[openssl-dev] [openssl.org #4534] Re: [PATCH] Add missing NULL check in i2d_PrivateKey()

Closing this ticket at request of submitter. Erroneous duplicate of #4533 Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4534 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4524] [BUG] TLS 1.2 handshake hangs for TLS 1.0 only hosts

On Sat Apr 30 19:51:51 2016, hen...@newdawn.dk wrote: > Hi there > > I've recently come across what looks to be an internal bug in openssl: > > Original symptoms was that neither "curl" or "wget" could access the > following site: > > https://coverage.tre.se - this site is using TLS 1.0 (only) and

Re: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems

On 26/04/16 16:16, Douglas E Engert wrote: > Let me update my response. > If I am reading GH#995 correctly it still has an issue if a user does: > > RSA_get0_key(rsa, n, e, NULL); /* note this is a GET0 */ > /* other stuff done, such as calculating d */ > RSA_set0_key(rsa, n, e, d); > > rsa is

Re: [openssl-dev] digest SN_ecdsa_with_SHA256 and NID_ecdsa_with_SHA256

ype of key used (i.e. if you supply an EC key then it will use ECDSA). Matt > > Nevertheless, I will try to create a new branch. > > Thanks again. > > Martin > > > > -Original Message- From: openssl-dev > [mailto:openssl-dev-boun...@openssl.org] On Behalf Of Ma

Re: [openssl-dev] digest SN_ecdsa_with_SHA256 and NID_ecdsa_with_SHA256

On 26/04/16 09:43, Gäckler Martin (EXT) wrote: > We’re currently developing a system that uses OAuth protocol to identify > the users. The service provider is developed in PHP and uses OpenSSL to > verify the access token. Unfortunately the identity provider, which is > managed by another

Re: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems

On 26/04/16 08:26, Richard Levitte wrote: > [temporarly taking this thread away from RT] > > Basically, I can see two solutions: > > - Allow calls like RSA_set0_key(rsa, NULL, NULL, d); > > That's what's implemented in GH#995, except it doesn't check if the > input parameters are NULL

Re: [openssl-dev] Core dump OpenSSL 1.1.0-pre5 during test (likely in 70-test_sslskewith0p.t)

On 20/04/16 09:24, Matt Caswell wrote: > > > On 19/04/16 19:40, Rainer Jung wrote: >> I get a core dump during test execution for 1.1.0-pre5. Test is >> test/recipes/70-test_sslskewith0p.t, platform is Solaris 10 Sparc. > > Thanks for the detailed analysis. Bas

Re: [openssl-dev] Windows Patch affecting connectivity to our applications

On 20/04/16 15:03, Thirumal, Karthikeyan wrote: > Thanks Rich. > > We first attempted to move to openssl-0.9.8zc - but we faced memory issues > and our process got dumped at SSL_free. So we backed out and moved back to > 9.8a. > > Can I go to 0.9.8e version and will the SSL fragment issue be

Re: [openssl-dev] Broken links in pod file of OpenSSL 1.1.0pre5

On 19/04/16 20:18, Rainer Jung wrote: > Output during "make install": > > Cannot find "BIO_gets" in podpath: cannot find suitable replacement > path, cannot resolve link > Cannot find "BIO_callback_ctrl" in podpath: cannot find suitable > replacement path, cannot resolve link > Cannot find

Re: [openssl-dev] Core dump OpenSSL 1.1.0-pre5 during test (likely in 70-test_sslskewith0p.t)

On 19/04/16 19:40, Rainer Jung wrote: > I get a core dump during test execution for 1.1.0-pre5. Test is > test/recipes/70-test_sslskewith0p.t, platform is Solaris 10 Sparc. Thanks for the detailed analysis. Based on that I have been able to identify the problem. Fix on the way. Matt --

