On 2 July 2014 23:17, Rich Salz via RT r...@openssl.org wrote:
Fixed, added -servername to the pod file.
Looks to me like you've only fixed this (and many others) in master -
surely should also go to 1.0.2 at least (and probably older branches,
too)?
Also, we generally rebase rather than
I just checked-up on my unresolved openssl bugs, and noticed that this
suggestion is still open in RT.
This report can be closed, because the changes that I requested were applied by
Dr. Henson back on December 19, 2011.
Thanks
PG
--
Sr. Technical Consultant, Stratus Technologies, Inc.
111
Since this may in future cover much more than just AES-NI...
Good observation Doctor, done. Attached is the updated text.
diff --git a/doc/crypto/EVP_EncryptInit.pod b/doc/crypto/EVP_EncryptInit.pod
index f6e4396..8d7636c 100644
--- a/doc/crypto/EVP_EncryptInit.pod
+++
Currently, ENGINE_load_rdrand will clear the error queue if the engine
is loaded; but ENGINE_load_rdrand fails to set an error code if RDRAND
is not available.
This patch adds a check with an appropriate error code so callers can
check for failure.
Note: crypto/engine/engine.h only provides a
Running `make test` with Clang sanitizers results in some issues with
unaligned pointers surrounding a use of buffers cast to a unsigned
int*. The sanitizers used were `-fsanitize=undefined
-fsanitize=address`.
I believe the issues flagged below are undefined behavior.
---snip---
Running `make test` with Clang sanitizers results in some issues with
crypto/cast/c_enc.c. The sanitizers used were `-fsanitize=undefined
-fsanitize=address`.
I believe the shift issue flagged below are undefined behavior.
---snip---
../util/shlib_wrap.sh ./casttest
c_enc.c:79:2: runtime error:
Running `make test` with Clang sanitizers results in some issues with
unaligned pointers surrounding some uses of buffers cast to a size_t*.
The sanitizers used were `-fsanitize=undefined -fsanitize=address`.
I believe the issues flagged below are undefined behavior.
---snip---
seed
Around line 519 in evp_enc.c:
// Line 519 below
if (b 1)
{
if (ctx-buf_len || !ctx-final_used)
{
EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
return(0);
}
OPENSSL_assert(b = sizeof ctx-final);
On Wed, Jul 2, 2014 at 10:42 PM, Salz, Rich rs...@akamai.com wrote:
I write fixes for pieces of software that I depend on. Some time ago, I
sent a
diff for OpenSSL.
Great, thanks.
If I'm interested in fixing OpenSSL, why shouldn't I have access to coverity
scans ?
Other Open Source
Looks to me like you've only fixed this (and many others) in master - surely
should also go to 1.0.2 at least (and probably older branches, too)?
Okay, tell me which branches.
Also, we generally rebase rather than merge...
I don't know the difference. But okay, if that's the practice, I'll
No, I don't mean to imply that you are one of the bad guys. It's just that we
have only one real way of knowing who the good guys are, and that is being part
of the development team. Yes, that can be very inconvenient. Trust me, I
know, it took more than 10 years for the team to open up and
On 3 July 2014 12:04, Salz, Rich rs...@akamai.com wrote:
Looks to me like you've only fixed this (and many others) in master - surely
should also go to 1.0.2 at least (and probably older branches, too)?
Okay, tell me which branches.
Since this is a bug, all active branches (that it applies to
Thanks for the explanation.
Which are the currently active branches?
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rs...@jabber.me; Twitter: RichSalz
-Original Message-
From: owner-openssl-...@openssl.org [mailto:owner-openssl-
d...@openssl.org] On Behalf
On Thu, Jul 03, 2014 at 07:04:09AM -0400, Salz, Rich wrote:
Looks to me like you've only fixed this (and many others) in master - surely
should also go to 1.0.2 at least (and probably older branches, too)?
Okay, tell me which branches.
Also, we generally rebase rather than merge...
On Thu, Jul 3, 2014 at 3:10 PM, Salz, Rich rs...@akamai.com wrote:
No, I don't mean to imply that you are one of the bad guys. It's just that
we have only one real way of knowing who the good guys are, and that is being
part of the development team. Yes, that can be very inconvenient.
- Original Message -
From: Benny Baumann be...@geshi.org
To: openbsd-t...@openbsd.org, openssl-dev@openssl.org
Sent: Wednesday, 2 July, 2014 8:49:18 PM
Subject: [PATCH] LibReSSL/OpenSSL: Adjust/remove keysize restrictions
Hi folks,
I know the following patches will cause a
Closed, thanks.
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rs...@jabber.memailto:rs...@jabber.me; Twitter: RichSalz
On 3 July 2014 13:01, Loganaden Velvindron logana...@gmail.com wrote:
On Thu, Jul 3, 2014 at 3:10 PM, Salz, Rich rs...@akamai.com wrote:
No, I don't mean to imply that you are one of the bad guys. It's just that
we have only one real way of knowing who the good guys are, and that is
being
Hi, my name is Yousik Kim from Republic of Korea.
I use OpenSSL for https function of my security camera web server.
Thank you.
I have a problem as below.
I use fd transfer function in lighttpd web server for video streaming.
(Fd transfer is the function that pass client socket to other
On Thu, Jul 03, 2014 at 04:01:16PM +0400, Loganaden Velvindron wrote:
I see such trends as leading to dangerous situations in the future.
OpenSSL is widely deployed, and the developers appear to grow older,
according to the various interviews I read. (I don't wish to offend
any of you guys
On 3 July 2014 12:21, Salz, Rich rs...@akamai.com wrote:
Thanks for the explanation.
Which are the currently active branches?
OpenSSL_0_9_8-stable
OpenSSL_1_0_0-stable
OpenSSL_1_0_1-stable
OpenSSL_1_0_2-stable
master
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM:
The request tracker should not be used for general user queries. Please direct
them to the openssl-users mailing list.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
On Čt, 2014-07-03 at 09:13 -0400, Theodore Ts'o wrote:
However, in the kernel we are much more lax about who gets access to
the Coverity project. Part of this is the sure and certain knowledge
that the bad guys are quite willing to pay for a Coverity license, and
so for us the balance of
On 3 July 2014 14:13, Theodore Ts'o ty...@mit.edu wrote:
However, in the kernel we are much more lax about who gets access to
the Coverity project. Part of this is the sure and certain knowledge
that the bad guys are quite willing to pay for a Coverity license, and
so for us the balance of
We can't change the parameters of functions at all if we wish to maintain
binary compatibility and if we wanted additional ASN.1 parsing flags in future
we'd need further functions.
An alternative would be to pass an opaque structure with the printing
parameters to an extended version of
New features are not added to release branches, see:
https://www.openssl.org/support/faq.html#MISC8
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
New features are not added to release branches, see:
https://www.openssl.org/support/faq.html#MISC8
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
release processes at various distributions. (Given that Microsoft has weekly
patch Tuesdays, if even slow moving *Microsoft* can turn around a
security update in a week, what's your excuse? :-)
They have a regular release train, but it doesn't mean that everything gets
fixed in one week.
On 3 July 2014 15:28, Salz, Rich rs...@akamai.com wrote:
release processes at various distributions. (Given that Microsoft has weekly
patch Tuesdays, if even slow moving *Microsoft* can turn around a
security update in a week, what's your excuse? :-)
They have a regular release train, but
https://www.google.com/about/appsecurity/patch-rewards/
Refactorings that make it easier to reason about the security
properties of the code.
__
OpenSSL Project http://www.openssl.org
Development
On Thu, Jul 03, 2014 at 08:08:52AM -0400, Hubert Kario wrote:
- Original Message -
From: Benny Baumann be...@geshi.org
To: openbsd-t...@openbsd.org, openssl-dev@openssl.org
Sent: Wednesday, 2 July, 2014 8:49:18 PM
Subject: [PATCH] LibReSSL/OpenSSL: Adjust/remove keysize
As the changelog says for 0.9.8,
(IDEA remains enabled despite being patented. This is because IDEA
is frequently required for interoperability, and there is no license
fee for non-commercial use. As before, no-idea can be used to
avoid this algorithm.)
very old release, cannot reproduce.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
Very old release, cannot reproduce.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
Very old release, cannot reproduce, please re-open ticket if still an issue.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Very old release, and ways to address the issue are described in the ticket.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
On Thu, Jul 03, 2014 at 09:13:43AM -0400, Theodore Ts'o wrote:
(Given that Microsoft has weekly patch
Tuesdays, if even slow moving *Microsoft* can turn around a security
update in a week, what's your excuse? :-)
As far as I know, patch Tuesday is the 2nd Tuesday of the month.
But wikipedia
old release, fixed now.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
Very old release. Can't reproduce. Work-around (build your own cert with a
Locality RDN), closing the ticket.
__
OpenSSL Project http://www.openssl.org
Development Mailing List
the latest git tree fro yesterday + the latest git tree of cppcheck yields into
these warning :
The 2 ifs seems to be superfluous, or ? :
if (iplace == sizeof iconvert)
iplace--;
iconvert[iplace] = 0;--- Array 'iconvert[20]' accessed at index 20, which
is out of bounds.
Of course WML is just a tool which generates in the end the HTML, CSS
and JS output. And we need a dynamic generation in the background. Pure
HTML + CSS is pure pain and a lot worse than the current state. Means a
no-go.
But WML is a bit outdated and does very likely stopping people from
On Thu, Jul 03, 2014 at 07:51:19PM +0200, Toralf Förster via RT wrote:
the latest git tree fro yesterday + the latest git tree of cppcheck yields
into these warning :
The 2 ifs seems to be superfluous, or ? :
The code before that is:
/* convert integer part */
do {
On Thu, Jul 03, 2014 at 07:51:28PM +0200, Toralf Förster via RT wrote:
I think cppcheck is right here in void DES_ofb64_encrypt(), line 84, 85
and 96, or ?:
The line before that:
dp=d;
l2c(v0,dp);--- Uninitialized variable: d
l2c(v1,dp);--- Uninitialized variable: d
Old release, can't reproduce, hopefully fixed by now.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
Hello
Status for snapshot-20140703
perl .\Configure mingw : Ok
make depend : Ok
make
speed.c:318:4 format '%d' expect 'int' but DWORD
bntest.c:1949:5 format '%d' expect 'long int' but 'unsigned int'
global make Ok
Didier
very old release, works now.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
Someone already did it. Thank you, mysterious stranger.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
On 3 July 2014 20:06, Kurt Roeckx via RT r...@openssl.org wrote:
On Thu, Jul 03, 2014 at 07:51:28PM +0200, Toralf Förster via RT wrote:
I think cppcheck is right here in void DES_ofb64_encrypt(), line 84, 85
and 96, or ?:
The line before that:
dp=d;
l2c(v0,dp);---
Requestor has a misunderstanding: ENOTCONN means not connected, and that is not
a retry for nonblocking reasons kind of thing.
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Sorry it took so long to get back to you: no, we have no plans to support that
hardware crypto card.
__
OpenSSL Project http://www.openssl.org
Development Mailing List
old release, unsupported platform, please update ticket if still an issue.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated
old release, various CVE fixes have touched this area, can't reproduce, closing
the ticket.
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Insufficient information to reproduce the problem, and a very old release.
closing the ticket.
__
OpenSSL Project http://www.openssl.org
Development Mailing List
old release, unsupported platform (albeit with a very cool name), can't
reproduce, closing ticket.
__
OpenSSL Project http://www.openssl.org
Development Mailing List
someone fixed it. Probably DrH
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
builds now.
time flies.
or is it time heals all builds?
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
somebody fixed something, not sure hwne. but old release old ticket and we'd
have heard if it was still broken.
__
OpenSSL Project http://www.openssl.org
Development Mailing List
old release, can't reproduce, closing ticket.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
We didn't promise portability acrouss 0.9.8 and 1.0.0. But I don't see any
static functions in crypto/rsa/rsa_oaep.c anyway so maybe we fixed it.
__
OpenSSL Project http://www.openssl.org
old release, can't reproduce, closing ticket.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
fencepost error in checking version that was old ten years ago. closing ticket.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
very old release, very old platform, cannot reproduce.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
We have INSTALL_PREFIX and INSTALLTOP and don't provide separate exec and
shared prefixes. Closing ticket.
__
OpenSSL Project http://www.openssl.org
Development Mailing List
On Thu, Jul 03, 2014 at 09:28:47PM +0100, Ben Laurie wrote:
On 3 July 2014 20:06, Kurt Roeckx via RT r...@openssl.org wrote:
On Thu, Jul 03, 2014 at 07:51:28PM +0200, Toralf Förster via RT wrote:
I think cppcheck is right here in void DES_ofb64_encrypt(), line 84, 85
and 96, or ?:
The
I've done some digging on this and its kind of interesting.
What is happening is that the code is calling the BN_consttime_swap function.
This takes a condition variable and two BIGNUMs a and b, and swaps the value of
a and b over if the condition is set. Inside a BIGNUM structure there is a
Why not just have bn_expand_internal call memset?
; git diff bn_lib.c
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index b1e224b..86d1d37 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -324,6 +324,9 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int
words)
Am Thu, Jul 03, 2014 at 07:20:46PM +0200 schrieb Kurt Roeckx:
On Thu, Jul 03, 2014 at 08:08:52AM -0400, Hubert Kario wrote:
- Original Message -
From: Benny Baumann be...@geshi.org
To: openbsd-t...@openbsd.org, openssl-dev@openssl.org
Sent: Wednesday, 2 July, 2014 8:49:18 PM
On Thu, Jul 03, 2014 at 11:42:08PM +0200, Wilfried Klaebe wrote:
Am Thu, Jul 03, 2014 at 07:20:46PM +0200 schrieb Kurt Roeckx:
On Thu, Jul 03, 2014 at 08:08:52AM -0400, Hubert Kario wrote:
- Original Message -
From: Benny Baumann be...@geshi.org
To: openbsd-t...@openbsd.org,
Seeing as this was a four year old ticket, a few things have changed since
it was filed. Here's our current repo for haikuports where you can see our
latest patches. I suspect most of the patch would be taken care of by
updating the Haiku entries in openssl's config.
Says Viktor: 1481 was resolved by Bodo Moeller and me, quite some time ago,
and can be closed. Also Postfix works around this for older releases.
__
OpenSSL Project http://www.openssl.org
70 matches
Mail list logo