Re: [openssl-dev] [openssl.org #4504] Openssl cms encrypt bug.

Hi Andrew, I seem to recall that depending of the OpenSSL version, there was issue with CFB1 mode. Michel. -Message d'origine- De : openssl-dev [mailto:openssl-dev-boun...@openssl.org] De la part de ?? ? via RT Envoyé : lundi 7 novembre 2016 11:40 Cc : openssl-dev

Re: [openssl-dev] [openssl.org #4504] Openssl cms encrypt bug.

penssl encrypts text with error or openssl can't decrypt text correctly. Thanks, Andrew 2016-05-06 4:05 GMT+05:00 Stephen Henson via RT <r...@openssl.org>: > Fixed now, thanks for the report. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Com

[openssl-dev] [openssl.org #2880] Resolved: Modification of the capi engine to support loading key from CERT_SYSTEM_STORE_LOCAL_MACHINE

According to our records, your request has been resolved. If you have any further questions or concerns, please respond to this message. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2880 Please log in as guest with password guest if prompted -- openssl-dev mailing list To

[openssl-dev] [openssl.org #2902] Resolved: [PATCH] add strings for SSL state related to Next Protocol Negotiation

According to our records, your request has been resolved. If you have any further questions or concerns, please respond to this message. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2902 Please log in as guest with password guest if prompted -- openssl-dev mailing list To

[openssl-dev] [openssl.org #2818] Resolved: [PATCH] Cipher list TLSv1.2 as token; ciphers(1) update

According to our records, your request has been resolved. If you have any further questions or concerns, please respond to this message. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2818 Please log in as guest with password guest if prompted -- openssl-dev mailing list To

[openssl-dev] [openssl.org #4698] PEM parsing incorrect; whitespace in PEM crashes parser

no need to keep this ticket, tracking the PR on github. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4698 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4698] PEM parsing incorrect; whitespace in PEM crashes parser

On 10/05/2016 09:15 AM, Kaduk, Ben via RT wrote: > I refactored this stuff a while ago to add a flags field that would > force the temporary read buffer to be allocated from the secure heap; I > should really dig it up and clean it up for master. That's https://github.com/openssl/ope

[openssl-dev] [openssl.org #4704] Memory leak in rsa_new/rsa_free

Hi, I'm writing a c++ server application that calls thounsands of times per hour the rsa_new() and rsa_free() openssl functions. After debugging a lot I discovered that "sometimes" (I'm not able to tell a precise number) the rsa_free does not release properly the memory allocated by the

[openssl-dev] [openssl.org #4703] Fix: Merge commit fe2d149 (RT2867: des_ede3_cfb1 ignored "size in bits" flag) to OpenSSL_1_0_2-stable

Hello, the fix for "RT2867: des_ede3_cfb1 ignored "size in bits" flag " (commit fe2d149119063ec3c89fd6db9af8a6970e3e6032) was only committed for master (1.1.0) but not for the still supported 1.0.2 (and 1.0.1)

[openssl-dev] RES: [openssl.org #4702] OPENSSL: Linux SLESS11

Thank you! José Carlos de Oliveira (Oliveira) Pesquisador / Desenvolvedor - Grupo ICTS Brasilia - DF - Asa Norte SCN Q05 - Brasilia Shopping - Torre Norte Sala 917 Fone:+5561-3246.7089 Cel:+5561-99311.9226 Site: www.grupoicts.com.br -Mensagem original- De: Matt Caswell via RT

Re: [openssl-dev] [openssl.org #4702] OPENSSL: Linux SLESS11

On 10/10/16 15:14, Jose Carlos de Oliveira via RT wrote: > Hi, > I have downloaded and builded last tree openssl versions for linux: > 1) openssl-1.0.1u.tar.gz > 2) openssl-1.0.2j.tar.gz > 3) openssl-1.1.0b.tar.gz Any particular reason why you need all three? &g

[openssl-dev] [openssl.org #4702] OPENSSL: Linux SLESS11

Hi, I have downloaded and builded last tree openssl versions for linux: 1) openssl-1.0.1u.tar.gz 2) openssl-1.0.2j.tar.gz 3) openssl-1.1.0b.tar.gz I successful followed all steps found at file INSTALL By the way, when I try to use it I have the bellow messages: undefined

[openssl-dev] [openssl.org #4701] Some OpenSSL 1.1.0 does not decode FIPS error codes

I'm working with a non-capable version of the library (I need to gt it updated since release): $ openssl version OpenSSL 1.1.0-pre6-dev xx XXX Looking at a question on another site, the OP provides: With FIPS, compilation goes fine, but generates the following when run:

[openssl-dev] [openssl.org #4700] fprintf(stderr, ...) in d1_both.c

Good Morning, Inspecting some code in the OpenSSL DTLS implementation, I noticed three places in the file “d1_both.c” where error conditions result in an sprintf to stderr: Line 1071 in function dtls1_read_failed Line 1143 in function dtls1_retransmit_buffered_messages Line 1243 in function

Re: [openssl-dev] [openssl.org #4699] Bug in OpenSSL 1.0.2j-fips 26 Sep 2016 or maybe affects all

Hi Richard, Just saw the patch. Thanks for the quick response. Valentin On 10/06/2016 09:37 AM, Richard Levitte via RT wrote: > It affects all 1.0.2 variants. I've a fix on github: > https://github.com/openssl/openssl/pull/1668 > > Cheers, > Richard > > On Thu Oct 06

[openssl-dev] [openssl.org #4699] Bug in OpenSSL 1.0.2j-fips 26 Sep 2016 or maybe affects all

It affects all 1.0.2 variants. I've a fix on github: https://github.com/openssl/openssl/pull/1668 Cheers, Richard On Thu Oct 06 07:15:52 2016, valen...@astro.rug.nl wrote: > Hi, > > While playing around with prime number generation I noticed that the > following generates a core dump. I think

[openssl-dev] [openssl.org #4699] Bug in OpenSSL 1.0.2j-fips 26 Sep 2016 or maybe affects all

Hi, While playing around with prime number generation I noticed that the following generates a core dump. I think this is definitely a bug. How to reproduce: $ openssl prime '' Segmentation fault (core dumped) I haven't included any strace output but this can be reproduced by you as well.

Re: [openssl-dev] [openssl.org #4698] PEM parsing incorrect; whitespace in PEM crashes parser

One more reference: https://tools.ietf.org/html/rfc4648#section-3.3 describes the considerations for 'non-base64 characters'. Short form: MIME requires that they be ignored. 7468 says SHOULD. 4648 says 'reject, unless the referencing spec says otherwise' (which 7468 does.) I wrote previously

Re: [openssl-dev] [openssl.org #4698] PEM parsing incorrect; whitespace in PEM crashes parser

On 10/05/2016 07:56 AM, Richard Levitte via RT wrote: > To be noted, there's more in section 2: > >Most extant parsers ignore blanks at the ends of lines; blanks at the >beginnings of lines or in the middle of the base64-encoded data are >far less compatible. The

Re: [openssl-dev] [openssl.org #4698] PEM parsing incorrect; whitespace in PEM crashes parser

On 05-Oct-16 08:56, Richard Levitte via RT wrote: > To be noted, there's more in section 2: > >Most extant parsers ignore blanks at the ends of lines; blanks at the >beginnings of lines or in the middle of the base64-encoded data are >far less compatible. The

Re: [openssl-dev] [openssl.org #4697] Bug in 1.1.0 (lost compatibility with previous releases)

Yes, Steve, you're right! Thank you. I'm sorry for imprecise wording. Sergey. 2016-10-05 16:24 GMT+05:00 Stephen Henson via RT <r...@openssl.org>: > On Wed Oct 05 07:05:06 2016, sgbrazhni...@gmail.com wrote: > > Hi, guys. > > > > Just figured out that files encrypte

Re: [openssl-dev] [openssl.org #4696] Resolved: BUG: openssl1.0.2j Solaris-Sparc : ../util/shlib_wrap.sh ./bad_dtls_test - core dump

Confirmed - thanks for the reply! From: Rich Salz via RT <r...@openssl.org> Sent: 05 October 2016 08:09:49 To: Llewelyn Thomas Subject: [openssl.org #4696] Resolved: BUG: openssl1.0.2j Solaris-Sparc : ../util/shlib_wrap.sh ./bad_dtls_test - core dump Acc

[openssl-dev] [openssl.org #4698] PEM parsing incorrect; whitespace in PEM crashes parser

haven't looked enough in our code recently to remember if we're doing "standard" (figure 1) or "strict" (figure 3) parsing... what I hear is a request for us to move to "lax" (figure 2) parsing. Cheers, Richard On Wed Oct 05 12:02:54 2016, l...@acm.org wrote: > On 0

Re: [openssl-dev] [openssl.org #4698] PEM parsing incorrect; whitespace in PEM crashes parser

On 05-Oct-16 07:52, Salz, Rich via RT wrote: > Well, it is a SHOULD not a MUST. But point taken it could be (much) better :) > > It's an important SHOULD. Whitespace introduction happens in the wild. This is the quote from the OpenXPKI folks: > I just saw this today at a cust

Re: [openssl-dev] [openssl.org #4698] PEM parsing incorrect; whitespace in PEM crashes parser

Well, it is a SHOULD not a MUST. But point taken it could be (much) better :) -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4698 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4698] PEM parsing incorrect; whitespace in PEM crashes parser

PEM consists of base64 inside a header and trailer line. OpenSSL crashes with embedded newlines. This was mentioned to me by the OpenXPKI project. See RFC 7468 section 2: Data before the encapsulation boundaries are permitted, and parsers MUST NOT malfunction when processing such data.