Re: [openssl-dev] Windows Patch affecting connectivity to our applications

Karthikeyan Thirumal > > -Original Message- From: openssl-dev > [mailto:openssl-dev-boun...@openssl.org] On Behalf Of Matt Caswell > Sent: Friday, April 15, 2016 2:05 PM To: openssl-dev@openssl.org > Subject: Re: [openssl-dev] Windows Patch affecting

Re: [openssl-dev] Windows Patch affecting connectivity to our applications

On 15/04/16 09:15, Thirumal, Karthikeyan wrote: > Dear Dev folks, > > My clients are facing are connectivity issues after windows released > their OS upgrade this week. I think they have changed the way the SSL > handshake happens. > > My Server is using openssl-0.9.8a and my client sits on a

[openssl-dev] [openssl.org #4499] ARM32 and "undefined reference to `engine_load_afalg_internal'"

Please try again from latest master. Possibly fixed by 627537ddf379. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4499 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4455] OpenSUSE 42: undefined reference to `engine_load_afalg_internal'

Please can you try this again on latest master. Possibly fixed by 627537ddf379. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4455 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] Start contributing to OpenSSL

On 14/04/16 01:31, CHOW Anthony wrote: > I would like to start contributing to this project. On github under > openssl/CONTRIBUTING stated that there are local unit testing that can > be done for sanity checking that we can do before submitting a PR. > > > > In some cases, running these

Re: [openssl-dev] requirements for tests in openssl 1.1.0 (openssl-SNAP-20160331)

On 01/04/16 16:06, Martin Hecht wrote: > on SUSE Linux Enterprise Server 11 SP3, when running > > ./config && make test > > I get errors like: > Compilation failed in require at ../test/recipes/90-test_v3name.t line 3. > BEGIN failed--compilation aborted at ../test/recipes/90-test_v3name.t >

Re: [openssl-dev] [openssl.org #4495] After upgrade openssl to 1.0.2g, it cause core accidently, please help me !

On 31/03/16 14:00, Hejian via RT wrote: > Hello, when upgrade openssl to 1.0.2g, If multi thread call the corba > interface, it will cause core accidently. Please help analyze why the > core is generated. > > There are two kinds of core stack list below. > > > #0 0x7f97729ad324 in

Re: [openssl-dev] OPENSSL SNAP 20160330 issues

On 30/03/16 15:55, The Doctor wrote: > > Just got > > make && make test > gcc -DZLIB_SHARED -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS > +-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_PART_WORDS > +-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM >

Re: [openssl-dev] FW: Current Github build broken (crypto/comp/c_zlib.c:334:25: error: variable has incomplete type 'const BIO_METHOD')

On 29/03/16 19:25, Blumenthal, Uri - 0553 - MITLL wrote: >> clang -DZLIB -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS >> -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 >> -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m >> -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM

Re: [openssl-dev] no-ui, warnings and errors

On 27/03/16 00:16, Jeffrey Walton wrote: > Is this a supported configuration (no-ui and apps)? Co-incidentally, Richard has a patch for no-ui that fixes these problems that is currently in review. Matt > > There's a fair number of warnings when configuring with no-ui: > >

Re: [openssl-dev] 1.0.1t ?

On 23/03/16 16:00, Suarez, Miguel wrote: > Hi > > > > Can you tell me when 1.0.1t release or later will be made available with > fixes for the following issues (see below). 1.0.1t does not currently have a planned release date. Releases are scheduled on an as-needed basis, typically

Re: [openssl-dev] [openssl.org #4437] invalid free() by ENGINE_cleanup()

On 17/03/16 10:49, Daniel Stenberg via RT wrote: > Hey, > > In curl we call ENGINE_cleanup() as part of our OpenSSL specific cleanup > function. When I do this with OpenSSL from git master as of right now > (OpenSSL_1_1_0-pre4-7-ga717738) valgrind catches an illegal free: Auto deinit

Re: [openssl-dev] [openssl.org #4434] Gentoo 13, x86_64: 4 failed self tests

What happens if you run the afalgtest directly? $ cd test $ ./afalgtest Matt On 16/03/16 13:52, noloa...@gmail.com via RT wrote: > Working from Master on a Gentoo 13 machine, x86_64. The test was run > as root which explains one of the failures (I don't have users or SSH > set up yet). > >

