Re: [openssl-dev] OpenSSL 1.0.2f build issue - unresolved external symbol
Thanks Andy, Michel. I'll give a try again. -- B R , Atul Thosar On 1 March 2016 at 18:30, Andy Polyakovwrote: > > link /nologo /subsystem:console /opt:ref /debug /dll > > /out:out32dll\libeay32.dll /def:ms/LIBEAY32.def > > @C:\Users\athosar\AppData\Local\Temp\nm43EB.tmp
[openssl-dev] [PATCH] [openssl.org #2558] make windres controllable via build env var settings
atm, the windres code in openssl is only usable via the cross-compile prefix option unlike all the other build tools. So add support for the standard $RC / $WINDRES env vars as well. --- Configure | 1 + Makefile.in | 2 ++ Makefile.shared | 2 +- 3 files changed, 4 insertions(+), 1
[openssl-dev] [openssl.org #4367]: FEATURE: Please add -headerpad_max_install_names to LDFLAGS for dynamic libraries on OS X builds
Also worth mentioning: depending on how much magic will be sprinkled from the PERL script... install_name is available on OS X 10.4 and above, which covers the last 10 years or so. Also see "Configure-based open source libraries: current_version and install_name"
[openssl-dev] [openssl.org #4367]: OS X 10.5, 64-bit PPC, no-asm, and "Failed test 'running asynctest'"
For completeness, the same configuration under 32-bit is OK. On Tue, Mar 1, 2016 at 9:54 PM, Jeffrey Waltonwrote: > $ make depend && make clean && make > ... > > $ make test > ... > > ../test/recipes/80-test_tsa.t . ok > ../test/recipes/90-test_async.t
[openssl-dev] [openssl.org #4367] FEATURE: Please add -headerpad_max_install_names to LDFLAGS for dynamic libraries on OS X builds
OS X side steps the problems with selecting the wrong runtime library and RPATHs by using something called an install name. Effectively, the install name should be placed in libcrypto.dylib and libssl.dylib, and it calls out the fully qualified path name. Programs linked to a library with an
[openssl-dev] [openssl.org #4366]: OS X 10.5, 64-bit PPC, and chacha-ppc.s:454:Parameter syntax error (parameter 1)
The issue exists with 32-bit builds, too: $ KERNEL_BITS=32 ./config Operating system: ppc-apple-darwinDarwin Kernel Version 9.8.0: Wed Jul 15 16:57:01 PDT 2009; root:xnu-1228.15.4~1/RELEASE_PPC Configuring for darwin-ppc-cc Configuring OpenSSL version 1.1.0-pre4-dev (0x0x1014L)
[openssl-dev] [openssl.org #4366] OS X 10.5, 64-bit PPC, no-asm, and "Failed test 'running asynctest'"
$ make depend && make clean && make ... $ make test ... ../test/recipes/80-test_tsa.t . ok ../test/recipes/90-test_async.t ... 1/1 # Failed test 'running asynctest' # at ../test/testlib/OpenSSL/Test/Simple.pm line 70. # Looks like you failed 1 test of 1.
[openssl-dev] [openssl.org #4365] OS X 10.5, 64-bit PPC, and chacha-ppc.s:454:Parameter syntax error (parameter 1)
$ make depend && make clean && make ... cc -I.. -I../.. -I../modes -I../include -I../../include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DPOLY1305_ASM
Re: [openssl-dev] [openssl.org #4362] chacha-x86.pl has stricter aliasing requirements than other files
> I'm unclear on what EVP_CIPHER's interface guarantees are, but our EVP_AEAD > APIs are documented to allow in/out buffers to alias as long as out is <= > in. This matches what callers might expect from a naive implementation. > > Our AES-GCM EVP_AEADs, which share code with OpenSSL, have tended
Re: [openssl-dev] PHP openssl ext port for 1.1 - cert->name
On 1 Mar 2016 21:03, "Dr. Stephen Henson"wrote: > > On Tue, Mar 01, 2016, Jakub Zelenka wrote: > > > Hello, > > > > I'm just slowly porting PHP core openssl ext to work with OpenSSL 1.1 and > > just came across one thing that I can't find a function for. > > > > We have got a
Re: [openssl-dev] 1.0.2g MacOSX x86_64 build failure (1.0.2f and 1.0.1s are fine)
