[openssl-dev] [openssl.org #4684] Potential problem with OPENSSL_cleanse

Hi, Please read: http://www.metzdowd.com/pipermail/cryptography/2016-September/030151.html We use the same construct for our OPENSSL_cleanse, but I think we also have assmebler versions. Kurt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4684 Please log in as guest with

Re: [openssl-dev] [openssl.org #4256] CA.pl usage() does not mention -signcert

On Tue, Jan 19, 2016 at 07:25:04PM +, Kaduk, Ben via RT wrote: > Part of the patch submitted to RT #844 includes a patch to the usage > message of CA.pl. Although the functionality itself of CA.pl was > rewritten for 1.1 (so that #844 was closed), the usage message remains > incomplete, and

Re: [openssl-dev] [openssl.org #4623] OpenSSL master regression in handling malformed Client Key Exchange messages in RSA key exchange

On Fri, Jul 22, 2016 at 10:16:16PM +, David Benjamin via RT wrote: > On Fri, Jul 22, 2016 at 7:30 PM Hubert Kario via RT wrote: > > > On Friday, 22 July 2016 17:14:43 CEST Stephen Henson via RT wrote: > > > On Fri Jul 22 14:56:11 2016, hka...@redhat.com wrote: > > > > the

Re: [openssl-dev] [Pkg-openssl-devel] Bug#829272: Fwd: [openssl.org #4602] Missing accessors

On Mon, Jul 11, 2016 at 02:53:05PM +0200, Mischa Salle wrote: > Hi Richard, Mattias, others, > > I agree with you that it would be nice if OpenSSL could figure out > itself whether a cert needs to be treated as a proxy, but currently that > doesn't work reliably as far as I know. > The flag is

Re: [openssl-dev] [openssl.org #4614] pthread_once and malloc failures

On Mon, Jul 11, 2016 at 05:48:06PM +, Salz, Rich via RT wrote: > Previously we've changed return-types from void to int. If there's still > time, that seems like the thing to do here. I've pushed a branched on github that at least does some of the things. See github #1330. Kurt --

Re: [openssl-dev] [openssl.org #4591] asynctest: double free or corruption on hppa

On Tue, Jul 19, 2016 at 02:12:41PM +, Matt Caswell via RT wrote: > > Is this still an issue? And if so are you able to provide a backtrace? This might be a combination of kernel, glibc and gcc bugs, some of which might have been fixed. In any case, I don't think it's an openssl problem.

[openssl-dev] [openssl.org #4614] pthread_once and malloc failures

Hi, When trying to check what happens if we simulate malloc() returning NULL I'm running into a problem that I'm not sure how to deal with. We have CRYPTO_THREAD_run_once(), which takes an init() function that returns void, so it can't return failures. At least the pthread_once() function also

Re: [openssl-dev] [openssl.org #4602] Missing accessors

On Thu, Jul 07, 2016 at 09:40:24PM +, Richard Levitte via RT wrote: > On Sat Jul 02 10:59:38 2016, k...@roeckx.be wrote: > > /* Add to include/openssl/x509v3.h */ > > > > void X509_set_extension_flags(X509 *x, uint32_t ex_flags); > > void X509_clear_extension_flags(X509 *x, uint32_t ex_flags);

[openssl-dev] [openssl.org #4605] OCSP accessors

In https://bugs.debian.org/828254, for the software "bro" I got a request for accessors to: - For OCSP_RESPID *rid: - rid->type - rid->value.byKey->length - rid->value.byKey->data - For OCSP_BASICRESP *basic: - basic->certs - basic->tbsResponseData->responderId Kurt -- Ticket

[openssl-dev] [openssl.org #4603] HMAC_Init_ex incompatible change (possibly doc bug)

Hi, I received the following bug: https://bugs.debian.org/829108 the HMAC manpage states: HMAC_Init_ex() initializes or reuses a HMAC_CTX structure to use the function evp_md and key key. Either can be NULL, in which case the existing one will be reused. However, the current code does

[openssl-dev] [openssl.org #4602] Missing accessors

Hi, I received the following bug in debian: https://bugs.debian.org/829272 I got a lot of bugs filed about packages FTBFS with openssl 1.1.0. I started to look at some of them, and many of them are due too structures having been made opaque. In many cases accessors already exists, but

Re: [openssl-dev] [openssl.org #4589] Resolved: simplifying writing code that is 1.0.x and 1.1.x compatible

On Mon, Jun 27, 2016 at 08:50:43PM +, Thomas Waldmann via RT wrote: > I didn't ask where to get the missing code from, I asked whether you > maybe want to make life simpler for people by adding this to 1.0.x > rather than having a thousand software developers copy and pasting it > into their

[openssl-dev] [openssl.org #4591] asynctest: double free or corruption on hppa

Hi, My last upload of openssl to experimental show this on hppa: *** Error in `./asynctest': double free or corruption (out): 0x007307d8 *** ../util/shlib_wrap.sh ./asynctest => 134 # Failed test 'running asynctest' # at ../test/testlib/OpenSSL/Test/Simple.pm line 77. # Looks like you failed

