Re: [openssl-dev] links to KDF functions from pkeyutl man are broken

First one is a typo diff --git a/doc/crypto/EVP_PKEY_HKDF.pod b/doc/crypto/EVP_PKEY_HKDF.pod index 00c0a76..8a5ef98 100644 --- a/doc/crypto/EVP_PKEY_HKDF.pod +++ b/doc/crypto/EVP_PKEY_HKDF.pod @@ -2,7 +2,7 @@ =head1 NAME -EVP_PKEY_HKDF; EVP_PKEY_CTX_set_hkdf_md, EVP_PKEY_CTX_set1_hkdf_salt,

[openssl-dev] [openssl.org #4379] "arch/async_posix.h:67:24: error: ucontext.h: No such file or directory" under OpenBSD 5.7/64-bit

cc -I.. -I../.. -I../modes -I../include -I../../include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM

[openssl-dev] [openssl.org #4378] Multiple warnings under OpenBSD 5.7/64-bit

OpenBSD uses GCC 4.2.1 $ egrep -B 1 'warning|error' openssl-log.txt ecp_nistz256.c: In function 'ecp_nistz256_points_mul': ecp_nistz256.c:1131: warning: ignoring alignment for stack allocated 't' ecp_nistz256.c:1131: warning: ignoring alignment for stack allocated 'p' -- b_addr.c: In function

Re: [openssl-dev] cipher order

On Fri, Mar 4, 2016 at 11:00 PM Viktor Dukhovni wrote: > > > On Mar 4, 2016, at 3:57 PM, Emilia Käsper wrote: > > > > I've updated the pull to do a much more substantial cleanup. > > What will @STRENGTH mean in this context? Will ignore > the

Re: [openssl-dev] cipher order

> Browsers have largely decided to implement GCM-modes only with AES128. > Chrome is now about to change that. Not sure if other browsers will > follow. > > Right now if you configure a server with openssl's cipher suite > ordering it is likely that a connection will happen with AES256 in CBC >

Re: [openssl-dev] cipher order

> On Mar 4, 2016, at 3:57 PM, Emilia Käsper wrote: > > I've updated the pull to do a much more substantial cleanup. What will @STRENGTH mean in this context? Will ignore the distinction between AES256 and AES128? What does this do to the @SECLEVEL interface which tries to

Re: [openssl-dev] Source code BIO_printf() function

It's defined in openssl/crypto/bio/b_print.c -- View this message in context: http://openssl.6102.n7.nabble.com/Source-code-BIO-printf-function-tp64330p64335.html Sent from the OpenSSL - Dev mailing list archive at Nabble.com. -- openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] Source code BIO_printf() function

Seconded CHOW Anthony's advice. GitHub is much quicker, and returns 11 pages of results. Much easier to parse thru their UI than command prompt/favorite text editor :) On Mar 4, 2016 1:30 PM, "CHOW Anthony" wrote: > Try Github: https://github.com/openssl/openssl

Re: [openssl-dev] [PATCH] Do not offer options like -ssl2, -tls1, -dtls if they are not compiled in

Thanks for your promptly response, Viktor. Viktor Dukhovni wrote: > > On Mar 3, 2016, at 8:07 PM, Ángel González > > wrote: > > > > They were showed in the help, but providing them failed with an > > “unknown option” error, and showed the help which listed it > > as a valid

Re: [openssl-dev] Source code BIO_printf() function

Try Github: https://github.com/openssl/openssl -Original Message- From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of MusseRedi Sent: Friday, March 04, 2016 12:29 PM To: openssl-dev@openssl.org Subject: [openssl-dev] Source code BIO_printf() function I'm new to the

Re: [openssl-dev] Source code BIO_printf() function

If you have the source downloaded, you can use fgrep, sed, or silversearcher to find all instances of `BIO_printf` in the source. Recursively search through entire project, or section by section if load gets too intense. On Mar 4, 2016 1:24 PM, "MusseRedi" wrote: > I'm new

[openssl-dev] Source code BIO_printf() function

I'm new to the OpenSSL project, and was wondering where I can find the source code for the BIO_printf() function. -- View this message in context: http://openssl.6102.n7.nabble.com/Source-code-BIO-printf-function-tp64330.html Sent from the OpenSSL - Dev mailing list archive at Nabble.com. --

[openssl-dev] [openssl.org #4376] pull request 785

On Fri Mar 04 14:35:30 2016, darovskikh.and...@gmail.com wrote: > Hi > > I'm using openssl 1.0.2 library for SSL connection. > For supporting TLS1.2 protocol with client cert from windows cert store I > modified openssl capi engine. In method capi_rsa_sign I initialize > Microsoft Enhanced RSA and

