[openssl-dev] [openssl.org #4567] Configure does not honor CFLAGS

2016-06-14 Thread Richard Levitte via RT 
Cool. That closes this ticket.

BTW, you're right, we don't honor a CFLAGS env var. We never did. We take the
cflags on the configuration command line.

Cheers,
Richard

On Tue Jun 14 07:35:11 2016, noloa...@gmail.com wrote:
> On Tue, Jun 14, 2016 at 3:33 AM, Richard Levitte via RT
>  wrote:
> > Is this enough to satisfy you?
> >
> > ./config -DNDEBUG -g3 -O0
>
> Yes, that would be good.
>
> no-asm and no-omit-frame-pointer on x86 may be good choices, too.
>
> Jeff
>
> > On Tue Jun 14 07:24:31 2016, noloa...@gmail.com wrote:
> >> Working from latest sources. I'm trying to build a "debug"
> >> configuration with both -DNDEBUG (I don't want asserts firing) and
> >> -g3
> >> (I want the symbolic constants).
> >>
> >> $ ./config no-asm -g3 -O0 -fno-omit-frame-pointer
> >> Operating system: i86pc-whatever-solaris2
> >> Configuring for solaris64-x86_64-gcc
> >> Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
> >> ...
> >> CC =gcc
> >> CFLAG =-m64 -Wall -DL_ENDIAN -O3 -pthread -DFILIO_H -g3 -O0
> >> -fno-omit-frame-pointer
> >> ...
> >>
> >>
> >> And:
> >>
> >> $ export CFLAGS="-DNDEBUG -g3 -O0"
> >> $ ./config
> >> Operating system: i86pc-whatever-solaris2
> >> Configuring for solaris64-x86_64-gcc
> >> Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
> >> ...
> >> CC =gcc
> >> CFLAG =-m64 -Wall -DL_ENDIAN -O3 -pthread -DFILIO_H -Wa,--
> >> noexecstack
> >> SHARED_CFLAG =-fPIC
> >> ...


--
Richard Levitte
levi...@openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4567
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4567] Configure does not honor CFLAGS

2016-06-14 Thread Richard Levitte via RT 
Is this enough to satisfy you?

./config -DNDEBUG -g3 -O0

On Tue Jun 14 07:24:31 2016, noloa...@gmail.com wrote:
> Working from latest sources. I'm trying to build a "debug"
> configuration with both -DNDEBUG (I don't want asserts firing) and -g3
> (I want the symbolic constants).
>
> $ ./config no-asm -g3 -O0 -fno-omit-frame-pointer
> Operating system: i86pc-whatever-solaris2
> Configuring for solaris64-x86_64-gcc
> Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
> ...
> CC =gcc
> CFLAG =-m64 -Wall -DL_ENDIAN -O3 -pthread -DFILIO_H -g3 -O0
> -fno-omit-frame-pointer
> ...
>
>
> And:
>
> $ export CFLAGS="-DNDEBUG -g3 -O0"
> $ ./config
> Operating system: i86pc-whatever-solaris2
> Configuring for solaris64-x86_64-gcc
> Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
> ...
> CC =gcc
> CFLAG =-m64 -Wall -DL_ENDIAN -O3 -pthread -DFILIO_H -Wa,--
> noexecstack
> SHARED_CFLAG =-fPIC
> ...


--
Richard Levitte
levi...@openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4567
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2388] out-of-date comment for renegotiation handling

2016-06-14 Thread Matt Caswell via RT 
Fixed in commit e7653f3bab. Closing ticket.

Matt

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2388
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4567] Configure does not honor CFLAGS

2016-06-14 Thread noloa...@gmail.com via RT 
On Tue, Jun 14, 2016 at 3:33 AM, Richard Levitte via RT  
wrote:
> Is this enough to satisfy you?
>
> ./config -DNDEBUG -g3 -O0

Yes, that would be good.

no-asm and no-omit-frame-pointer on x86 may be good choices, too.

Jeff

> On Tue Jun 14 07:24:31 2016, noloa...@gmail.com wrote:
>> Working from latest sources. I'm trying to build a "debug"
>> configuration with both -DNDEBUG (I don't want asserts firing) and -g3
>> (I want the symbolic constants).
>>
>> $ ./config no-asm -g3 -O0 -fno-omit-frame-pointer
>> Operating system: i86pc-whatever-solaris2
>> Configuring for solaris64-x86_64-gcc
>> Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
>> ...
>> CC =gcc
>> CFLAG =-m64 -Wall -DL_ENDIAN -O3 -pthread -DFILIO_H -g3 -O0
>> -fno-omit-frame-pointer
>> ...
>>
>>
>> And:
>>
>> $ export CFLAGS="-DNDEBUG -g3 -O0"
>> $ ./config
>> Operating system: i86pc-whatever-solaris2
>> Configuring for solaris64-x86_64-gcc
>> Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
>> ...
>> CC =gcc
>> CFLAG =-m64 -Wall -DL_ENDIAN -O3 -pthread -DFILIO_H -Wa,--
>> noexecstack
>> SHARED_CFLAG =-fPIC
>> ...


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4567
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4567] Configure does not honor CFLAGS

2016-06-14 Thread noloa...@gmail.com via RT 
On Tue, Jun 14, 2016 at 3:43 AM, Richard Levitte via RT  
wrote:
> Cool. That closes this ticket.

Thank you very much.

> BTW, you're right, we don't honor a CFLAGS env var. We never did. We take the
> cflags on the configuration command line.

There's always hope. Its eternal :)

Jeff


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4567
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4567] Configure does not honor CFLAGS

2016-06-14 Thread noloa...@gmail.com via RT 
Working from latest sources. I'm trying to build a "debug"
configuration with both -DNDEBUG (I don't want asserts firing) and -g3
(I want the symbolic constants).

$ ./config no-asm -g3 -O0 -fno-omit-frame-pointer
Operating system: i86pc-whatever-solaris2
Configuring for solaris64-x86_64-gcc
Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
...
CC=gcc
CFLAG =-m64 -Wall -DL_ENDIAN -O3 -pthread -DFILIO_H  -g3 -O0
-fno-omit-frame-pointer
...


And:

$ export CFLAGS="-DNDEBUG -g3 -O0"
$ ./config
Operating system: i86pc-whatever-solaris2
Configuring for solaris64-x86_64-gcc
Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
...
CC=gcc
CFLAG =-m64 -Wall -DL_ENDIAN -O3 -pthread -DFILIO_H  -Wa,--noexecstack
SHARED_CFLAG  =-fPIC
...


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4567
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4571] SegFault when OBJ_create is called from multiple threads (despite setting up locking_function)

2016-06-14 Thread Rich Salz via RT 
No, these routines are not guaranteed to be thread-safe. Sorry.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4571
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4568] Enhancement request: Capability vector accessor function for arm and ppc

2016-06-14 Thread Loic Etienne via RT 
For arm and ppc, define functions corresponding to unsigned long 
*OPENSSL_ia32cap(), returning a pointer to the capability vector, or NULL on an 
unsuitable architecture:
unsigned int *OPENSSL_armcap_loc();
unsigned int *OPENSSL_ppccap_loc();

Otherwise, an extern declaration of OPENSSL_armcap_P (or OPENSSL_ppccap_P) is 
required, depending on the architecture, which has to be detected by other 
means. This is inconvenient. Furthermore, arm_arch.h and ppc_arch.h not 
available in the deployed include folder, making a declaration mismatch 
possible.

Further architectures may be considered as well.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4568
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4571] SegFault when OBJ_create is called from multiple threads (despite setting up locking_function)

2016-06-14 Thread Maciej Grzymkowski via RT 
Hi,

I may, or may not, stumbled upon an issue with OpenSSL multihreading when
calling OBJ_create to define a new extension.

Briefly, calling below code from several threads at once - despite setting
up of locking functions - may cause segmentation fault due to supposedly
double free/corruption.

   char CUSTOM_EXTENSION_OID_VALUE[] = "1.2.345.678901.2.3.4";
   OBJ_create(CUSTOM_EXTENSION_OID_VALUE, "customExtension", "Custom
Extension");

Though this may not be a recommended set of calls to be executed over and
over again, I'd expect proper locking_function to guard against critical
failures.

The error is output when the crash happens as:
   *** Error in `./openssl_object_add_segfault_test': double free or
corruption (fasttop): 0x7f50ac002620 ***

gdb used to look at the dumped core reveals:
   (gdb) bt
   #0  0x7f50feea8cc9 in __GI_raise (sig=sig@entry=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:56
   #1  0x7f50feeac0d8 in __GI_abort () at abort.c:89
   #2  0x7f50feee5394 in __libc_message (do_abort=do_abort@entry=1,
fmt=fmt@entry=0x7f50feff3b28 "*** Error in `%s': %s: 0x%s ***\n") at
../sysdeps/posix/libc_fatal.c:175
   #3  0x7f50feef166e in malloc_printerr (ptr=,
str=0x7f50feff3cf0 "double free or corruption (fasttop)", action=1) at
malloc.c:4996
   #4  _int_free (av=, p=, have_lock=0) at
malloc.c:3840
   #5  0x0044a12d in CRYPTO_free ()
   #6  0x0044d921 in OBJ_add_object ()
   #7  0x0044ebcd in OBJ_create ()
   #8  0x0040364c in run()::{lambda()#1}::operator()() const ()

OpenSSL versions tested were: openssl-1.0.1t, openssl-1.0.1s and
openssl-1.0.2h.Above or similar occurred on all the tested versions.
I've noticed the behaviour on Ubuntu 14.04, using gcc 4.8.4, compiling
C++11 code. I first noticed the issue using clang, so I suppose compiler is
irrelevant.

I do have a minimal example (just a main, initOpenSSL and runThreads
functions, 70 lines of code + a Makefile) reproducing the issue. I am not
sure if emailing them here is the right way, if it is please let me know
and I'll paste it in.

Kind regards,
Maciej

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4571
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4562] Possible bug in OPENSSL_config - ignore input parameter

2016-06-14 Thread Rich Salz via RT 
Documentation fixed in 1.0.2 (commit dd8a1f2).Also fix in master (commit
cda3ae5), which also renamed the variables from config_file to appname, etc.,
in the source code.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4562
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4569] Enhancement request: Macros for x86 capability bits

2016-06-14 Thread Loic Etienne via RT 
For x86, define macros for capability bits (like for arm and pcc), according to 
https://www.openssl.org/docs/manmaster/crypto/OPENSSL_ia32cap.html:
#define X86_TSCNT  (1UL << 4 )
#define X86_CLFLUSH(1UL << 19)
#define X86_RC4PATH(1UL << 20)
#define X86_MMX(1UL << 23)
#define X86_FXSR   (1UL << 24)
#define X86_SSE(1UL << 25)
#define X86_SSE2   (1UL << 26)
#define X86_HTHREAD(1UL << 28)
#define X86_INTELCPU   (1UL << 30)
#define X86_PCLMULQDQ  (1UL << 33)
#define X86_SSSE3  (1UL << 41)
#define X86_AMDXOP (1UL << 43)
#define X86_MOVBE  (1UL << 54)
#define X86_AESNI  (1UL << 57)
#define X86_XSAVE  (1UL << 58)
#define X86_OSXSAVE(1UL << 59)
#define X86_AVX(1UL << 60)
#define X86_RDRAND (1UL << 62)


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4569
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #3699] Resolved: openssl-1.0.2, fips sparc multiply defined _sparcv9_vis1_instrument_bus, _sparcv9_vis1_instrument_bus2

2016-06-14 Thread Stuart Kemp via RT 
Will this change be merged into the latest 1.0.2 and/or 1.1.0 branches?

-Original Message-
From: Rich Salz via RT [mailto:r...@openssl.org] 
Sent: Monday, June 13, 2016 3:27 PM
To: Stuart Kemp 
Subject: [openssl.org #3699] Resolved: openssl-1.0.2, fips sparc multiply 
defined _sparcv9_vis1_instrument_bus, _sparcv9_vis1_instrument_bus2

According to our records, your request has been resolved. If you have any
further questions or concerns, please respond to this message.

--  
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3699
Please log in as guest with password guest if prompted


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3699
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4570] Enhancement request: Configuration option no-hw-aes

2016-06-14 Thread Loic Etienne via RT 
Define a configuration option no-hw-aes.
No aes processor instruction should be compiled if one of the configuration 
options no-hw or no-hw-aes is given.


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4570
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4568] Enhancement request: Capability vector accessor function for arm and ppc

2016-06-14 Thread Salz, Rich via RT 
Doesn't it make more sense to have a single API that returns the 
platform-specific flags?


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4568
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4571] SegFault when OBJ_create is called from multiple threads (despite setting up locking_function)

2016-06-14 Thread Maciej Grzymkowski via RT 
That's fine with me, though, it might bite someone in the future. Is there
any documentation or site listing which funcs would be thread-safe? (if
this is offtopic, please let me know, and we'll simply end the thread)

On Tue, Jun 14, 2016 at 6:44 PM, Rich Salz via RT  wrote:

> No, these routines are not guaranteed to be thread-safe. Sorry.
>
> --
> Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4571
> Please log in as guest with password guest if prompted
>
>

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4571
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3699] openssl-1.0.2, fips sparc multiply defined _sparcv9_vis1_instrument_bus, _sparcv9_vis1_instrument_bus2

2016-06-14 Thread Rich Salz via RT 
It will be in 1.0.2 shortly. It's not relevant for 1.1 which doesn't support
FIPS.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3699
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4571] SegFault when OBJ_create is called from multiple threads (despite setting up locking_function)

2016-06-14 Thread Salz, Rich via RT 
> That's fine with me, though, it might bite someone in the future. Is there any
> documentation or site listing which funcs would be thread-safe? (if this is
> offtopic, please let me know, and we'll simply end the thread)

Please take it to openssl-dev mailing list.  It's a good discussion to have!


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4571
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #3699] openssl-1.0.2, fips sparc multiply defined _sparcv9_vis1_instrument_bus, _sparcv9_vis1_instrument_bus2

2016-06-14 Thread Andy Polyakov via RT 
> It will be in 1.0.2 shortly.

Applied to 1.0.2.

> It's not relevant for 1.1 which doesn't support FIPS.

Because current 2.x version of FIPS module won't be supported with 1.1,
so that solution in 1.1 would have to be different.


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3699
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4507] Bugs due to missing error handling

2016-06-14 Thread Rich Salz via RT 
fixed some time ago.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4507
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4572] SSL_set_bio and friends

2016-06-14 Thread David Benjamin via RT 
I recently made some changes around BoringSSL's SSL_set_bio, etc. which you
all might be interested in. The BIO management has two weird behaviors
right now:

1. The existence of bbio is leaked in the public API when it should be an
implementation detail. (Otherwise you're stuck with it for DTLS where it's
really messy.)  SSL_get_wbio will return it, and SSL_set_bio messes up when
the bbio is active.

2. SSL_set_bio's object ownership story is a mess. It also doesn't quite
work. This crashes:
   SSL_set_fd(ssl, 1);
   SSL_set_rfd(ssl, 2);
But this does not:
   SSL_set_fd(ssl, 1);
   SSL_set_wfd(ssl, 2);
Not that anyone would do such a thing, but the asymmetry is off.

For 1, I made this change:
https://boringssl.googlesource.com/boringssl/+/2f87112b963fe9dee6a75b23a8dae4501063%5E%21/
SSL_get_wbio now always returns the true wbio. BIO_set_bio is aware of bbio
and behaves accordingly.

Then for 2, I wrote this test:
https://boringssl.googlesource.com/boringssl/+/5c0fb889a1348ecaa5691f6139f9d60a610f2129%5E%21/
And then made this change:
https://boringssl.googlesource.com/boringssl/+/f715c423224a292d79ba0e3df373c828fbae29f7%5E%21/
[Plus
comment typo fix]
Releasing ssl->{rbio,wbio} is now much more straight-forward. All the
ownership quirks are left in SSL_set_bio. It's messy, but it's the best
option I found which preserves the existing calling patterns. The different
cases reflect the desired behavior inherently having a lot of cases.

For OpenSSL master, I believe it'd also work to add an s->rbio != s->wbio
check to SSL_set_rbio, but I think those are worse semantics for
SSL_set_{rbio,wbio}. They are new APIs, so, before it's too late, give them
clear semantics like "SSL_set_rbio takes ownership of its argument",
consistent with "set0" functions, rather than a mix of "set0" and "set1".

David

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4572
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4223] fix request for OpenSSL (not version specific)

2016-06-14 Thread Rich Salz via RT 
TANDEM is not a supported platform. Sorry. You could make up a dummy file, like
in /usr/local/include/sys, and add that -I flag.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4223
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4259] Bug: Apparent memory leak in kssl.c

2016-06-14 Thread Rich Salz via RT 
Seems to have been fixed some time ago. thanks.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4259
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4546] bug: misleading docs for EVP_*{Cipher, Encrypt, Decrypt}Final() functions in release branch

2016-06-14 Thread Rich Salz via RT 
commit 95fb422 pushed to 1.0.2 thanks!

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4546
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4349] Pull request for bilinear pairings

2016-06-14 Thread Rich Salz via RT 
See the PR for all information; don't need a duplicate ticket now. (Esp since
this is post-1.1)

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4349
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4205] Improve the default TLS session ticket key

2016-06-14 Thread Rich Salz via RT 
We don't need an RT ticket that matches a GH issue or PR. Especially for
post-1.1 things :)

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4205
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4038] SSLv2 session reuse is broken on the 1.0.2 branch

2016-06-14 Thread Rich Salz via RT 
SSLv2 is not supported any more.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4038
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3897] request: add BLAKE2 hash function (let's kill md5sum!)

2016-06-14 Thread Rich Salz via RT 
done.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3897
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3898] Bug fix: missing line from trunk crypto/comp/comp_lcl.h

2016-06-14 Thread Rich Salz via RT 
fixed awhile ago, thanks.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3898
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4223] fix request for OpenSSL (not version specific)

2016-06-14 Thread Cleveland Watson via RT 
Rich, thank you for your reply.  We have a workaround, so we'll just 
continue using it.

Best Regards,
Cleve Watson



From:   Rich Salz via RT 
To: Cleveland Watson/Dallas/IBM@IBMUS
Cc: openssl-dev@openssl.org
Date:   06/14/2016 03:31 PM
Subject:[openssl.org #4223] fix request for OpenSSL (not version 
specific)



TANDEM is not a supported platform. Sorry. You could make up a dummy file, 
like
in /usr/local/include/sys, and add that -I flag.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4223
Please log in as guest with password guest if prompted






-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4223
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4573] BUG -- Documentation issue with RAND_add in rand.pod

2016-06-14 Thread paul.d...@oracle.com via RT 
The doc/crypto/rand.pod file incorrectly documents the prototype for the 
RAND_add function.  The last argument is a double not an int.

It is correctly documented in the doc/crypto/RAND_add.pod file.

 

Fix attached.

 

Pauli

 

-- 

Oracle

Dr Paul Dale | Cryptographer | Network Security & Encryption 

Phone +61 7 3031 7217

Oracle Australia

 

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4573
Please log in as guest with password guest if prompted

diff --git a/doc/crypto/rand.pod b/doc/crypto/rand.pod
index 76ec0b6..80c6f3a 100644
--- a/doc/crypto/rand.pod
+++ b/doc/crypto/rand.pod
@@ -14,7 +14,7 @@ rand - pseudo-random number generator
  int  RAND_pseudo_bytes(unsigned char *buf, int num);
 
  void RAND_seed(const void *buf, int num);
- void RAND_add(const void *buf, int num, int entropy);
+ void RAND_add(const void *buf, int num, double entropy);
  int  RAND_status(void);
 
  int  RAND_load_file(const char *file, long max_bytes);
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4038] SSLv2 session reuse is broken on the 1.0.2 branch

2016-06-14 Thread Matt Caswell via RT 
On Tue Jun 14 20:42:36 2016, rsalz wrote:
> SSLv2 is not supported any more.

Uyes it is on the 1.0.2 branch? It is off by default though.

Matt

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4038
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev