Re: [openssl-dev] Null pointer dereferences?

On 09/05/17 01:22, Zubin Mevawalla wrote: > I was curious if these were real null pointer dereference issues? > > CodeAi, an automated repair tool being developed at Qbit logic, > suggested a couple of if-guards as fixes. > > The first was in crypto/async/async_wait.c on line 157. `prev` is >

Re: [openssl-dev] [openssl-users] OpenSSL 1.1.1 release timeframe

On 18/05/17 06:32, Jayalakshmi bhat wrote: > Please can any one let me know the release date or time line for OpenSSL > 1.1.1? We have not set a date as yet. At the very least we will not be able to release until the IETF takes TLSv1.3 out of draft status - which is not in our control. Matt

Re: [openssl-dev] shlibloadtest failure on non-Linux

On 09/05/17 15:03, Salz, Rich via openssl-dev wrote: >> doesn't test for whether this is set. I think the shlibloadtest should only >> test >> the dlclose() return value on if OPENSSL_USE_NODELETE is set. > > Please see https://github.com/openssl/openssl/pull/3399 > >> 2) crypto/init.c at

Re: [openssl-dev] Work on a new RNG for OpenSSL

On 26/06/17 21:18, Kurt Roeckx wrote: >> “Recommendation for Random Number Generation Using Deterministic Random >> Bit Generators” >> http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf >> >> That design may look complicated, but if you think you can >> leave out some of the

Re: [openssl-dev] Work on a new RNG for OpenSSL

On 26/06/17 19:57, Salz, Rich via openssl-dev wrote: > I was asked off-list why we're doing this. A reasonable question. :) > > There are many complains about the OpenSSL RNG. For started: > https://github.com/openssl/openssl/issues/2168 >

[openssl-dev] Forthcoming OpenSSL releases

Forthcoming OpenSSL releases The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2l and 1.1.0f. These releases will be made available on 25th May 2017 between approximately 1200-1600 UTC. Note: These are bug-fix only

Re: [openssl-dev] Questions about ASYNC API for engines and moving read buffer.

On 02/06/17 11:00, Emeric Brun wrote: > Hi, > > I'm working on an ASYNC engine designed to offload crypto on multiple thread > for monoproc applications. > > No issue on asymetric crypto part but i'm facing a problem concerning ciphers: > > When an SSL_read operation perform a do_cipher

Re: [openssl-dev] Questions about ASYNC API for engines and moving read buffer.

On 02/06/17 15:20, Emeric Brun wrote: > > I've just read the code and I see it is not possible. > > I'm disappointed because i think that a lot of applications which are using > openssl in asynchronous mode > also uses SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER and have > ephemeral/reused/circular

Re: [openssl-dev] Travis failures

On 16/06/17 10:25, Matt Caswell wrote:> Possibly a bad clang-3.9 update?? Any ideas? After this command in the logs: $ sudo -E apt-get -yq --no-install-suggests --no-install-recommends --force-yes install clang-3.9 Failing builds look like this: After this operation, 262 MB of additional d

[openssl-dev] Travis failures

I'm seeing some weird Travis failures: LD_LIBRARY_PATH=.: clang-3.9 -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSL_PIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib/engines-1.1" -Wall -O3 -pthread

[openssl-dev] Using TLS1.3 with OpenSSL

Hi all OpenSSL 1.1.1, when it is released, will support TLSv1.3 and it will be binary and source compatible with OpenSSL 1.1.0. If your application already supports 1.1.0 then, in theory, all you need to do to support TLSv1.3 is to drop in the new OpenSSL version. However there are various issues

[openssl-dev] Fwd: Code Health Tuesday - old issues

Just a reminder about our code health Tuesday event this week. Please see the details below. Matt Forwarded Message Subject: Code Health Tuesday - old issues Date: Thu, 27 Apr 2017 08:43:18 +0100 From: Matt Caswell <m...@openssl.org> To: openssl-dev@openssl.org <op