Re: [openssl-dev] [openssl.org #4550] hppa assembler problem

On Mon, May 30, 2016 at 08:37:56PM +, Andy Polyakov via RT wrote: > > I'm getting assembler errors on hppa that look like: > > crypto/aes/aes-parisc.s: Assembler messages: > > crypto/aes/aes-parisc.s:3: Error: unknown pseudo-op: `.subspa' > > crypto/aes/aes-parisc.s:7: Error: Unknown opcode:

[openssl-dev] [openssl.org #4550] hppa assembler problem

Hi, I'm getting assembler errors on hppa that look like: crypto/aes/aes-parisc.s: Assembler messages: crypto/aes/aes-parisc.s:3: Error: unknown pseudo-op: `.subspa' crypto/aes/aes-parisc.s:7: Error: Unknown opcode: `aes_encrypt' crypto/aes/aes-parisc.s:11: Error: Missing function name for .PROC

[openssl-dev] [openssl.org #4549] powerpc test problem: missing symbols

Hi, I'm seeing this on powerpc: ../test/recipes/01-test_ordinals.t . ok # Failed test 'check that there are no missing symbols in libcrypto.so' # at ../test/recipes/01-test_symbol_presence.t line 112. # Looks like you failed 1 test of 4. ../test/recipes/01-test_symbol_presence.t ..

[openssl-dev] [openssl.org #4548] s390x build problem

Hi, I'm getting: crypto/chacha/chacha-s390x.S: Assembler messages: crypto/chacha/chacha-s390x.S:7: Error: Unrecognized opcode: `clgije' A full build log is available on: https://buildd.debian.org/status/fetch.php?pkg=openssl=s390x=1.1.0~pre5-1=1464594754 Kurt -- Ticket here:

Re: [openssl-dev] [openssl.org #4524] [BUG] TLS 1.2 handshake hangs for TLS 1.0 only hosts

On Sat, Apr 30, 2016 at 08:59:46PM +, Matt Caswell via RT wrote: > > This is not a bug in OpenSSL. The problem here is that the server is behaving > incorrectly when receiving large ClientHello messages. The ClientHello is the > first message that is sent from the client to the server. If a

Re: [openssl-dev] [openssl.org #4392] [PATCH] Resolve DTLS cookie and version before session resumption.

On Mon, Mar 07, 2016 at 10:03:20PM +, David Benjamin via RT wrote: > Session resumption involves a version check, so version negotiation must > happen first. Currently, the DTLS implementation cannot do session > resumption in DTLS 1.0 because the ssl_version check always checks against > 1.2.

Re: [openssl-dev] [openssl.org #4445] Configure does not honor enable-afalgeng

On Fri, Mar 18, 2016 at 01:18:04PM +, Matt Caswell wrote: > > > On 18/03/16 12:52, noloa...@gmail.com via RT wrote: > > I've configured with: > > > > ./config enable-afalgeng > > > > When I run the self tests, I see: > > > > ../test/recipes/30-test_afalg.t ... skipped:

Re: [openssl-dev] [openssl.org #4424] openssl 1.0.2.g and Indy-Procjet

On Sun, Mar 13, 2016 at 02:09:34PM +, Olaf Kirfel via RT wrote: > Hallo > I am using Embarcadero/Borland C++-Builder for my personal interest and > I have the problem, that after the update to openssl 1.0.2g the > indy-components are not working. > They are delivering an error message like

Re: [openssl-dev] [openssl.org #4422] OS X 32-bit PowerPC: blake2b.c:27: warning: integer constant is too large for 'unsigned long' type

On Sun, Mar 13, 2016 at 11:27:23AM +, noloa...@gmail.com via RT wrote: > >> static const uint64_t blake2b_IV[8] = > >> { > >> 0x6a09e667f3bcc908U, 0xbb67ae8584caa73bU, > >> 0x3c6ef372fe94f82bU, 0xa54ff53a5f1d36f1U, > >> 0x510e527fade682d1U, 0x9b05688c2b3e6c1fU, > >>

Re: [openssl-dev] [openssl.org #4422] OS X 32-bit PowerPC: blake2b.c:27: warning: integer constant is too large for 'unsigned long' type

On Sun, Mar 13, 2016 at 07:15:52AM -0400, Jeffrey Walton wrote: > On Sun, Mar 13, 2016 at 6:57 AM, Kurt Roeckx via RT <r...@openssl.org> wrote: > > On Sun, Mar 13, 2016 at 10:30:54AM +, noloa...@gmail.com via RT wrote: > >> crypto/blake2/blake2b.c:27: warning: integ

Re: [openssl-dev] [openssl.org #4422] OS X 32-bit PowerPC: blake2b.c:27: warning: integer constant is too large for 'unsigned long' type

On Sun, Mar 13, 2016 at 10:30:54AM +, noloa...@gmail.com via RT wrote: > crypto/blake2/blake2b.c:27: warning: integer constant is too large for > 'unsigned long' type That's a uint64_t. Why do you have an "unsigned long" as 64 bit uint64_t? Kurt -- Ticket here:

Re: [openssl-dev] [openssl.org #4411] VIA C7-D processor: Hang in 30-test_afalg.t

