[openssl-dev] [openssl.org #3980] [PATCH] Fix BIO_get_accept_socket so that "port-only" input works on FreeBSD

https://github.com/openssl/openssl/pull/359 Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3980 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4432] [BUG] Building with "no-des" fails at crypto/cms/cms_kari.c

https://github.com/openssl/openssl/pull/872 Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4432 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4308] Add Postgres support to -starttls

https://github.com/openssl/openssl/pull/683 Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4308 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4175] Add new macro or PKCS7 flag to disable the check for both data and content

fixed some time ago., -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4175 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4121] avoid configuring openssl twice

https://github.com/openssl/openssl/pull/466 Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4121 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4108] Set TLS ticket keys API

: https://github.com/openssl/openssl/pull/452 Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4108 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4038] SSLv2 session reuse is broken on the 1.0.2 branch

https://github.com/openssl/openssl/pull/395 Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4038 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3986] [PATCH] Implement HKDF algorithm (RFC 5869)

https://github.com/openssl/openssl/pull/355 Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3986 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3709] [PATCH] Constness in SSL_CTX_set_srp_username and SSL_CTX_set_srp_password functions

https://github.com/openssl/openssl/pull/227 Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3709 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3616] [Patch] Implement option to disable sending TLS extensions

https://github.com/openssl/openssl/pull/215 Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3616 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3533] [PATCH] Ensures that EVP encryption & decryption operations check the encrypt flag on the context.

https://github.com/openssl/openssl/pull/172 Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3533 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3305] Cppcheck report

https://github.com/openssl/openssl/pull/139 Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3305 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2698] [PATCH] Allow the use of startdate and enddate for ca -gencrl command

This duplicates https://github.com/openssl/openssl/pull/258 so closing the ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2698 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #2894] [Bug] openssl crl -nameopt has no effect

This was implemented some time ago (not sure who). The nmflag variable is used in name_print in apps/crl.c Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2894 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #2867] des_ede3_cfb1_cipher(): output cropping

fixed with commit fe2d149 in master. Not backported, code has changed. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2867 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

A quick question about this configuration... Should Linux-x32 enable ec_nistp_64_gcc_128 by default? Does anything prohibit ec_nistp_64_gcc_128 in this configuration? # ./Configure linux-x32 Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L) no-asan

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

> ... What one can discuss is to have > ./config (not ./Configure) detect x32 environment and pass alternative > config line to ./Configure. That's how it worked so far and I see no > reason to change it by moving platform detection logic to ./Configure. -- Ticket here:

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

>>> # ./config -mx32 >>> Operating system: x86_64-whatever-linux2 >>> Configuring for linux-x86_64 >>> >>> Perhaps the second case should fail at configure just like the first >>> case. Upon failure, it would be nice to tell the user what to do: >>> "Please configure with ./Configure linux-x32" >>

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

On Thu, Jun 23, 2016 at 6:18 AM, Jeffrey Walton wrote: > Here's a couple more ways things don't work as expected: > > # ./config CFLAGS="-mx32" > Operating system: x86_64-whatever-linux2 > Configuring for linux-x86_64 > Configuring OpenSSL version 1.1.0-pre6-dev

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

>> # ./config -mx32 >> Operating system: x86_64-whatever-linux2 >> Configuring for linux-x86_64 >> >> Perhaps the second case should fail at configure just like the first >> case. Upon failure, it would be nice to tell the user what to do: >> "Please configure with ./Configure linux-x32" > > Well,

[openssl-dev] [openssl.org #4585] some bugs in ver.1.0.2d (fix)

Hi, Recently, I found some bugs in ver.1.0.2d. DESCRIPTION _ 1. Line 122 in a_enum.c: return (0xL); I think it should be "return -1;". 2. Line 149 in a_enum.c: if (BN_is_negative(bn)) I think it should be "if (BN_is_negative(bn) && !BN_is_zero(bn))". 3. Line 161 and line 164

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

> Fair enough, agreed. > > But Configure ignored my instructions: > > # ./config CFLAGS="-mx32" > Operating system: x86_64-whatever-linux2 > Configuring for linux-x86_64 > Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L) > target already defined - linux-x86_64 (offending arg:

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

On Thu, Jun 23, 2016 at 7:10 AM, Andy Polyakov via RT <r...@openssl.org> wrote: >>>> A quick question about this configuration... Should Linux-x32 enable >>>> ec_nistp_64_gcc_128 by default? Does anything prohibit >>>> ec_nistp_64_gcc_128 in this config

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

>>> A quick question about this configuration... Should Linux-x32 enable >>> ec_nistp_64_gcc_128 by default? Does anything prohibit >>> ec_nistp_64_gcc_128 in this configuration? >>> >>> # ./Configure linux-x32 >>> Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L) >>> no-asan

[openssl-dev] [openssl.org #4584] Self test failures under X32

I'm working on a Debian X32 system (http://wiki.debian.org/X32Port), and working from HEAD: # git rev-parse HEAD b58614d7f5f98571b2c0bb2fb3df48f4b48a7e92 Running 'make test' under a machine configured with './Configure linux-x32 enable-ec_nistp_64_gcc_128' results in two failed self

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

On Thu, Jun 23, 2016 at 6:52 AM, Andy Polyakov via RT <r...@openssl.org> wrote: >> A quick question about this configuration... Should Linux-x32 enable >> ec_nistp_64_gcc_128 by default? Does anything prohibit >> ec_nistp_64_gcc_128 in this configuration? >&

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

> A quick question about this configuration... Should Linux-x32 enable > ec_nistp_64_gcc_128 by default? Does anything prohibit > ec_nistp_64_gcc_128 in this configuration? > > # ./Configure linux-x32 > Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L) > no-asan [default]

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

On Thu, Jun 23, 2016 at 6:44 AM, Andy Polyakov via RT <r...@openssl.org> wrote: >> you're not allowed to break the compile, regardless of whether there's >> a proper "X32" kernel. > > I don't understand what do you mean by "break the compile". I'd sa

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

On Thu, Jun 23, 2016 at 6:31 AM, Andy Polyakov via RT <r...@openssl.org> wrote: >>> Here's a couple more ways things don't work as expected: >>> >>> # ./config CFLAGS="-mx32" >>> Operating system: x86_64-whatever-linux2 >>> Configurin

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

> you're not allowed to break the compile, regardless of whether there's > a proper "X32" kernel. I don't understand what do you mean by "break the compile". I'd say it's the kind of thing that lies on both parties. We are responsible for providing code and config lines, but you have

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

On Thu, Jun 23, 2016 at 6:25 AM, Andy Polyakov via RT <r...@openssl.org> wrote: >> Here's a couple more ways things don't work as expected: >> >> # ./config CFLAGS="-mx32" >> Operating system: x86_64-whatever-linux2 >> Configuring for linux-x86_64

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

>> Here's a couple more ways things don't work as expected: >> >> # ./config CFLAGS="-mx32" >> Operating system: x86_64-whatever-linux2 >> Configuring for linux-x86_64 >> Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L) >> target already defined - linux-x86_64 (offending arg:

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

> Here's a couple more ways things don't work as expected: > > # ./config CFLAGS="-mx32" > Operating system: x86_64-whatever-linux2 > Configuring for linux-x86_64 > Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L) > target already defined - linux-x86_64 (offending arg: CFLAGS=-mx32) >

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

Here's a couple more ways things don't work as expected: # ./config CFLAGS="-mx32" Operating system: x86_64-whatever-linux2 Configuring for linux-x86_64 Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L) target already defined - linux-x86_64 (offending arg: CFLAGS=-mx32) # ./config -mx32

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

As far as I know, these are the two ways to detect the platform because `uname` only provides x86_64/amd64 on some platforms: # gcc -dM -E - - > I'm working on a Debian X32 system (http://wiki.debian.org/X32Port), > and

[openssl-dev] [openssl.org #4583] Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

I'm working on a Debian X32 system (http://wiki.debian.org/X32Port), and working from HEAD: # git rev-parse HEAD b58614d7f5f98571b2c0bb2fb3df48f4b48a7e92 It appears Configure is mis-detecting the platform, and it results in a compile failure: make ... gcc -DDSO_DLFCN -DHAVE_DLFCN_H

