Re: [openssl-dev] OpenSSL 1.0.2f build issue - unresolved external symbol

2016-03-01 Thread Atul Thosar
Thanks Andy, Michel. I'll give a try again. -- B ​R​ , Atul Thosar On 1 March 2016 at 18:30, Andy Polyakov wrote: > > link /nologo /subsystem:console /opt:ref /debug /dll > > /out:out32dll\libeay32.dll /def:ms/LIBEAY32.def > > @C:\Users\athosar\AppData\Local\Temp\nm43EB.tmp

[openssl-dev] [PATCH] [openssl.org #2558] make windres controllable via build env var settings

2016-03-01 Thread Mike Frysinger via RT
atm, the windres code in openssl is only usable via the cross-compile prefix option unlike all the other build tools. So add support for the standard $RC / $WINDRES env vars as well. --- Configure | 1 + Makefile.in | 2 ++ Makefile.shared | 2 +- 3 files changed, 4 insertions(+), 1

[openssl-dev] [openssl.org #4367]: FEATURE: Please add -headerpad_max_install_names to LDFLAGS for dynamic libraries on OS X builds

2016-03-01 Thread noloa...@gmail.com via RT
Also worth mentioning: depending on how much magic will be sprinkled from the PERL script... install_name is available on OS X 10.4 and above, which covers the last 10 years or so. Also see "Configure-based open source libraries: current_version and install_name"

[openssl-dev] [openssl.org #4367]: OS X 10.5, 64-bit PPC, no-asm, and "Failed test 'running asynctest'"

2016-03-01 Thread noloa...@gmail.com via RT
For completeness, the same configuration under 32-bit is OK. On Tue, Mar 1, 2016 at 9:54 PM, Jeffrey Walton wrote: > $ make depend && make clean && make > ... > > $ make test > ... > > ../test/recipes/80-test_tsa.t . ok > ../test/recipes/90-test_async.t

[openssl-dev] [openssl.org #4367] FEATURE: Please add -headerpad_max_install_names to LDFLAGS for dynamic libraries on OS X builds

2016-03-01 Thread noloa...@gmail.com via RT
OS X side steps the problems with selecting the wrong runtime library and RPATHs by using something called an install name. Effectively, the install name should be placed in libcrypto.dylib and libssl.dylib, and it calls out the fully qualified path name. Programs linked to a library with an

[openssl-dev] [openssl.org #4366]: OS X 10.5, 64-bit PPC, and chacha-ppc.s:454:Parameter syntax error (parameter 1)

2016-03-01 Thread noloa...@gmail.com via RT
The issue exists with 32-bit builds, too: $ KERNEL_BITS=32 ./config Operating system: ppc-apple-darwinDarwin Kernel Version 9.8.0: Wed Jul 15 16:57:01 PDT 2009; root:xnu-1228.15.4~1/RELEASE_PPC Configuring for darwin-ppc-cc Configuring OpenSSL version 1.1.0-pre4-dev (0x0x1014L)

[openssl-dev] [openssl.org #4366] OS X 10.5, 64-bit PPC, no-asm, and "Failed test 'running asynctest'"

2016-03-01 Thread noloa...@gmail.com via RT
$ make depend && make clean && make ... $ make test ... ../test/recipes/80-test_tsa.t . ok ../test/recipes/90-test_async.t ... 1/1 # Failed test 'running asynctest' # at ../test/testlib/OpenSSL/Test/Simple.pm line 70. # Looks like you failed 1 test of 1.