On 03/01/2016 04:27 PM, Benjamin Kaduk wrote: > On 03/01/2016 03:18 PM, Brad House wrote: >> On 03/01/2016 02:15 PM, Viktor Dukhovni wrote: >>> On Tue, Mar 01, 2016 at 12:50:46PM -0500, Brad House wrote: >>> >>> The only plausible change from 1.0.2f to 1.0.2g that I see that might >>> be related
[openssl-dev] [openssl.org #4362] chacha-x86.pl has stricter aliasing requirements than other files
If the other EVP ciphers universally allow this then I think we must treat this as a bug, because people may be relying on this behaviour. There is also sporadic documentation in lower-level APIs (AES source and des.pod) that the buffers may overlap. If it's inconsistent then, at the very least,
Re: [openssl-dev] [openssl-users] OpenSSL Security Advisory
> I am a bit surprised with the following assertion concerning CVE-2016-0798 : > (Memory leak in SRP database lookups) > "This issue was discovered on February 23rd 2016..." Yes, Michel, sorry. You did create a ticket: https://rt.openssl.org/Ticket/Display.html?id=4172 Thanks for being so
Re: [openssl-dev] 1.0.2g MacOSX x86_64 build failure (1.0.2f and 1.0.1s are fine)
On 03/01/2016 03:18 PM, Brad House wrote: > On 03/01/2016 02:15 PM, Viktor Dukhovni wrote: >> On Tue, Mar 01, 2016 at 12:50:46PM -0500, Brad House wrote: >> >> The only plausible change from 1.0.2f to 1.0.2g that I see that might >> be related to this is below. Does it work if you revert this
Re: [openssl-dev] 1.0.2g MacOSX x86_64 build failure (1.0.2f and 1.0.1s are fine)
On 03/01/2016 02:15 PM, Viktor Dukhovni wrote: > On Tue, Mar 01, 2016 at 12:50:46PM -0500, Brad House wrote: > >> We have a Mac build system running an older version (10.7), targeting 10.6, >> which is >> using this compiler: >> >> $ cc --version >> i686-apple-darwin11-llvm-gcc-4.2 (GCC) 4.2.1
Re: [openssl-dev] [openssl-users] OpenSSL Security Advisory
Hi, I am a bit surprised with the following assertion concerning CVE-2016-0798 : (Memory leak in SRP database lookups) "This issue was discovered on February 23rd 2016..." My opinion is that this issue is known at least since I reported it to you (first in march 2015 !) :
Re: [openssl-dev] PHP openssl ext port for 1.1 - cert->name
On Tue, Mar 01, 2016, Jakub Zelenka wrote: > Hello, > > I'm just slowly porting PHP core openssl ext to work with OpenSSL 1.1 and > just came across one thing that I can't find a function for. > > We have got a part in openssl_x509_parse where we display cert->name (cert > is X509 struct) if it
[openssl-dev] PHP openssl ext port for 1.1 - cert->name
Hello, I'm just slowly porting PHP core openssl ext to work with OpenSSL 1.1 and just came across one thing that I can't find a function for. We have got a part in openssl_x509_parse where we display cert->name (cert is X509 struct) if it is not NULL:
Re: [openssl-dev] OpenSSL 1.0.2g - make test fails with FIPS -- regression from 1.0.2f
Brad House wrote: It appears OpenSSL 1.0.2g introduced a regression when attempting to run 'make test' on a fips-enabled build on linux. When compiling without FIPS, the tests pass as expected. However, with fips turned on, "make test" fails when trying to use ssl2 it appears. Running 'make
[openssl-dev] [openssl.org #4364] [PATCH] ASN1_get_object should not accept large universal tags.
See attached. OpenSSL can't actually represent large universal tags because it collides with the V_ASN1_NEG flag, yet it happily parses them in high tag number form. d2i_ASN1_TYPE interprets 1f82020100 as a negative zero, rather than an element with tag [UNIVERSAL 258]. I've intentionally made
Re: [openssl-dev] OpenSSL Security Advisory
Thanks for the test tool and making it available so quickly, we were able to close our DROWN bug ticket less than an hour after opening it! I'm interested in your tlsfuzzer tool (of which this appears to be a part), is there a larger test suite available? Is there any documentation out there?