[openssl-dev] [openssl.org #4697] Bug in 1.1.0 (lost compatibility with previous releases)

On Wed Oct 05 07:05:06 2016, sgbrazhni...@gmail.com wrote: > Hi, guys. > > Just figured out that files encrypted with OpenSSL 1.1.0-stable can not be > decrypted with previous releases and vice versa. > Tested aes256, cast5-cfb, camellia128 on 1.1.0-stable, 1.0.2-stable and > 0.9.8(cast5-cfb only)

Re: [openssl-dev] [openssl.org #4697] Bug in 1.1.0 (lost compatibility with previous releases)

I think you are reading too much into Viktor's words. From my perspective he was proposing a work-around, nothing more. Yeah, what we did is sub-optimal. Not the first time, won't be the last :) -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4697 Please log in as guest with

Re: [openssl-dev] [openssl.org #4697] Bug in 1.1.0 (lost compatibility with previous releases)

On Wed, 2016-10-05 at 07:05 +, Sergey G Brazhnikov via RT wrote: > > Just figured out that files encrypted with OpenSSL 1.1.0-stable can not be > decrypted with previous releases and vice versa. > Tested aes256, cast5-cfb, camellia128 on 1.1.0-stable, 1.0.2-stable and > 0.9.8

[openssl-dev] [openssl.org #4697] Bug in 1.1.0 (lost compatibility with previous releases)

Hi, guys. Just figured out that files encrypted with OpenSSL 1.1.0-stable can not be decrypted with previous releases and vice versa. Tested aes256, cast5-cfb, camellia128 on 1.1.0-stable, 1.0.2-stable and 0.9.8(cast5-cfb only) All built without errors, passed all tests. Configuration VC-WIN32,

[openssl-dev] [openssl.org #4696] BUG: openssl1.0.2j Solaris-Sparc : ../util/shlib_wrap.sh ./bad_dtls_test - core dump

$ uname -a SunOS orl-rpd-sunbld1 5.10 Generic_141444-09 sun4v sparc SUNW,SPARC-Enterprise-T5120 $ echo $PATH /opt/sunstudio12.1/bin:/usr/ccs/bin:/usr/bin:/usr/openwin/bin test_bad_dtls ../util/shlib_wrap.sh ./bad_dtls_test *** Signal 10 - core dumped make: Fatal error: Command failed for

Re: [openssl-dev] [openssl.org #4683] [BUG] Failure running openssl speed ecdh in master branch

> > There are several options which have varying impacts on what speed would > actually be measuring, I'll outline them below: > 1) I just remove X25519 support from OpenSSL speed. This is the easiest > fix but means nobody can use speed to measure performance with the X25519 > curve anymore. This

[openssl-dev] [openssl.org #4695] calloc issue in crypto\LPdir_win.c

Hi - I had a link failure due to an unresolved external "calloc" when trying to build a WindowsCE application using OpenSSL 1.0.2j. calloc appears in crypto\LPdir_win.c on line 98. I think one is supposed to use LocalAlloc for WindowsCE instead of malloc or calloc. I didn't get a link error

[openssl-dev] [openssl.org #4693] Re: [openssl.org #4692] AutoReply: Change EVP_aes_xxx_wrap to use FIPS crypto module in FIPS mode

OPENSSL_free(c->cipher_data); } -memset(c, 0, sizeof(EVP_CIPHER_CTX)); On 10/01/2016 04:02 AM, The default queue via RT wrote: > > Greetings, > > This message has been automatically generated in response to the > creation of a trouble ticket regarding: > &qu

[openssl-dev] [openssl.org #4694] bug report openssl-1.1.0b (ssl_rsa.c)

hello, should the following problem were BUGS ? SSL_use_PrivateKey_file SSL_use_certificate_file SSL_use_RSAPrivateKey_file for example: SSL_use_PrivateKey_file - int SSL_use_PrivateKey_file(SSL *ssl, const char *file,

[openssl-dev] [openssl.org #4693] Change EVP_aes_xxx_wrap to use FIPS crypto module in FIPS mode

The FIPS certified 2.0.x crypto module does not incorporate the key wrap modes within the module boundary, and calls the local AES_{encrypt,decrypt} functions (which is, strictly speaking, a no-no). So, it's not using FIPS validated crypto. This patch provides a modification to use the

[openssl-dev] [openssl.org #4692] Change EVP_aes_xxx_wrap to use FIPS crypto module in FIPS mode

The FIPS certified 2.0.x crypto module does not incorporate the key wrap modes within the module boundary, and calls the local AES_{encrypt,decrypt} functions (which is, strictly speaking, a no-no). So, it's not using FIPS validated crypto. This patch provides a modification to use the

[openssl-dev] [openssl.org #4691] Not sure where to report this...

