[openssl-dev] [openssl.org #3949] Bug: PKCS_final.7 not installed

The website stuff should be working, not sure what else (if anythiung) there is here. Please re-open ticket with more info if necessary. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3949 Please log in as guest with password guest if prompted -- openssl-dev mailing list To

[openssl-dev] [openssl.org #3946] Enhancement request: Add support for RFC 5816

This is tracked in https://github.com/openssl/openssl/pull/771 and will happen after 1.1 -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3946 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3983] unresolved external (___iob_func) with 1.0.1p using VS2015

1.0.1 is only getting security fixes. in this case, it appears that the source is too old to use with recent VS. Sorry. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3983 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4563] OpenSSL 1.0.2 branch: mem.obj : error LNK2001: unresolved external symbol _cleanse_ctr

Fixed by Andy in commit 6397ac585d6d4101be0fb742ac0db5074bd4e8a6 -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4563 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #3053] [PATCH] Check for null pointer in cms envelopedData

Wow, only 3 years to apply the simplest patch you have ever seen. Well, better late than never... :) Phillip On Sun, Jun 12, 2016 at 5:55 AM, Rich Salz via RT <r...@openssl.org> wrote: > OpenSSL_1_0_2-stable 63b2499 RT3053: Check for NULL before dereferencing > > master 6b3602

Re: [openssl-dev] [openssl.org #4563] OpenSSL 1.0.2 branch: mem.obj : error LNK2001: unresolved external symbol _cleanse_ctr

Hi, On 12.06.2016 21:52, Andy Polyakov via RT wrote: > "no-asm" is the culprit here, but problem is not reporter's but mine. > mem_clr.c was updated, but build was not tested with no-asm. Fix is > upcoming. That error is gone, but now it complains about "_OPENSSL_h

[openssl-dev] [openssl.org #3236] support for DNSSEC in openssl

And DANE support is in 1.1/master. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3236 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4563] OpenSSL 1.0.2 branch: mem.obj : error LNK2001: unresolved external symbol _cleanse_ctr

Hi, On 12.06.2016 21:44, Joey Yandle via RT wrote: > Looking over your logs, you appear to be configuring with no-asm, then > calling do_ms. Does it work when you configure with asm and call do_nasm? I'd have to deploy nasm to the autobuilders then. Simon -- Ticket here

Re: [openssl-dev] [openssl.org #3236] support for DNSSEC in openssl

Hi; that of course does not make sense without additional DANE support; - that one of course needs to be implemented in OpenSSL. Am 2016-06-12 um 19:32 schrieb Rich Salz via RT: > There does not seem to be anything for OpenSSL to do here; it's about DNS > libraries calling openssl to ge

Re: [openssl-dev] [openssl.org #4563] OpenSSL 1.0.2 branch: mem.obj : error LNK2001: unresolved external symbol _cleanse_ctr

> Looking over your logs, you appear to be configuring with no-asm, "no-asm" is the culprit here, but problem is not reporter's but mine. mem_clr.c was updated, but build was not tested with no-asm. Fix is upcoming. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4563 Please log

Re: [openssl-dev] [openssl.org #4563] OpenSSL 1.0.2 branch: mem.obj : error LNK2001: unresolved external symbol _cleanse_ctr

Looking over your logs, you appear to be configuring with no-asm, then calling do_ms. Does it work when you configure with asm and call do_nasm? The do_ms target doesn't get much attention these days. On Jun 12, 2016 5:56 AM, "Simon Richter via RT" <r...@openssl.org> wrote: >

[openssl-dev] [openssl.org #3618] Authority Information Access support

We are not going to fetch certs at run-time because of the i/o issues (mentioned in the ticket) and the security concerns. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3618 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3715] Possible bug in openssl 64 bit version

The issue is that windows was re-writing the files when copied to different places depending on local environment settings. closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3715 Please log in as guest with password guest if prompted -- openssl-dev mailing list To