On Sun, Mar 13, 2016 at 06:29:14AM +, noloa...@gmail.com via RT wrote: > >> It looks like the hang is still present as of 603358d. > >> > >> When the following runs: > >> > >> ../test/recipes/30-test_afalg.t > >> > >> What is actually running? How can I get it under a debugger? > > > > > >

Re: [openssl-dev] [openssl.org #4355] OpenSSL 1.0.2 branch fails to build with MSVC

On Sun, Feb 28, 2016 at 02:33:34PM +, Simon Richter via RT wrote: > Hi, > > I just got this from our Jenkins instance that follows OpenSSL 1.0.2: That should have been fixed some time ago, but it seems your mail only got here today. Kurt -- Ticket here:

Re: [openssl-dev] [openssl.org #4369] OS X 10.5, 32-bit PPC, and "passing argument 2 of 'cmov' discards qualifiers from pointer target type"

On Wed, Mar 02, 2016 at 04:16:37PM +, noloa...@gmail.com via RT wrote: > curve25519.c: In function 'table_select': > curve25519.c:3323: warning: passing argument 2 of 'cmov' discards That should be fixed shortly. Kurt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4369

Re: [openssl-dev] [openssl.org #4352] Failed test 'Duplicate ClientHello extension' when testing under Clang undefined behavior sanitizer

On Sat, Feb 27, 2016 at 01:58:26AM +, noloa...@gmail.com via RT wrote: > Platform is Linux, x86_64. The failure occurs under Clang with the > sanitizer. GCC is fine. > > I'm guessing the error output from the Undefined Behavior sanitizer is > causing the test to be interpreted as a fail. It

Re: [openssl-dev] [openssl.org #4301] [BUG] OpenSSL 1.1.0-pre2 fails to parse x509 certificate in DER format

On Thu, Feb 11, 2016 at 10:53:25PM +, Blumenthal, Uri - 0553 - MITLL wrote: > Might I suggest that the right thing in this case would be to keep generation > strict, but relax the rules on parsing? "Be conservative in what you send, > and liberal with what you receive"? This might be good

Re: [openssl-dev] [openssl.org #4288] [BUG] Xmm7 register is cobbered in aesni_gcm_decrypt on win64

Fixed. Kurt - http://rt.openssl.org/Ticket/Display.html?id=4288 Please log in as guest with password guest if prompted ___ openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] [openssl.org #4075] Enhancement request: Camellia ECDHE+GCM suites

On Thu, Feb 04, 2016 at 10:10:06AM +, Moonchild via RT wrote: > Really? > > That's all we get, a one-liner, no explanation, no rationale, response? > It's not even "brand new" functionality, Camellia as a raw cipher is already > in there, the only difference is wrapping it into GCM-based

Re: [openssl-dev] [openssl.org #2460] OCSP server uses only IP6

On Thu, Feb 04, 2016 at 08:07:15PM +, Rich Salz via RT wrote: > i think -- I'm not sure what you think. But all the apps currently only create 1 socket, which on some OSes could mean that it's IPv6 (or IPv4) only. It needs more work. Kurt

Re: [openssl-dev] [openssl.org #4286] Debug in OpenSSL

On Mon, Feb 01, 2016 at 10:21:30PM +, Tiantian Liu via RT wrote: > Hi, ALL, > > I am software developer who is struggling with encryption and decryption > issues in my application. > > Our customer complained our application crashed at the point where OpenSSL > method,

Re: [openssl-dev] [openssl.org #4271] Enhancement Request: Support TCP Fast Open

On Tue, Jan 26, 2016 at 02:17:57PM +, Sara Dickinson via RT wrote: > > > On 25 Jan 2016, at 18:42, Kurt Roeckx via RT <r...@openssl.org> wrote: > > > > On Mon, Jan 25, 2016 at 06:24:55PM +, Sara Dickinson via RT wrote: > >> Hi, > >> >

Re: [openssl-dev] [openssl.org #4271] Enhancement Request: Support TCP Fast Open

On Mon, Jan 25, 2016 at 06:24:55PM +, Sara Dickinson via RT wrote: > Hi, > > I would like to request that support be added to OpenSSL to enable client > applications to make use use of TCP Fast Open > (https://tools.ietf.org/html/rfc7413 ) > when

Re: [openssl-dev] [openssl.org #4148] PCKS1 type 1 Padding check error

On Wed, Nov 18, 2015 at 03:24:51PM +, Özgan, Tolgahan Jonas via RT wrote: > Dear List, > I have found a BUG in the function > " RSA_padding_check_PKCS1_type_1 " [...] > > the pointer p is incremented after the check therefore p is always the first > octet of the padded string. In the Case of

Re: [openssl-dev] [openssl.org #4218] Invalid typecasting in CRYPTO_ctr128_encrypt

On Tue, Jan 05, 2016 at 05:36:35PM +, Bjorn Kornefalk via RT wrote: > OpenSSL 1.0.2e > > At line 156 of crypto/modes/ctr128.c > > const unsigned char *in, > unsigned char *out, > unsigned char ivec[16], > unsigned char ecount_buf[16] > >*(size_t *)(out + n) = >*(size_t *)(in +

