[openssl-dev] [openssl.org #2906] enhancement: test suite won't work when parent directories have spaces

1.0.1 only gets security fixes now. might be fixed in 1.0.2 definitely fixed in 1.1 -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3203] Normalize PFS key exchange labels

DKG, any chance you can refresh your 1.0.2 patch? I'm interested in being able to accept the common names but not changing the output for compatibility.. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #1210] Bug: CRL and Certificates

Re-thinking about this a bit more, OpenSSL doesn't do any key-usage verification of things when it does signatures. So I am closing this ticket. As a work-around, verifying the signature and usage of the signed data maybe? (If someone wants to do a PR to fix this, great.) -- Rich Salz, OpenSSL dev

[openssl-dev] [openssl.org #4288] [BUG] Xmm7 register is cobbered in aesni_gcm_decrypt on win64

For OpenSSL 1.0.2f In crypto\modes\asm\aesni-gcm-x86_64.pl: Registers are saved like this: ___ $code.=<<___ if ($win64); lea -0xa8(%rsp),%rsp movaps %xmm6,-0xd8(%rax) movaps %xmm7,-0xc8(%rax) movaps %xmm8,-0xb8(%rax) movaps %xmm9,-0xa8(%rax)

[openssl-dev] [openssl.org #3957] BUG:Double free in int_thread_del_item in crypto/err/err.c

Believed fixed. Also see https://github.com/openssl/openssl/pull/451 ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2352] PATCH: Add new extended key usage ipsecIKE

fixed in master. finally :) -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #1099] Problem with keysize operations

EVP_PKEY_bits works, and as we're moving to EVP as the main public interface, nothing more to be done. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3196] Default CRYPTO_THREADID for Mac OS X with Posix Threads

Please see https://github.com/openssl/openssl/pull/451 which is what we'll be doing for threads moving forward -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3806] change request - cleanup thread ERR state

Please see https://github.com/openssl/openssl/pull/451 which is what we'll be doing for threads moving forward -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #2901] no-rsa build bug in 1.0.1c

Sorry it took so long to get to this. We're only doing security fixes for 1.0.1 now. Closing. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2949] OpenSSL bug

0.9.8 not supported, please re-test and re-open if still an issue on current releases. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2993] Openssl manual pages

not a bug. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2747] valgrind suppressions file to suppress warnings from Python/openssl

Are these issues still present in the current releases(s)? If so, please open a new ticket. The 1.0.1 release only gets security fixes now. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3133] minor make install improvement for Windows/Visual Studio in ms\nt.mak

Sorry we didn't get to this sooner. We're only taking security fixes for 1.0.1 now. Please open a new ticket if this is still an issue with current releases. Also the build system in changed in master. -- Rich Salz, OpenSSL dev team; rs...@openssl.org

[openssl-dev] [openssl.org #3204] J-PAKE test fails

Sorry we didn't get to this sooner. We're only taking security fixes for 1.0.1 now. Please open a new ticket if this is still an issue with current releases. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3640] Bug report: PKCS7_decrypt memory leak

No reply, cannot reproduce the bug, closing the ticket. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3677] bug report - open ssl interactive command interface

this sounds like a windows display issue, not an openssl issue. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3766] OS/400 port of OpenSSL 1.0.1m

Sorry we didn't get to this sooner. We're only taking security fixes for 1.0.1 now. Please open a new ticket if this is still an issue with current releases. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4034] mkstack.pl does generate new safestack.h until release 1.0.1m

Sorry we didn't get to this sooner. We're only taking security fixes for 1.0.1 now. Fixed in master. Please open a new ticket if this is still an issue with current releases. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list

[openssl-dev] [openssl.org #4225] OpenSSL 1.1-pre2 EC_KEY_ex_data regression of functionality from 1.0.2 to 1.1

Believed all in now :) -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4261] BUG unable to connect to Mysql via ssl connection.

not an openssl issue, closing ticket. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2741] [PATCH] 1.0.1-beta3 fails to build on Windows if --with-fipsdir is used

believed fixed; 1.0.1 only gets security fixes now. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2840] [PATCH] Restore alg_section to 1.0.1c

sorry we diddn't get to this sooner. we're only taking 1.0.1 security fixes now. and if you so much as *sneeze* on source code, you need a FIPS change letter :) -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To