Re: [openssl-dev] [openssl.org #4445] Configure does not honor enable-afalgeng

On 18/03/16 12:52, noloa...@gmail.com via RT wrote: > I've configured with: > > ./config enable-afalgeng > > When I run the self tests, I see: > > ../test/recipes/30-test_afalg.t ... skipped: test_afalg not > supported for this build You should not need to use enable-afalgeng

Re: [openssl-dev] [openssl.org #4445] Configure does not honor enable-afalgeng

On 18/03/16 22:59, Kurt Roeckx via RT wrote: > On Fri, Mar 18, 2016 at 01:18:04PM +0000, Matt Caswell wrote: >> >> >> On 18/03/16 12:52, noloa...@gmail.com via RT wrote: >>> I've configured with: >>> >>> ./config enable-afalgeng >>>

Re: [openssl-dev] [openssl.org #4445] Configure does not honor enable-afalgeng

On 18/03/16 22:59, Kurt Roeckx via RT wrote: > On Fri, Mar 18, 2016 at 01:18:04PM +0000, Matt Caswell wrote: >> >> >> On 18/03/16 12:52, noloa...@gmail.com via RT wrote: >>> I've configured with: >>> >>> ./config enable-afalgeng >>>

Re: [openssl-dev] configure results in conflicting CRT switches for win DLL

894a00c3f76c47 Mon Sep 17 00:00:00 2001 From: Matt Caswell <m...@openssl.org> Date: Thu, 17 Mar 2016 10:14:30 + Subject: [PATCH 1/3] Fix no-rc2 in the CMS test The CMS test uses some RC2 keys which should be skipped if the RC2 is disabled. --- test/recipes/80-test_cms.t | 14 +

Re: [openssl-dev] [openssl.org #4445] Configure does not honor enable-afalgeng

On 18/03/16 12:52, noloa...@gmail.com via RT wrote: > I've configured with: > > ./config enable-afalgeng > > When I run the self tests, I see: > > ../test/recipes/30-test_afalg.t ... skipped: test_afalg not > supported for this build You should not need to use enable-afalgeng

Re: [openssl-dev] libcryto 1.1 leaks since old locks are removed

0xF bytes > > e:\openssl-1.1.0-pre4\ssl\ssl_lib.c (2367): > TestsTLS-11.exe!SSL_CTX_new() + 0x5 bytes > > p:\mes programmes\shared\ocrypto-11\tls.cpp (95): > TestsTLS-11.exe!OTLS::TLSCtx::SetMinTLSVer() + 0x9 bytes > > p:\mes programmes\tests\_testsshared

Re: [openssl-dev] [openssl.org #4434] Gentoo 13, x86_64: 4 failed self tests

What happens if you run the afalgtest directly? $ cd test $ ./afalgtest Matt On 16/03/16 13:52, noloa...@gmail.com via RT wrote: > Working from Master on a Gentoo 13 machine, x86_64. The test was run > as root which explains one of the failures (I don't have users or SSH > set up yet). > >

Re: [openssl-dev] [openssl.org #4437] invalid free() by ENGINE_cleanup()

On 17/03/16 10:49, Daniel Stenberg via RT wrote: > Hey, > > In curl we call ENGINE_cleanup() as part of our OpenSSL specific cleanup > function. When I do this with OpenSSL from git master as of right now > (OpenSSL_1_1_0-pre4-7-ga717738) valgrind catches an illegal free: Auto deinit

Re: [openssl-dev] [openssl.org #4366] OS X 10.5, 64-bit PPC, no-asm, and "Failed test 'running asynctest'"

On 14/03/16 15:21, Matt Caswell via RT wrote: > > > On 14/03/16 15:05, Andy Polyakov via RT wrote: >>>>> Bump... The issue is still present as of b36a2ef for OS X 10.6 64-bit. >>>>> 32-bit tests OK. >>>>> >>>>> The relevant