Re: [openssl-dev] Code Health Tuesday - old issues

Just to let you all know that we managed to close 58 old tickets as a result of this event. Fantastic! Thanks Matt On 27/04/17 08:43, Matt Caswell wrote: > > > Hi all > > Our next "Code Health Tuesday" event will be on Tuesday 2nd May. > > This time we wou

Re: [openssl-dev] libcrypto.pc needs to list libpthread as a dependency

ymas.com >Director, Highland Sun http://highlandsun.com/hyc/ >Chief Architect, OpenLDAP http://www.openldap.org/project/ > -- > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > -- Matt Caswell <m...@openssl.org>

[openssl-dev] Fwd: [TLS] Update on TLS 1.3 Middlebox Issues

An update on the TLS1.3 middlebox issue posted to the TLS WG list which may be of interest to the openssl-dev group. Matt Forwarded Message Subject:[TLS] Update on TLS 1.3 Middlebox Issues Date: Fri, 6 Oct 2017 13:16:37 -0700 From: Eric Rescorla To:

Re: [openssl-dev] rejecting elliptic_curves/supported_groups in ServerHello (new behavior in master/1.1.1 vs 1.1.0)

On 03/10/17 16:15, Benjamin Kaduk via openssl-dev wrote: > Hi all, > > Doing some testing with a snapshot of master (s_client with -tls1_2 and > optionally a cipherspec that prefers ECDHE ciphers), we're running into > a sizeable number of servers that are sending extension 0xa (formerly >

Re: [openssl-dev] [RFC] enc utility & under-documented behavior changes: improving backward compatibility

On 03/10/17 18:51, Robin H. Johnson wrote: > On Tue, Oct 03, 2017 at 09:45:43AM +0200, Tomas Mraz wrote: >> On Tue, 2017-10-03 at 08:23 +0100, Matt Caswell wrote: >>> >>>> 1.2. This also opens the path to stronger key derivation (PBKDF2) >>>> 2. During

[openssl-dev] QUIC

Issue 4283 (https://github.com/openssl/openssl/issues/4283) has caused me to take a close look at QUIC. This seems to have been getting a *lot* of attention just recently. See the IDs below for details: https://tools.ietf.org/html/draft-ietf-quic-transport-05

Re: [openssl-dev] New crypto algorithms in openSSL engine

On 27/09/17 15:32, Byrne, Andrew wrote: > I’m working on testing some lattice based algorithms in openSSL for the > establishment of a TLS channel. I’ve investigated the potential for > developing an engine to support this as it would mean I don’t need to > touch the core openSSL code. However,

Re: [openssl-dev] Missing EVP_PKEY_meth_get_xxx methods?

On 02/10/17 15:00, Blumenthal, Uri - 0553 - MITLL wrote: > Moving to openssl-dev, because I think OpenSSL-1.0.2 needs a fix. > >   > > To be more specific, the following get methods are missing in 1.0.2: > >   > > - EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *,  …) > > -

Re: [openssl-dev] [RFC] enc utility & under-documented behavior changes: improving backward compatibility

On 02/10/17 20:20, Robin H. Johnson wrote: > Commit f8547f62c212837dbf44fb7e2755e5774a59a57b (documented in > 9e8b6f042749ded556380227c9f2db7ffad9a3aa), changed the default digest > for the 'enc' utility from MD5 to SHA256. > > While I do strongly encourage getting away from MD5, this has the >

Re: [openssl-dev] Plea for a new public OpenSSL RNG API

On 29/08/17 10:45, Dr. Matthias St. Pierre wrote > Currently, the OpenSSL core members seem to be reluctant to make the > API public, at least at this early stage. I understand Rich Salz's > viewpoint that this requires a thorough discussion, because a public > interface can't be easily changed

Re: [openssl-dev] TLS 1.3 non compliance with current draft

On 01/09/17 18:05, Hubert Kario wrote: > When openssl sends a second Client Hello message, it modifies it quite > extensively, not only client_random is changed but also advertised cipher > suites. > > see https://github.com/openssl/openssl/issues/4292 > > That makes it non-compliant with