[openssl-dev] [openssl.org #2912] Error in SSLv23 connection to some servers

Old release, Tried to reproduce the problem and could not do so. Please open a new ticket if this is still an issue with current releases. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #2915] [PATCH] Add an option to Configure to set the include directory for FIPS enabled builds

sorry, we're not doing any FIPS changes at this time. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3007] BUG: OpenSSL 1.0.1e VC-WIN64A build fails when configured with 'no-ec'

Sorry we didn't get to this sooner. We're only taking security fixes for 1.0.1 now. Please open a new ticket if this is still an issue with current releases. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3009] test failure, x64 openssl 1.0.1.e on OS X

Sorry we didn't get to this sooner. We're only taking security fixes for 1.0.1 now. Please open a new ticket if this is still an issue with current releases. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3137] The behavior of CRYPTO_set_mem_functions() in FIPS mode

Sorry we didn't get to this sooner. We're only taking security fixes for 1.0.1 now and not doing any FIPS stuff for now. Please open a new ticket if this is still an issue with current releases. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___

[openssl-dev] [openssl.org #3322] [PATCH] ccgost to use configured params for 28147-89 in CNT and IMIT mode

GOST is now a separately-maintained engine. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] OpenSSL Security Advisory

Hi there, reading the last advisory again, I noticed, that there's one logical inconsistency. First: OpenSSL before 1.0.2f will reuse the key if: ... - Static DH ciphersuites are used. The key is part of the certificate and so it will always reuse it. This is only supported in 1.0.2. and

[openssl-dev] [openssl.org #3630] BUG - Building OpenSSL on Windows with zlib and fips object module fails. Possible fix included.

Sorry we didn't get to this sooner. We're only taking security fixes for 1.0.1 now. Please open a new ticket if this is still an issue with current releases. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3916] [PATCH] Fix Uninitialized Values

Sorry we didn't get to this sooner. We're only taking security fixes for 1.0.1 now. Believe fixed in current releases. Please open a new ticket if this is still an issue with current releases. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___

[openssl-dev] [openssl.org #4014] RE: bug /fix to INSTALL_W64

Sorry we didn't get to this sooner. We're only taking security fixes for 1.0.1 now. Also this is fixed in master. Please open a new ticket if this is still an issue with current releases. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev

[openssl-dev] [openssl.org #2720] can't build with no-tlsext

we no longer support building without all tls extensions. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2767] test/testssl script does not exercise TLS 1.2

fixed in current releases. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2805] uplink-x86_64-pl-script error when running "ms\do_win64a" on windows 7-64bit command line

We're only doing security fixes in 1.0.1 now, sorry we didn't get to this sooner. Believed fixed in 1.0.2 Definitely fixed in master. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #2945] bug: linking static OpenSSL 1.0.1c on EL6 seems to cause breakage

Sorry we didn't get to this sooner. We're only taking security fixes for 1.0.1 now. Please open a new ticket if this is still an issue with current releases. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3157] PATCH Win32/64 openssl 1.0.1e fixes

Sorry we didn't get to this sooner. We're only taking security fixes for 1.0.1 now. Please open a new ticket if this is still an issue with current releases. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3217] [PATCH] changes in 1.0.0l and 1.0.1f required for OpenVMS

Sorry we didn't get to this sooner. We're only taking security fixes for 1.0.1 now. Please open a new ticket if this is still an issue with current releases. VMS gets a major uplift in 1.1 -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___

[openssl-dev] [openssl.org #3455] Compile error on Tandem NonStop (including patch)

Sorry we didn't get to this sooner. We're only taking security fixes for 1.0.1 now. Also, Tandem isn't much supported... Please open a new ticket if this is still an issue with current releases. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___

[openssl-dev] [openssl.org #3573] Building win64 openssl static library with no-ssl3 option fails on 1.0.1j

Sorry we didn't get to this sooner. We're only taking security fixes for 1.0.1 now. Please open a new ticket if this is still an issue with current releases. Also fixed in master, and probably 1.0.2 -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___

[openssl-dev] [openssl.org #3587] openssl-1.0.1j configuration for solaris-x86/x64 should be changed

Sorry we didn't get to this sooner. We're only taking security fixes for 1.0.1 now. Please open a new ticket if this is still an issue with current releases. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3770] Bug

Sorry we didn't get to this sooner. We're only taking security fixes for 1.0.1 now. Please open a new ticket if this is still an issue with current releases. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3929] Crash in EVP_PKEY_CTX_free in the client code ..

