On Fri, Mar 24, 2017 at 07:48:58AM +0100, Otto Moerbeek wrote:
> On Fri, Mar 24, 2017 at 04:11:48AM +, Blumenthal, Uri - 0553 - MITLL
> wrote:
>
> > Apache license is fine for me, while GPL could be problematic.
> > Incompatibility with GPLv2 is not a problem for us.
> >
> > If it is a
On Tue, Jun 21, 2016 at 12:39:35PM +0300, Cristi Fati wrote:
> Hi all,
>
> I am trying to build a FIPS (2.0.12) capable OpenSSL (1.0.2h) on PPC64
> Linux (tried RH5 and SLES12), but it fails.
FWIW,
The openssl packages on SLES 12 have received FIPS certificate for x86_64
While we have not
pQdBRmzZzuuCQF0UgxmaZW34=
> --
> openssl-dev mailing list
> To unsubscribe:
> https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Ddev=CwICAg=BFpWQw8bsuKpl1SgiZH64Q=bsEULbVnjelD7InzgsegHBEbtXzaIDagy9EuEhJrKfQ=GTOvXwENarIDt6ceeifX3cwsUHwEPSoA5Nst5bYguXc=XQfgkJcZEf0I-0-rMIE
Hi,
tests/cms-test.pl is failing, as the smime-certs/ expired yesterday / expire
today.
Can someone please generate correct new certs?
Ciao, Marcus
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On Wed, May 11, 2016 at 11:24:00AM +0200, Marcus Meissner wrote:
> Hi,
>
> tests/cms-test.pl is failing, as the smime-certs/ expired yesterday / expire
> today.
>
> Can someone please generate correct new certs?
Hups. I only looked at 1.0.1 branch. The certs are refreshed in
Hi,
https://guidovranken.wordpress.com/2016/03/01/public-disclosure-malformed-private-keys-lead-to-heap-corruption-in-b2i_pvk_bio/
Integer overflow in b2i_PVK_bio
Have you assigned a CVE internally for that already?
Ciao, Marcus
--
openssl-dev mailing list
To unsubscribe:
Hi,
https://github.com/openssl/openssl/pull/466
If you try to run OPENSSL_config twice, it will fail on loading engines.
(We encountered this case with ruby and libzypp both running OPENSSL_config
in the same process.)
Ciao, Marcus
--
Marcus Meissner,SUSE LINUX GmbH; Maxfeldstrasse 5; D-90409
Hi,
apply this patch ...
commit c01f7e9e233e5e5dabd1ec01eb17198b0798e092
Author: Marcus Meissner <meiss...@suse.de>
Date: Tue Nov 10 16:24:51 2015 +0100
fixed wrong argument to BIO_printf
diff --git a/test/dsatest.c b/test/dsatest.c
index 1f4b837..fe25352 100644
--- a/test/dsa
. (only in OPENSSL_no_config).
So lets set it at the end of OPENSSL_config.
Sent as https://github.com/openssl/openssl/pull/466
Ciao, Marcus
--
Marcus Meissner,SUSE LINUX GmbH; Maxfeldstrasse 5; D-90409 Nuernberg; Zi.
3.1-33,+49-911-740 53-432,,serv=loki,mail=wotan,type=real <meiss...@suse
On Fri, Oct 23, 2015 at 07:19:11PM +0200, Alessandro Ghedini wrote:
> On Fri, Oct 23, 2015 at 04:34:11PM +0200, Dr. Matthias St. Pierre wrote:
> >
> > Hi,
> >
> > I have a related question concerning alternative RNGs, hope it is not too
> > off-topic:
> >
> > Currently we are using the
Hi,
I am debugging a testsuite error in the perl Net-SSLeay module, which got
introduced between 1.0.2a
and 1.0.2c.
The test code looks like this:
... private key in $pk ...
ok(my $alg2 = Net::SSLeay::EVP_get_cipherbyname(DES-EDE3-OFB),
EVP_get_cipherbyname);
like(my $key_pem4 =
Hi,
I am debugging a testsuite error in the perl Net-SSLeay module, which got
introduced between 1.0.2a
and 1.0.2c.
The test code looks like this:
... private key in $pk ...
ok(my $alg2 = Net::SSLeay::EVP_get_cipherbyname(DES-EDE3-OFB),
EVP_get_cipherbyname);
like(my $key_pem4 =
On Wed, May 20, 2015 at 09:41:57PM -0400, Chris Hill wrote:
Folks, can you pls confirm that none of the below ciphers are affected by
this bug? From my understanding, only ciphers containing DH or DHE would be
affected.
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA (0x62)
On Thu, Mar 26, 2015 at 10:42:21AM +0530, Mukesh Yadav wrote:
HI,
I have a query for SSl cipher on Openssl-1.0.1h
Have an application which is using library compiled with openssl-1.0.1h.
Application is failing in func SSL_CTX_set_cipher_list() when input is
RC4-MD5+RC4-SHA and it gets
On Wed, Feb 11, 2015 at 03:15:11PM +, Salz, Rich wrote:
Note that for most applications the correct approach to configuring
ciphersuites should be to start with DEFAULT and subtract what they don't
want. The library is then responsible for a generally sensible default
order
and
On Wed, Nov 05, 2014 at 08:28:40AM +, Mody, Darshan (Darshan) wrote:
Hi,
Does Openssl support IPv6 officially?.
AFAIK the libssl and libcrypto libraries do not use sockets at all,
these are left to the applications/libraries using them.
So openssl does neither support ipv4 nor ipv6.