Trying to upgrade to 1.1.0b (from 1.0.2h) OS:FreeBSD 8.4 p4 Is this a show-stopper? [by the way, let me know if there's a better venue for report install issues] Test Summary Report --- ../test/recipes/40-test_rehash.t (Wstat: 256 Tests: 5 Failed: 1) Failed test: 4

Re: [openssl-dev] [openssl.org #4690] Bug in OpenSSL 1.0.2j ssl_accept

rtage tree). The problem only comes sometimes (not reconstruteable). Michael Am 28.09.2016 um 23:15 schrieb Stephen Henson via RT: > On Wed Sep 28 19:44:49 2016, mich...@michsoft.de wrote: >> In addition to my message I send you my gdb backtrace: >> >> Program received sig

[openssl-dev] [openssl.org #4690] Bug in OpenSSL 1.0.2j ssl_accept

On Wed Sep 28 19:44:49 2016, mich...@michsoft.de wrote: > In addition to my message I send you my gdb backtrace: > > Program received signal SIGSEGV, Segmentation fault. > [Switching to Thread 0x71413700 (LWP 13663)] > 0x76ba4e87 in sk_value () from /usr/lib64/libcrypto.so.1.0.0 >

[openssl-dev] [openssl.org #4689] Fwd: Bug in OpenSSL 1.0.2j ssl_accept

In addition to my message I send you my gdb backtrace: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x71413700 (LWP 13663)] 0x76ba4e87 in sk_value () from /usr/lib64/libcrypto.so.1.0.0 (gdb) backtrace #0 0x76ba4e87 in sk_value () from

Re: [openssl-dev] [openssl.org #4676] Error converting to p12 crt

You did not cut/paste the command line properly because you wrote "-in -inkey" which is wrong. Or maybe that is your error? -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4676 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4687] Bug in apps/req.c introduced in openssl 1.0.2i

Hi, When trying to generate a self signed certificate from a previously generate csr with the command line: openssl req -x509 -key privkey.pem -in csr.pem -out selfsigned.pem it now prompts for country code etc. which is stored in the CSR. This change in behavior was introduced by: commit

[openssl-dev] [openssl.org #4688] bug since openssl1.0.1i

Hello, there is a bug in openssl since openssl1.0.1i I am compiling under Solaris 10 with CC from SolarisStudio 12.3. The problem is not the compiler, it is the implementation of the new test dtlstest. I always did "make dclean" and up to openssl1.0.1h there was no problem, since

[openssl-dev] [openssl.org #4685] [PATCH v2] Add missing prototype for FIPS callback

The call to FIPS_crypto_set_id_callback() was added in revision a43cfd7bb1fc681d563e, but there is no prototype for it in . --- Moved the function prototype upwards, because declarations can only be placed at the top of a function in C. crypto/o_init.c | 5 + 1 file changed, 5

[openssl-dev] [openssl.org #4686] [BUG] Failure to compile if HAVE_CRYPTODEV is defined in OpenSSL 1.0.2i

On Mon Sep 26 14:34:17 2016, rs...@akamai.com wrote: > We have a fix waiting for internal review; see GitHub issue 1546. That's not related to this issue. Cheers, Richard -- Richard Levitte levi...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4686 Please log in as

[openssl-dev] [openssl.org #4686] [BUG] Failure to compile if HAVE_CRYPTODEV is defined in OpenSSL 1.0.2i

That has already been fixed in the 1.0.2 branch, and is part of 1.0.2j, which was released today. Cheers, Richard On Mon Sep 26 14:32:31 2016, jan-markus.pumpa...@bittium.com wrote: > > > Hi, > > When building the OpenSSL 1.0.2i with -DHAVE_CRYPTODEV flag the build > will fail in

Re: [openssl-dev] [openssl.org #4686] [BUG] Failure to compile if HAVE_CRYPTODEV is defined in OpenSSL 1.0.2i

We have a fix waiting for internal review; see GitHub issue 1546. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4686 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4686] [BUG] Failure to compile if HAVE_CRYPTODEV is defined in OpenSSL 1.0.2i

Hi, When building the OpenSSL 1.0.2i with -DHAVE_CRYPTODEV flag the build will fail in crypto/engine/eng_cryptodev.c. I am using 64-bit Ubuntu 14.04 in my build machine with gcc toolchain. For me it looks like there has been a typo in the OPENSSL_malloc return value check. Attached patch

[openssl-dev] [openssl.org #4685] [PATCH] Add missing prototype for FIPS callback

The call to FIPS_crypto_set_id_callback() was added in revision a43cfd7bb1fc681d563e, but there is no prototype for it in . --- This leads to warnings on some platforms (e.g. x86_64-ncp-linux-gnu-gcc): o_init.c:77:5: warning: implicit declaration of function 'FIPS_crypto_set_id_callback'

Re: [openssl-dev] [openssl.org #4684] Potential problem with OPENSSL_cleanse

We do have assembler versions for most CPI's. Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4684 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4684] Potential problem with OPENSSL_cleanse

Hi, Please read: http://www.metzdowd.com/pipermail/cryptography/2016-September/030151.html We use the same construct for our OPENSSL_cleanse, but I think we also have assmebler versions. Kurt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4684 Please log in as guest with

Re: [openssl-dev] [openssl.org #4256] CA.pl usage() does not mention -signcert

On Tue, Jan 19, 2016 at 07:25:04PM +, Kaduk, Ben via RT wrote: > Part of the patch submitted to RT #844 includes a patch to the usage > message of CA.pl. Although the functionality itself of CA.pl was > rewritten for 1.1 (so that #844 was closed), the usage message remains >

[openssl-dev] [openssl.org #4682] PKITS tests fails with 1.0.2i on GNU/Linux

Duplicate of https://github.com/openssl/openssl/issues/1611 -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4682 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4683] [BUG] Failure running openssl speed ecdh in master branch

Running against master branch (commit 39c136cc53d7b6fafdd1a0b52c035fd24358e01c - Updates CHANGES and NEWS for new release) we see a failure when running openssl speed with the ecdh parameter: ./openssl speed ecdh Doing 160 bit ecdh's for 10s: 35676 160-bit ECDH ops in 9.98s Doing 192 bit

[openssl-dev] [openssl.org #4682] PKITS tests fails with 1.0.2i on GNU/Linux

The problem appears to be 325da823, x509_vfy.c line 1132. best_score starts at 0 (from get_crl_delta's crl_score, initialised to 0), and (for whatever reason) crl_score also turns out to be 0. So if (ASN1_TIME_diff(, , X509_CRL_get_lastUpdate(best_crl),

[openssl-dev] [openssl.org #4681] X.509 load method

This is an enhancement request. OpenSSL 1.1 hides details of structures used to load X.509 certificates, in particular - x509_lookup_method_st , x509_lookup_st and x509_object_st. This impact non OpenSSL projects as external application has to duplicated those structures. Request is OpenSSL do

[openssl-dev] [openssl.org #4669] Enhancement request: let dgst support multiple files

Fix in place in master, OpenSSL_1_1_0-stable and OpenSSL_1_0_2-stable Closing ticket. Cheers, Richard On Fri Sep 02 14:57:41 2016, rs...@akamai.com wrote: > Yeah, something like that for 1.0.2; simpler for 1.1.0. I'll do it. > -- Richard Levitte levi...@openssl.org -- Ticket here:

Re: [openssl-dev] [openssl.org #4680] new_session_callback issue.

Sorry it is not a bug. It was a mistake in my code. I just want to know when exactly the callbacks new and get are called when I work with external caching. Thanks Mikael Sent from my iPhone > On 20 Sep 2016, at 1:38 PM, The default queue via RT <r...@openssl.org> wrote: > >

[openssl-dev] [openssl.org #4679] Bug: The 'test4' in openssl-1.0.2h/test/hmactest.c dumped core in FIPS mode

Hi, When I was trying run the test code openssl-1.0.2h/test/hmactest.c in FIPS mode, I got SIGSEGV. I did following changes to run it in FIPS mode. a) Added FIPS_mode_set(1); b) Commented out the test 1 ~ test 3 since MD5 is not supported in FIPS mode. c) I renamed hmactest.c to

[openssl-dev] [openssl.org #4680] new_session_callback issue.

Hi OpenSSL team, A simple question: I wrote a proof of concept in order to use external cache for session id. In my POC I used openssl version 1.1.0 and all seemed OK. I mean, as server, the new_session callback was called as expected (at the first connection) and then the get_session

[openssl-dev] [openssl.org #4678] Bug: the 'dhtest_rfc5114_2048_224_bad_y' in dhtest.c didn't fail in FIPS mode

Hi, The test case openssl-1.0.2h/test/dhtest.c failed when running in FIPS mode, because the BAD test vector 'dhtest_rfc5114_2048_224_bad_y' didn't fail. I found this issue when I was trying to run regular OpenSSL test code in FIPS mode. OpenSSL version: 1.0.2 OpenSSL fips version: 2.0.12 OS:

[openssl-dev] [openssl.org #4677] Options after parameters are ignored in OpenSSL 1.1.0

On Sat Sep 17 17:54:11 2016, pe...@lekensteyn.nl wrote: > Hi, > > Commands which execute normally with OpenSSL 1.0.2h fail in OpenSSL > 1.1.0. Presumably after the "Big apps cleanup (option-parsing, etc)", > > Options after parameters are no longer interpreted. For example, > 'openssl dhparam 128