[openssl-dev] [openssl.org #3713] Bug: openssl-1.0.1l, FIPS, HP-UX ia64, Duplicate Symbol "AES_Te" and "AES_Td"

A change to openssl, not the fips canister, was described. no more fips work going on at this time. closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3713 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3716] Patch for setting preferred cipher list

Not doing this :) Neither should Akamai :) -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3716 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3666] [PATCH] build with no-ts fails

this was fixed some time ago. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3666 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3498] RE: AW: Platform query

WinCE is no longer supported. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3498 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3528] [PATCH] ssl: SSL_MODE_ASYNC_KEY_EX

async stuff is in master. please open new issue if there are problems with the implementation. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3528 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3550] patch

seems to be user/environment error. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3550 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3424] Misaligned pointers for buffers cast to a size_t*

it's online on the FAQ now. closing this ticket as documenting it was the only thing still to be done. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3424 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3297] XXX_process_heartbeat() not checking return value of OPENSSL_malloc()

As if that was the only bug :) Fixed. It's dtls-only now anway. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3297 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3236] support for DNSSEC in openssl

There does not seem to be anything for OpenSSL to do here; it's about DNS libraries calling openssl to generate and/or verify signatures? -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3236 Please log in as guest with password guest if prompted -- openssl-dev mailing list To

[openssl-dev] [openssl.org #3215] [bug report] SSLv23 connection fails but SSLv3 works

Sorry it has taken to long to review this. SSLv2 is dead and SSLv3 is strongly dis-recommended. Closing this ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3215 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3129] Openssl not clearing session ticket upon handshake failure

This hasn't been shown to be repeatable, and it's not clear where the bug is. Closing the ticket. Sorry for taking so long to get around to this. Please open a new ticket if you can isolate the issue. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3129 Please log in as guest with

[openssl-dev] [openssl.org #3171] integer undefined behaviors

Already fixed. We use clang sanitizers often, but if you find other bugs like this, please open a new ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3171 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3219] OpenSSL - AES in SSLv3.

We are not going to fix this. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3219 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2650] major ssl read/ write performance improvement - updated

Sorry it took so long to look at this. The code has changed significantly since then, including making the structures opaque. Please open a new ticker (or GitHub pull request) against current sources if this is still an issue. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2650

[openssl-dev] [openssl.org #4563] OpenSSL 1.0.2 branch: mem.obj : error LNK2001: unresolved external symbol _cleanse_ctr

Hi, the 1.0.2 branch fails to compile in the VC-WIN32 configuration: mem.obj : error LNK2001: unresolved external symbol _cleanse_ctr Full log available at http://ci.kicad-pcb.org/job/windows-openssl-msvc/cpu=x86,label=windows/376/consoleFull Simon -- Ticket here:

[openssl-dev] [openssl.org #2759] SSL_read / SSL_ERROR_WANT_READ / ENOTCONN infinite loop

applied in master, commit a3ef2c16792ccbf65ef9861e0df6e7c277bcf770 thank you! -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2759 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #2823] Bug: FTBFS compiling openssl 1.01c with musl libc

1.0.1 only gets security fixes. If this is still an issue with 1.0.2 or 1.1, please open a new issue. (Sorry it took so long to get around to looking at this.) -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2823 Please log in as guest with password guest if prompted --

[openssl-dev] [openssl.org #2749] SSL_shutdown() doesn't need to ever return 0

It could return zero, even if now it doesn't and I'm not sure that's true. Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2749 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4022] Support for RFC 6066 in OpenSSL

Duplicate of RT 3591 -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4022 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3053] [PATCH] Check for null pointer in cms envelopedData

OpenSSL_1_0_2-stable 63b2499 RT3053: Check for NULL before dereferencing master 6b36028 RT3053: Check for NULL before dereferencing Author: Phillip Hellewell Date: Sat Jun 11 20:04:21 2016 -0400 RT3053: Check for NULL before dereferencing Reviewed-by: Tim Hudson