Re: [openssl-dev] [openssl.org #4206] [PATCH] Add cipher alias for ChaCha20

On Mon, Dec 28, 2015 at 03:01:28PM +, Short, Todd via RT wrote: > Hello OpenSSL.org: > > This is a patch for the master branch. The changes in master to add ChaCha20 > to OpenSSL do not include an alias for the cipher in the "openssl cipher" > command, nor in the cipher

Re: [openssl-dev] [openssl.org #4203] OpenSSL 1.0.2e. Failed build due to (possibly) wrong include of dummytest.c

On Sat, Dec 26, 2015 at 08:26:24PM +, Anton Prytkov via RT wrote: > 3. Build fails at c:/openssl/1.0.2e/test/md2test.c, line 1 > Can not parse. It says: #include Why can't that be parsed? > 4. Solution: > change line 1: > openssl-1.0.2e/dummytest.c > to: > #include "dummytest.c" There is

Re: [openssl-dev] [openssl.org #4155] In function int_thread_del_item, when hash == int_thread_hash, one is passed to free and the other is used in a comparison

On Mon, Nov 30, 2015 at 08:12:58PM +, Kurt Roeckx via RT wrote: > On Tue, Nov 24, 2015 at 11:06:44AM +, Pascal Cuoq via RT wrote: > > This issue is similar in nature to 4151 > > (http://www.mail-archive.com/openssl-dev@openssl.org/msg40950.html ): it is > > about a d

Re: [openssl-dev] [openssl.org #4195] remove duplicates in util/libeay.num

On Tue, Dec 22, 2015 at 09:03:56AM +, Roumen Petrov via RT wrote: > Hello, > > After remove of some global variables in export file left double Patch applied. Kurt ___ openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] [openssl.org #4184] Memory leak in DSA redo case

Fixed. Kurt ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4190] Missing Check for duplicate Prime-Value of p and q in openssl 0.9.8o

On Mon, Dec 21, 2015 at 01:51:45PM +, Felix via RT wrote: > That does not matter from a technical point of view. > > The Problem ist the same with 2048-Bit RSA. If you're worried that p and q might be the same random number, I think you should have other concerns. Kurt

Re: [openssl-dev] [openssl.org #4185] Bug in EVP_MD_CTX_copy_ex's malloc failure handling

On Wed, Dec 16, 2015 at 11:34:56PM +, David Benjamin via RT wrote: > EVP_MD_CTX_copy_ex is implemented with memcpy, followed by manually fixing > up |out->pctx| and |out->md_data|. > >

Re: [openssl-dev] [openssl.org #4172] SRP VBASE stuff still leaking memory

On Thu, Dec 10, 2015 at 12:17:04PM +, Kurt Roeckx via RT wrote: > On Mon, Dec 07, 2015 at 03:47:56PM +, Michel via RT wrote: > > Hi, > > > > Following my previous mail, here attached is an updated patch against 1.02e > > to fix the SRP VBASE memory

Re: [openssl-dev] [openssl.org #4172] SRP VBASE stuff still leaking memory

On Thu, Dec 10, 2015 at 01:16:48PM +0100, Kurt Roeckx wrote: > On Mon, Dec 07, 2015 at 03:47:56PM +, Michel via RT wrote: > > Hi, > > > > Following my previous mail, here attached is an updated patch against 1.02e > > to fix the SRP VBASE memory leaks. > > Can you confirm that this would be

Re: [openssl-dev] [openssl.org #4172] SRP VBASE stuff still leaking memory

On Mon, Dec 07, 2015 at 03:47:56PM +, Michel via RT wrote: > Hi, > > Following my previous mail, here attached is an updated patch against 1.02e > to fix the SRP VBASE memory leaks. Can you confirm that this would be the correct patch for master? I still need to look at it. Kurt diff

Re: [openssl-dev] [openssl.org #4172] SRP VBASE stuff still leaking memory

On Thu, Dec 10, 2015 at 01:27:38PM +0100, Kurt Roeckx wrote: > On Thu, Dec 10, 2015 at 01:16:48PM +0100, Kurt Roeckx wrote: > > On Mon, Dec 07, 2015 at 03:47:56PM +, Michel via RT wrote: > > > Hi, > > > > > > Following my previous mail, here attached is an updated patch against > > > 1.02e >

Re: [openssl-dev] [openssl.org #4172] SRP VBASE stuff still leaking memory

On Thu, Dec 10, 2015 at 03:19:54PM +0100, Kurt Roeckx wrote: > On Thu, Dec 10, 2015 at 01:27:38PM +0100, Kurt Roeckx wrote: > > On Thu, Dec 10, 2015 at 01:16:48PM +0100, Kurt Roeckx wrote: > > > On Mon, Dec 07, 2015 at 03:47:56PM +, Michel via RT wrote: > > > > Hi, > > > > > > > > Following

