[openssl-dev] [openssl.org #4649] [PATCH] BIO_debug_callback could write before the beginning of a buffer

In the BIO_debug_callback function, we call BIO_snprintf which could return -1 in the case of an error. However, there is no check for this condition, and so the subsequent code would subtract one from buf and write data there, overwriting the byte immediately before the static buffer. This

Re: [openssl-dev] Partially- vs. full- reduced inputs to ecp_nistz256_neg

Andy Polyakov wrote: > And it's not only that multiplication (and squaring) result is fully > reduced, it, multiplication (ans squaring) subroutine can actually > manage partially reduced input. On related note one can point out that > result of addition (and mul_by_[2|3]) is

[openssl-dev] [openssl.org #4646] [1.0.2 stable branch] .\crypto\pem\pvkfmt.c(279): error C2065: 'PEM_R_HEADER_TOO_LONG': undeclared identifier

Hi, the 1.0.2 stable branch fails to compile on VC-WIN32 with no-asm, with the error .\crypto\pem\pvkfmt.c(279): error C2065: 'PEM_R_HEADER_TOO_LONG': undeclared identifier Full build log can be found at

[openssl-dev] openssl 1.0.2 20160816 snap

This error showed up /usr/local/bin/clang38 -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -O3 -Wall -DOPENSSL_EXPERIMENTAL_JPAKE

Re: [openssl-dev] Partially- vs. full- reduced inputs to ecp_nistz256_neg

>>> No, it subtraction subroutine uses *borrow* to determine if modulus is >>> to be added. I.e. (a >= b) ? (a - b) : (P - (b - a)). If both a and b >>> are less than P, then result is less than P. >> >> Consider the case where a > P and a >= b and b is very small (e.g. 1). >> For example, a == P

Re: [openssl-dev] Partially- vs. full- reduced inputs to ecp_nistz256_neg

Andy Polyakov wrote: >> My understand after talking with Vlad that the "sbb \$0, $acc2" makes >> this equivalent to (r >= 2**256) ? (r - q) : r. If the "sbb \$0, >> $acc2" line were removed then it would be equivalent to (r >= q) ? (r >> - q) : r. My understanding is that the

Re: [openssl-dev] Partially- vs. full- reduced inputs to ecp_nistz256_neg

> Let's recall that result of multiplication prior final reduction is > actually n+1-limb value, with +1 limb being single bit, This came out wrong. Result is N+1 *bits* wide, it's just in this particular case you have to spend additional limb on the the additional bit. It's just that particular

Re: [openssl-dev] Partially- vs. full- reduced inputs to ecp_nistz256_neg

> ... I re-read the code for the conditional subtraction at the > end of ecp_nistz256_mul_mont (__ecp_nistz256_mul_montq, actually) and > I couldn't convince myself that the result was always fully reduced. > > My concern is that what you say and what Vlad said is contradictory. > You both

Re: [openssl-dev] weird linker warnings on solaris 11

I went back to the 12.4 compiler which works very well, waste of my time to debug Oracle compiler, as we wont see any patches released anyway (no support here) >-- Original Message -- > >> the issue appears to be not in the compiler, but the newer Soalris linker >> (ld) >> I switched back to

Re: [openssl-dev] weird linker warnings on solaris 11

> I went back to the 12.4 compiler which works very well, waste of my time > to debug Oracle compiler, as we wont see any patches released anyway (no > support here) And I installed vendor compiler, 12.5, and I don't observe linker warnings... On related note one should probably point out that

[openssl-dev] [openssl.org #4647] bug report: OpenSSL 1.0.2h: Segment fault on AIX Power8 using optimization code

Hello We are using libcurl for REST programming, which internally uses openssl and libcrypto. curl suggested to implement few callbacks related to locking, which would be needed for openssl below 1.1 version(which is still in beta). The following callbacks were implemented:

[openssl-dev] [openssl.org #4648] openssl doesn't work on mingw

I tested the following command on fedora 24 and mingw64 (mingw64 installed via git for windows): openssl genrsa -des3 -out server.key 1024 On fedora, it's instantaneous. On mingw64, it's stuck before asking the key: Generating RSA private key, 1024 bit long modulus ..++

[openssl-dev] Missing API- SSL_CIPHER_get_mac_nid

I noticed that we have: __owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); __owur const char *SSL_CIPHER_get_version(const SSL_CIPHER *c); __owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); __owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); __owur int

Re: [openssl-dev] weird linker warnings on solaris 11

>-- Original Message -- > >> I went back to the 12.4 compiler which works very well, waste of my time >> to debug Oracle compiler, as we wont see any patches released anyway (no >> support here) > >And I installed vendor compiler, 12.5, and I don't observe linker >warnings... interesting,

Re: [openssl-dev] [openssl.org #4648] openssl doesn't work on mingw

> I tested the following command on fedora 24 and mingw64 (mingw64 installed > via git for windows): > > openssl genrsa -des3 -out server.key 1024 > > On fedora, it's instantaneous. > On mingw64, it's stuck before asking the key: > > Generating RSA private key, 1024 bit long modulus >