Sorry we didn't get to this sooner. We're only taking security fixes for 1.0.1 now. We cannot reproduce the error. Please open a new ticket if this is still an issue with current releases. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___

[openssl-dev] [openssl.org #4143] bug: fips_premain_dso.exe does not include applink.c on dll fips builds

We're not maintaining FIPS stuff right now. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3713] Bug: openssl-1.0.1l, FIPS, HP-UX ia64, Duplicate Symbol "AES_Te" and "AES_Td"

If you sneeze on the FIPS code, you need a new CMVP change letter. Setting realistic expectations, there are no plans at this time for any FIPS work. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4001] Bug in branch OpenSSL-fips-2_0-stable, file fips_rsa_sign.c

If you sneeze on the FIPS code, you need a new CMVP change letter. Setting realistic expectations, there are no plans at this time for any FIPS work. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4000] Bug in Branch OpenSSL-fips-2_0-stable; file rsa_x931g.c

If you sneeze on the FIPS code, you need a new CMVP change letter. Setting realistic expectations, there are no plans at this time for any FIPS work. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #2640] [PATCH] support xmpp servers in starttls

this feature is in openssl 1.1 -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2774] OpenSSL 1.0.1 doesn't compile when configured with "no-tls1"

We're only taking security fixes for 1.0.1 now. Sorry we didn't get to look at this sooner. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2856] cryptlib.c: dynlock destroy call during (un)locking

Please see https://github.com/openssl/openssl/pull/451 -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2891] deadlock in X509_PUBKEY_get without recursive mutexes

for 1.0.1 we're only doing security fixes now. for threads stuff, please see https://github.com/openssl/openssl/pull/451 -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #2998] Linking libgost.so

GOST is now a separately-maintained engine. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2986] aix building of openssl-1.0.1e

Sorry we didn't get to this sooner. We're only taking security fixes for 1.0.1 now. Please open a new ticket if this is still an issue with current releases. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3048] [Bug] openssl-1.0.1e-fips-2.0.3 Illegal instruction

Sorry we didn't get to this sooner. We're only taking security fixes for 1.0.1 now. Please open a new ticket if this is still an issue with current releases. But we're not doing FIPS work now, either. Sorry. -- Rich Salz, OpenSSL dev team; rs...@openssl.org

[openssl-dev] [openssl.org #3233] 'make depend' emits warnings on OSX wth 1.0.1f

Sorry we didn't get to this sooner. We're only taking security fixes for 1.0.1 now. Please open a new ticket if this is still an issue with current releases. This is already fixed in master, as well. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___

[openssl-dev] [openssl.org #3520] [PATCH] 1.0.1e: Configure: Correctly Handle GCC/clang/LLVM -arch and -isysroot Options

Sorry we didn't get to this sooner. We're only taking security fixes for 1.0.1 now. Please open a new ticket if this is still an issue with current releases. Also, the new build process should handle this more cleanly. -- Rich Salz, OpenSSL dev team; rs...@openssl.org

[openssl-dev] [openssl.org #3747] Bug Report - Segmentation fault thrown from engine_unlocked_finish()

Sorry we didn't get to this sooner. We're only taking security fixes for 1.0.1 now. Please open a new ticket if this is still an issue with current releases. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3739] regression: syswrite payloads >90kb can trigger EFAULT "Bad address" error on 1.0.2

sorry, we can't do anything about this without more detail. inter-language bindings are tough. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3987] Bug report about crash related to ASN1_primitive_free

Not enough information to reproduce the bug. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3805] Re: Error while building FIPS capable OpenSSL

If you sneeze on the FIPS code, you need a new CMVP change letter. Setting realistic expectations, there are no plans at this time for any FIPS work. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3089] Building OpenSSL 1.0.1e with FIPS on Win64A

If you sneeze on the FIPS code, you need a new CMVP change letter. Setting realistic expectations, there are no plans at this time for any FIPS work. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3531] [PATCH] fix a crash in dsa_do_sign() from openssl-fips-2.0.7

If you sneeze on the FIPS code, you need a new CMVP change letter. Setting realistic expectations, there are no plans at this time for any FIPS work. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #2688] OpenSSL 1.0.1 beta 2 report on Cygwin 1.5.25

fixed in later versions; 1.0.1 only gets security fixes now. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2779] OpenSSL 1.0.1 doesn't compile with NO_STDIO/NO_FP_API

fixed in master. too invasive to fix in earlier releases -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2831] patches for openssl 1.0.1c digest stuff

Too late for 1.0.1 and too much work for 1.0.2 :) We fixed it in master (1.1) by saying "any supported digest" which isn't ideal, admittedly. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #2835] question/proposal for openssl 1.0.1c to make do_ms.bat and do_win64a.bat somewhat more consisent + solve build errors for WIN64a.