[openssl-dev] [openssl.org #3458] PATCH: ensure debug builds with GCC include -g3 -ggdb

I believe this is fixed in master; "./config -d" adds the right debug flags. Please re-open if not. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3458 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3231] default ciphers include insecure export cipher suites

So LOW is now empty, and medium shows only 128/168 bit ciphers and DEFAULT shows nothing smaller than 128. Closing this. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3231 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3163] [PATCH] DSTU-4145-2002 engine implementation

Closing this. Waiting for PR with the new OID's that are needed for the external engine. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3163 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3099] bug report

cannot reproduce this, closing ticket. please re-open if still an issue. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3099 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3105] [PATCH] config matches OUT with full os/compiler line

Believe fixed in 1.1 with new build system. Please re-open if not. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3105 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3091] ms\ntdll.mak bug

fixed (if it was an error) with new build system for 1.1 closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3091 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3819] make openssl-1.0.2a failed on Solaris 10 i86pc

No reply to suggested patch, old system, closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3819 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3864] OS390 Bug: Make fails

os390 builds work in 1.1 not backporting fix as it's a new build system. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3864 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3078] Makefile: install rule builds components

fixed in 1.1. Not fixing in 1.0.2 -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3078 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2758] Bug in use of CRYPTO_ex_data

The code is correct; void* can be cast to anything, including void**. It's up to the dup function to do the right thing. Just like the compar parameter to qsort :) -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2758 Please log in as guest with password guest if prompted --

[openssl-dev] [openssl.org #4545] Crash in crypto/rand/md_rand.c

Can you test against a recent master, it has some rand bugfixes that might address this. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4545 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4523] Failure - make test

Local environment issue; closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4523 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4467] SSL_Connect crashed

Any update on this, or can/should we close this ticket? -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4467 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2782] BUG report: RSA private key serializer

There is no bug here. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2782 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2760] possible bug report: DSA_verify() doesn't correctly account for len

The documentation was fixed some time ago. The "type" param to DSS_sign and DSS_verify is ignored. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2760 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #2216] OBJ_NAME_* and EVP_PBE_*interfaces are not MT-safe

Yes, those API's cannot be called simultaneously from multiple threads. Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2216 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #2750] [BUG] spec file doesn't properly build for lib64

Removed the .spec file from master. :) -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2750 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #1482] [PATCH] add "ciphertext stealing" support to the EVP library

Look at the undocumented functions CRYPTO_cts128_decrypt, CRYPTO_cts128_encrypt, CRYPTO_cts128_decrypt_block CRYPTO_cts128_encrypt_block. Do they do what's needed? -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=1482 Please log in as guest with password guest if prompted --

[openssl-dev] [openssl.org #2461] Windows: Crypto DllMain() invokes getenv() CRT function

commit 84af71a916d0bfce4dde135e4a5fe60d75f4940c Author: Richard Levitte Date: Tue Mar 29 16:48:02 2016 +0200 Break out DllMain from crypto/cryptlib.c and use it in shared libs only Reviewed-by: Andy Polyakov -- Ticket here:

[openssl-dev] [openssl.org #4562] Possible bug in OPENSSL_config - ignore input parameter

On Fri Jun 10 13:02:57 2016, z...@ua7.net wrote: > Hello > > Looks like OPENSSL_config have a bug as result users can't set > alternative path to openssl.cnf file. > If you take a look on implementation of void OPENSSL_config(const char > *config_name) it call a > CONF_modules_load_file(NULL,

[openssl-dev] [openssl.org #1051] SSL_CTX_set_default_paths

Fixed in f5de06aae. Closing. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=1051 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4562] Possible bug in OPENSSL_config - ignore input parameter

