[openssl.org #2759] SSL_read / SSL_ERROR_WANT_READ / ENOTCONN infinite loop

Type: bug report OS: iOS (but may affect other platforms, mobile in particular) OpenSSL versions: confirmed in 1.0.0.h and 1.0.1 Beta 3 Bug: int BIO_sock_non_fatal_error(int err) in crypto/bio/bss_sock.c returns 1 for ENOTCONN which causes SSL_read to return SSL_ERROR_WANT_READ. In at least

[openssl.org #2760] possible bug report: DSA_verify() doesn't correctly account for len

/* crypto/dsa/dsatest.c */ /* Copyright (C) 1995-1998 Eric Young (e...@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (e...@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * * This library is

Re: 1.0.0h apps/s_client.c mystery

In message 12031323361474_20200...@antinode.info on Tue, 13 Mar 2012 23:36:14 -0500 (CDT), Steven M. Schweda s...@antinode.info said: smsRecent discussions on comp.os.vms of problems with apps/s_client.c on sms VMS systems led me to poke around a little. Bearing in mind that I sms know

Re: Fixes to the VMS version(s) of OpenSSL

In message blu0-smtp682c83767b322d11850a9887...@phx.gbl on Mon, 12 Mar 2012 07:02:10 -0400, Neil Rieck n.ri...@sympatico.ca said: n.rieck Team, n.rieck n.rieck * A few weeks back, I discovered a problem with the command “OpenSSL s_client” which (I think) n.rieck has been broken in VMS

Re: 1.0.0h apps/s_client.c mystery

In message 20120314.114607.402413137.rich...@levitte.org on Wed, 14 Mar 2012 11:46:07 +0100 (CET), Richard Levitte rich...@levitte.org said: richard You're right, that code looks quite odd, the following should do richard better, wouldn't you say? Of course not... it should be as you

Re: 1.0.0h apps/s_client.c mystery

From: Richard Levitte rich...@levitte.org Of course not... it should be as you mentioned... [...] I was thinking more like: #if !defined(OPENSSL_NO_JPAKE) !defined(OPENSSL_NO_PSK) if (jpake_secret) { if (psk_key) {

OpenSSL 1.0.1 released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.1 released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.1 of our open source

Re: 1.0.0h apps/s_client.c mystery

In message 12031409093019_20200...@antinode.info on Wed, 14 Mar 2012 09:09:30 -0500 (CDT), Steven M. Schweda s...@antinode.info said: sms From: Richard Levitte rich...@levitte.org sms sms Of course not... it should be as you mentioned... sms [...] sms smsI was thinking more like: sms

RE: OpenSSL 1.0.1 released

Hello, Thank you very much for 1.0.1 release. It builds and works perfect on OpenVMS Alpha and IA64 architectures - as long I could test it. Unfortunately, it is still not possible to build on VAX architecture, because the [openssl.org #2653] [BUG] OpenSSL 1.0.1 OpenVMS issues on VAX is sill

Re: OpenSSL 1.0.1 released

Unfortunately, it is still not possible to build on VAX architecture, because the [openssl.org #2653] [BUG] OpenSSL 1.0.1 OpenVMS issues on VAX is sill not solved. http://www.mail-archive.com/openssl-dev@openssl.org/msg29956.html

Re: OpenSSL 1.0.1 released

On Wednesday 14 March 2012 11:09:22 OpenSSL wrote: OpenSSL version 1.0.1 released === http://www.openssl.org/source/exp/CHANGES. The most significant changes are: o TLS/DTLS heartbeat support. o SCTP support. o RFC 5705 TLS

Re: OpenSSL 1.0.1 released

On Wed, Mar 14, 2012, Mike Frysinger wrote: On Wednesday 14 March 2012 11:09:22 OpenSSL wrote: OpenSSL version 1.0.1 released === http://www.openssl.org/source/exp/CHANGES. The most significant changes are: o TLS/DTLS heartbeat

Re: 1.0.0h apps/s_client.c mystery

From: Richard Levitte rich...@levitte.org smsI was thinking more like: [...] sms if (cipher) sms { sms if (strcmp( cipher, PSK)) sms { sms BIO_printf(bio_err, sms

Re: OpenSSL 1.0.1 released

On Wednesday 14 March 2012 14:25:32 Dr. Stephen Henson wrote: On Wed, Mar 14, 2012, Mike Frysinger wrote: On Wednesday 14 March 2012 11:09:22 OpenSSL wrote: OpenSSL version 1.0.1 released === http://www.openssl.org/source/exp/CHANGES.

Re: OpenSSL 1.0.1 released

On Wed, Mar 14, 2012, Mike Frysinger wrote: On Wednesday 14 March 2012 14:25:32 Dr. Stephen Henson wrote: On Wed, Mar 14, 2012, Mike Frysinger wrote: On Wednesday 14 March 2012 11:09:22 OpenSSL wrote: OpenSSL version 1.0.1 released ===

Re: OpenSSL 1.0.1 released

On Wed, 2012-03-14 at 19:36 +0100, Dr. Stephen Henson wrote: On Wed, Mar 14, 2012, Mike Frysinger wrote: On Wednesday 14 March 2012 14:25:32 Dr. Stephen Henson wrote: On Wed, Mar 14, 2012, Mike Frysinger wrote: On Wednesday 14 March 2012 11:09:22 OpenSSL wrote: OpenSSL version

Re: OpenSSL 1.0.1 released

On Wednesday 14 March 2012 14:36:09 Dr. Stephen Henson wrote: On Wed, Mar 14, 2012, Mike Frysinger wrote: On Wednesday 14 March 2012 14:25:32 Dr. Stephen Henson wrote: On Wed, Mar 14, 2012, Mike Frysinger wrote: On Wednesday 14 March 2012 11:09:22 OpenSSL wrote: OpenSSL version

Re: OpenSSL 1.0.1 released

On Wed, Mar 14, 2012 at 02:30:29PM -0400, Mike Frysinger wrote: On Wednesday 14 March 2012 14:25:32 Dr. Stephen Henson wrote: On Wed, Mar 14, 2012, Mike Frysinger wrote: On Wednesday 14 March 2012 11:09:22 OpenSSL wrote: OpenSSL version 1.0.1 released

Re: OpenSSL 1.0.1 released

open...@master.openssl.org (OpenSSL) writes: [...] o Preliminary FIPS capability for unvalidated 2.0 FIPS module. I note that #2741 appears not to be resolved, so if you build on Windows and use --with-fipsdir=... then that probably won't work. [...]

Re: OpenSSL 1.0.1 released

On Wed, Mar 14, 2012, Bruce Stephens wrote: open...@master.openssl.org (OpenSSL) writes: [...] o Preliminary FIPS capability for unvalidated 2.0 FIPS module. I note that #2741 appears not to be resolved, so if you build on Windows and use --with-fipsdir=... then that probably

Re: OpenSSL 1.0.1 released

On Wednesday 14 March 2012 17:18:19 Kurt Roeckx wrote: On Wed, Mar 14, 2012 at 02:30:29PM -0400, Mike Frysinger wrote: On Wednesday 14 March 2012 14:25:32 Dr. Stephen Henson wrote: On Wed, Mar 14, 2012, Mike Frysinger wrote: On Wednesday 14 March 2012 11:09:22 OpenSSL wrote:

Re: OpenSSL 1.0.1 released

On Wed, Mar 14, 2012, Mike Frysinger wrote: i'm not looking for downstream workarounds here but rather the right answer. is openssl-1.0.1 expected to be ABI compatible with openssl-1.0.0 ? Yes. In brief the versioning scheme introduced with 1.0.0 is: Changes to last letter: security and

Re: OpenSSL 1.0.1 released

On Wed, Mar 14, 2012 at 10:09:22 -0500, OpenSSL wrote: -BEGIN PGP SIGNED MESSAGE- We consider OpenSSL 1.0.1 to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 1.0.1 is available for

Re: OpenSSL 1.0.1 released

On Wed, Mar 14, 2012, Iain Morgan wrote: On Wed, Mar 14, 2012 at 10:09:22 -0500, OpenSSL wrote: -BEGIN PGP SIGNED MESSAGE- We consider OpenSSL 1.0.1 to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as

Re: OpenSSL 1.0.1 released

I've looked at that, and the modes part is quite integral to a number of other algorithms. Supporting it being turned off is likely to be a maintainance nightmare (especially since it will seldom blow up considering most platforms today have a C compiler that supports long long). My conclusion

Re: OpenSSL 1.0.1 released

On Wednesday 14 March 2012 19:23:14 Dr. Stephen Henson wrote: On Wed, Mar 14, 2012, Mike Frysinger wrote: i'm not looking for downstream workarounds here but rather the right answer. is openssl-1.0.1 expected to be ABI compatible with openssl-1.0.0 ? Yes. In brief the versioning scheme