[openssl-dev] [openssl.org #4677] Options after parameters are ignored in OpenSSL 1.1.0

Hi, Commands which execute normally with OpenSSL 1.0.2h fail in OpenSSL 1.1.0. Presumably after the "Big apps cleanup (option-parsing, etc)", Options after parameters are no longer interpreted. For example, 'openssl dhparam 128 -out /dev/null' used to discard the DH params output, but since

Re: [openssl-dev] [openssl.org #4675] Bug: Parsing Configuration that contains System Variables

: Stephen Henson via RT [mailto:r...@openssl.org] Gesendet: Freitag, 16. September 2016 16:18 An: georg.hoellr...@gmx.at Cc: openssl-dev@openssl.org Betreff: [openssl.org #4675] Bug: Parsing Configuration that contains System Variables On Fri Sep 16 13:54:00 2016, georg.hoellr...@gmx.at wrote

[openssl-dev] [openssl.org #4675] Bug: Parsing Configuration that contains System Variables

On Fri Sep 16 13:54:00 2016, georg.hoellr...@gmx.at wrote: > > As long as $SAN is unset I get > openssl version > 6870300:error:0E065068:configuration file routines:STR_COPY:variable has no > value:conf_def.c:618:line 17 > This is expected and documented behaviour: see config manual page for

[openssl-dev] [openssl.org #4675] Bug: Parsing Configuration that contains System Variables

Hello, I think there is a bug in the config file parsing code. Configuration: --- openssl version -a OpenSSL 1.0.1k 8 Jan 2015 (Library: OpenSSL 1.0.1g 7 Apr 2014) built on: Tue Apr 8 11:04:36 CEST 2014 platform: Cygwin options: bn(64,32) md2(int) rc4(8x,mmx)

[openssl-dev] [openssl.org #4674] Openssl 1.1.0 passwd bug & feature request

And finally got committed to master, with all suggested fixups. Closing this ticket. Cheers, Richard On Wed Sep 14 02:09:15 2016, levitte wrote: > Issue 2 is implemented in https://github.com/openssl/openssl/pull/1572 > > Please try it out. > > Cheers, > Richard > > On Tue Sep 13 22:32:37 2016,

[openssl-dev] [openssl.org #4674] Openssl 1.1.0 passwd bug & feature request

35inz1" > > > > > > So looks good. One suggestion is to re-order the help output so it's > > in declining "best to worst" 6 -> 5 -> 1 -> apr1 -> des), but that's > > minor. > > > > > > Cheers, > > Brian > > > >

[openssl-dev] [openssl.org #4674] Openssl 1.1.0 passwd bug & feature request

5 -> 1 -> apr1 -> des), but that's > minor. > > > Cheers, > Brian > > On Tue, Sep 13, 2016 at 10:09 PM, Richard Levitte via RT > <r...@openssl.org> > wrote: > > > Issue 2 is implemented in > > https://github.com/openssl/openssl/pull/1572 &g

Re: [openssl-dev] [openssl.org #4674] Openssl 1.1.0 passwd bug & feature request

$saltstring$ > svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJuesI68u4OTLiBF > dcbYEdFCoEOfaS35inz1" > > > So looks good. One suggestion is to re-order the help output so it's > in declining "best to worst" 6 -> 5 -> 1 -> apr1 -> des), but that's mino

Re: [openssl-dev] [openssl.org #4674] Openssl 1.1.0 passwd bug & feature request

So looks good. One suggestion is to re-order the help output so it's in declining "best to worst" 6 -> 5 -> 1 -> apr1 -> des), but that's minor. Cheers, Brian On Tue, Sep 13, 2016 at 10:09 PM, Richard Levitte via RT <r...@openssl.org> wrote: > Issue 2 is

[openssl-dev] [openssl.org #4674] Openssl 1.1.0 passwd bug & feature request

Issue 2 is implemented in https://github.com/openssl/openssl/pull/1572 Please try it out. Cheers, Richard On Tue Sep 13 22:32:37 2016, levitte wrote: > Issue 1 now resolved, fix pushed to master branch as well as > OpenSSL_1_1_0-stable. > > Issue 2 remaining. > > Cheers, > Richard > > On Tue

[openssl-dev] [openssl.org #4674] Openssl 1.1.0 passwd bug & feature request

Issue 1 now resolved, fix pushed to master branch as well as OpenSSL_1_1_0-stable. Issue 2 remaining. Cheers, Richard On Tue Sep 13 20:32:18 2016, levitte wrote: > I can confirm issue one and raise you one: it's not just on Windows > > On it. > > Cheers, > Richard > > On Tue Sep 13 17:23:48