Re: [openssl-dev] [openssl.org #4165] 1.0.1q release busted, does not compile

On Thu, Dec 03, 2015 at 08:08:59PM +, Quanah Gibson-Mount via RT wrote: > make[5]: *** No rule to make target `../../include/openssl/idea.h', needed > by `e_idea.o'. Stop. You need to run make depend after configure. ___ openssl-dev mailing list

Re: [openssl-dev] [openssl.org #3910] [PATCH] Build correctly when no_des option is enabled

On Sun, Jun 14, 2015 at 11:59:59PM +, 84.le0n via RT wrote: > > I've had the same problem Osvaldo Calles had when building OpenSSL with > no-des option enabled . > This patch simply add an #ifndef around the first if clause avoiding > EVP_des_ede3_wrap call. This at least causes a test suite

Re: [openssl-dev] [openssl.org #4110] [PATCH] fix ssl_new() error handling on out of memory condition

This should be fixed now. Kurt ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4111] [PATCH] fix ssl3_free NULL dereference on out of memory condition

This should be fixed now. Kurt ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4144] patch: Use '__sun' instead of 'sun' for strict ISO conforming, compiler/options

On Tue, Nov 17, 2015 at 05:43:45PM +, Richard PALO via RT wrote: > I'd like to propose the attached patch to 1.0.2d which avoids problems > with strict ISO conforming compiler/options, which do not define 'sun' only > '__sun' as usual... such as gcc/clang -std=c99 > > This affects the build

Re: [openssl-dev] [openssl.org #4124] Illegal instruction when using aes-ni-sha256 stitched implementation on AMD CPU

On Sun, Nov 08, 2015 at 11:37:55AM +, Tomas Mraz via RT wrote: > The aes-ni-sha256 stitched implementation causes SIGILL on AMD A4-6210. > It is caused by not using the AVX+SSSE3 code path for non-Intel CPUs > although the CPU seems to be fully capable of running it. The issue is now fixed in

Re: [openssl-dev] [openssl.org #4144] patch: Use '__sun' instead of 'sun' for strict ISO conforming, compiler/options

On Tue, Nov 17, 2015 at 05:43:45PM +, Richard PALO via RT wrote: > I'd like to propose the attached patch to 1.0.2d which avoids problems > with strict ISO conforming compiler/options, which do not define 'sun' only > '__sun' as usual... such as gcc/clang -std=c99 I fail to understand how

Re: [openssl-dev] [openssl.org #4144] patch: Use '__sun' instead of 'sun' for strict ISO conforming, compiler/options

On Tue, Nov 17, 2015 at 06:33:22PM +, Richard PALO via RT wrote: > > Strict ISO conforming compilers don't define 'sun', only __sun. Ah, I clearly misunderstood your earlier message. Kurt ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4138] Detection of assembler version

Hi, I just found out that building with at least with the French locale the AVX code is missing. The problem is this code in crypto/sha/asm/sha1-x86_64.pl: if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` =~ /GNU assembler version ([2-9]\.[0-9]+)/) { $avx

Re: [openssl-dev] [openssl.org #4116] [PATCH] Reimplement non-asm OPENSSL_cleanse()

On Wed, Nov 11, 2015 at 05:15:06PM +, Kaduk, Ben via RT wrote: > On 11/11/2015 07:06 AM, Kurt Roeckx via RT wrote: > > On Wed, Nov 11, 2015 at 12:37:56PM +, Alessandro Ghedini via RT wrote: > >> On Wed, Nov 11, 2015 at 11:52:56AM +0000, Kurt Roeckx via RT wrote: > >

Re: [openssl-dev] [openssl.org #4116] [PATCH] Reimplement non-asm OPENSSL_cleanse()

On Wed, Nov 11, 2015 at 11:16:56AM +, Alessandro Ghedini via RT wrote: > > I also added support for explicit_bzero() on OpenBSD. An explicit_bzero() call is no better than whatever OPENSSL_cleanse() does, because it has exactly the same problems. So I don't think this is useful to do. >

Re: [openssl-dev] [openssl.org #4116] [PATCH] Reimplement non-asm OPENSSL_cleanse()

On Wed, Nov 11, 2015 at 12:37:56PM +, Alessandro Ghedini via RT wrote: > On Wed, Nov 11, 2015 at 11:52:56AM +0000, Kurt Roeckx via RT wrote: > > On Wed, Nov 11, 2015 at 11:16:56AM +, Alessandro Ghedini via RT wrote: > > > Also, FTR, apparently SecureZeroMemory() doesn't

Re: [openssl-dev] [openssl.org #4124] Illegal instruction when using aes-ni-sha256 stitched implementation on AMD CPU

On Sun, Nov 08, 2015 at 11:37:55AM +, Tomas Mraz via RT wrote: > The aes-ni-sha256 stitched implementation causes SIGILL on AMD A4-6210. > It is caused by not using the AVX+SSSE3 code path for non-Intel CPUs > although the CPU seems to be fully capable of running it. > > The ia32cap vector is

Re: [openssl-dev] [openssl.org #4116] [PATCH] Reimplement non-asm OPENSSL_cleanse()

On Sat, Oct 31, 2015 at 09:58:50AM -1000, Brian Smith wrote: > Alessandro Ghedini via RT wrote: > > > I was also wondering whether it would make sense to just drop the asm > > implementations. Does the speed-up justify the added complexity? > > > > IMO, it should work like