On Wed, Nov 05, 2014 at 08:45:55AM -0800, Quanah Gibson-Mount wrote:
--On November 5, 2014 at 10:10:26 AM +0100 Marcus Meissner
meiss...@suse.de wrote:
On Wed, Nov 05, 2014 at 08:28:40AM +, Mody, Darshan (Darshan) wrote:
Hi,
Does Openssl support IPv6 officially?.
AFAIK
On Thu, Sep 25, 2014 at 02:41:56PM +0200, Andy Polyakov wrote:
in that case it crashes here:
if (s-msg_callback)
s-msg_callback(0, s-version, SSL3_RT_HANDSHAKE,
s-init_buf-data, (size_t)s-init_num + 4, s, s-msg_callback_arg);
So is the pointer to the
On Wed, Sep 24, 2014 at 01:13:51PM +0200, Michael Menge wrote:
Quoting Matt Caswell m...@openssl.org:
On 24 September 2014 10:03, Michael Menge
michael.me...@zdv.uni-tuebingen.de wrote:
Hi,
Last week i asked on openssl-user Mailinglist about an SIGSEGV
in Cyrus-Imapd 2.4.17 which
Hi,
The 1.0.1i tarball is signed by a different key than the previous releases
that were signed by Dr Stephen Henson.
$ gpg openssl-1.0.1i.tar.gz.asc
gpg: Signature made Wed Aug 6 23:18:48 2014 CEST using RSA key ID 0E604491
gpg: please do a --check-trustdb
gpg: Good signature from Matt Caswell
On Thu, Aug 21, 2014 at 03:44:50PM +0100, Matt Caswell wrote:
On 21 August 2014 14:57, Marcus Meissner meiss...@suse.de wrote:
Hi,
The 1.0.1i tarball is signed by a different key than the previous releases
that were signed by Dr Stephen Henson.
$ gpg openssl-1.0.1i.tar.gz.asc
gpg
On Tue, Jul 15, 2014 at 07:31:59PM +0200, noloa...@gmail.com via RT wrote:
Below is from crypto/evp/evp_key.c.
Notice that `addmd` is never set to 1. *If* the routine needs to loop
back to the top to finish fulfilling a derivation request, then the
previous hash is *not* added back into the
On Thu, Jun 12, 2014 at 07:11:24PM +0200, Stephen Henson via RT wrote:
On Thu Jun 12 18:16:55 2014, meiss...@suse.de wrote:
Hi,
The Net-SSLeay perl module failed its testsuite after 1.0.1g - 1.0.1h
update.
The code looks like this:
... create more X509 certificate stuff ...
On Thu, Jun 12, 2014 at 07:11:24PM +0200, Stephen Henson via RT wrote:
On Thu Jun 12 18:16:55 2014, meiss...@suse.de wrote:
Hi,
The Net-SSLeay perl module failed its testsuite after 1.0.1g - 1.0.1h
update.
The code looks like this:
... create more X509 certificate stuff ...
On Mon, May 05, 2014 at 02:00:32AM +0200, Tim Hudson via RT wrote:
966577 Resource leak
The system resource will not be reclaimed and reused, reducing the future
availability of the resource.
In init_client_ip: Leak of memory or pointers to system resources
This is
Hi,
SUSE has received a bugreport from a user, that the padding extension
change breaks IronPort SMTP appliances.
There might a RT on this already, not sure.
https://bugzilla.novell.com/show_bug.cgi?id=875639
OCSP_parse_url has a bad sequence of initializing the parameter
returns and buf strdupping + error handling.
If the first error handling triggers, it will access the
3 argument pointers uninitialized memory.
(the goto mem_err; patch will free **pport et.al.)
found by Coverity scanner.
Ciao,
Hi,
NCONF_free(cnf) is again called later when errors are handled,
which would lead to double free of cnf.
Spotted by Coverity checker.
Ciao, Marcus
--- apps/asn1pars.c.xx 2011-05-18 14:40:29.0 +0200
+++ apps/asn1pars.c 2011-05-18 14:40:43.0 +0200
@@ -408,6 +408,7 @@
HI,
apps/engine.c, function setup_engine()
It has return e; on success,
but the code has:
/* Free our structural reference. */
ENGINE_free(e);
}
return e;
ENGINE_free(e) makes e invalid, so returning it is very dangerous.
The return
Hi,
Coverity thinks that in this sequence b-ptr is used
after free and I have to agree:
case BIO_C_SET_SSL:
if (ssl != NULL)
ssl_free(b);// MARCUS: frees also b-ptr
b-shutdown=(int)num;
ssl=(SSL *)ptr;
Hi,
(I am not fully sure I understand it right.)
Coverity thinks dsa_builtin_paramgen() can use portions of seed uninitialized
and I can agree.
If seed_len is 0 but qsize, the memcpy(seed,seed_in,seed_len) does
not trigger, but seed is used, being a uninitialized stack variable.
This would
Hi,
probably not triggers in real life conditions.
also spotted by Coverity, untested.
--- ssl/t1_lib.c.xx 2011-05-18 15:50:08.0 +
+++ ssl/t1_lib.c2011-05-18 15:50:22.0 +
@@ -1714,8 +1714,10 @@
return -1;
}
Hi,
Type: patch
We use the following patch on openSUSE to make sure that openssl
uses non-executable stack by marking the assembler code as
not requiring x-stack.
Ciao, Marcus
--- crypto/perlasm/x86unix.pl
+++ crypto/perlasm/x86unix.pl
@@ -586,6 +586,7 @@
push(@out,$const);
$const=;
}
Our QA found a scenario where openssl req is crashing,
this is tracked in https://bugzilla.novell.com/show_bug.cgi?id=430141
It seems a non-asn1 converted string is passed into ASN1_TYPE_set1.
We applied the patch attached.
Ciao, Marcus
Index: openssl-0.9.8h/crypto/x509/x509_att.c
34 matches
Mail list logo