Re: [openssl-dev] 1.1.1 master consistently fails (was Re: openssl 1-1-0-stable fails)

On 03/09/17 22:18, Blumenthal, Uri - 0553 - MITLL wrote: > MacOS 10.12.6, Xcode-8.3.3. Current Github master: > > Test Summary Report > --- > ../test/recipes/70-test_clienthello.t(Wstat: 256 Tests: 1 > Failed: 1) > Failed test: 1 > Non-zero exit status: 1 >

Re: [openssl-dev] Fwd: openssl 1-1-0-stable fails

On 01/09/17 23:42, Blumenthal, Uri - 0553 - MITLL wrote: > > > Begin forwarded > >> *Subject:* *openssl 1-1-0-stable fails* >> >> OpenSSL_1_1_0-stable current Github >> >> Test Summary Report >> --- >> ../test/recipes/80-test_cms.t(Wstat: 256 Tests: 4 Failed: 1)

Re: [openssl-dev] Plea for a new public OpenSSL RNG API

On 29/08/17 15:02, Salz, Rich via openssl-dev wrote: > > dev asap. If there are problems with it we can always revert it before > it makes it into a release. > > Someone on the OMC called that “flip-flopping” and seemed to be against this > kind of thing. > > If we are going to have

Re: [openssl-dev] why TLSv1 need two tls1_enc to get decrypted data while TLSv1.1/TLSv1.2 need one in OpenSSL1.1.0f?

On 27/09/17 15:44, Ma chunhui wrote: > Hi,  > > I met one problem when using OpenSSL1.1.0f with protocol TLSv1. > In brief, when using TLSv1,  after server side received encrypted data, > and after function tls1_enc finished, the decrypted data is not put in > result buffer, after another

Re: [openssl-dev] New crypto algorithms in openSSL engine

On 23/10/17 12:51, APOB83 wrote: > Hi, > > I've noticed the following statement in another thread here... > > *May I suggest you have a look at the GOST engine? It does implement > the algorithm entirely in the engine. The only things added in the > OpenSSL code are the OIDs (not strictly

Re: [openssl-dev] a possible bug for certain usage of openSSL1.1.0 with TLSv1

On 02/11/17 13:01, Ma chunhui wrote: > Hi, Openssl team > After we upgrade openSSL from 1.0.2 to 1.1.0f, we met an error which > might be a bug. Does this fix it: https://github.com/openssl/openssl/pull/4685 (master) https://github.com/openssl/openssl/pull/4686 (1.1.0) Matt -- openssl-dev

Re: [openssl-dev] OpenSSL version 1.0.2n published

On 07/12/17 15:16, Randall S. Becker wrote: > For HPE NonStop J-Series: Builds passed. Previous version was 1.0.2m. > > New breakage: > ../util/shlib_wrap.sh ./fatalerrtest ../apps/server.pem ../apps/server.pem > SSL_accept() failed -1, 1 > 1827815872:error:140800FF:SSL

[openssl-dev] Forthcoming OpenSSL releases

Forthcoming OpenSSL releases The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.1.0g and 1.0.2m. These releases will be made available on 2nd November 2017 between approximately 1300-1700 UTC. This is a bug-fix release. It

Re: [openssl-dev] Systemwide configurability of OpenSSL

On 25/10/17 16:19, Tomas Mraz wrote: >> |However libssl currently does not have a way to apply some policy such >> |as using just protocol TLS1.2 or better system-wide with a possibility >> |for sysadmin to configure this via some configuration file. Of course >> |it would still be up to

Re: [openssl-dev] Forthcoming OpenSSL releases

On 30/10/17 13:50, Matt Caswell wrote: > Forthcoming OpenSSL releases > > > The OpenSSL project team would like to announce the forthcoming release > of OpenSSL versions 1.1.0g and 1.0.2m. > > These releases will be made available on 2nd