Hello Looks like OPENSSL_config have a bug as result users can't set alternative path to openssl.cnf file. If you take a look on implementation of void OPENSSL_config(const char *config_name) it call a CONF_modules_load_file(NULL, config_name, CONF_MFLAGS_DEFAULT_SECTION |

[openssl-dev] [openssl.org #3720] Patch for "Increment SSL session miss counter appropriately"

Patch applied - thanks. Closing. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3720 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4561] BUG: openssl-1.0.2h, evp_enc.c, non-portable bitwise operation

On Mon Jun 06 18:26:50 2016, loic.etie...@qnective.com wrote: > crypto/evp/evp_enc.c, EVP_EncryptUpdate > line 337: inl & (ctx->block_mask) > line 367: inl & (bl - 1) /* with bl = ctx->cipher->block_size */ Why do you consider this a problem? Matt -- Ticket here:

[openssl-dev] [openssl.org #4242] OpenSSL ECC coordinate functions accept invalid curve points

Done in 1e2012b7ff4a5f12273446b281775faa5c8a1858, thanks for the nudge. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4242 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4456] Fedora 1, i386: error: field `next_timeout` has incomplete type

On Tue May 31 16:49:23 2016, rsalz wrote: > Re-Ping Jeff to take a look and see if things are fixed now. Ping Jeff. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4456 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4479] OS X 10.8 (x86_64): Compile errors when using "no-asm -ansi"

Status as per ticket 4480. Closing this ticket. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4479 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4480] Ubuntu 14 (x86_64): Compile errors and warnings when using "no-asm -ansi"

I applied the original roll up patch. I wasn't keen on adding all the __STRICT_ANSI__ ifdefs from the later patch. That seems excessive to me for little benefit - we are generally trying to reduce the ifdef code as much as possible. I also didn't add the __WORDSIZE bit. I believe that symbol is an

[openssl-dev] [openssl.org #4434] Gentoo 13, x86_64: 4 failed self tests

On Wed Jun 01 22:20:38 2016, matt wrote: > Hi Jeff > > Please could you try the attached patch? Any update on this? Thanks Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4434 Please log in as guest with password guest if prompted -- openssl-dev mailing list To

[openssl-dev] [openssl.org #4329] OpenSSL 1.1.0 pre3: internal error in tls_post_process_client_key_exchange during reneg

On Tue May 24 13:53:07 2016, steve wrote: > On Sun Feb 21 13:55:35 2016, rainer.j...@kippdata.de wrote: > > Running the Apache test suite for Apache 2.4 with OpenSSL 1.1.0 > > adjustments, I get > > > > Can you please check to see if this issue is still present in the latest > OpenSSL 1.1.0? Hi

Re: [openssl-dev] [openssl.org #4362] chacha-x86.pl has stricter aliasing requirements than other files

Brian Smith wrote: > It seems that 32-bit ARM has the same limitation as x86 that the input and > output pointers must match or the input and output buffers must not overlap > at all. I'm not sure which ARM code path (NEON or non-NEON, or both) has > this issue. Just to

[openssl-dev] [openssl.org #4395] OpenSSL doesn't reject out-of-context empty records

On Mon Mar 07 22:27:23 2016, david...@google.com wrote: > ssl3_get_record silently discards empty records without much context, > which > means OpenSSL will happily accept, e.g., empty app data records > mid-handshake or empty records of bogus type. They get silently > discarded > and never

[openssl-dev] [openssl.org #4501] bug in BN_mod_word

On Thu Apr 07 11:44:09 2016, peter.chernys...@gmail.com wrote: > Hello! > BN part program > > BN_ULONG BN_mod_word (const BIGNUM * a, BN_ULONG w); > > does not work properly on 64-bit machine with some w> 2 ^ 32, although > declared as BN_ULONG (64 bits). Fixed in commit e82fd1b4 (1.0.2) and

[openssl-dev] [openssl.org #4496] [PATCH] ssl_cert: use the recommended minimum hash from RFC 5480 for EC