[openssl-dev] [openssl.org #4674] Openssl 1.1.0 passwd bug & feature request

A note for the future: since this is really two issues, they should be one ticket each. I'll let this one slip by, 'cause it's relatively simple to fix both. However, please understand that while issue 1 will be fixed in OpenSSL 1.1.0a, issue 2 will not appear before OpenSSL 1.1.1. Cheers,

[openssl-dev] [openssl.org #4674] Openssl 1.1.0 passwd bug & feature request

I can confirm issue one and raise you one: it's not just on Windows On it. Cheers, Richard On Tue Sep 13 17:23:48 2016, bkhow...@gmail.com wrote: > This may be two requests, one a bug and one a feature request. > > Issue 1: openssl 1.1.0 passwd on Windows 64 doesn't generate MD5 passwords > (-1

[openssl-dev] [openssl.org #4674] Openssl 1.1.0 passwd bug & feature request

This may be two requests, one a bug and one a feature request. Issue 1: openssl 1.1.0 passwd on Windows 64 doesn't generate MD5 passwords (-1 / -apr1), returns "". I haven't tested other platforms. See output below. Issue 2: openssl 1.1.0 passwd doesn't support newer password hashing

Re: [openssl-dev] [openssl.org #4673] a weird error, please help to check whether is it a but. thanks!

> On Sep 12, 2016, at 4:08 PM, zy_chongqing via RT <r...@openssl.org> wrote: > > SSL_CTX_use_certificate_file return 0, and the log show: error:140AB18F:SSL > routines:SSL_CTX_use_certificate:ee key too small > 1. this programe is running well in one server, but failed in

[openssl-dev] [openssl.org #4673] a weird error, please help to check whether is it a but. thanks!

Hello, I have a function to initial the CTX as below: #define CA_CERT_PATH          "./pem" #define RSA_CLIENT_CERT "./pem/PushChatCert.pem" #define RSA_CLIENT_KEY       "./pem/PushChatKey.pem" bool CAPNSClient::InitCTX() { SSL_library_init(); SSL_load_error_strings();

[openssl-dev] [openssl.org #4130] Provide enginesdir in pkgconfig file

Fixed in the 1.1.0 and 1.0.2 branches, as well as master. Closing ticket. Thank you! Cheers, Richard On Mon Nov 09 08:15:26 2015, dw...@infradead.org wrote: > External engines such as engine_pkcs11 want to install into > $ENGINESDIR. Would be nice if we could tell where it is by using >

Re: [openssl-dev] [openssl.org #4667] Issue with OpenSSL v1.1.0 on AIX with XLC and GCC and -O

Hi Andy, Your patch DOES work fine with GCC 6.2.0 and -O, both for 32 & 64bits. It also works fine with XLC v12.1.0.14 and -O in 64bits (was OK in 32bits). Thanks for your help ! Regards, Tony Le 03/09/2016 00:42, Andy Polyakov via RT a écrit : - GCC 6.1.0 is: KO, 64 & 32 bits: #

[openssl-dev] [openssl.org #4672] BUG: NEWSLOG - an error occurred while processing this directive

Thanks for the notification. Problem fixed, will be visible in a couple of minutes. Closing ticket Cheers, Richard On Tue Sep 06 06:44:32 2016, tallev...@yahoo.com wrote: > Hi, > I've encountered the following error: "an error occurred while > processing this directive" when > opening the news

[openssl-dev] [openssl.org #4672] BUG: NEWSLOG - an error occurred while processing this directive

Hi, I've encountered the following error: "an error occurred while processing this directive" when opening the news log. https://www.openssl.org/news/newslog.html Thanks. Tal. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4672 Please log in as guest with password guest if

[openssl-dev] [openssl.org #4671] Bug: pkcs8 application limits output passwords to 50 characters

The pkcs8 application limits output keyfile passwords to at most 50 characters if -passout parameter is not used. This seems to be because the buffer used for password input in pkcs8.c has a fixed size of 50. This has a small security impact: the limitation leaks the maximum length of a password

[openssl-dev] [openssl.org #4670] a bug in ssl_lib(ver 1.0.2)

Hi OpenSSL, First, Thank you for your contribution in OpenSSL. I found the bug last week, that is: step-1, Create a socket of non-blocking mode, and then establish the connection-oriented; (all works successfully done) step-2, Call SSL_connect(or SSL_do_handshake) for establish a security

[openssl-dev] ������RE: [openssl.org #4660] error:89070063:lib(137):CAPI_RSA_SIGN:cant create hash object

This transaction appears to have no content -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4660 Please log in as guest with password guest if prompted bind6Z00uJN6D.bin Description: Binary data bin1I7STPaGEj.bin Description: Binary data -- openssl-dev mailing list To

Re: [openssl-dev] [openssl.org #4667] Issue with OpenSSL v1.1.0 on AIX with XLC and GCC and -O

> - GCC 6.1.0 is: KO, 64 & 32 bits: > # Failed test 'running evp_test evptests.txt' > # at ../test/recipes/30-test_evp.t line 18. > # Looks like you failed 1 test of 1. > ../test/recipes/30-test_evp.t .. > Dubious, test returned 1 (wstat 256, 0x100) > Failed 1/1 subtests Phew!

[openssl-dev] [openssl.org #4668] Enhancement request: website: support proper titles

The title now has the URL. Closing. Fixed as it's gonna get :) -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4668 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4660] error:89070063:lib(137):CAPI_RSA_SIGN:cant create hash object

Hi Are you saying that it was full? glen -Original Message- From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of Stephen Henson via RT Sent: Friday, September 02, 2016 12:00 PM To: 1047941...@qq.com Cc: openssl-dev@openssl.org Subject: [openssl-dev] [openssl.org

[openssl-dev] [openssl.org #4660] error:89070063:lib(137):CAPI_RSA_SIGN:cant create hash object

On Sat Aug 27 14:01:11 2016, 1047941...@qq.com wrote: > hello: > i want to use libcurl with openssl, and i build openssl use this > cmd: > "perl configure VC-WIN32 no-asm -DOPENSSL_SSL_CLIENT_ENGINE_AUTO=capi > -DOPENSSL_CAPIENG_DIALO" > > > when i use curl get url,eg "curl -k

Re: [openssl-dev] [openssl.org #4668] Enhancement request: website: support proper titles

> Errr, yes. That's because all pages include the same header, which has: > > OpenSSL > > I thought that was by design... No, it was because the person who rebuilt the web doesn't know much about the web. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4668 Please log in as

Re: [openssl-dev] [openssl.org #4669] Enhancement request: let dgst support multiple files

Yeah, something like that for 1.0.2; simpler for 1.1.0. I'll do it. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4669 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4668] Enhancement request: website: support proper titles

On Fri Sep 02 14:37:30 2016, rs...@akamai.com wrote: > There is a bug. Navigate around and then right-click on the back > button. All the pages just say openssl. Errr, yes. That's because all pages include the same header, which has: OpenSSL I thought that was by design... Cheers, Richard --

Re: [openssl-dev] [openssl.org #4668] Enhancement request: website: support proper titles

There is a bug. Navigate around and then right-click on the back button. All the pages just say openssl. Re-opening. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4668 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] [openssl.org #4641] [openssl-1.1.0-pre6] make test stops with solaris64-x86_64-gcc

I forgot writing. crypto/x86_64cpuid.s generated by 64 bit perl & generated by rebuilt 32 bit perl is the same. Regards, --- Kiyoshi > With my old 32 bit perl,built by default except for prefix, >   perl -e 'use integer; printf > "%d\n",0x<<32>>32' >

Re: [openssl-dev] [openssl.org #4669] Enhancement request: let dgst support multiple files

Richard Levitte via RT <r...@openssl.org> wrote: |On Thu Sep 01 13:18:44 2016, stef...@sdaoden.eu wrote: |> From the documentation i cannot tell what is wrong with the |> following: |> |> echo abc > a; echo def > b; echo ghi > c |> openssl genpkey -algorithm R

Re: [openssl-dev] [openssl.org #4668] Enhancement request: website: support proper titles

Richard Levitte via RT <r...@openssl.org> wrote: |On Thu Sep 01 13:13:44 2016, stef...@sdaoden.eu wrote: |> Before sending the last message i looked around on the website (it |> has become particularly complicated to find the bug tracker), and |> looking at the "go-bac

[openssl-dev] [openssl.org #4669] Enhancement request: let dgst support multiple files

On Thu Sep 01 13:18:44 2016, stef...@sdaoden.eu wrote: > Hello. > > From the documentation i cannot tell what is wrong with the > following: > > echo abc > a; echo def > b; echo ghi > c > openssl genpkey -algorithm RSA -out k.prv > openssl pkey -in k.prv -pubout -out k.pub > openssl dgst -sha512

[openssl-dev] [openssl.org #4668] Enhancement request: website: support proper titles

On Thu Sep 01 13:13:44 2016, stef...@sdaoden.eu wrote: > Before sending the last message i looked around on the website (it > has become particularly complicated to find the bug tracker), and > looking at the "go-back" list i saw dozens of "OpenSSL" entries, > rather than rt, "Getting started as a

Re: [openssl-dev] [openssl.org #4668] Enhancement request: website: support proper titles

"Salz, Rich" wrote: .. |for and fix? (I'm kinda slow sometimes) Do you know the story of the couple that had been married for decades when suddenly, at a Sunday morning breakfast, it has been revealed that she, who was given the upper half of the bread rolls for so long --

  1   2   3   4   5   6   7   8   9   10   >