Re: [openssl-dev] [openssl.org #4107] [PATCH] null pointer dereference: bn_wexpand return code not checked in bn_g2fm.c

On Mon, Oct 26, 2015 at 10:29:43AM +, Pascal Cuoq via RT wrote: > If the calls to bn_wexpand() are guarded as in the attached patch, the null > pointer dereferences no longer occur. The patch has been applied. Kurt ___ openssl-dev mailing list

Re: [openssl-dev] [openssl.org #4111] [PATCH] fix ssl3_free NULL dereference on out of memory condition

On Wed, Oct 28, 2015 at 12:58:09AM +, Willy TARREAU via RT wrote: > This patch fixes a NULL dereference issue when SSL_new() fails due to a > low memory condition. Here it is possible that ssl3_new() fails, but > despite this ssl3_free() is called along the error path and doesn't check > that

Re: [openssl-dev] [openssl.org #4100] Overlapping memcpy arguments in bn_add.c

On Mon, Oct 19, 2015 at 08:10:01PM +0200, Kurt Roeckx wrote: > The manpage says that for BN_add(), BN_mul(), BN_sqr(), BN_mod_mul() > and BN_gcd() r can be one of the other BIGNUMs that got passed, but > it doesn't say so for BN_sub(). BN_add() can of course already call BN_usub(), and BN_uadd()

Re: [openssl-dev] [openssl.org #4100] Overlapping memcpy arguments in bn_add.c

On Mon, Oct 19, 2015 at 08:10:01PM +0200, Kurt Roeckx wrote: > The manpage says that for BN_add(), BN_mul(), BN_sqr(), BN_mod_mul() > and BN_gcd() r can be one of the other BIGNUMs that got passed, but > it doesn't say so for BN_sub(). So one could also argue that > probable_prime_dh_safe()

Re: [openssl-dev] [openssl.org #4100] Overlapping memcpy arguments in bn_add.c

On Mon, Oct 19, 2015 at 03:55:09PM +, Pascal Cuoq via RT wrote: > > One actual sequence for which the pointers ap and rp end up being identical > is as follows: > > 1/ probable_prime_dh_safe calls BN_sub(q, q, t1) > > 2/ in BN_sub, r and a are then aliases > > 3/ BN_sub calls BN_usub(r,

Re: [openssl-dev] [openssl.org #4094] Nonsensical pointer comparison in PACKET_buf_init

On Fri, Oct 16, 2015 at 06:50:36PM +, Kurt Roeckx via RT wrote: > On Fri, Oct 16, 2015 at 04:50:59PM +, Matt Caswell via RT wrote: > > In a well-behaved program there is no undefined behaviour. The "buf + > > len < buf" check will always evaluate to false, so

Re: [openssl-dev] [openssl.org #3712] TLS Renegotiation with Java is broken

On Fri, Oct 16, 2015 at 08:53:06AM +, Matt Caswell via RT wrote: > > So now I really don't know what the "right" way forward is. Should we be > applying the patch or not? Has anybody contact Oracle about this issue? It seems useful that they fix it on their end, regardless of what we do.

Re: [openssl-dev] [openssl.org #4094] Nonsensical pointer comparison in PACKET_buf_init

On Fri, Oct 16, 2015 at 09:44:22PM +, Kaduk, Ben via RT wrote: > On 10/16/2015 04:35 PM, Kurt Roeckx via RT wrote: > > On Fri, Oct 16, 2015 at 06:50:36PM +0000, Kurt Roeckx via RT wrote: > >> On Fri, Oct 16, 2015 at 04:50:59PM +, Matt Caswell via RT wrote: > >>

Re: [openssl-dev] [openssl.org #3712] TLS Renegotiation with Java is broken

On Mon, Oct 12, 2015 at 04:19:43PM +, Matt Caswell via RT wrote: > > Having done some more digging it seems the problem only occurs if you > get the initial handshake, following by a second reneg handshake *and* > interleaved app data all within the scope of a *single* SSL_read call. > AFAICT

Re: [openssl-dev] [openssl.org #3712] TLS Renegotiation with Java is broken

On Mon, Oct 12, 2015 at 06:54:46PM +, Matt Caswell via RT wrote: > > > On 12/10/15 19:11, Kurt Roeckx via RT wrote: > > On Mon, Oct 12, 2015 at 04:19:43PM +, Matt Caswell via RT wrote: > >> > >> Having done some more digging it seems the problem only o

Re: [openssl-dev] [openssl.org #4089] NULL ciphersuites do not work in master

On Sun, Oct 11, 2015 at 05:54:16PM +, Dmitry Belyavsky via RT wrote: > Hello! > > When I debug, I see that the cipher is forbidden by > the ssl_security_default_callback function because of not enough security > bits. You can change the security level by using: -cipher NULL-SHA256@SECLEVEL=0

Re: [openssl-dev] [openssl.org #4080] Malformed Client Hello messages are accepted (session_id length)