Re: [openssl-dev] [openssl.org #4366] OS X 10.5, 64-bit PPC, no-asm, and "Failed test 'running asynctest'"

On 14/03/16 15:21, Matt Caswell via RT wrote: > > > On 14/03/16 15:05, Andy Polyakov via RT wrote: >>>>> Bump... The issue is still present as of b36a2ef for OS X 10.6 64-bit. >>>>> 32-bit tests OK. >>>>> >>>>> The relevant

Re: [openssl-dev] [openssl.org #4366] OS X 10.5, 64-bit PPC, no-asm, and "Failed test 'running asynctest'"

if we work out we're >> on ppc64 then we default to ASYNC_NULL? > > #if defined(__APPLE__) && (defined(__ppc64__) || defined(_ARCH_PPC64)) > > So something like the attached? Jeff, can you test this? Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4366

Re: [openssl-dev] [openssl.org #4366] OS X 10.5, 64-bit PPC, no-asm, and "Failed test 'running asynctest'"

rk out we're >> on ppc64 then we default to ASYNC_NULL? > > #if defined(__APPLE__) && (defined(__ppc64__) || defined(_ARCH_PPC64)) > > So something like the attached? Jeff, can you test this? Matt >From e30be0c1c51cc7da06f103a07d6b4b9757838867 Mon Sep 17 0

Re: [openssl-dev] [openssl.org #4366] OS X 10.5, 64-bit PPC, no-asm, and "Failed test 'running asynctest'"

On 14/03/16 14:57, Andy Polyakov via RT wrote: >> Bump... The issue is still present as of b36a2ef for OS X 10.6 64-bit. >> 32-bit tests OK. >> >> The relevant snippets are: >> >> $ make test >> ... >> ../test/recipes/90-test_async.t ... 1/1 >> # Failed test 'running asynctest' >> #

Re: [openssl-dev] [openssl.org #4366] OS X 10.5, 64-bit PPC, no-asm, and "Failed test 'running asynctest'"

On 14/03/16 14:57, Andy Polyakov via RT wrote: >> Bump... The issue is still present as of b36a2ef for OS X 10.6 64-bit. >> 32-bit tests OK. >> >> The relevant snippets are: >> >> $ make test >> ... >> ../test/recipes/90-test_async.t ... 1/1 >> # Failed test 'running asynctest' >> #

Re: [openssl-dev] [openssl.org #4411] VIA C7-D processor: Hang in 30-test_afalg.t

On 12/03/16 00:12, noloa...@gmail.com via RT wrote: >>> What is actually running? How can I get it under a debugger? >> >> >> $ ./config -d >> $ make >> $ make test/afalgtest >> $ cd test >> $ OPENSSL_ENGINES=../engines/afalg gdb ./afalgtest >> > > Ooh, -d looks like a new option. Would that be

Re: [openssl-dev] [openssl.org #4411] VIA C7-D processor: Hang in 30-test_afalg.t

On 11/03/16 19:38, noloa...@gmail.com via RT wrote: > On Thu, Mar 10, 2016 at 2:29 PM, noloa...@gmail.com via RT > wrote: >> Working from Master: >> > > It looks like the hang is still present as of 603358d. > > When the following runs: > >

Re: [openssl-dev] [openssl.org #4411] VIA C7-D processor: Hang in 30-test_afalg.t

On 11/03/16 19:38, noloa...@gmail.com via RT wrote: > On Thu, Mar 10, 2016 at 2:29 PM, noloa...@gmail.com via RT > wrote: >> Working from Master: >> > > It looks like the hang is still present as of 603358d. > > When the following runs: > >

[openssl-dev] [openssl.org #4411] VIA C7-D processor: Hang in 30-test_afalg.t

Hi Jeff On Thu Mar 10 19:29:21 2016, noloa...@gmail.com wrote: > Working from Master: > > $ git reset --hard HEAD && git pull > HEAD is now at fb04434 In the recipe using "makedepend", make sure the > object file extension is there > Already up-to-date. > > $ ./config > ... > $ make depend &&