Re: [openssl-dev] [openssl.org #4580] "openssl verify -CAfile cacerts.pem cert.pem" fails if cacerts.pem is ordered in certain ways

trust store containing no expired certificates. > > Testcase coming soon, I got the OK from our IT department. > > > -Original Message- > > From: Salz, Rich via RT [mailto:r...@openssl.org] > > Sent: Tuesday, June 21, 2016 3:39 PM > > To: Gábor STEFANIK &l

[openssl-dev] [openssl.org #4582] BUG - Application crashing in OpenSSL code while creating x509 certificate object

0.9.8 is no longer supported. Perhaps some others on openssl-users mailing list can help you. Closing this ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4582 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4582] BUG - Application crashing in OpenSSL code while creating x509 certificate object

Hi OpenSSL, We have an issue where in our application crashes on windows system in OpenSSL code. Windows version: Microsoft Windows Server 2008 R2 Standard OpenSSL version: OpenSSL 9.8zf Note: We have not modified any code in 9.8zf version. Our application bundles OpenSSL binaries as DLLs and

[openssl-dev] [openssl.org #3752] Patch to fix thread ID support from FIPS module

commit a43cfd7 pushed to 1.0.2 stable, will show up in next release. thanks. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3752 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4580] "openssl verify -CAfile cacerts.pem cert.pem" fails if cacerts.pem is ordered in certain ways

icy/ By responding to this email you accept the email policy. -Original Message- > From: Salz, Rich via RT [mailto:r...@openssl.org] > Sent: Tuesday, June 21, 2016 3:39 PM > To: Gábor STEFANIK <gabor.stefa...@nng.com> > Cc: openssl-dev@openssl.org > Subject: RE: [openssl

Re: [openssl-dev] [openssl.org #4580] "openssl verify -CAfile cacerts.pem cert.pem" fails if cacerts.pem is ordered in certain ways

Yes, it should not crash. But without more information it is hard/impossible to debug. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4580 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] [openssl.org #4580] "openssl verify -CAfile cacerts.pem cert.pem" fails if cacerts.pem is ordered in certain ways

.) > -- This message, including its attachments, is confidential. For more information please read NNG's email policy here: http://www.nng.com/emailpolicy/ By responding to this email you accept the email policy. -Original Message- > From: Salz, Rich via RT [mailto:r...@openssl.org] > Sent

[openssl-dev] [openssl.org #4581] [1.0.2] Running tests in parallel results in failure

Like Rich says, our build system in 1.0.2 doesn't support parallell building or testing. For upcoming 1.1.0, the build system has been remade from the ground up, with parallell building in mind. Parallell testing hasn't been tested there either, though... it might work, it might not. However, the

Re: [openssl-dev] [openssl.org #4580] "openssl verify -CAfile cacerts.pem cert.pem" fails if cacerts.pem is ordered in certain ways

Having a mix of experied and unexpired certificates in the trust store for the same issuer/key seems to be undefined. I am not sure this is a bug. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4580 Please log in as guest with password guest if prompted -- openssl-dev mailing

Re: [openssl-dev] [openssl.org #4581] [1.0.2] Running tests in parallel results in failure

This is not supported. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4581 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4581] [1.0.2] Running tests in parallel results in failure

Dear OpenSSL folks, downloading the latest 1.0.1t release [1], building it, and running the tests in parallel I get the failure below. I am able to reproduce this, with the branch.*OpenSSL_1_0_2-stable* [2], but not with the branch *master*. With `-j1` and `-j2` the failure is

Re: [openssl-dev] [openssl.org #4398] BUG / 1.0.2g breaks CURL extension

In the meantime i use 1.0.2h which works good so far. Thank you. 2016-06-20 22:47 GMT+02:00 Rich Salz via RT <r...@openssl.org>: > We believe this is fixed by the commit that viktor pointed out. Is this not > true? What are folks asking OpenSSL to do? > > -- > Ticket here:

[openssl-dev] [openssl.org #4580] "openssl verify -CAfile cacerts.pem cert.pem" fails if cacerts.pem is ordered in certain ways

Dear OpenSSL developers, We recently experienced an issue with our internal Mercurial repositories where Mercurial will refuse to connect to the repository due to an SSL certificate error. The problem appeared to show up randomly on some machines, but not others. The repository is hosted on an