On Sat Apr 02 14:05:50 2016, sebast...@breakpoint.cc wrote: > A TLS1.2 connetion with openssl server and gnutls-cli using a > SECP384R1 > key ends up with SHA256 as the hash algorithm for signing the key > exchange. > This is because gnutls sends the hash algorithms from weak to strong > and by

[openssl-dev] [openssl.org #4561] BUG: openssl-1.0.2h, evp_enc.c, non-portable bitwise operation

crypto/evp/evp_enc.c, EVP_EncryptUpdate line 337: inl & (ctx->block_mask) line 367: inl & (bl - 1) /* with bl = ctx->cipher->block_size */ Instead, the more portable inl % ctx->cipher->block_size should be used; or, alternatively, unsigned integers should be used. -- Ticket here:

[openssl-dev] [openssl.org #4560] BUG: openssl-1.0.2h, evp_enc.c, fips, use of uninitialized variable

crypto/evp/evp_enc.c, EVP_CipherInit_ex, line 172 const EVP_CIPHER *fcipher; if (cipher) fcipher = evp_get_fips_cipher(cipher); if (fcipher) cipher = fcipher; return FIPS_cipherinit(ctx, cipher, key, iv, enc); problem: if (!cipher), fcipher is not initialized

Re: [openssl-dev] [openssl.org #4548] s390x build problem

>> In other words >> could you double-check attached patch instead? > > Thanks. Just tested and it compiles and the testsuite passes. Committed. Thanks. Case is being dismissed. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4548 Please log in as guest with password guest if

Re: [openssl-dev] [openssl.org #4548] s390x build problem

On 2016-06-02 13:29:35 [+], Andy Polyakov via RT wrote: > Thanks!!! There is couple of problems with suggested modifications > though. First general comment. While 31-bit is arguably not very > fashionable, bugs are still reported at occasions. Important to keep in > mind that

[openssl-dev] [openssl.org #4556] Unknown: mysterious perl(1) error during [master:8d054a5] installation process

No problem, Steffan. Re-closing.:) -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4556 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4556] Unknown: mysterious perl(1) error during [master:8d054a5] installation process

I hope i don't "open" this one! Richard Levitte via RT <r...@openssl.org> wrote: |On Thu Jun 02 15:50:31 2016, stef...@sdaoden.eu wrote: |> I have never seen something like this: |> |> Parser.c: loadable library and perl binaries are mismatched (got |> han

[openssl-dev] [openssl.org #3895] fprintf in ssl library

fprintf remove from ssl; the ones in crypto are just debugging. closing this. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3895 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3198] [PATCH] Fix missing NULL pointer checks and memory leaks in crypto/asn1 files

The last patches from this have now been applied so closing this ticket. Thanks! Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3198 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3580] [PATCH] Print correct help message (according to configure)

time has passed... nobody looked at this, sorry. fixed earlier by disabling those protocol versions :) -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3580 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] [openssl.org #4559] bug: CRYPTO_set_mem_functions() Doesn't Work in Version 1.0.1b

1.02 then. (0.9.8 is fine. I'm ok with 1.0.0/1.0.1 remaining broken.) On Fri, Jun 3, 2016 at 10:08 AM, Rich Salz via RT <r...@openssl.org> wrote: > Sorry, but 0.9.8 and 1.0.0 are end of life and getting no updates and 1.0.1 is > only getting security fixes at this time. > >

[openssl-dev] [openssl.org #4559] bug: CRYPTO_set_mem_functions() Doesn't Work in Version 1.0.1b

Sorry, but 0.9.8 and 1.0.0 are end of life and getting no updates and 1.0.1 is only getting security fixes at this time. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4559 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4559] bug: CRYPTO_set_mem_functions() Doesn't Work in Version 1.0.1b

The commit From: "Dr. Stephen Henson" Date: Fri, 1 Apr 2011 15:46:03 + Subject: [PATCH] Add additional OPENSSL_init() handling add dummy call to (hopefully) ensure OPENSSL_init() is always linked into an application.