On Thu, Oct 08, 2015 at 05:19:06PM +, Alessandro Ghedini via RT wrote: > The problem most likely happens with SSLv2 backwards compatible ClientHello as > well, but that seems to be easier to fix... or maybe it's time to just drop > that compatibility code for v1.1? I would love to have

Re: [openssl-dev] [openssl.org #3891] [PATCH] Fix undefined behavior executed through OpenSSL tests

On Thu, Oct 08, 2015 at 01:36:07PM +, Pascal Cuoq via RT wrote: > > - ssl_locl.h.patch: I don't see a struct timeval > > crypto/x509v3/v3_scts.c. Does this comment still apply? Maybe > > we fixed the issue in some other way. > > Sorry, this comment was unnecessarily confusing. > > What

Re: [openssl-dev] [openssl.org #3891] [PATCH] Fix undefined behavior executed through OpenSSL tests

On Tue, Jun 02, 2015 at 03:50:19PM +0200, Pascal Cuoq via RT wrote: > The attached archive contains a collection of patches for undefined behaviors > that happen while the tests in directory tests/ are executed, with a recent > (as of June 2015) OpenSSL git version. > > Each undefined behavior

Re: [openssl-dev] [openssl.org #4065] Re: Client Hello longer than 2^14 bytes are rejected

On Fri, Sep 25, 2015 at 04:23:27PM +, Hubert Kario via RT wrote: > > Given that TLSv1.3 has a 1RTT mode planned (so Client Key Exchange ends > up as an extension, possibly multiple ones), and that quantum computing > resistant algorithms usually require fairly large key sizes (large >

Re: [openssl-dev] [openssl.org #4003] OpenSSL Bug report / Patch submission - wildcard_match in host verification

On Tue, Aug 11, 2015 at 06:53:29PM +, Sekwon Choi via RT wrote: When we want to perform a host verification using openssl's APIs that use X509_check_host, host URL that includes specific characters such as '_' or '~' will be failing when CN from the certificate contains wildcard character.

Re: [openssl-dev] [openssl.org #3977] bug report : Ubutu 12.0.4 : Openssl 1.0.1p : allowing connections with EXP cipher

On Mon, Aug 03, 2015 at 12:03:26PM +, sandeep umesh via RT wrote: I was expecting that openssl will reject connection request with EXP cipher which is not happening as seen above. Could you please verify this? Thanks If you configure it to allow export ciphers or ALL, of course it's going

Re: [openssl-dev] [openssl.org #3956] SSL_accept() crashed in SSLv3 processing

On Fri, Jul 24, 2015 at 10:25:04AM +, ice via RT wrote: What openssl version/platform are you using? $ openssl version OpenSSL 1.0.1j 15 Oct 2014 You seem to be affected by CVE-2014-3569 that only affects the 1.0.1j version. Kurt ___

Re: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled

On Wed, Jul 22, 2015 at 04:36:27PM +0100, David Woodhouse wrote: On Wed, 2015-07-22 at 14:52 +, Tim Hollebeek wrote: The way this is supposed to work is by using a timestamp from a trusted timestamp server to show the certificate was valid at the time the code was signed. That

Re: [openssl-dev] [openssl.org #3950] Standard mem* functions called with length 0 and invalid pointer arguments

On Wed, Jul 22, 2015 at 10:23:40AM +, Pascal Cuoq via RT wrote: Recently, GCC began to assume for optimization purposes that p and q are non-null pointers when memcpy(p, q, n); is invoked. I have to agree that p and q can't be NULL, even when n is 0. The standard seems to be rather clear

Re: [openssl-dev] [openssl.org #3953] Bug: !RSA does not exclude aRSA

On Wed, Jul 22, 2015 at 07:38:48PM +, Lynch, Paul[E] via RT wrote: The ciphers documentation page (https://www.openssl.org/docs/apps/ciphers.html) says: kRSA, aRSA, RSA cipher suites using RSA key exchange, authentication or either respectively. That sounds like RSA should be a

Re: [openssl-dev] [openssl.org #3897] request: add BLAKE2 hash function (let's kill md5sum!)

On Tue, Jun 09, 2015 at 12:19:56AM +, Zooko Wilcox-OHearn wrote: I'd support adding 2b and 2s, in spite of the fact that the names are really really bad. I'm less interested in seeing the parallel variants added. FWIW. Well, the reason I'm here is that the GNU coreutils

Re: [openssl-dev] [openssl.org #3894] AutoReply: PATCH: EVP_PKEY_get_type (new function)

On Thu, Jun 04, 2015 at 04:52:22PM -0400, Jeffrey Walton wrote: Thanks Kurt. I think I'll need to think about this some more because I don't recall EVP_PKEY_id. I think I never considered it because I could not find it when searching for something to return the inner type ('id' does not make

Re: [openssl-dev] [openssl.org #3894] AutoReply: PATCH: EVP_PKEY_get_type (new function)

On Wed, Jun 03, 2015 at 08:50:25PM +, noloa...@gmail.com via RT wrote: Here's an updated patch that includes the documentation changes. `git diff master` is needed after `git add` because adding doesn't seem to really add things for git :) riemann::openssl-git$ cat evp_pkey_get_type.diff