[openssl-dev] OpenSSL wins the Levchin prize

Today I have had great pleasure in attending the Real World Crypto 2018 conference in Zürich in order to receive the Levchin prize on behalf of the OpenSSL team. More details are available in my blog post here: https://www.openssl.org/blog/blog/2018/01/10/levchin/ Matt -- openssl-dev mailing

Re: [openssl-dev] [openssl/openssl] Dtls listen refactor (#5024)

On 16/01/18 19:44, Michael Richardson wrote: > > Matt Caswell <m...@openssl.org> wrote: > >> a) when the existing FD is connect(2) any future traffic to the bound > >> port will get rejected with no port. So the application really has to &g

Re: [openssl-dev] [openssl/openssl] Dtls listen refactor (#5024)

On 16/01/18 15:32, Michael Richardson wrote: > > a) when the existing FD is connect(2) any future traffic to the bound port >will get rejected with no port. So the application really has to open a >new socket first. >The application can do this two ways: it can open a new socket on

Re: [openssl-dev] [openssl/openssl] Dtls listen refactor (#5024)

On 17/01/18 16:34, Michael Richardson wrote: > > > It seems like a fairly simple solution could solve this. Currently we > > have BIO_dgram_get_peer() which returns the peer's address for the last > > message read from a BIO. You could imagine a new call being introduced > > to

Re: [openssl-dev] [openssl/openssl] Dtls listen refactor (#5024)

On 19/01/18 16:32, Michael Richardson wrote: > Matt Caswell <m...@openssl.org> wrote: > > Please raise a separate PR for this work. It *must* be portable though > > and work across all our platforms (e.g. including VisualC etc). My > > suggestion is that y

Re: [openssl-dev] GCM for AFALG engine

On 02/02/18 11:18, Atul Gupta wrote: > I want to add GCM support to afalg engine and have the patch tested with > apache and s_server/s_client. Can I submit the patch for review? Any > suggestion? A patch would be most welcome. All patches should be submitted through github. Please make sure

[openssl.org #2684] [PATCH] pod2html build fix

Hi I have encountered a problem whilst building the HTML documentation. All appears to build successfully, however when I view the file crypto/crypto.html and click on the link dsa, this takes me to apps/dsa.html instead of the expected crypto/dsa.html. Interestingly the documentation on

[openssl.org #2799] [PATCH] Elliptic Curve Library documentation

Hello The openssl EC library is a fantastic resource which provides an extensive set of functions for performing work with elliptic curves. Unfortunately the documentation available is somewhat minimalistic. The documentation is not in the standard openssl pod format (it is instead in doxygen

Re: Why x509 displays ECDSA pub. key size two times less than actual?

On 25/08/12 22:48, Andrey Kulikov wrote: Does this behavior a bug, or somewhere documented convention? I've studied FIPS 180-3, SP 800-57 and SEC 1: Elliptic Curve Cryptography but didn't find any indications of such conventions. Maybe I overlooked something? By convention the key size for

Re: Why x509 displays ECDSA pub. key size two times less than actual?

On 26/08/12 14:50, Andrey Kulikov wrote: By convention the key size for ECC is given as the number of bits in the order. E.g. see table 3 in SEC 1. Could you please provide a reference to document, defining this convention? Unfortunatelly table 3 in section B.2.1 of SEC 1 (both v1 and v2)

Re: Why x509 displays ECDSA pub. key size two times less than actual?

On 26/08/12 16:15, Andrey Kulikov wrote: For ECC the key size is stated to be size of n in bits (where n is the order). 'n' is an order of base point 'G' on EC - i.e. size of private key (what should be in range [1; n-1]), not public. Thus, I understand that it is a size of EC private key

Re: Why x509 displays ECDSA pub. key size two times less than actual?