[openssl-dev] [openssl.org #4135] Fix for a multi-threading issue in policy cache creation

Commit 7d6df9e in master. Thanks! -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4135 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4557] Nit: temporary files left over after [master:8d054a5] installation process

Thank you! Found the tests that generated this and made sure the temporary files get removed. Please get a fresh checkout of the master branch and check again. Closing this ticket. Cheers, Richard On Thu Jun 02 15:50:32 2016, stef...@sdaoden.eu wrote: > Yep: > > -rw--- 1 steffen steffen

[openssl-dev] [openssl.org #4393] [PATCH] Call EC_GROUP_order_bits in priv2opt.

Merge RT4241 here as these are best handled together. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4393 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4512] ChaCha20_ctr32 function increments 64 bit counter?

Hi, > I'm aware it doesn't affect anything because the caller shouldn't process > more than 2^32 * 64 bytes per key/nonce setup anyway. > > I was just wondering because it differs from the s390 asm implementation > (and whether there is a particular reason to do so). Implementation is

[openssl-dev] [openssl.org #4558] Performance issue with DTLS packet reassembly

The DTLS packet reassembly code has a performance problem that could result in a DoS attack being possible. The DTLS packet reassembly uses the data structure defined in ssl/pqueue.c for the purpose (it is the only user of this data structure that I can find). This source file implements a

[openssl-dev] [openssl.org #4556] Unknown: mysterious perl(1) error during [master:8d054a5] installation process

On Thu Jun 02 15:50:31 2016, stef...@sdaoden.eu wrote: > Hello. > > I have never seen something like this: > > Parser.c: loadable library and perl binaries are mismatched (got > handshake key 0xdb00080, needed 0xdb80080) > > This is v5.24 on a Linux system, and it flawless afaik. Are you sure

[openssl-dev] [openssl.org #4555] Enhancement request: allow installation without manuals, but anyway without HTML manuals

On Thu Jun 02 15:50:31 2016, stef...@sdaoden.eu wrote: > Oh yes, please! The 'install' target calls three other targets: install_sw install_ssldirs install_docs So if you simple do 'make install_sw' or 'nmake install_sw', I think you'll get what you want. Closing this ticket. -- Richard

[openssl-dev] [openssl.org #4557] Nit: temporary files left over after [master:8d054a5] installation process

Yep: -rw--- 1 steffen steffen 1848 Jun 2 14:46 VhXl383LiQ -rw--- 1 steffen steffen 1612 Jun 2 14:46 F1RkvxEZi0 -rw--- 1 steffen steffen 1848 Jun 2 14:46 qg_wML0XIF -rw--- 1 steffen steffen 1848 Jun 2 14:46 4MUN7KIs69 -rw--- 1 steffen steffen 1840 Jun 2

[openssl-dev] [openssl.org #4555] Enhancement request: allow installation without manuals, but anyway without HTML manuals

Oh yes, please! --steffen -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4555 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4556] Unknown: mysterious perl(1) error during [master:8d054a5] installation process

Hello. I have never seen something like this: Parser.c: loadable library and perl binaries are mismatched (got handshake key 0xdb00080, needed 0xdb80080) This is v5.24 on a Linux system, and it flawless afaik. Thanks. --steffen -- Ticket here:

[openssl-dev] [openssl.org #4474] Overflow optimizations being taken by GCC

It looks like a lot of these warnings are bogus. For example ct_validation is only ever set to 0 or 1 yet it throws out a warning with if(ct_vlidation) in one place while not warning about a similar expression just above it. I tidied up ocsp_prn.c which avoided the warning in that file: though

Re: [openssl-dev] [openssl.org #4548] s390x build problem

>>> I'm getting: >>> crypto/chacha/chacha-s390x.S: Assembler messages: >>> crypto/chacha/chacha-s390x.S:7: Error: Unrecognized opcode: `clgije' >>> >>> >>> A full build log is available on: >>> https://buildd.debian.org/status/fetch.php?pkg=openssl=s390x=1.1.0~pre5-1=1464594754 >> >> It's overly

[openssl-dev] [openssl.org #4554] Bug: psk argument of the s_client/s_server command strips leading zero bytes.