We're only doing security fixes in 1.0.1 now; sorry we didn't get to this sooner. Fixed in current releases. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #2928] openSSL 1.0.1c serious bug in Win32 makefiles, easy to fix: linker binary variable name LINK collides with buildsystem variable LINK . please rename

Sorry we didn't get to this sooner. We're only taking security fixes for 1.0.1 now. Please open a new ticket if this is still an issue with current releases. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3522] [PATCH] 1.0.1e: Configure: Allow the apps, test and tools directories to be configured out of DIRS.

Sorry we didn't get to this sooner. We're only taking security fixes for 1.0.1 now. Please open a new ticket if this is still an issue with current releases. Also fixed in 1.1 -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing

[openssl-dev] [openssl.org #3521] [PATCH] 1.0.1e: Configure: Correctly Handle GCC --sysroot Option

Sorry we didn't get to this sooner. We're only taking security fixes for 1.0.1 now. Please open a new ticket if this is still an issue with current releases. also the new build process handles this correctl. -- Rich Salz, OpenSSL dev team; rs...@openssl.org

[openssl-dev] [openssl.org #3642] Bug in OpenSSL 1.0.1j version: Decode error in TLS 1.2 handshake failure from client

No reply, cannot reproduce it, closing the ticket. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3685] crash in 32-bit OpenSSL (1.0.1j-fips) when external .so dynamically loads libcrypto.so

Sorry we didn't get to this sooner. We're only taking security fixes for 1.0.1 now. Please open a new ticket if this is still an issue with current releases. Also, we're not touching FIPS stuff right now. Also also, pascal inter-language calling stuff? :) -- Rich Salz, OpenSSL dev team;

[openssl-dev] [openssl.org #3696] openssl 1.0.1k s_client app bug?

Sorry we didn't get to this sooner. We're only taking security fixes for 1.0.1 now. Please open a new ticket if this is still an issue with current releases. fixed in master and perhaps 1.0.2 -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___

[openssl-dev] [openssl.org #3699] openssl-1.0.2, fips sparc multiply defined _sparcv9_vis1_instrument_bus, _sparcv9_vis1_instrument_bus2

Sorry, we can't touch the FIPS code any more without sponsorship. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4270] OpenSSL 1.0.1 Installation bug

Sorry we didn't get to this sooner. We're only taking security fixes for 1.0.1 now. Please open a new ticket if this is still an issue with current releases. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] [openssl.org #3739] regression: syswrite payloads >90kb can trigger EFAULT "Bad address" error on 1.0.2

On 3 February 2016 at 10:50, Rich Salz via RT wrote: > sorry, we can't do anything about this without more detail. > inter-language bindings are tough Fortunately, I haven't seen this issue since 1.0.2a, so I suspect it was some other bug being exposed in a strange way, that

[openssl-dev] [openssl.org #3081] openssl-fips-2.0.N

If you sneeze on the FIPS code, you need a new CMVP change letter. Setting realistic expectations, there are no plans at this time for any FIPS work. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3150] Bug Report (with trivial fix): fips module segfault

If you sneeze on the FIPS code, you need a new CMVP change letter. Setting realistic expectations, there are no plans at this time for any FIPS work. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3079] FIPS Capable 1.0.1e with no-shared and -no-comp fails to compile

If you sneeze on the FIPS code, you need a new CMVP change letter. Setting realistic expectations, there are no plans at this time for any FIPS work. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #2670] [BUG] OpenSSL 1.0.1 beta 1 released (on VMS FAILED)

1.0.1 is only getting security fixes now. we think current releases work. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2763] Possible bug - TLS 1.2 compliance

Since everyone disagrees with the RFC about sending "sigalg-agreeing" certs, we're not going to change this. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #2812] BUG: infinite loop when using s_client's xmpp starttls operation

Is this still an issue in 1.0.2 or master? If so, please re-open this ticket. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2865] Shared build broken in 1.0.1c

Sorry we didn't get to this sooner, we are only taking security fixes for 1.0.1 now. If still an issue on current releases, please open a new ticket. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #2920] Problems building openssl-1.0.1c on 64bit PA-RISC HPUX

Sorry we didn't get to this sooner. We're only taking security fixes for 1.0.1 now. Please open a new ticket if this is still an issue with current releases. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3035] Patch to properly detect and default to 64bit on OSX

Sorry we didn't get to this sooner. We're only taking security fixes for 1.0.1 now. We believe this works now. Please open a new ticket if this is still an issue with current releases. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev

[openssl-dev] [openssl.org #3358] openssl should create private keys with stricter permissions

this is fixed in master (openssl 1.1 release) -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3566] openssl-1.0.1j make depend failes

Sorry we didn't get to this sooner. We're only taking security fixes for 1.0.1 now. Please open a new ticket if this is still an issue with current releases. Also, fixed in master (and maybe 1.0.2) -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___

[openssl-dev] [openssl.org #3733] ZOS 1.0.1k bug report with fix.