[openssl-dev] [openssl.org #4365] OS X 10.5, 64-bit PPC, and chacha-ppc.s:454:Parameter syntax error (parameter 1)

2016-03-01 Thread noloa...@gmail.com via RT
$ make depend && make clean && make ... cc -I.. -I../.. -I../modes -I../include -I../../include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DPOLY1305_ASM

Re: [openssl-dev] [openssl.org #4362] chacha-x86.pl has stricter aliasing requirements than other files

2016-03-01 Thread Andy Polyakov
> I'm unclear on what EVP_CIPHER's interface guarantees are, but our EVP_AEAD > APIs are documented to allow in/out buffers to alias as long as out is <= > in. This matches what callers might expect from a naive implementation. > > Our AES-GCM EVP_AEADs, which share code with OpenSSL, have tended

Re: [openssl-dev] PHP openssl ext port for 1.1 - cert->name

2016-03-01 Thread Jakub Zelenka
On 1 Mar 2016 21:03, "Dr. Stephen Henson" wrote: > > On Tue, Mar 01, 2016, Jakub Zelenka wrote: > > > Hello, > > > > I'm just slowly porting PHP core openssl ext to work with OpenSSL 1.1 and > > just came across one thing that I can't find a function for. > > > > We have got a

Re: [openssl-dev] 1.0.2g MacOSX x86_64 build failure (1.0.2f and 1.0.1s are fine)

2016-03-01 Thread Brad House
On 03/01/2016 04:27 PM, Benjamin Kaduk wrote: > On 03/01/2016 03:18 PM, Brad House wrote: >> On 03/01/2016 02:15 PM, Viktor Dukhovni wrote: >>> On Tue, Mar 01, 2016 at 12:50:46PM -0500, Brad House wrote: >>> >>> The only plausible change from 1.0.2f to 1.0.2g that I see that might >>> be related

[openssl-dev] [openssl.org #4362] chacha-x86.pl has stricter aliasing requirements than other files

2016-03-01 Thread Emilia Käsper via RT
If the other EVP ciphers universally allow this then I think we must treat this as a bug, because people may be relying on this behaviour. There is also sporadic documentation in lower-level APIs (AES source and des.pod) that the buffers may overlap. If it's inconsistent then, at the very least,

Re: [openssl-dev] [openssl-users] OpenSSL Security Advisory

2016-03-01 Thread Salz, Rich
> I am a bit surprised with the following assertion concerning CVE-2016-0798 : > (Memory leak in SRP database lookups) > "This issue was discovered on February 23rd 2016..." Yes, Michel, sorry. You did create a ticket: https://rt.openssl.org/Ticket/Display.html?id=4172 Thanks for being so

Re: [openssl-dev] 1.0.2g MacOSX x86_64 build failure (1.0.2f and 1.0.1s are fine)

2016-03-01 Thread Benjamin Kaduk
On 03/01/2016 03:18 PM, Brad House wrote: > On 03/01/2016 02:15 PM, Viktor Dukhovni wrote: >> On Tue, Mar 01, 2016 at 12:50:46PM -0500, Brad House wrote: >> >> The only plausible change from 1.0.2f to 1.0.2g that I see that might >> be related to this is below. Does it work if you revert this

Re: [openssl-dev] 1.0.2g MacOSX x86_64 build failure (1.0.2f and 1.0.1s are fine)

2016-03-01 Thread Brad House
On 03/01/2016 02:15 PM, Viktor Dukhovni wrote: > On Tue, Mar 01, 2016 at 12:50:46PM -0500, Brad House wrote: > >> We have a Mac build system running an older version (10.7), targeting 10.6, >> which is >> using this compiler: >> >> $ cc --version >> i686-apple-darwin11-llvm-gcc-4.2 (GCC) 4.2.1

Re: [openssl-dev] [openssl-users] OpenSSL Security Advisory

2016-03-01 Thread Michel
Hi, I am a bit surprised with the following assertion concerning CVE-2016-0798 : (Memory leak in SRP database lookups) "This issue was discovered on February 23rd 2016..." My opinion is that this issue is known at least since I reported it to you (first in march 2015 !) :

Re: [openssl-dev] PHP openssl ext port for 1.1 - cert->name

2016-03-01 Thread Dr. Stephen Henson
On Tue, Mar 01, 2016, Jakub Zelenka wrote: > Hello, > > I'm just slowly porting PHP core openssl ext to work with OpenSSL 1.1 and > just came across one thing that I can't find a function for. > > We have got a part in openssl_x509_parse where we display cert->name (cert > is X509 struct) if it