In s_client.c (function psk_client_db), the "-psk" value is converted from hexadecimal to binary by converting to a BN using BN_hex2bn() [line 285] and then from BN to binary using BN_bn2bin [line 301]. This means that it is not possible to input a key where the first byte is zero. e.g. If the

[openssl-dev] [openssl.org #4549] powerpc test problem: missing symbols

Applied and merged into master. Thank you. Closing this ticket. Cheers, Richard On Wed Jun 01 22:31:14 2016, sebast...@breakpoint.cc wrote: > On 2016-05-30 21:28:06 [+], Andy Polyakov via RT wrote: > > For what it's worth I can't reproduce problem on Fedora or RedHat. >

[openssl-dev] [openssl.org #4553] Re: Fedora 1, i386: error: field `next_timeout` has incomplete type

On Wed Jun 01 22:45:08 2016, noloa...@gmail.com wrote: > On Wed, Jun 1, 2016 at 4:47 PM, Richard Levitte via RT > <r...@openssl.org> wrote: > > Please give us the full configuration command you used, including > > environment > > variables that may affect it. Just th

Re: [openssl-dev] [openssl.org #4553] Re: Fedora 1, i386: error: field `next_timeout` has incomplete type

On Wed, Jun 1, 2016 at 4:47 PM, Richard Levitte via RT <r...@openssl.org> wrote: > Please give us the full configuration command you used, including environment > variables that may affect it. Just the presence of '-ansi' tells me that you > didn't just say './config' without an

Re: [openssl-dev] [openssl.org #4549] powerpc test problem: missing symbols

On 2016-05-30 21:28:06 [+], Andy Polyakov via RT wrote: > For what it's worth I can't reproduce problem on Fedora or RedHat. The test |… |# The following symbols are missing in libcrypto.so: |# _shadow_DES_check_key |not ok 2 - check that there are no missing symbols in libcrypto.so |…

[openssl-dev] [openssl.org #4553] Re: Fedora 1, i386: error: field `next_timeout` has incomplete type

Does it make a difference if you add 'no-sse2' to your configuration command? On Wed Jun 01 21:22:24 2016, noloa...@gmail.com wrote: > On Wed, Jun 1, 2016 at 4:47 PM, Richard Levitte via RT > <r...@openssl.org> wrote: > > Please give us the full configuration command y

[openssl-dev] [openssl.org #4434] Gentoo 13, x86_64: 4 failed self tests

Hi Jeff Please could you try the attached patch? Thanks Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4434 Please log in as guest with password guest if prompted >From 199bf71fb68a26a9d7ff52af7233bd0b52d0f824 Mon Sep 17 00:00:00 2001 From: Matt Caswell

Re: [openssl-dev] [openssl.org #4553] Re: Fedora 1, i386: error: field `next_timeout` has incomplete type

On Wed, Jun 1, 2016 at 4:47 PM, Richard Levitte via RT <r...@openssl.org> wrote: > Please give us the full configuration command you used, including environment > variables that may affect it. Just the presence of '-ansi' tells me that you > didn't just say './config' without any ar

[openssl-dev] [openssl.org #4553] Re: Fedora 1, i386: error: field `next_timeout` has incomplete type

Please give us the full configuration command you used, including environment variables that may affect it. Just the presence of '-ansi' tells me that you didn't just say './config' without any arguments. On Wed Jun 01 19:54:51 2016, noloa...@gmail.com wrote: > So testing with 1.1.0-pre6 from 1

<    3   4   5   6   7   8   9   10   11   12   >