Re: [openssl-dev] [openssl.org #4579] Bug - libcrypto.a null pointer dereference bug

I know. The register be NULL therefore crashing. it dont find address. I'am search overflow in openssl but I found it while searching for something else. 2016-06-20 23:48 GMT+03:00 Rich Salz via RT <r...@openssl.org>: > You are not supposed to pass NULL into OpenSSL API's. Just l

[openssl-dev] [openssl.org #4579] Bug - libcrypto.a null pointer dereference bug

You are not supposed to pass NULL into OpenSSL API's. Just like doing this will cause a crash strcpy(NULL, "hello") in a C program. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4579 Please log in as guest with password guest if prompted -- openssl-dev mailing list To

[openssl-dev] [openssl.org #4398] BUG / 1.0.2g breaks CURL extension

We believe this is fixed by the commit that viktor pointed out. Is this not true? What are folks asking OpenSSL to do? -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4398 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] [openssl.org #4579] Resolved: Bug - libcrypto.a null pointer dereference bug

i have a different bug and a different place. There is again null pointer derefenrence. As it does not matter. 2016-06-20 23:35 GMT+03:00 Rich Salz via RT <r...@openssl.org>: > According to our records, your request has been resolved. If you have any > further questions or conc

[openssl-dev] [openssl.org #4376] pull request 785

There was some discussion over on the pull request thread, https://github.com/openssl/openssl/pull/785 And there the feeling was this is a new feature. Closing the ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4376 Please log in as guest with password guest if prompted --

Re: [openssl-dev] [openssl.org #4579] Bug - libcrypto.a null pointer dereference bug

Yes, i know. I'am vulnerability researcher. Thanks. 2016-06-20 21:59 GMT+03:00 Rich Salz via RT <r...@openssl.org>: > When I added this line: > (if x509==NULL) { ERR_print_errors_fp(stderr); exit(1); } > it complained > 140259630204736:error:0906D06C:PEM routines:PEM

[openssl-dev] [openssl.org #1852] [BUG] Invalid Proxy Certificates Pass Validation

On Tue Feb 02 01:44:47 2016, openssl-dev@openssl.org wrote: > On Mon, Feb 01, 2016 at 07:18:04PM +, Rich Salz via RT wrote: > > > This is reported against 0.9.x; please open a new ticket if still a > > problem > > with current releases. > > The same behavi

[openssl-dev] [openssl.org #4579] Bug - libcrypto.a null pointer dereference bug

When I added this line: (if x509==NULL) { ERR_print_errors_fp(stderr); exit(1); } it complained 140259630204736:error:0906D06C:PEM routines:PEM_read_bio:no start line:crypto/pem/pem_lib.c:691:Expecting: CERTIFICATE When I fixed the file to say "BEGIN CERTIFICATE" (added a space) and changed the

[openssl-dev] [openssl.org #3925] [PATCH] Removed trailing semicolon from macro body of three function-like macros

OpenSSL_1_0_2-stable commit 398260a; master commit 54f24e3 thanks. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3925 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4579] Bug - libcrypto.a null pointer dereference bug

PZcL4+xYfA//dvB1DnlHwpNSKnWkcNI5VK6IpDfBlh4ZjB3I3 h6v6zOyvgOcvTXBHmzPsfMym1AmFNTv9/bRlwrKUlGGPaRwSEKU= -END CERTIFICATE- my program have a one input. When i give input a public key. Program crashed. 2016-06-20 21:39 GMT+03:00 Salz, Rich via RT <r...@openssl.org>: > Need more information, like a full backtrace a

Re: [openssl-dev] [openssl.org #4579] Bug - libcrypto.a null pointer dereference bug

Need more information, like a full backtrace and how to reproduce it. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4579 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4579] Bug - libcrypto.a null pointer dereference bug

=r@entry=0x0) at x_all.c:75 75 if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature)) Author: Onur TAŞLIOĞLU 2016-06-20 21:24 GMT+03:00 Onur TAŞLIOĞLU <onurtasliog...@gmail.com>: > Ok, i will try 1.0.2t version and open new ticket. > > Thanks. > > 2016-06-20 21

