[openssl-dev] [openssl.org #4083] possible fix to make test failure with openssl-1.0.2d on MinGW...

With version 'openssl-1.0.2d',in file 'test/Makefile',at line 244 shown above, @) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"' Make test fail because you use this snippet

[openssl-dev] [openssl.org #4084] correction to the message i sent earlier...

In my previous message, i mixed "above" and "below" so it was maybe unreadable a bit. Sorry! Christian Fafard ___ openssl-bugs-mod mailing list openssl-bugs-...@openssl.org https://mta.openssl.org/mailman/listinf

Re: [openssl-dev] [openssl.org #3891] [PATCH] Fix undefined behavior executed through OpenSSL tests

On Thu, Oct 08, 2015 at 01:36:07PM +, Pascal Cuoq via RT wrote: > > - ssl_locl.h.patch: I don't see a struct timeval > > crypto/x509v3/v3_scts.c. Does this comment still apply? Maybe > > we fixed the issue in some other way. > > Sorry, this comment was unnecessarily confusing. > > What we

Re: [openssl-dev] [openssl.org #4081] crypto/evp/e_dsa.c is orphaned

On Thu, Oct 08, 2015 at 04:18:53pm +, Kaduk, Ben via RT wrote: > crypto/evp/e_dsa.c contains only a single static struct variable, and > the file appears unreferenced from anywhere else in the tree. > > It should be safe to remove. This is now fixed in my "Remove useless code" patch at https:

Re: [openssl-dev] [openssl.org #4080] Malformed Client Hello messages are accepted (session_id length)

On Thu, Oct 08, 2015 at 06:26:27pm +, Alessandro Ghedini via RT wrote: > On Thu, Oct 08, 2015 at 06:14:00pm +, Alessandro Ghedini via RT wrote: > > On Thu, Oct 08, 2015 at 05:19:06pm +, Alessandro Ghedini via RT wrote: > > > On Thu, Oct 08, 2015 at 04:12:50pm +, Hubert Kario via RT

Re: [openssl-dev] [openssl.org #4080] Malformed Client Hello messages are accepted (session_id length)

On Thursday 08 October 2015 17:37:12 Viktor Dukhovni wrote: > On Thu, Oct 08, 2015 at 04:12:50PM +, Hubert Kario via RT wrote: > > The server does not abort connection upon receiving a Client Hello > > message with malformed session_id field. > > > > Affects 1.0.1, 1.0.2 and master. > > > > I

Re: [openssl-dev] Adding async support

Dear Matt, On Thu, Oct 8, 2015 at 10:06 PM, Matt Caswell wrote: > > > On 08/10/15 18:56, Dmitry Belyavsky wrote: > > > The second problem is entirely engine dependant. It will be a > different > > solution for different hardware. These patches do not provide a > solution > > to that

Re: [openssl-dev] Adding async support

On 08/10/15 18:56, Dmitry Belyavsky wrote: > The second problem is entirely engine dependant. It will be a different > solution for different hardware. These patches do not provide a solution > to that problem. > > > So I do not understand what you mean by "offload" :-( > > I unde

[openssl-dev] [openssl.org #4082] Patch: Unable to read SMIME message if there is no signer

Hi, I found that Outook for MAC can generate (depends on setting) signed message where is not included sender's certificate. It works pretty good, but verification requires that recipients must already have sender certificate. Such message is attached. Problem is that such message cannot be rea

Re: [openssl-dev] [openssl.org #4080] Malformed Client Hello messages are accepted (session_id length)

On Thu, Oct 08, 2015 at 06:14:00pm +, Alessandro Ghedini via RT wrote: > On Thu, Oct 08, 2015 at 05:19:06pm +, Alessandro Ghedini via RT wrote: > > On Thu, Oct 08, 2015 at 04:12:50pm +, Hubert Kario via RT wrote: > > > The server does not abort connection upon receiving a Client Hello

Re: [openssl-dev] [openssl.org #4080] Malformed Client Hello messages are accepted (session_id length)

On Thu, Oct 08, 2015 at 05:19:06pm +, Alessandro Ghedini via RT wrote: > On Thu, Oct 08, 2015 at 04:12:50pm +, Hubert Kario via RT wrote: > > The server does not abort connection upon receiving a Client Hello > > message with malformed session_id field. > > > > Affects 1.0.1, 1.0.2 and ma

Re: [openssl-dev] Adding async support

Dear Matt, On Thu, Oct 8, 2015 at 3:17 PM, Matt Caswell wrote: > > > No. I think you are confusing two different things. > > 1) How does an *application* perform asynchronous work (via libssl or > libcrypto) using an asynchronous capable engine? > Ok. There is an example an explanation you have

Re: [openssl-dev] [openssl.org #4080] Malformed Client Hello messages are accepted (session_id length)

On Thu, Oct 08, 2015 at 04:12:50PM +, Hubert Kario via RT wrote: > The server does not abort connection upon receiving a Client Hello > message with malformed session_id field. > > Affects 1.0.1, 1.0.2 and master. > > In SSLv3 and all versions of TLS (e.g. RFC 5246), the SessionID is > def

Re: [openssl-dev] [openssl.org #4080] Malformed Client Hello messages are accepted (session_id length)

On Thu, Oct 08, 2015 at 05:19:06PM +, Alessandro Ghedini via RT wrote: > The problem most likely happens with SSLv2 backwards compatible ClientHello as > well, but that seems to be easier to fix... or maybe it's time to just drop > that compatibility code for v1.1? I would love to have dropped

Re: [openssl-dev] [openssl.org #4080] Malformed Client Hello messages are accepted (session_id length)

On Thursday 08 October 2015 17:19:06 Alessandro Ghedini via RT wrote: > The problem most likely happens with SSLv2 backwards compatible > ClientHello as well, but that seems to be easier to fix... or maybe > it's time to just drop that compatibility code for v1.1? There is quite a bit of clients t

Re: [openssl-dev] [openssl.org #4080] Malformed Client Hello messages are accepted (session_id length)

On Thu, Oct 08, 2015 at 05:19:06PM +, Alessandro Ghedini via RT wrote: > The problem most likely happens with SSLv2 backwards compatible ClientHello as > well, but that seems to be easier to fix... or maybe it's time to just drop > that compatibility code for v1.1? I would love to have dropped

Re: [openssl-dev] [openssl.org #4080] Malformed Client Hello messages are accepted (session_id length)

On Thu, Oct 08, 2015 at 04:12:50pm +, Hubert Kario via RT wrote: > The server does not abort connection upon receiving a Client Hello > message with malformed session_id field. > > Affects 1.0.1, 1.0.2 and master. > > In SSLv3 and all versions of TLS (e.g. RFC 5246), the SessionID is > defi

[openssl-dev] [openssl.org #4081] crypto/evp/e_dsa.c is orphaned

crypto/evp/e_dsa.c contains only a single static struct variable, and the file appears unreferenced from anywhere else in the tree. It should be safe to remove. -Ben ___ openssl-bugs-mod mailing list openssl-bugs-...@openssl.org https://mta.openssl.org

[openssl-dev] [openssl.org #4080] Malformed Client Hello messages are accepted (session_id length)

The server does not abort connection upon receiving a Client Hello message with malformed session_id field. Affects 1.0.1, 1.0.2 and master. In SSLv3 and all versions of TLS (e.g. RFC 5246), the SessionID is defined as opaque SessionID<0..32>; that means, that any SessionID longer than

[openssl-dev] [openssl.org #4079] syntax error with EVP_CHECK_DES_KEY

Code inspection of crypto/evp/e_des3.c reveals that !! was used instead of || (and then subsequently reformatted by a script): 272 # ifdef EVP_CHECK_DES_KEY 273 if (DES_set_key_checked(&deskey[0], &dat->ks1) 274 ! !DES_set_key_checked(&deskey[1], &dat->ks2)) 275

[openssl-dev] [openssl.org #4078] remove MDC2 support (1.1 dev branch)

Tracking ticket - if anyone has any concerns, please voice them now. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3982] [PATCH] Fix unhandled error condition in sslv2 client hello parsing

Patch was applied. Closing. Matt ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #3982] [PATCH] Fix unhandled error condition in sslv2 client hello parsing

The GitHub pull request was merged, so this can be closed now. Cheers ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #3891] [PATCH] Fix undefined behavior executed through OpenSSL tests

Hello Kurt, thanks for looking into these ! On 07 Oct 2015, at 22:17, Kurt Roeckx via RT wrote: > > So some of the patches got applied, but I have some comments about > the remaining: > - ssl_locl.h.patch: I don't see a struct timeval > crypto/x509v3/v3_scts.c. Does this comment still apply?