On 26/08/12 16:51, Andrey Kulikov wrote: Talking about the bit-length of the public key data is not particularly helpful because it depends on whether it is in compressed format or not. Sorry, but size of public key does not depends on size of it's representation. It can be compressed,

[openssl.org #3022] Binary curves broken in FIPS mode

Hello When using OpenSSL-1.0.1e-fips a call to PEM_write_bio_PrivateKey silently fails and produces a corrupt pem file when using an EVP_PKEY_EC key and a binary curve. The same function works fine when not using a FIPS capable OpenSSL. I suspect the same problem will affect any ASN.1 routines

Re: [openssl.org #3065] [PATCH] ec_private_key_dont_crash

On 4 June 2013 13:49, Adam Langley via RT r...@openssl.org wrote: This change saves several EC routines from crashing when an EC_KEY is missing a public key. The public key is optional in the EC private key format and, without this patch, running the following through `openssl ec` causes a

[openssl.org #3192] [PATCH] Fix spurious error in DSA verification failure

before the patch: Sign Success 140173552527040:error:0A071003:dsa routines:DSA_do_verify:BN lib:dsa_ossl.c:454: Verify Failed Output after patch: Sign Success Verify Failed Matt From 48a66681367f80016360c5bff47744fff4132ed3 Mon Sep 17 00:00:00 2001 From: Matt Caswell fr...@baggins.org Date: Fri

[openssl.org #3296] make report

Fixed in this commit: https://github.com/openssl/openssl/commit/23f5908ac753b176af2a0690e0ebb53c95ef192b __ OpenSSL Project http://www.openssl.org Development Mailing List

[openssl.org #3284] Patch submission: typo fix

Fixed in this commit: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a141effa7b2c731fe6e099334be5ded050f965ea Matt __ OpenSSL Project http://www.openssl.org Development Mailing List

[openssl.org #3304] [PATCH] typo in SSL_get_peer_cert_chain docs

Fixed in commit: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=e5676b8328a486565fc3c7f408a40beb4d47cd08 Matt __ OpenSSL Project http://www.openssl.org Development Mailing List

[openssl.org #3321] NULL pointer dereference with SSL_MODE_RELEASE_BUFFERS flag

This patch looks like a bit of a kludge to me. Release a buffer only to then immediately set it up again. Compare with this commit on master: https://github.com/openssl/openssl/commit/3ef477c69f2fd39549123d7b0b869029b46cf989 I think a backport of this might be more appropriate. Matt

[openssl.org #3338] Double free in i2o_ECPublicKey

Resolved in this commit: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=16ba70746b3bd9d1bd17cf7135c00ff1e47dfcfe Also, simiilar commits in 1.0.2, 1.0.1 and 1.0.0 branches. Many thanks for your contribution. Matt __

[openssl.org #3337] Bug in OpenSSL

Closing this ticket as per Steve's comments. Matt __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager

[openssl.org #3332] [PATCH] fix pkg-config generation

This patch changes the output of pkg-config --libs libssl from: -L/usr/local/ssl/lib -lssl -lcrypto to: -L/usr/local/ssl/lib -lssl Arguably this is the strictly correct approach. However in practice I suspect many build scripts will rely on this behaviour and break as a result of this change. I'm

[openssl.org #2645] [patch] fix up lib handling in pkg-config files

As per comments in PR#3332 Matt __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager

[openssl.org #3330] Minor Bug: Enddate before(!) the start date

As per comments by Viktor on the dev list, this is by design: On 27 April 2014 17:10, Viktor Dukhovni openssl-us...@dukhovni.org wrote: On Sun, Apr 27, 2014 at 01:04:13PM +0200, sch_m via RT wrote: I was playing around with openssl and found a minor bug which makes possible to put the end date

[openssl.org #3332] [PATCH] fix pkg-config generation

This ticket has been reopened. Given the current discussion on this topic, I will leave this for a week to give people some time to air their views, and then I will revisit the decision. __ OpenSSL Project

[openssl.org #3340] coverity issues 966593-966596

Setting this ticket as resolved: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8bbfd94e36559ceb7187d4d8a63e950713b93e0d Above for master branch. Similar commits for 1.0.2, and 1.0.1 (the first branch with SRP support). Matt

[openssl.org #3339] NULL pointer dereference in PKCS7_dataDecode

Hi David Many thanks for your report. I can confirm that I have recreated your results, and have applied the following fix: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2d2e0479eb758dddb4b5236aa6e3288f2682b279 Similar commits have been applied to the 1.0.2, 1.0.1 and 1.0.0 branches.