[openssl-dev] Solaris Sparc: Text relocation remains against symbol ecp_nistz256_point_add_vis3

OpenSSl 1.1.0 pre 3 on Solaris 10 Sparc using GCC 4.9.3 but Solaris linker and assembler % /usr/ccs/bin/as -V /usr/ccs/bin/as: SunOS 5.10 118683-08 Patch 07/05/2012 % /usr/ccs/bin/ld -V ld: Software Generation Utilities - Solaris Link Editors: 5.10-1.497 When linking other software against

Re: [openssl-dev] cipher order

I've updated the pull to do a much more substantial cleanup. On Thu, Mar 3, 2016 at 6:16 PM Emilia Käsper wrote: > Hm, I think that I actually agree. But David's done enough, so I'll have a > look myself. > > On Thu, Mar 3, 2016 at 5:33 PM Blumenthal, Uri - 0553 - MITLL < >

Re: [openssl-dev] Solaris 10 80-test_ca failure

My patch will work for both solaris versions then. Can someone commit the fix ? >-- Original Message -- > >Am 03.03.2016 um 18:51 schrieb Erik Forsberg: >> >> I have been having 32-bit only test failures from test_ca >> for quite a while now on Solaris 10 (1.1.pre), Finally figured >> out what is

[openssl-dev] [openssl.org #4366] OS X 10.5, 64-bit PPC, no-asm, and "Failed test 'running asynctest'"

needs tersting once 4377 is fixec -- Rich Salz, OpenSSL dev team; rs...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4366 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4365] OS X 10.5, 64-bit PPC, and chacha-ppc.s:454:Parameter syntax error (parameter 1)

per OP, clsoing this. -- Rich Salz, OpenSSL dev team; rs...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4365 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4366] OS X 10.5, 64-bit PPC, no-asm, and "Failed test 'running asynctest'"

closing thanks! -- Rich Salz, OpenSSL dev team; rs...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4366 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4366]: OS X 10.5, 64-bit PPC, and chacha-ppc.s:454:Parameter syntax error (parameter 1)

>> cc -I.. -I../.. -I../modes -I../include -I../../include -DDSO_DLFCN >> -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE >> -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM >> -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DPOLY1305_ASM >> -DOPENSSLDIR="\"/usr/local/ssl\"" >>

[openssl-dev] [openssl.org #4377] Prevent potential NULL pointer dereference in OpenSSL-1.0.2g (CWE-476)

Hello All, In reviewing code in directory 'crypto/evp', in file 'openbsd_hw.c', there is a call to OPENSSL_realloc() which is NOT checked for a return value of NULL, indicating failure. However, the statement after this is memcpy(), which if the destination variable is NULL, will result in a

Re: [openssl-dev] ALPN and SNI callbacks in 1.0.2

Hi, I created pull request to reorder SNI/ALPN processing, such that ALPN occurs after SNI. Since SNI may change the SSL_CTX, and the ALPN callback is defined on the SSL_CTX, it makes sense to allow SNI to possibly update the SSL_CTX, and then do ALPN processing (possibly for a new virtual

Re: [openssl-dev] links to KDF functions from pkeyutl man are broken

> where section is "1" or "3" as appropriate. Links across sections are useful. Absolutely. They're criticial. The build script on the website needs a tweak (or the manpage does), that's all. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4376] pull request 785

Hi I'm using openssl 1.0.2 library for SSL connection. For supporting TLS1.2 protocol with client cert from windows cert store I modified openssl capi engine. In method capi_rsa_sign I initialize Microsoft Enhanced RSA and AES Cryptographic Provider. It support sha256 - sha512 hash algs. It used

Re: [openssl-dev] [openssl.org #4362] chacha-x86.pl has stricter aliasing requirements than other files

>> Fear is irrational and destructive feeling. Having faith that world is >> better than that it nothing but healthy :-) What I'm saying is that >> let's put a little bit more substance into discourse. Would anybody >> consider it *sane* programming practice to rely on partially overlapping >>

Re: [openssl-dev] links to KDF functions from pkeyutl man are broken

> On Mar 4, 2016, at 5:24 AM, Salz, Rich wrote: > > Yes, links across sections (apps/crypto etc) don’t work well. We could put all the docs in a single directory. If we were worried about collisions, switch from: page.html => page..html where section is "1" or "3"

Re: [openssl-dev] [openssl.org #4362] chacha-x86.pl has stricter aliasing requirements than other files

> On Mar 4, 2016, at 7:24 AM, Andy Polyakov via RT wrote: > > Fear is irrational and destructive feeling. Having faith that world is > better than that it nothing but healthy :-) What I'm saying is that > let's put a little bit more substance into discourse. Would anybody >

