Re: [openssl-dev] [PATCH] Do not offer options like -ssl2, -tls1, -dtls if they are not compiled in

> On Mar 3, 2016, at 8:07 PM, Ángel González wrote: > > They were showed in the help, but providing them failed with an > “unknown option” error, and showed the help which listed it > as a valid option. The patch is not right. For example, when TLSv1 is disabled, it is

[openssl-dev] [PATCH] Do not offer options like -ssl2, -tls1, -dtls if they are not compiled in

They were showed in the help, but providing them failed with an “unknown option” error, and showed the help which listed it as a valid option. --- Patch against the stable 1.0.2 branch.  apps/s_client.c | 8 +++-  1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/apps/s_client.c

[openssl-dev] [openssl.org #4375] [PATCH] Missing Sanity Checks for OPENSSL_malloc() in OpenSSL-1.0.2g

Hello All, In reviewing code in OpenSSL-1.0.2g, in directory 'ssl', file 'ssl_ciph.c', in function ''SSL_COMP_add_compression_method()'', there is a call to OPENSSL_malloc() which is not checked for a return value of NULL, indicating failure. The patch file below should address/correct this

[openssl-dev] [openssl.org #4374] [PATCH] Potential for NULL pointer dereferences in OpenSSL-1.0.2g (CWE-476)

Hello All, In reviewing source code in directory 'openssl-1.0.2g/crypto/evp', in file 'openbsd_hw.c', there are a few instances where OPENSSL_malloc() is called, but immediately afterwards a call to memcpy() is made with the return value from the call to OPENSSL_malloc(), but no check for a

[openssl-dev] ALPN and SNI callbacks in 1.0.2

We’ve run into an issue with the ALPN and SNI TLS extension callbacks in 1.0.2. The same behavior may be in master, but I have yet to check. In summary, the ALPN selection callback is invoked before the SNI/servername callback, yet the ALPN value returned may be dependent on the server being

[openssl-dev] Issue #616 on Github | ec_mult.c | ec_wNAF_mul()

Requesting input from people that have worked on the ec_mult.c file in the past. Issue on Github:https://github.com/openssl/openssl/issues/616 We would like to know the purpose of the dead code in question in the ec_wNAF_mul() function below (starts around line 323 of the file): if (tmp_len <=

[openssl-dev] Solaris 10 80-test_ca failure

I have been having 32-bit only test failures from test_ca for quite a while now on Solaris 10 (1.1.pre), Finally figured out what is wrong. I build both 32-bit and 64-bit libraries. My /usr/local/bin/perl is always 64-bit, used to be required for assembler support. LD_PRELOAD is used to force

Re: [openssl-dev] cipher order

Hm, I think that I actually agree. But David's done enough, so I'll have a look myself. On Thu, Mar 3, 2016 at 5:33 PM Blumenthal, Uri - 0553 - MITLL < u...@ll.mit.edu> wrote: > On 3/3/16, 11:30 , "openssl-dev on behalf of Hanno Böck" >

[openssl-dev] 1.1-pre: test 80 fails

$ ./Configure darwin64-x86_64-cc enable-rfc3779 threads zlib enable-ec_nistp_64_gcc_128 shared --prefix=/Users/ur20980/src/openssl-1.1 --openssldir=/Users/ur20980/src/openssl-1.1/etc —unified . . . . . . $ make depend && make clean && make all && make test && make install . . . . . .

Re: [openssl-dev] cipher order

On 3/3/16, 11:30 , "openssl-dev on behalf of Hanno Böck" wrote: >On Thu, 03 Mar 2016 16:18:57 + Emilia Käsper >wrote: >>https://github.com/openssl/openssl/pull/783 > >This is different from what I had in mind.

Re: [openssl-dev] cipher order

On Thu, 03 Mar 2016 16:18:57 + Emilia Käsper wrote: > https://github.com/openssl/openssl/pull/783 This is different from what I had in mind. What this patch does is sort e.g. chacha/poly and aes256-gcm before aes256-cbc. It does however not sort aes128-gcm before

Re: [openssl-dev] cipher order

https://github.com/openssl/openssl/pull/783 Courtesy of David Benjamin. On Thu, Mar 3, 2016 at 4:34 PM Blumenthal, Uri - 0553 - MITLL < u...@ll.mit.edu> wrote: > +1 > > Sent from my BlackBerry 10 smartphone on the > Verizon Wireless 4G LTE network. > Original Message > From: Hanno Böck >

Re: [openssl-dev] cipher order

+1 Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.   Original Message   From: Hanno Böck Sent: Thursday, March 3, 2016 07:28 To: openssl-dev@openssl.org Reply To: openssl-dev@openssl.org Subject: [openssl-dev] cipher order Hi, Last year I proposed to change the

Re: [openssl-dev] [openssl.org #3716] Patch for setting preferred cipher list

Yes, not absolutely necessary. -- -Todd Short // tsh...@akamai.com // "One if by land, two if by sea, three if by the Internet." -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3716 Please log in as guest with password guest if prompted -- openssl-dev

[openssl-dev] cipher order

Hi, Last year I proposed to change the ciphering order in OpenSSL to always prefer AEAD cipher suites before CBC/HMAC-based ones: https://mta.openssl.org/pipermail/openssl-dev/2015-January/000421.html I just checked openssl 1.1.0 alpha and it still orders ciphers in an imho problematic way.

[openssl-dev] overflow issue in b2i_PVK_bio

Hi, https://guidovranken.wordpress.com/2016/03/01/public-disclosure-malformed-private-keys-lead-to-heap-corruption-in-b2i_pvk_bio/ Integer overflow in b2i_PVK_bio Have you assigned a CVE internally for that already? Ciao, Marcus -- openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] Configure zlib broken in latest 1.1 git

In message on Wed, 2 Mar 2016 23:24:41 -0800, "Erik Forsberg" said: erik> erik> https://github.com/openssl/openssl/commit/98fdbce09144a8addc6682a0ffd8ac92b2ce70b1 erik> erik> broke Configure zlib erik> the required -lz never makes it into the