[openssl.org #3342] coverity issue 966577

Thanks Tim. Patch applied http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b6e69d284b79097d0d9e39996cbe59eae6bb36e2 http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8e94fadd0b79491714401d89b338db27211b9819 Similar commits on 1.0.2, 1.0.1 and 1.0.0 branches. This also fixes

[openssl.org #3320] Invalid large memory access in openssl due to a bug on the client side

On 12 May 2014 11:36, Ajit Menon via RT r...@openssl.org wrote: I think this is the right change. However, I see that there is another len-tot in the following conditional block #if !defined(OPENSSL_NO_MULTIBLOCK) EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK This is within the same function. I wonder

[openssl.org #3317] Patch: Avoid out-of-bounds write in SSL_get_shared_ciphers

Nice catch - thanks! I've committed Kurt's revised patch to all appropriate branches. Matt __ OpenSSL Project http://www.openssl.org Development Mailing List

[openssl.org #3332] [PATCH] fix pkg-config generation

I promised to look at this again after a week. Including myself and Mike I have had 5 people express an opinion on this (one of those privately to me). Of those: 3 have spoken in favour of the patch 2 have spoken in favour of the status quo My concern was that this fix might break existing

[openssl.org #3353] bug fix: documentation link formatting: comma instead of a pipe

Committed: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ab6577a46ecee670b640f0ee49e2ebef80ad18a7 Thanks for your contribution. Matt __ OpenSSL Project http://www.openssl.org

[openssl.org #3354] PATCH: doc update for 'enc' utility ('enc' does not handle authenticated encryption modes)

Committed: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=18c4f522f49eb54a61bada6d39a8b137b6751f01 Thanks for your contribution, Matt __ OpenSSL Project http://www.openssl.org Development

[openssl.org #3355] PATCH: fix grammar in verify.pod doc

Committed: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2af071c0bc3f5573574ccf8927dbf60f47c81df5 Thanks for your contribution, Matt __ OpenSSL Project http://www.openssl.org Development

[openssl.org #3344] PATCH: don't crash or fail in ASN1_print from t_pkey.c

Hi Jeff Hmmm, I cannot reproduce this. Using the attached as a test case I see the following output (i.e. no crashes): Test one Return code 0 Test two NULL 1 (0x1) Return code 1 Test three Return code 0 Test four 1 (0x1) Return code 1 The NULL bio should be checked ultimately in BIO_write

[openssl.org #3356] bug report: segfault from aes ccm encryption after RSA key generation and EVP_PKEY_assign_RSA

Closing this ticket. Problem was with ubuntu package. Matt __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager

[openssl.org #3344] PATCH: don't crash or fail in ASN1_print from t_pkey.c

Hi Jeff Do you have an update on this, as per my last message? Thanks Matt __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org

[openssl.org #3352] export session id and master key in NSS keylog format

This is a pretty cool patch! Martin sent me some instructions on how to get this working with wireshark, which I have reproduced for reference at the end. This worked for me using Wireshark 1.10.6 With regards to the patch itself, it is the idiom of many of the OpenSSL command line apps to take

[openssl.org #3359] New bug report

I've discussed this one with Steve who tells me that this is a known bug. The current fix is to not have expired certificates in the trust store. It can be fixed but it has some complex consequences which need to be explored. Probably needs revision of the verification algorithm which is

[openssl.org #3357] bug: Unreasonable algorithmic default in smime

Steve has committed the following fixes: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6f719f063cff50cc2f2f25fa55c0d2384eea08fb http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=558c94efc00ce15a9fcc9370598d8841392ff0f3 Closing this ticket. Matt