[openssl-dev] [openssl.org #4363] [PATCH] Adding missing BN_CTX_(start/end) in crypto/ec/ec_key.c
Hi, This is a patch that uses BN_CTX_start/end to correctly initialize the BN_CTX stack in EC_KEY_set_public_key_affine_coordinates. -Steven -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4363 Please log in as guest with password guest if prompted >From
Re: [openssl-dev] 1.0.2g MacOSX x86_64 build failure (1.0.2f and 1.0.1s are fine)
On Tue, Mar 01, 2016 at 12:50:46PM -0500, Brad House wrote: > We have a Mac build system running an older version (10.7), targeting 10.6, > which is > using this compiler: > > $ cc --version > i686-apple-darwin11-llvm-gcc-4.2 (GCC) 4.2.1 (Based on Apple Inc. build 5658) > (LLVM build
[openssl-dev] [openssl.org #4362] chacha-x86.pl has stricter aliasing requirements than other files
I'm unclear on what EVP_CIPHER's interface guarantees are, but our EVP_AEAD APIs are documented to allow in/out buffers to alias as long as out is <= in. This matches what callers might expect from a naive implementation. Our AES-GCM EVP_AEADs, which share code with OpenSSL, have tended to match
[openssl-dev] Test script failing for OpenSSL-1.0.1s when built as FIPS Capable
Hello, I have run into a problem when I am build OpenSSL-1.0.1s as FIPS Capable. The problem is that the test script is failing. I believe that this maybe because of different behavior in the tests now that the "no-ssl2" flag has been added to the OPTIONS (i.e. SSLv2 has been disabled in
[openssl-dev] OpenSSL 1.0.2g - make test fails with FIPS -- regression from 1.0.2f
It appears OpenSSL 1.0.2g introduced a regression when attempting to run 'make test' on a fips-enabled build on linux. When compiling without FIPS, the tests pass as expected. However, with fips turned on, "make test" fails when trying to use ssl2 it appears. Running 'make test' is a fairly
[openssl-dev] [openssl.org #4361] IBM POWER VSX optimizations for OpenSSL
See https://openssl.org/community/getting-started.html for a starting point. -- Rich Salz, OpenSSL dev team; rs...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4361 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:
[openssl-dev] 1.0.2g MacOSX x86_64 build failure (1.0.2f and 1.0.1s are fine)
We have a Mac build system running an older version (10.7), targeting 10.6, which is using this compiler: $ cc --version i686-apple-darwin11-llvm-gcc-4.2 (GCC) 4.2.1 (Based on Apple Inc. build 5658) (LLVM build 2336.1.00) And while building 1.0.2g released today, we found a build regression
[openssl-dev] [openssl.org #4361] IBM POWER VSX optimizations for OpenSSL
I would like to create a number of enhancement requests for OpenSSL to improve the performance of specific algorithms on IBM POWER using the VSX SIMD instruction set with the possibility of creating financial bounties (through bountysource.com) for the projects. What is the best way open these
[openssl-dev] [openssl.org #4347] Fix GCC unused-value warnings with HOST_c2l()
fixed with commit 09977dd thanks! -- Rich Salz, OpenSSL dev team; rs...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4347 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:
[openssl-dev] [openssl.org #4358] Problems in ocsp.1ssl
fixed thanks. -- Rich Salz, OpenSSL dev team; rs...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4358 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] OpenSSL Security Advisory
Scripts to verify that a server is not vulnerable to DROWN. Two scripts are provided to verify that SSLv2 and all of its ciphers are disabled and that export grade SSLv2 are disabled and can't be forced by client. Reproducer requires Python 2.6 or 3.2 or later, you will also need git to
[openssl-dev] OpenSSL Security Advisory
are no longer receiving security updates. References == URL for this Security Advisory: https://www.openssl.org/news/secadv/20160301.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: ht
[openssl-dev] OpenSSL version 1.0.2g published
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.2g released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.2g of our open source
[openssl-dev] OpenSSL version 1.0.1s published
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.1s released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.1s of our open source
Re: [openssl-dev] OpenSSL 1.0.2f build issue - unresolved external symbol
> link /nologo /subsystem:console /opt:ref /debug /dll > /out:out32dll\libeay32.dll /def:ms/LIBEAY32.def > @C:\Users\athosar\AppData\Local\Temp\nm43EB.tmp > Creating library out32dll\libeay32.lib and object out32dll\libeay32.exp > cryptlib.obj : error LNK2001: unresolved external symbol
Re: [openssl-dev] [openssl.org #4360] [BUG] OpenSSL-1.0.1 crash on sha1_block_data_order_ssse3 asm
Hi, > we met crash of openssl (varely, 3 times i have seen) on linux x86_64. > openSSL version is 1.0.1r. > > The stack is as below: > Program terminated with signal 11, Segmentation fault. > Thread 1 (Thread 0x7f0654871700 (LWP 22383)): > #0 0x7f06a2cdddb8 in sha1_block_data_order_ssse3 ()
[openssl-dev] (no subject)
Hi I am trying to test behaviour of Openssl in resumption rejection case. I am using with Openssl-1.1.0 pre2 version. When using Openssl as client and other ssl library as server, Initially client and server accepts on resumption, later server expects client rejected the resumption and sends
Re: [openssl-dev] OpenSSL 1.0.2f build issue - unresolved external symbol
Hi, FWIW, trying the exact same configure commands on OpenSSL 1.0.2f : perl Configure VC-WIN32 no-asm --prefix= ms\do_ms nmake -f ms\ntdll.mak I was NOT able to reproduce the problem under Windows 7 64 bits using Visual Studio 2013 and Perl 5.22.1. Everything goes fine. Michel.