It's lazy-initialisation, so the context-setting (which is used in RSA and
DSA, not just DH) occurs the first time an operation is attempted on the
key. (Well, the first time an operation that needs to use the given
montgomery context within that key, I mean.) It's not that the two threads
need to
On 4 May 2014 23:44, Kurt Roeckx k...@roeckx.be wrote:
On Mon, May 05, 2014 at 12:36:57AM +0200, Matt Caswell via RT wrote:
This patch changes the output of pkg-config --libs libssl from:
-L/usr/local/ssl/lib -lssl -lcrypto
to:
-L/usr/local/ssl/lib -lssl
Arguably this is the strictly
On Mon, May 05, 2014 at 02:00:32AM +0200, Tim Hudson via RT wrote:
966577 Resource leak
The system resource will not be reclaimed and reused, reducing the future
availability of the resource.
In init_client_ip: Leak of memory or pointers to system resources
This is
On Sun, May 04, 2014 at 11:59:55PM +0100, Matt Caswell wrote:
As far as I understand if you want to have both -lssl -lcrypto you
should use openssl instead of libssl?
Anyway, I think this makes perfect sense and if things break it's
easy enough to fix it.
I'd be interested to hear
I'm using the RHEL6 standard distro. I can certainly test a patch for
you.
On Sat, 2014-05-03 at 00:01 -0400, Geoffrey Thorpe wrote:
I hadn't noticed this serialisation before, thanks. I'll try to send a
patch over the weekend some time, in case you're able to test? If so,
what version (or
Thanks Matt,
Sent to r...@openssl.org. However, I didn't see it in http://rt.openssl.org/.
Is it supposed to update realtime?
Regards,
---
Luiz Angelo Daros de Luca, Me.
luizl...@gmail.com
2014-05-03 17:15 GMT-03:00 Matt Caswell fr...@baggins.org:
On 3 May 2014 18:52,
On Sun, May 04, 2014 at 06:07:23PM -0400, Geoffrey Thorpe wrote:
It's lazy-initialisation, so the context-setting (which is used in RSA and
DSA, not just DH) occurs the first time an operation is attempted on the
key. (Well, the first time an operation that needs to use the given
montgomery
On Mon, May 5, 2014 at 9:37 AM, Viktor Dukhovni wrote:
On Sun, May 04, 2014 at 11:59:55PM +0100, Matt Caswell wrote:
As far as I understand if you want to have both -lssl -lcrypto you
should use openssl instead of libssl?
Anyway, I think this makes perfect sense and if things break it's
On Mon, May 05, 2014, Kurt Roeckx wrote:
On Sun, May 04, 2014 at 06:07:23PM -0400, Geoffrey Thorpe wrote:
It's lazy-initialisation, so the context-setting (which is used in RSA and
DSA, not just DH) occurs the first time an operation is attempted on the
key. (Well, the first time an
On 5 May 2014 18:06, Luiz Angelo Daros de Luca luizl...@gmail.com wrote:
Thanks Matt,
Sent to r...@openssl.org. However, I didn't see it in http://rt.openssl.org/.
Is it supposed to update realtime?
It can take some considerable time to come through sometimes.
Matt
On 5/05/2014 6:04 PM, Marcus Meissner wrote:
On Mon, May 05, 2014 at 02:00:32AM +0200, Tim Hudson via RT wrote:
966577 Resource leak
The system resource will not be reclaimed and reused, reducing the future
availability of the resource.
In init_client_ip: Leak of
From: Luiz Angelo Daros de Luca luizl...@tre-sc.gov.br
OpenSSL is able to generate a certificate with name constraints with any
possible
subjectAltName field. The Name Contraint example in x509v3_config(5) even use IP
as an example:
nameConstraints=permitted;IP:192.168.0.0/255.255.0.0
PATCH: don't crash or fail in ASN1_print from crypto/asn1/t_pkey.c.
ASN1_print crashes if the BIO is NULL.
ASN1_print crashes if the label is NULL.
ASN1_print fails *if* the label is empty (i.e., ).
This patch fixes the three issues by validating the BIO pointer and
providing an alternate
Hi Daniel,
Great. I already posted a patch to openssl-dev, it's at;
http://marc.info/?l=openssl-devm=139923556631116w=2
If you want to apply it (git apply or git am) directly, the raw email
patch can be downloaded using;
http://marc.info/?l=openssl-devm=139923556631116q=raw
Thanks in advance
Exactly. Throwing away only occurs if two threads race to be the first-time
initialisers off the *same* montgomery context. (As opposed to the winner
getting the lock, and doing initialisation with the lock held, and the
loser waiting on the lock.)
On Mon, May 5, 2014 at 1:52 PM, Kurt Roeckx
I dunno about this.
Fprintf(NULL, ...
Crashes... And shows that you didn't check back at the fopen call.
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rs...@jabber.me; Twitter: RichSalz
This ticket has been reopened. Given the current discussion on this topic, I
will leave this for a week to give people some time to air their views, and
then I will revisit the decision.
__
OpenSSL Project
Hi,
I am reading the mailing list for a week now and I would like to contribute
in the near future. I can only imagine how complex this project might be,
so I am looking for a hint on where to start reading the source code. In
case I am asking on the wrong mailing list please let me know. Thank
Setting this ticket as resolved:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8bbfd94e36559ceb7187d4d8a63e950713b93e0d
Above for master branch. Similar commits for 1.0.2, and 1.0.1 (the first branch
with SRP support).
Matt
We applied the patch and got some improvement, but there is still a bit
of trouble. Here are the timing values for a stripped-down version of
the code:
Before (all calls start at the same time):
Called PingCore in 0.076844 seconds (0) pid 20829
Called PingCore in 0.130758 seconds (0) pid 20830
Coverity run has uncovered the following use of uninitialized local
variable in b64_read(). This applies to both 1.0.1g and master branch:
Error: UNINIT:
crypto/evp/bio_b64.c:146:
var_decl: Declaring variable num without initializer.
path:crypto/evp/bio_b64.c:150:
cond_false: Condition out ==
Hi,
When compiling OpenSSL (1.0.1g) on Windows using MSYS and mingw, the
test test_bn fails (make test_bn in the test/ directory).
The temporary file that test_bn creates contains Windows newline
characters (\r\n) instead of the Unix type newline character (\n).
A change to the regular
Hi Daniel,
If you truly have no other questions you're looking to answer, you kind of
have to start at main() and see where that takes you. Other good goals
might be checking out the code, building it, and writing a test to show
secure communication works between 2+ hosts/processes.
I think
23 matches
Mail list logo