[openssl.org #3343] [PATCH] implements name contraint for IP Address

Hi Luiz Thanks for the patch. I've reviewed it and it looks good. With regards to your comments around X509_V_ERR_PERMITTED_VIOLATION vs X509_V_ERR_UNSUPPORTED_NAME_SYNTAX, I think you did it right. Therefore:

[openssl.org #3352] export session id and master key in NSS keylog format

Hi Martin Thanks for your contribution. I have applied your updated patch: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=189ae368d91d2c9de5ed1fa21e993f5c83fc4445 Matt __ OpenSSL Project

[openssl.org #3364] misleading description for -noout in the sess_id application

Patch applied: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c5f0b9bd8650a92eac1ef2fa28c726bbbc272904 Thanks for your contribution. Matt __ OpenSSL Project http://www.openssl.org

[openssl.org #3360] Error building openssl with TLS_DEBUG

Fixed. http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=955376fde3c60999b27deeebb41d82ad17dca3da Thanks for the report. Matt __ OpenSSL Project http://www.openssl.org Development Mailing

[openssl.org #3365] Wrong parameter types in SSL_set_msg_callback[_arg] man page

Fixed: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=15658d0cbf51ae32f7c9d0d3dc1eac36e220a167 Thanks for the report. Matt __ OpenSSL Project http://www.openssl.org Development Mailing

[openssl.org #3351] BUG: asn1parse chokes with data outside begin/end

Thanks for the feedback. I have changed tack slightly: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=3d9243f1b614640f3dcbba0d7de89f363581e8e0 I think this is a better approach anyway, and resolves your issue with trailing data after the END marker. Matt

[openssl.org #3350] Problem using gost engine in Apache 2

Dmitry has confirmed that this is not a defect, so closing this ticket. Matt __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org

[openssl.org #2598] GOST engine memory problems

Dmitry has confirmed that this is not a defect, so closing this ticket. Matt __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org

[openssl.org #3346] [PATCH] make test/Makefile cross-platform

Patch applied: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=028bac0670c167f154438742eb4d0fbed73df209 Many thanks for your contribution. Matt __ OpenSSL Project http://www.openssl.org

[openssl.org #3366] 1.0.1g / Windows Linux / 2 enhancement requests 2 patches

Hi Libor Many thanks for your submission. Please could your resubmit this with a separate ticket for each item? Having a single ticket for multiple issues makes it quite difficult for us to track and manage - they may not all be reviewed at the same time, or by the same person. Thanks Matt

[openssl.org #3363] Patch to fix bad example in ciphers(1) man page

Hi Hubert The title for this request is slightly misleading as this was actually 3 commits only one of which was regards to an example in ciphers(1). Taking the 3 commits in turn: fix example with DH cipher suites: I don't agree that the man page implies anything about anonymous ECDH when it

[openssl.org #3319] [Bug report Patch] Fix TLS export keying material generation for TLS 1.2 version

Steve Henson has comitted this here: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4fdf917 Thanks Matt __ OpenSSL Project http://www.openssl.org Development Mailing List

[openssl.org #3362] [PATCH] use-after-free bug in dtls1_buffer_record (ssl/d1_pkt.c)

Hi David Patch applied: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d1e1aee Many thanks for your contribution. Matt __ OpenSSL Project http://www.openssl.org Development Mailing

[openssl.org #3344] PATCH: don't crash or fail in ASN1_print from t_pkey.c

On Thu May 29 08:28:24 2014, noloa...@gmail.com wrote: Matt - I have not forgot about this I can't find the machine I wrote the code on (my place probably looks a lot like your place - different computers and laptops with different OSes all over the place). My place does look a bit like

[openssl.org #3324] [PATCH] Remedy the coding style after heartbleed

This pull request appears to be closed. Is this ticket still valid? Matt __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated

[openssl.org #3370] 1.0.1g / Windows / patch - wrong OPENSSL_EC_NISTP_64_GCC_128 definition in ec_lcl.h