Sorry we didn't get to this sooner. We're only taking security fixes for 1.0.1 now. Please open a new ticket if this is still an issue with current releases. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4008] Building statically OpenSSL 1.0.1p with MSVC2015 fails

Sorry we didn't get to this sooner. We're only taking security fixes for 1.0.1 now. Please open a new ticket if this is still an issue with current releases. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #2399] Request: Allow "-no-xxx" options in ./config for FIPS build

If you sneeze on the FIPS code, you need a new CMVP change letter. Setting realistic expectations, there are no plans at this time for any FIPS work. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] OpenSSL Security Advisory

On Tue, Feb 02, 2016 at 10:34:32PM +0100, Rainer Jung wrote: > Hi there, > > reading the last advisory again, I noticed, that there's one logical > inconsistency. > > First: > > OpenSSL before 1.0.2f will reuse the key if: > ... > - Static DH ciphersuites are used. The key is part of the

Re: [openssl-dev] OpenSSL Security Advisory

On 02/02/16 21:34, Rainer Jung wrote: > Hi there, > > reading the last advisory again, I noticed, that there's one logical > inconsistency. > > First: > > OpenSSL before 1.0.2f will reuse the key if: > ... > - Static DH ciphersuites are used. The key is part of the certificate > and so it

Re: [openssl-dev] [openssl.org #3713] Bug: openssl-1.0.1l, FIPS, HP-UX ia64, Duplicate Symbol "AES_Te" and "AES_Td"

The SecurityPolicy.pdf claims that HP-UX 11i IA64 is a Supported Configuration; how can this claim be made when the code does nto even compile correctly? From: Rich Salz via RT [r...@openssl.org] Sent: Tuesday, February 02, 2016 4:23 PM To: Stuart Kemp Cc:

[openssl-dev] Rgd. CVE-2015-3197 fix test verification !!

Can someone please tell me how to verify the fix done for CVE-2015-3197. I want to test 1.0.1r version for this issue. >From the issue description I'm not able to understand what exactly client and server doing. Please tell me what packet client has to send or else please provide me the packet

[openssl-dev] [openssl.org #3699] openssl-1.0.2, fips sparc multiply defined _sparcv9_vis1_instrument_bus, _sparcv9_vis1_instrument_bus2

On Tue Feb 02 21:46:59 2016, rsalz wrote: > Sorry, we can't touch the FIPS code any more without sponsorship. Though if this is still a problem a workaround is to rename the symbols on the OpenSSL side outside the FIPS code. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer.

[openssl-dev] [openssl.org #2937] Handshake performance degradation in 1.0.1 and up.

The patches were large and added new features and API's which isn't appropriate for bugfix releases. In the master branch, branch the PRF functionality has been redirected to libcrypto so it's possible it can be optimised by using a more efficient implementation in crypto/kdf or in an engine.

[openssl-dev] [openssl.org #1556] CRYPTO_set_id_callback/CRYPTO_set_idptr_callback issues

Please see https://github.com/openssl/openssl/pull/451 which is what we'll be doing moving forward. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2591] bug report : cryptlib.c : within CRYPTO_thread_id() use pthread_self() instead of getpid()

Please see https://github.com/openssl/openssl/pull/451 which is what we'll be doing for threads moving forward -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] Gource visualisation of OpenSSL commits

FYI. Take a look at how the commit logs of OpenSSL can be visualised using the cool program Gource [1]: https://www.youtube.com/watch?v=068ePuZ5OWw Notice how the Heartbleed (?) bug caused the commit rate and number of contributors increases at time 8:10 (May 2014). [1]

Re: [openssl-dev] Gource visualisation of OpenSSL commits

> Take a look at how the commit logs of OpenSSL can be visualised using the > cool program Gource [1]: > https://www.youtube.com/watch?v=068ePuZ5OWw > > Notice how the Heartbleed (?) bug caused the commit rate and number of > contributors increases at time 8:10 (May 2014). > > [1]

  1   2   >