[openssl-dev] PHP openssl ext port for 1.1 - cert->name

2016-03-01 Thread Jakub Zelenka
Hello, I'm just slowly porting PHP core openssl ext to work with OpenSSL 1.1 and just came across one thing that I can't find a function for. We have got a part in openssl_x509_parse where we display cert->name (cert is X509 struct) if it is not NULL:

Re: [openssl-dev] OpenSSL 1.0.2g - make test fails with FIPS -- regression from 1.0.2f

2016-03-01 Thread Roumen Petrov
Brad House wrote: It appears OpenSSL 1.0.2g introduced a regression when attempting to run 'make test' on a fips-enabled build on linux. When compiling without FIPS, the tests pass as expected. However, with fips turned on, "make test" fails when trying to use ssl2 it appears. Running 'make

[openssl-dev] [openssl.org #4364] [PATCH] ASN1_get_object should not accept large universal tags.

2016-03-01 Thread David Benjamin via RT
See attached. OpenSSL can't actually represent large universal tags because it collides with the V_ASN1_NEG flag, yet it happily parses them in high tag number form. d2i_ASN1_TYPE interprets 1f82020100 as a negative zero, rather than an element with tag [UNIVERSAL 258]. I've intentionally made

Re: [openssl-dev] OpenSSL Security Advisory

2016-03-01 Thread Nounou Dadoun
Thanks for the test tool and making it available so quickly, we were able to close our DROWN bug ticket less than an hour after opening it! I'm interested in your tlsfuzzer tool (of which this appears to be a part), is there a larger test suite available? Is there any documentation out there?

[openssl-dev] [openssl.org #4363] [PATCH] Adding missing BN_CTX_(start/end) in crypto/ec/ec_key.c

2016-03-01 Thread Steven Valdez via RT
Hi, This is a patch that uses BN_CTX_start/end to correctly initialize the BN_CTX stack in EC_KEY_set_public_key_affine_coordinates. -Steven -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4363 Please log in as guest with password guest if prompted >From

Re: [openssl-dev] 1.0.2g MacOSX x86_64 build failure (1.0.2f and 1.0.1s are fine)

2016-03-01 Thread Viktor Dukhovni 
On Tue, Mar 01, 2016 at 12:50:46PM -0500, Brad House wrote:

> We have a Mac build system running an older version (10.7), targeting 10.6, 
> which is
> using this compiler:
> 
> $ cc --version
> i686-apple-darwin11-llvm-gcc-4.2 (GCC) 4.2.1 (Based on Apple Inc. build 5658) 
> (LLVM build

[openssl-dev] [openssl.org #4362] chacha-x86.pl has stricter aliasing requirements than other files

2016-03-01 Thread David Benjamin via RT
I'm unclear on what EVP_CIPHER's interface guarantees are, but our EVP_AEAD APIs are documented to allow in/out buffers to alias as long as out is <= in. This matches what callers might expect from a naive implementation. Our AES-GCM EVP_AEADs, which share code with OpenSSL, have tended to match

[openssl-dev] Test script failing for OpenSSL-1.0.1s when built as FIPS Capable

2016-03-01 Thread Carl Tietjen
Hello, I have run into a problem when I am build OpenSSL-1.0.1s as FIPS Capable. The problem is that the test script is failing. I believe that this maybe because of different behavior in the tests now that the "no-ssl2" flag has been added to the OPTIONS (i.e. SSLv2 has been disabled in

[openssl-dev] OpenSSL 1.0.2g - make test fails with FIPS -- regression from 1.0.2f

2016-03-01 Thread Brad House
It appears OpenSSL 1.0.2g introduced a regression when attempting to run 'make test' on a fips-enabled build on linux. When compiling without FIPS, the tests pass as expected. However, with fips turned on, "make test" fails when trying to use ssl2 it appears. Running 'make test' is a fairly

[openssl-dev] [openssl.org #4361] IBM POWER VSX optimizations for OpenSSL

2016-03-01 Thread Rich Salz via RT
See https://openssl.org/community/getting-started.html for a starting point. -- Rich Salz, OpenSSL dev team; rs...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4361 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] 1.0.2g MacOSX x86_64 build failure (1.0.2f and 1.0.1s are fine)