Re: [openssl-dev] [openssl.org #4579] Bug - libcrypto.a null pointer dereference bug

Ok, i will try 1.0.2t version and open new ticket. Thanks. 2016-06-20 21:08 GMT+03:00 Rich Salz via RT <r...@openssl.org>: > 1.0.1 is end of life and only getting bugfixes now. > If you can reproduce this on 1.0.2 or master, please open a new ticket. > We also need more info

[openssl-dev] [openssl.org #4579] Bug - libcrypto.a null pointer dereference bug

1.0.1 is end of life and only getting bugfixes now. If you can reproduce this on 1.0.2 or master, please open a new ticket. We also need more information, cannot reproduce this issue here. Thanks. closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4579 Please log in as

[openssl-dev] [openssl.org #4579] Bug - libcrypto.a null pointer dereference bug

Operating System Version: Distributor ID: Ubuntu Description: Ubuntu 14.04.3 LTS Release: 14.04 Codename: trusty Linux 3.19.0-28-generic OpenSSL Version : openssl-1.0.1t Critical Function : X509_verify (); And: 0x080e15ef in X509_verify (a=a@entry=0x0, r=r@entry=0x0) at x_all.c:75 75if

[openssl-dev] [openssl.org #3934] [PATCH] test: use _DEFAULT_SOURCE with newer glibc versions

looks like someone already fixed this. closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3934 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4416] 1.0.1s makes porting to HP-UX much harder than before

Discussion happened in https://github.com/openssl/openssl/issues/806 (which looks like it can be c losed). Closing this ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4416 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4570] Enhancement request: Configuration option no-hw-aes

Thanks for the discussion; closing this ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4570 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4469] Openssl linker errors

You have turned off so many things, that some files are not compiled. Try building without all your no-xxx flags. You don't need to turn them all off, the patents are expired. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4469 Please log in as guest with password guest if prompted

[openssl-dev] [openssl.org #3868] [PATCH] Add SSL_get0_peer_certificate()

There will be no free since you've got the SSL lifetime. and esp for 1.1 which uses atomics, closing this. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3868 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] [openssl.org #3868] [PATCH] Add SSL_get0_peer_certificate()

o if by sea, three if by the Internet." On Jun 20, 2016, at 12:18 PM, Rich Salz via RT <r...@openssl.org<mailto:r...@openssl.org>> wrote: Is this needed? Can your get0 function just call get and decrement the refcount? -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id

[openssl-dev] [openssl.org #3918] check return value of EC_POINT_mul

GOST is now a separate engine. Ping Dmitry :) -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3918 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3868] [PATCH] Add SSL_get0_peer_certificate()

Is this needed? Can your get0 function just call get and decrement the refcount? -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3868 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3844] FW: regarding shared library for openssl -1.0.2a

A local environment/compiler issue that we cannot address. No activity in years on this. closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3844 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3728] Question: does "sslv3" in log mean we're using SSLv3?

There are no plans, at this point, to change the names used in logging. If you think it's worthwhile, please open a *github issue* for this. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3728 Please log in as guest with password guest if prompted -- openssl-dev mailing list To

[openssl-dev] [openssl.org #4381] [PATCH] Missing Sanity Check for OBJ_nid2obj() in OpenSSL-1.0.2g

this is a "can't happen" kind of thing. If you pass in a NID_xxx value, you MUST get back the object. They are two tables built in-sync. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4381 Please log in as guest with password guest if prompted -- openssl-dev mailing list To

[openssl-dev] [openssl.org #3136] [PATCH] get rid of extra space when printing -subject and -issuer in x509

commit fb0303f in master. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3136 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4578] ARMv7a and failed self test

>>> ../test/recipes/30-test_evp.t .. >>> 1..1 >>> Test line 2163(aligned in-place): unexpected error VALUE_MISMATCH >>> Expected: >>>

Re: [openssl-dev] [openssl.org #4545] Crash in crypto/rand/md_rand.c

On 20/06/16 10:49, Mick Saxton via RT wrote: > I modified your patch to also catch the similar problem in ssleay_rand_bytes. > Results from the instrumented tests attached. > > These tests were run on 64-bit Windows 7. > I have not specified a locking callback so will be us

Re: [openssl-dev] [openssl.org #4545] Crash in crypto/rand/md_rand.c

dex %= st_num.; Thanks for your help From: Matt Caswell via RT [mailto:r...@openssl.org] Sent: 18 June 2016 00:08 To: Mick Saxton Cc: openssl-dev@openssl.org Subject: Re: [openssl-dev] [openssl.org #4545] Crash in crypto/rand/md_rand.c On 17/06/16 20:56, Matt Caswell via RT wrote: > > >

[openssl-dev] [openssl.org #4561] BUG: openssl-1.0.2h, evp_enc.c, non-portable bitwise operation

On Mon Jun 13 09:37:59 2016, loic.etie...@qnective.com wrote: > My claim about portability issues was wrong (sorry): The C-standard > ensures that positive values are handled in the two's complement > system, indeed. > > However, inl % block_size == inl & (block_size-1) is true if and only > if

Re: [openssl-dev] [openssl.org #4526] bug: use of ExitProcess on Windows platforms, 1.0.2g

the target process. This means it's really only asynchronous if you're calling TerminateProcess one some *other* process. If you're calling TerminateProcess on your own process, you'll never return from the TerminateProcess call. Regards, Ty -Original Message- From: Matt Caswell via RT

Re: [openssl-dev] [openssl.org #4578] ARMv7a and failed self test

>> ../test/recipes/30-test_evp.t .. >> 1..1 >> Test line 2163(aligned in-place): unexpected error VALUE_MISMATCH >> Expected: >>

[openssl-dev] [openssl.org #4378] Multiple warnings under OpenBSD 5.7/64-bit

Fixed in latest master. There are a few spurious warning left that I did not fix. They look like cases of the compiler being overly picky IMO. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4378 Please log in as guest with password guest if prompted -- openssl-dev mailing

Re: [openssl-dev] [openssl.org #4578] ARMv7a and failed self test

> The following is from a CubieBoard. I verified I performed a 'make > clean' and 'git pull'. > > $ git rev-parse HEAD > 13c03c8d6da334bb1cde6ce4133e7c75b3b76947 > > ** > > using V=1: > > ../test/recipes/30-test_evp.t .. > 1..1 > Test line 2163(aligned in-place): unexpected

[openssl-dev] [openssl.org #4578] ARMv7a and failed self test

The following is from a CubieBoard. I verified I performed a 'make clean' and 'git pull'. $ git rev-parse HEAD 13c03c8d6da334bb1cde6ce4133e7c75b3b76947 ** using V=1: ../test/recipes/30-test_evp.t .. 1..1 Test line 2163(aligned in-place): unexpected error VALUE_MISMATCH

Re: [openssl-dev] [openssl.org #4545] Crash in crypto/rand/md_rand.c

On 17/06/16 20:56, Matt Caswell via RT wrote: > > > On 17/06/16 19:43, Mick Saxton via RT wrote: >> Perhaps we should consider if there are any negative consequences to my >> solution? >> It does work. >> >> I am trying really hard to get conte

Re: [openssl-dev] [openssl.org #4545] Crash in crypto/rand/md_rand.c

On 17/06/16 19:43, Mick Saxton via RT wrote: > Perhaps we should consider if there are any negative consequences to my > solution? > It does work. > > I am trying really hard to get contention but I am only seeing this problem > in about 1 out of 100,000 successful T

Re: [openssl-dev] [openssl.org #4545] Crash in crypto/rand/md_rand.c

– I am now suggesting:- So in ssleay_rand_add If ( j-k>0 ) MD_Update(, &(state[st_idx]), j – k); And a similar fix in ssleay_rand_bytes This also avoids adding zero bytes to the hash – which it does quite often. From: Salz, Rich via RT [mailto:r...@openssl.org] Sent: 17 June 201

Re: [openssl-dev] [openssl.org #4545] Crash in crypto/rand/md_rand.c

Sending mail re-opens the ticket. Rats, wish it was fixed. Going to need something to more easily reproduce it, I guess. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4545 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] [openssl.org #4545] Crash in crypto/rand/md_rand.c