Re: [openssl-dev] links to KDF functions from pkeyutl man are broken

Dear Stephen, On Fri, Mar 4, 2016 at 4:00 PM, Dr. Stephen Henson wrote: > On Fri, Mar 04, 2016, Dmitry Belyavsky wrote: > > > Dear Rich, > > > > Is it possible to add a command line option to select hash algorithm used > > in the PRF calculations? > > GOST ciphersuites, for

Re: [openssl-dev] links to KDF functions from pkeyutl man are broken

On Fri, Mar 04, 2016, Dmitry Belyavsky wrote: > Dear Rich, > > Is it possible to add a command line option to select hash algorithm used > in the PRF calculations? > GOST ciphersuites, for example, use TLS1 PRF based on the GOST digest > algorithms. > I think it's already there -pkeyopt md:

Re: [openssl-dev] [openssl.org #4362] chacha-x86.pl has stricter aliasing requirements than other files

>>> If the other EVP ciphers universally allow this then I think we must >> treat this >>> as a bug, because people may be relying on this behaviour. There is also >>> sporadic documentation in lower-level APIs (AES source and des.pod) that >> the >>> buffers may overlap. >>> >>> If it's

Re: [openssl-dev] [openssl.org #4362] chacha-x86.pl has stricter aliasing requirements than other files

On Fri, Mar 4, 2016 at 12:48 PM Andy Polyakov via RT wrote: > > If the other EVP ciphers universally allow this then I think we must > treat this > > as a bug, because people may be relying on this behaviour. There is also > > sporadic documentation in lower-level APIs (AES

Re: [openssl-dev] [openssl.org #4362] chacha-x86.pl has stricter aliasing requirements than other files

On Fri, Mar 4, 2016 at 12:48 PM Andy Polyakov via RT wrote: > > If the other EVP ciphers universally allow this then I think we must > treat this > > as a bug, because people may be relying on this behaviour. There is also > > sporadic documentation in lower-level APIs (AES

Re: [openssl-dev] [openssl.org #4362] chacha-x86.pl has stricter aliasing requirements than other files

> If the other EVP ciphers universally allow this then I think we must treat > this > as a bug, because people may be relying on this behaviour. There is also > sporadic documentation in lower-level APIs (AES source and des.pod) that the > buffers may overlap. > > If it's inconsistent then, at

Re: [openssl-dev] links to KDF functions from pkeyutl man are broken

Send a patch ☺ -- Senior Architect, Akamai Technologies IM: richs...@jabber.at Twitter: RichSalz From: Dmitry Belyavsky [mailto:beld...@gmail.com] Sent: Friday, March 04, 2016 2:29 AM To: openssl-dev@openssl.org Subject: Re: [openssl-dev] links to KDF functions from pkeyutl man are broken Dear

Re: [openssl-dev] links to KDF functions from pkeyutl man are broken

Dear Rich, Is it possible to add a command line option to select hash algorithm used in the PRF calculations? GOST ciphersuites, for example, use TLS1 PRF based on the GOST digest algorithms. Thank you! On Fri, Mar 4, 2016 at 1:24 PM, Salz, Rich wrote: > Yes, links across

Re: [openssl-dev] links to KDF functions from pkeyutl man are broken

Yes, links across sections (apps/crypto etc) don’t work well. -- Senior Architect, Akamai Technologies IM: richs...@jabber.at Twitter: RichSalz From: Michel [mailto:michel.sa...@free.fr] Sent: Friday, March 04, 2016 2:06 AM To: openssl-dev@openssl.org Subject: [openssl-dev] links to KDF

[openssl-dev] links to KDF functions from pkeyutl man are broken

Hi, Just to let you know that the links to EVP_PKEY_HKDF and EVP_PKEY_TLS1_PRF are not [yet ?] operational. https://www.openssl.org/docs/manmaster/apps/pkeyutl.html Regards, Michel. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] overflow issue in b2i_PVK_bio

On 03/03/16 11:54, Marcus Meissner wrote: > Hi, > > https://guidovranken.wordpress.com/2016/03/01/public-disclosure-malformed-private-keys-lead-to-heap-corruption-in-b2i_pvk_bio/ > > Integer overflow in b2i_PVK_bio > > Have you assigned a CVE internally for that already? > > Ciao, Marcus >

Re: [openssl-dev] Solaris 10 80-test_ca failure

Am 03.03.2016 um 18:51 schrieb Erik Forsberg: I have been having 32-bit only test failures from test_ca for quite a while now on Solaris 10 (1.1.pre), Finally figured out what is wrong. I build both 32-bit and 64-bit libraries. My /usr/local/bin/perl is always 64-bit, used to be required for