2016-03-01 Thread Brad House
We have a Mac build system running an older version (10.7), targeting 10.6, which is using this compiler: $ cc --version i686-apple-darwin11-llvm-gcc-4.2 (GCC) 4.2.1 (Based on Apple Inc. build 5658) (LLVM build 2336.1.00) And while building 1.0.2g released today, we found a build regression

[openssl-dev] [openssl.org #4361] IBM POWER VSX optimizations for OpenSSL

2016-03-01 Thread David Edelsohn via RT
I would like to create a number of enhancement requests for OpenSSL to improve the performance of specific algorithms on IBM POWER using the VSX SIMD instruction set with the possibility of creating financial bounties (through bountysource.com) for the projects. What is the best way open these

[openssl-dev] [openssl.org #4347] Fix GCC unused-value warnings with HOST_c2l()

2016-03-01 Thread Rich Salz via RT
fixed with commit 09977dd thanks! -- Rich Salz, OpenSSL dev team; rs...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4347 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4358] Problems in ocsp.1ssl

2016-03-01 Thread Rich Salz via RT
fixed thanks. -- Rich Salz, OpenSSL dev team; rs...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4358 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] OpenSSL Security Advisory

2016-03-01 Thread Hubert Kario
Scripts to verify that a server is not vulnerable to DROWN. Two scripts are provided to verify that SSLv2 and all of its ciphers are disabled and that export grade SSLv2 are disabled and can't be forced by client. Reproducer requires Python 2.6 or 3.2 or later, you will also need git to

[openssl-dev] OpenSSL Security Advisory

2016-03-01 Thread OpenSSL
are no longer receiving security updates. References == URL for this Security Advisory: https://www.openssl.org/news/secadv/20160301.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: ht

[openssl-dev] OpenSSL version 1.0.2g published

2016-03-01 Thread OpenSSL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.2g released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.2g of our open source

[openssl-dev] OpenSSL version 1.0.1s published

2016-03-01 Thread OpenSSL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.1s released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.1s of our open source

Re: [openssl-dev] OpenSSL 1.0.2f build issue - unresolved external symbol

2016-03-01 Thread Andy Polyakov
> link /nologo /subsystem:console /opt:ref /debug /dll > /out:out32dll\libeay32.dll /def:ms/LIBEAY32.def > @C:\Users\athosar\AppData\Local\Temp\nm43EB.tmp > Creating library out32dll\libeay32.lib and object out32dll\libeay32.exp > cryptlib.obj : error LNK2001: unresolved external symbol

Re: [openssl-dev] [openssl.org #4360] [BUG] OpenSSL-1.0.1 crash on sha1_block_data_order_ssse3 asm

2016-03-01 Thread Andy Polyakov via RT
Hi, > we met crash of openssl (varely, 3 times i have seen) on linux x86_64. > openSSL version is 1.0.1r. > > The stack is as below: > Program terminated with signal 11, Segmentation fault. > Thread 1 (Thread 0x7f0654871700 (LWP 22383)): > #0 0x7f06a2cdddb8 in sha1_block_data_order_ssse3 ()

[openssl-dev] (no subject)

2016-03-01 Thread Kanaka Kotamarthy
Hi I am trying to test behaviour of Openssl in resumption rejection case. I am using with Openssl-1.1.0 pre2 version. When using Openssl as client and other ssl library as server, Initially client and server accepts on resumption, later server expects client rejected the resumption and sends

Re: [openssl-dev] OpenSSL 1.0.2f build issue - unresolved external symbol

2016-03-01 Thread Michel
Hi, FWIW, trying the exact same configure commands on OpenSSL 1.0.2f : perl Configure VC-WIN32 no-asm --prefix= ms\do_ms nmake -f ms\ntdll.mak I was NOT able to reproduce the problem under Windows 7 64 bits using Visual Studio 2013 and Perl 5.22.1. Everything goes fine. Michel.