– but that is v1.1 and even the build process is significantly different on Windows. One thing that I did notice is that CPU load seems lower on the v1.1 build which would be really great/ .. but it may be making this problem less obvious (frequent). Thanks Mick From: Rich Salz via RT [mailto:r

Re: [openssl-dev] [openssl.org #4570] Enhancement request: Configuration option no-hw-aes

Your technical arguments are sound, indeed. From: Andy Polyakov via RT <r...@openssl.org> Sent: Friday, June 17, 2016 5:13:50 PM To: Loic Etienne Cc: openssl-dev@openssl.org Subject: Re: [openssl-dev] [openssl.org #4570] Enhancement request: Configuration

Re: [openssl-dev] [openssl.org #4570] Enhancement request: Configuration option no-hw-aes

> 1) Openssl works correctly (no crash, correct detection), as far as I > can judge. By error-prone I mean, very defensively, that I (or > others) could make a mistake, or that future versions of openssl > could not work exactly the same way. Well, this is effectively argument in favour of

Re: [openssl-dev] [openssl.org #4570] Enhancement request: Configuration option no-hw-aes

configuration option may be useful (at least for selling) to many other people, or not. Up to your judgment. Thanks for your attention anyway. From: Andy Polyakov via RT <r...@openssl.org> Sent: Friday, June 17, 2016 2:46:41 PM To: Loic Etienne Cc: openssl-dev@opens

Re: [openssl-dev] [openssl.org #4568] Enhancement request: Capability vector accessor function for arm and ppc

> Thanks for the explanations. > > In the code I am working with, I see: > $ sed -n '657p' openssl-1.0.2h/crypto/cryptlib.c > unsigned long *OPENSSL_ia32cap_loc(void) > > You may want to verify it. Right! Sorry about confusion, my bad! It was long in 1.0.x and in became int in master. Anyway,

Re: [openssl-dev] [openssl.org #4572] SSL_set_bio and friends

On Fri, Jun 17, 2016 at 8:48 AM Matt Caswell via RT <r...@openssl.org> wrote: > > > On 14/06/16 21:30, David Benjamin via RT wrote: > > For OpenSSL master, I believe it'd also work to add an s->rbio != s->wbio > > check to SSL_set_rbio, but I think those are wors

Re: [openssl-dev] [openssl.org #4568] Enhancement request: Capability vector accessor function for arm and ppc

, but it is my assignment to avoid aes-ni instructions. Maybe I will have to adapt openssl slightly, for instance making the capability vectors global (instead of hidden); or not to use the EVP interfaces. From: Andy Polyakov via RT <r...@openssl.org>

Re: [openssl-dev] [openssl.org #4568] Enhancement request: Capability vector accessor function for arm and ppc

> Two more observations. > > OPENSSL_ia32cap_loc() alters the underlying OPENSSL_ia32cap_P, the bits not > fitting into the expected integer size being zeroed. I do not know if it is > practically relevant, but it is strange that a read has side effects. It > would be a good reason for

Re: [openssl-dev] [openssl.org #4572] SSL_set_bio and friends

On 14/06/16 21:30, David Benjamin via RT wrote: > For OpenSSL master, I believe it'd also work to add an s->rbio != s->wbio > check to SSL_set_rbio, but I think those are worse semantics for > SSL_set_{rbio,wbio}. They are new APIs, so, before it's too late, give them > cl

Re: [openssl-dev] [openssl.org #4570] Enhancement request: Configuration option no-hw-aes

> Run-time checking works for x86, but not for arm (OPENSSL_armcap_P is > hidden, I still have to try over environment variables, which are not > as flexible for arm as for x86). > > > Anyway, it would be helpful to exclude hardware aes instructions at > compile-time: > > 1) Runtime checking is

Re: [openssl-dev] [openssl.org #4570] Enhancement request: Configuration option no-hw-aes

reasons. From: Rich Salz via RT <r...@openssl.org> Sent: Thursday, June 16, 2016 8:15:48 PM To: Loic Etienne Cc: openssl-dev@openssl.org Subject: [openssl.org #4570] Enhancement request: Configuration option no-hw-aes On Tue Jun 14 15:43:26 2016, loi

<    1   2   3   4   5   6   7   8   9   10   >