 'depend' failed" on solaris64-x86_64

Patch for anyone interested in trying. -- Richard Levitte levi...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id= Please log in as guest with password guest if prompted diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index

[openssl-dev] OpenSSL version 1.1.0 pre release 4 published

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.1.0 pre release 4 (beta) === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ OpenSSL 1.1.0 is currently in beta. OpenSSL 1.1.0 pre release 4 has now

[openssl-dev] 答复: 答复: 答复: [openssl.org #4360] [BUG] OpenSSL-1.0.1 crash on sha1_block_data_order_ssse3 asm

Hello Do you have any progress or suggestion about this ticket? If more information is needed ,tell me please. Ths! -邮件原件- 发件人: Hejian (E) 发送时间: 2016年3月7日 11:24 收件人: 'noloa...@gmail.com' 抄送: openssl-dev@openssl.org; Liubo (Liubo, OSS); 'r...@openssl.org' 主题: 答复: [openssl-dev] 答复: 答复:

[openssl-dev] [openssl.org #4444] [openssl-1.1.0-pre4] Make fails with "recipe for target 'depend' failed" on solaris64-x86_64

Fixup show in last message has now been merged with master, commit a6adf099cbd7c3bc5c7051ad3d334636ef5e7f90 -- Richard Levitte levi...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id= Please log in as guest with password guest if prompted -- openssl-dev mailing

Re: [openssl-dev] configure results in conflicting CRT switches for win DLL

Hi Richard, Looks like my answer, with the files attached, is waiting for approval. Regards. -Message d'origine- De : Michel [mailto:michel.sa...@free.fr] Envoyé : jeudi 17 mars 2016 01:03 À : 'openssl-dev@openssl.org' Objet : RE: [openssl-dev] configure results in conflicting CRT

[openssl-dev] [openssl.org #4436] [Openssl 1.1.0] ECDSA_SIG_get0() for const ECDSA_SIG *

Hallo, since the struct ECDSA_SIG ( -> ECDSA_SIG_st) is now opaque, one has to use ECDSA_SIG_get0() to access the values 'r' and 's'. This works fine for non-const variables. But if one has a 'const ECDSA_SIG *' (e.g. in verify_sig() of an ec_key-engine), this produces an error during

Re: [openssl-dev] configure results in conflicting CRT switches for win DLL

I can't reproduce what you're getting, but tell you what, if you send me these two files, I can try to figure out what's going on: configdata.pm ms\ntdll.mak In message <005501d17fdb$58d73800$0a85a800$@sa...@free.fr> on Thu, 17 Mar 2016 00:27:03 +0100, "Michel"

Re: [openssl-dev] OpenSSL 1.0.2 - Compile to Windows Universal Platform

Check Microsoft's work here: https://github.com/Microsoft/openssl/ I used the scripts here to build OpenSSL for Universal Apps (ARM, x86 and x64). I had to make small changes due to my build environment but it works. Regards, David -- openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] libcryto 1.1 leaks since old locks are removed

FYI, I have a fix for this but it is currently stalled in review due to another related issue. Interim patch attached. Matt On 16/03/16 22:11, Michel wrote: > Hi, > > > > As in my previous post, libcrypto still leaks with OpenSSL version 1.1.0 > pre release 4. > > Here is an example with

[openssl-dev] [openssl.org #4444] [openssl-1.1.0-pre4] Make fails with "recipe for target 'depend' failed" on solaris64-x86_64

Vid Fre, 18 Mar 2016 kl. 16.34.05, skrev rainer.j...@kippdata.de: > I had the same problem. /bin/sh on Solaris does not understand the "- > nt" > operator used in the definition of the "depend" target in the top- > level > Makefile, e.g. in line > > if [ Makefile -nt Makefile ] ... That can't be

Re: [openssl-dev] [openssl.org #4428] Gentoo 12.1, x86_64: crypto/aes/aes_cfb.c:1:0: error: CPU you selected does not support x86-64 instruction set