Re: [openssl-dev] [openssl.org #3879] [BUG] opennssl 1.0.1g cause the system crash (obj_xref.c)

On Sat, May 30, 2015 at 01:49:30AM +, Joy Tu (???) wrote: So the solution is to initialize the variable by myself or update the compiler to conformant with the C90 spec or force those global variable in the bss segment to be all 0's on my private OS? Most likely your compiler will already

Re: [openssl-dev] [openssl.org #3855] Fix for TLS1.2 handshake error

On Thu, May 21, 2015 at 09:33:41AM +0200, Anvesh Vagiri via RT wrote: Hi, Since the upgrade to openssl 1.0.1e, i could see failures in ssl handshake. I found that as the below commit mentions about a workaround about trying to use the flags OPENSSL_MAX_TLS1_2_CIPHER_LENGTH and

Re: [openssl-dev] [openssl.org #3822] BUG: Configure does not set RPATH correctly

On Sun, Apr 26, 2015 at 02:09:17PM +0200, noloa...@gmail.com via RT wrote: This discussion relates to 1.0.2a. But I know its applies to other versions from all the changes I've had to make to Makefile.org. I'm not sure if this me using Configure incorrectly, or a bug in Configure. I suspect

Re: [openssl-dev] [openssl.org #3717] Patch for IPv6 support in s_client/s_server

On Tue, Mar 24, 2015 at 10:09:18PM +0100, Salz, Rich via RT wrote: The short answer is that nobody has come up with comprehensive cross-platform IPv6 support. Fixing the apps isn't enough; how does a server listen on IPv4, v6, both -- and make it work on our supported platforms? What should

Re: [openssl-dev] [openssl.org #3703] 1.0.2 regression with Cisco DTLS_BAD_VER

On Wed, Feb 18, 2015 at 11:34:43AM +, David Woodhouse wrote: On Tue, 2015-02-17 at 22:48 +0100, David Woodhouse via RT wrote: Commit 9cf0f187 in HEAD, and 68039af3 in 1.0.2, removed a version check from dtls1_buffer_message() which was needed to distinguish between DTLS 1.x and Cisco's

Re: [openssl-dev] [openssl.org #3665] Bug report and a patch for OpenSSL 1.0.1l (and 1.0.1k)

On Sun, Jan 18, 2015 at 04:08:38PM +0100, Daniel Kahn Gillmor via RT wrote: this suggests that Uri is reporting a regression in 1.0.1k and 1.0.1l. I haven't tested those version yet. The change in behaviour seems to be this commit: commit a8565530e27718760220df469f0a071c85b9e731 Author: Dr.

Re: [openssl-dev] [openssl.org #3562] leading dots in nameConstraints ... bug report and patch

On Thu, Jan 01, 2015 at 02:06:56PM -0500, Salz, Rich wrote: This is a security issue in the sense that is a Type-II error (disallowing good guys). It affects thousands of sites and who-knows-how-many users. Well, kinda. It disallows good guys who made a mistake and are violating the

Re: [openssl-dev] [openssl.org #3629] Bug report: run in speed.c should be declared as volatile

On Thu, Dec 11, 2014 at 10:24:08PM +0100, Kurt Roeckx via RT wrote: Yes, global variables used in signal handlers should be volatile. It has been fixed in 1.0.1+ Kurt ___ openssl-dev mailing list openssl-dev@openssl.org https

Re: [openssl-dev] [openssl.org #3629] Bug report: run in speed.c should be declared as volatile

Yes, global variables used in signal handlers should be volatile. Kurt ___ openssl-dev mailing list openssl-dev@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #3625] Enhancement request: user convenience for SSL_CONF_CTX with SSLv2

On Mon, Dec 08, 2014 at 07:58:31PM +0100, Steffen Nurpmeso via RT wrote: set ssl-protocol=ALL,-SSLv2 This results in the obvious problem that when they (get) upgrade(d) their OpenSSL library they will see a completely intransparent error message that no normal user will understand: It was

Re: [openssl-dev] [openssl.org #3627] Enhancement request: add more Protocol options for SSL_CONF_CTX

On Mon, Dec 08, 2014 at 08:20:44PM +0100, Steffen Nurpmeso via RT wrote: Hello, and finally i propose three new values for the Protocol slot of SSL_CONF_CTX_cmd(): OLDEST, NEWEST and VULNERABLE. I actually find the option unfortunate and I think it should have been one that sets the minimum

[openssl.org #3603] EVP_DecryptFinal_ex error in case of padding failure

Hi, I've received the attached patch to make EVP_DecryptFinal_ex call EVPerr() in case of an error. I'm not sure if not calling EVPerr() is intentional or not. Background: http://bugs.debian.org/768681, nodejs's test suite fails because it's not getting the error anymore. Kurt From: William

Re: [openssl.org #3602] [PATCH]

On Sun, Nov 16, 2014 at 09:11:42PM +0100, Matt Caswell via RT wrote: Unfortunately I don't think it is as simple as that. If I understand the previous change correctly, Emilia has deliberately removed the error message as part of work to protect against timing attacks. The very act of adding

  1   2   >