[openssl-dev] [openssl.org #4076] PROBLEM： there exists a wrong return value of function int_rsa_verify()

On Thu Oct 08 08:55:45 2015, rucsoft...@163.com wrote: > Bug Description: > Function int_rsa_verify() defined in file crypto/rsa/rsa_sign.c would > return 1 if a signature is valid, and 0 otherwise. The variable 'ret' > keeps the return value, and it may be assigned to 1 if the condition > in line

Re: [openssl-dev] Adding async support

On 08/10/15 12:18, Dmitry Belyavsky wrote: > > I see. So am I correct supposing that pseudo code for > offload_cipher_to_hardware looks like this: > > static int async_wrapper(void * args) > { > ... > } > > static ASYNC_JOB *offload (void *args) > { > ASYNC_JOB *pjob = NULL; > int funcret;

Re: [openssl-dev] [openssl.org #4075] Enhancement request: Camellia ECDHE+GCM suites

On Thu, Oct 08, 2015 at 11:39:56am +, Salz, Rich via RT wrote: > Also, note that the earliest this could happen is for 1.1 (it's a new > feature), and it's not high on our priority list for that release right now. > Patches that are regularly rebased against master would help. I rebase my patc

Re: [openssl-dev] Elliptical Cipher Suites

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/10/15 12:27, Aaron Jones wrote: > On 07/10/15 13:54, Thirumal, Karthikeyan wrote: >> Vik Am using 0.9.8a version. Am trying to fix few weak ciphers >> in my SSL connection and also to make Elliptical cipher suites >> enable. I see that ECDHE

Re: [openssl-dev] [openssl.org #4077] Add support for EdDSA and Ed25519

There is a GREAT DEAL of interest in *25519 :) It would be great to see a PR against master; I'd push it through the review process as fast as possible. If you and Peter have the interest in working on this, that would be great. ___ openssl-dev mailing

Re: [openssl-dev] [openssl.org #4075] Enhancement request: Camellia ECDHE+GCM suites

Also, note that the earliest this could happen is for 1.1 (it's a new feature), and it's not high on our priority list for that release right now. Patches that are regularly rebased against master would help. ___ openssl-dev mailing list To unsubscri

[openssl-dev] [openssl.org #4077] Add support for EdDSA and Ed25519

I believe it would be useful to have OpenSSL support for Ed25519 signing and Curve25519 key agreement. I don't see anything on rt.openssl.org about this (maybe the proper place to open issue is on github these days?). Is there interest in this from the OpenSSL team? There are several implementat

Re: [openssl-dev] Elliptical Cipher Suites

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 07/10/15 13:54, Thirumal, Karthikeyan wrote: > Vik Am using 0.9.8a version. Am trying to fix few weak ciphers in > my SSL connection and also to make Elliptical cipher suites > enable. I see that ECDHE ciphers are elliptical - need more info on >

Re: [openssl-dev] Adding async support

Dear Matt, On Thu, Oct 8, 2015 at 1:56 PM, Matt Caswell wrote: > > > The engine needs to have a way of offloading the work to "something > > else" so that it can come back and pick up the results later. > Typically > > for an engine this would mean some external hardware, but as I >

Re: [openssl-dev] Adding async support

On 08/10/15 11:26, Dmitry Belyavsky wrote: > Dear Matt, > > I have some questions. > > On Thu, Oct 8, 2015 at 12:32 AM, Matt Caswell > wrote: > > > > On 07/10/15 21:44, Dmitry Belyavsky wrote: > > Dear Matt, > > > > On Wed, Oct 7, 2015 at 4:43 PM, M

Re: [openssl-dev] Adding async support

Dear Matt, I have some questions. On Thu, Oct 8, 2015 at 12:32 AM, Matt Caswell wrote: > > > On 07/10/15 21:44, Dmitry Belyavsky wrote: > > Dear Matt, > > > > On Wed, Oct 7, 2015 at 4:43 PM, Matt Caswell > > wrote: > > > > > > > > On 07/10/15 14:29, Viktor Dukhovni

Re: [openssl-dev] [openssl.org #4075] Enhancement request: Camellia ECDHE+GCM suites

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/10/2015 10:53, Alessandro Ghedini via RT wrote: > Patches for this are available at [0], however there has been some > resistance to adding the new TLS cipher suites to OpenSSL (see [1]), so > the discussion has stalled. That's really disappoi

[openssl-dev] [openssl.org #4076] PROBLEM： there exists a wrong return value of function int_rsa_verify()

Bug Description: Function int_rsa_verify() defined in file crypto/rsa/rsa_sign.c would return 1 if a signature is valid, and 0 otherwise. The variable 'ret' keeps the return value, and it may be assigned to 1 if the condition in line 216 is satisfied. The signature is regarded as inva

Re: [openssl-dev] [openssl.org #4075] Enhancement request: Camellia ECDHE+GCM suites

On Thu, Oct 08, 2015 at 12:47:21AM +, Moonchild via RT wrote: > Hello people, > > An enhancement request here for OpenSSL to add support for Camellia in GCM > with ECC key exchange. > > Rationale: > Camellia has been recognized as a modern and supported cipher by ENISA, > NESSIE, CRYPTREC, IS