>> Is it possible that real target is so called x32, i.e. x86_64 with >> 32-bit address space limitation? In such case linux-x32 would be the >> right target... > > I don't believe this is x32 since {x86_64|amd64} and __ILP32__ are not > defined; see preprocessor output below. Got it. But just

[openssl-dev] [openssl.org #4437] invalid free() by ENGINE_cleanup()

Hey, In curl we call ENGINE_cleanup() as part of our OpenSSL specific cleanup function. When I do this with OpenSSL from git master as of right now (OpenSSL_1_1_0-pre4-7-ga717738) valgrind catches an illegal free: ==20314== Invalid free() / delete / delete[] / realloc() ==20314==at

Re: [openssl-dev] [openssl.org #4434] Gentoo 13, x86_64: 4 failed self tests

On Wed, Mar 16, 2016 at 6:11 PM, Jeffrey Walton wrote: > On Wed, Mar 16, 2016 at 10:02 AM, Matt Caswell wrote: >> What happens if you run the afalgtest directly? >> >> $ cd test >> $ ./afalgtest >> > > ./afalgtest > ALG_PERR: afalg_create_sk: Failed to open

[openssl-dev] EVP possibly leaking bytes

Using the guide posted here: https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption I was getting a fairly large amount of bytes "still reachable", so I decided to throw in all of the options to free up whatever was left over. Originally, all that was suggested in the wiki

[openssl-dev] Removing some systems

We are planning on removing the following systems from OpenSSL 1.1: Netware OS/2 There are a few reasons for this. In no particular order they include: these platforms are no longer supported by the vendor; the configurations and builds have not been testable by the team for years and

Re: [openssl-dev] [openssl.org #4434] Gentoo 13, x86_64: 4 failed self tests

On Wed, Mar 16, 2016 at 10:02 AM, Matt Caswell wrote: > What happens if you run the afalgtest directly? > > $ cd test > $ ./afalgtest > ./afalgtest ALG_PERR: afalg_create_sk: Failed to open socket : Address family not supported by protocol test_afalg_aes_128_cbc() failed

Re: [openssl-dev] [openssl.org #4434] Gentoo 13, x86_64: 4 failed self tests

What happens if you run the afalgtest directly? $ cd test $ ./afalgtest Matt On 16/03/16 13:52, noloa...@gmail.com via RT wrote: > Working from Master on a Gentoo 13 machine, x86_64. The test was run > as root which explains one of the failures (I don't have users or SSH > set up yet). > >

Re: [openssl-dev] [openssl.org #4445] Configure does not honor enable-afalgeng

On Fri, Mar 18, 2016 at 9:18 AM, Matt Caswell via RT wrote: > > > On 18/03/16 12:52, noloa...@gmail.com via RT wrote: >> I've configured with: >> >> ./config enable-afalgeng >> >> When I run the self tests, I see: >> >> ../test/recipes/30-test_afalg.t ... skipped:

[openssl-dev] OpenSSL 1.0.2 - Compile to Windows Universal Platform

Hi, What is the best method to compile OpenSSL library 1.0.2.x to Windows Universal Platform 32, 64 and ARM ? Does OpenSSL should be running on Windows Universal Platform ? Best Regards, Moti Saroka. -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4441] Re: VIA C7-D processor: Hang in 30-test_afalg.t

I was looking at the code for afalg_fin_cipher_aio in engines/afalg/e_afalg.c: int afalg_fin_cipher_aio(afalg_aio *aio, int sfd, unsigned char *buf, size_t len) { int r; int retry = 0; unsigned int done = 0; struct iocb *cb; struct timespec timeout;

[openssl-dev] [openssl.org #4435] Pull request: Update EVP_CIPHER_CTX_set_padding documentation.

https://github.com/openssl/openssl/pull/876 Add note about when EVP_CIPHER_CTX_set_padding should be called. Conrado -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4435 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: