[openssl-dev] [openssl.org #4198] BUG: READ_STATE_MACHINE:excessive message size during handshake

Openssl Version 1.1.0 (master as of 22-DEC-15) Mac OS X 10.11.2 Connection to my SMTP server, which has a 4096-bit RSA key, fails with: Traceback (most recent call last): File "tls/_openssl.py", line 359, in handshake error: [Errno 5] 1: TLS handshake with server peer failed:

[openssl-dev] extra data for ec keys

Hello, After merge of ECDH and ECDSA and associating method to EC_KEY I would like to request some additional functionality. External cryptographic modules may store addition information to key. What about to define CRYPTO_EX_DATA for ec keys? Proposed patch "0008-extra-data-for-EC_KEY.patch"

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 1 published

In message <20151222101434.116043c95betf...@www.polarhome.com> on Tue, 22 Dec 2015 10:14:34 +0100, Zoltan Arpadffy said: zoli> Thank you Richard. zoli> zoli> What "slowly" means? Will you be able to commit the OpenVMS build zoli> scripts before the 1.1.0's release? Yes.

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 1 published

In message <20151222111022.44086nc6688vq...@www.polarhome.com> on Tue, 22 Dec 2015 11:10:22 +0100, Zoltan Arpadffy said: zoli> Richard, zoli> zoli> > My plan for "new and shiny" is based on perl, running Configure and zoli> > have it generate a top level descrip.mms.

Re: [openssl-dev] [openssl.org #4184] Memory leak in DSA redo case

Fixed. Kurt ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4195] remove duplicates in util/libeay.num

Hello, After remove of some global variables in export file left double information for non existent functions. For instance before: X509_CERT_PAIR_it 3534 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_CERT_PAIR_it 3534

[openssl-dev] __STDC_VERSION__ is not defined

Hello, Compilation of an application with current master branch and c89 compiler produce a lot of warnings. Proposed patch "0001-__STDC_VERSION__-is-not-defined-for-c89-compilers.patch" fix them. Regards, Roumen >From 7d430516d69e6161eee447833518914e6b473dbd Mon Sep 17 00:00:00 2001 From:

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 1 published

Thank you Richard. What "slowly" means? Will you be able to commit the OpenVMS build scripts before the 1.1.0's release? Do you need some help with coding, testing? Should I try to repair the old build scripts? Thanks, Z Quoting Richard Levitte : The building

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 1 published

In message <20151222122349.916552ojkzhe5...@www.polarhome.com> on Tue, 22 Dec 2015 12:23:49 +0100, Zoltan Arpadffy said: zoli> Hi, zoli> zoli> > zoli> I am aware that having perl installed on a modern operating zoli> > system is zoli> > zoli> not a very tough requirement -

Re: [openssl-dev] [openssl.org #4194] engine command regression in 1.1

I don't know that I would call it a regression, but rather a difference. :) I'll fix the summary but not the old uncommon behavior. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 1 published

Hi, zoli> > (unfortunately, "cpan install Text::Template" doesn't work because zoli> > there's a lack of action lines in the test: target it its Makefile, zoli> > and mms isn't too happy about that...) That's tough, unfortunately... I've only access to a V8.4 cluster (Alpha and IA64), so I

[openssl-dev] [openssl.org #4196] BeagleBone Black detected as ARMv4

This seems like an odd result considering the BeagleBone Black processor is closer to a NEON. This particular BBB is running a Debian 8.2 based image. I also believe CFLAGS should include hard-floats (i.e., -mfloat-abi=hard). Without it, entropy estimates for some of the RAND_ functions could

Re: [openssl-dev] extra data for ec keys

> External cryptographic modules may store addition information to key. > What about to define CRYPTO_EX_DATA for ec keys? That is the plan -- we will remove EX_EX_DATA and the internal API and just use the standard crypto_ex_data stuff. Want to make a more complete patch as a github pull

[openssl-dev] [openssl.org #4197] [PATCH] Memory leak in state machine in error path

Hello OpenSSL org: I found the following issue via code inspection. In tls_process_client_key_exchange(), when EC is disabled, and an error occurs in ssl_generate_master_secret() or RAND_bytes(), the error path does not free rsa_decrypt. Note that rsa_decrypt is not conditionally defined by

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 1 published

In message <20151222134741.72034a0b79m0z...@www.polarhome.com> on Tue, 22 Dec 2015 13:47:41 +0100, Zoltan Arpadffy said: zoli> Hi, zoli> zoli> > zoli> > (unfortunately, "cpan install Text::Template" doesn't work zoli> > because zoli> > zoli> > there's a lack of action lines

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 1 published

Hi, zoli> May I ask you, if the new build will cover the long names issue ( zoli> symhacks.h ) too? It's been pointed out to me by the vms-ports folks that it should be possible to solve using the compiler's "#pragma names shortened" rather than maintaining symhacks... Then, it's just a

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 1 published

> It is not impossible to maintain a code base that uses up to 32 char long > function names - without losing the readability of the code. > I agree that it requires some extra focus from the developers side - but > coding a security software needs that (and even more) focus anyway. Yes, but

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 1 published

In message <20151222153437.192023un5jh69...@www.polarhome.com> on Tue, 22 Dec 2015 15:34:37 +0100, Zoltan Arpadffy said: zoli> Hi, zoli> zoli> > zoli> May I ask you, if the new build will cover the long names issue zoli> > ( zoli> > zoli> symhacks.h ) too? zoli> > zoli> >

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 1 published

In message on Tue, 22 Dec 2015 14:41:16 +, "Salz, Rich" said: rsalz> Consistency is more important than support for old platforms :) Side note: I'd like it if we skipped the age slurs, especially