Patch applied: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8e3231642b89332fa56ed2b6f501e28722e2048e Thanks for your contribution. Matt __ OpenSSL Project http://www.openssl.org

[openssl.org #3372] Possible patch for typo fix in version number of dylib

Hi Lubu Thanks for your submission. However this is intentional and won't be changed. Closing this ticket. Matt __ OpenSSL Project http://www.openssl.org Development Mailing List

[openssl.org #3376] 0.9.8za/1.0.0m/1.0.1h build failure in ssl/s3_pkt.c - missing include for limits.h

On Thu Jun 05 20:40:49 2014, rainer.j...@kippdata.de wrote: File ssl/s3_pkt.c uses INT_MAX since May 19th. This macro is defined in limits.h which is not included in s3_pkt.c. +#include limits.h #include stdio.h #include limits.h Hmmmlook two lines down from where you've added an

[openssl.org #3376] 0.9.8za/1.0.0m/1.0.1h build failure in ssl/s3_pkt.c - missing include for limits.h

On 05/06/14 20:08, Rainer Jung wrote: One correction to self: no problem for 1.0.1, which had been fixed in commit 8ca7d124304502158fba780eed293c4e3c5c1c71 Fixed Windows compilation failure. But 1.0.0 and 0.9.8 lack tha addition. I have back ported the commit to 1.0.0 and 0.9.8 Matt

[openssl.org #3331] [PATCH] respect LDFLAGS during build

Hi Mike On Sun Apr 27 13:04:20 2014, vap...@gentoo.org wrote: It's a standard setting that other build systems use. Can you explain why you need this? @@ -217,6 +217,7 @@ BUILDENV= PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \ MAKEDEPEND='{TOP}/util/domd {TOP} -MD

[openssl.org #3378] heartbeat_test: Using internal APIs

On Thu Jun 05 20:41:05 2014, k...@roeckx.be wrote: This is probably related to me not exporting those symbols as they are marked local. Kurt Is this related to the way you build the Debian packages? We are likely to see a lot more like this as Mike's test team get going. In unit testing its

[openssl.org #3378] heartbeat_test: Using internal APIs

On Thu Jun 05 23:42:31 2014, k...@roeckx.be wrote: We are likely to see a lot more like this as Mike's test team get going. In unit testing its okay to access internal symbols. But then you shouldn't link to the shared library. The static library probably works. Any chance you can

[openssl.org #3389] [PATCH] Create ~/.rnd with mode 0600 instead of 0666

Patch merged: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7be1d8764d30d2f04696d7f834df349bc4bffd73 Thanks for the contribution Matt __ OpenSSL Project http://www.openssl.org

[openssl.org #3381] Typo in macro name for ASN (1.0.1h)

Hi Quanah Thanks for the submission. The problem with correcting this is that technically it forms part of the public API (since the macro is defined in asn1.h). I guess there's probably not a huge risk in changing it, as I can't imagine there's too many people relying on that define being there,

[openssl.org #3384] Patch: add ECC strings to ciphers(1), point out difference between DH and ECDH

Hi Hubert Nice patch! A couple of comments: * aNULL also includes some SRP based ciphersuites SRP-AES-256-CBC-SHA SSLv3 Kx=SRP Au=None Enc=AES(256) Mac=SHA1 SRP-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=None Enc=3DES(168) Mac=SHA1 SRP-AES-128-CBC-SHA SSLv3 Kx=SRP Au=None Enc=AES(128) Mac=SHA1 * The

[openssl.org #3378] heartbeat_test: Using internal APIs

Merged. Thanks for your contribution. Matt __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager

[openssl.org #3380] OpenSSL 1.0.1h on SGI IRIX

Hi Pieter Can you confirm that this resolves your problem: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=5a0d057e49a6f7b5ee5ff6f8af5ae395abc7b918 Thanks Matt __ OpenSSL Project

<    1   2   3   4   5   6   7   8   9   10   >