Re: [openssl-dev] OPENSSL_cleanup new issue

Hi Roumen On 10/03/16 22:21, Roumen Petrov wrote: > Hello, > > With new thread model in some configurations openssl hands on unload of > engine. I just pushed commit 773fd0bad4 to master which should hopefully resolve this issue. Matt -- openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] Please consider delaying the Beta-1 freeze for a week or two

On 11/03/16 01:03, Jeffrey Walton wrote: > Hi Everyone, > > Testing master on real hardware is showing some minor issues on a few > platforms, including ARM32, ARM64, PowerPC and i686. In addition, > there seems to be one-off issues on other combinations, like VIA's C7 > processor on Linux. >

Re: [openssl-dev] current github 1.1.0-pre "clang: error: unsupported option '--unified'

--unified has been removed and it is now the default. If you want "old" build use --classic. Matt On 08/03/16 15:51, Blumenthal, Uri - 0553 - MITLL wrote: > $ ./Configure darwin64-x86_64-cc enable-rfc3779 threads zlib > enable-ec_nistp_64_gcc_128 shared > --prefix=/Users/ur20980/src/openssl-1.1

[openssl-dev] [openssl.org #4396] OS X 10-5, 64-bit PowerPC, error: 'split_send_fragment' undeclared (first use in this function)

On Mon Mar 07 23:02:26 2016, noloa...@gmail.com wrote: > This just showed up on OS X 10-5, 64-bit PowerPC. Its not present > under Linux. > > $ git reset --hard HEAD > HEAD is now at e1d9f1a Remove kinv/r fields from DSA structure. > $ git pull > Already up-to-date. > > $ ./config && make depend

Re: [openssl-dev] Running against BoringSSL's SSL test suite

On 07/03/16 21:49, David Benjamin wrote: > Hi folks, > > So, we've by now built up a decent-sized SSL test suite in BoringSSL. I > was bored and ran it against OpenSSL master. It revealed a number of > bugs. One is https://github.com/openssl/openssl/pull/603. I'll be filing > tickets shortly

Re: [openssl-dev] [openssl.org #4396]: OS X 10-5, 64-bit PowerPC, error: 'split_send_fragment' undeclared (first use in this function)

On 07/03/16 23:43, noloa...@gmail.com via RT wrote: > On Mon, Mar 7, 2016 at 6:29 PM, Matt Caswell via RT <r...@openssl.org> wrote: >> Fix already on the way. >> > > Thanks. I'm not sure what's triggering it on OS X because those > defines don't seem to sho

Re: [openssl-dev] [openssl.org #4396]: OS X 10-5, 64-bit PowerPC, error: 'split_send_fragment' undeclared (first use in this function)

On 07/03/16 23:43, noloa...@gmail.com via RT wrote: > On Mon, Mar 7, 2016 at 6:29 PM, Matt Caswell via RT <r...@openssl.org> wrote: >> Fix already on the way. >> > > Thanks. I'm not sure what's triggering it on OS X because those > defines don't seem to sho

Re: [openssl-dev] [openssl.org #4396]: OS X 10-5, 64-bit PowerPC, error: 'split_send_fragment' undeclared (first use in this function)

Fix already on the way. Matt On 07/03/16 23:28, noloa...@gmail.com via RT wrote: > On Mon, Mar 7, 2016 at 6:02 PM, Jeffrey Walton wrote: >> This just showed up on OS X 10-5, 64-bit PowerPC. Its not present under >> Linux. >> >> $ git reset --hard HEAD >> HEAD is now at

Re: [openssl-dev] [openssl.org #4396]: OS X 10-5, 64-bit PowerPC, error: 'split_send_fragment' undeclared (first use in this function)

Fix already on the way. Matt On 07/03/16 23:28, noloa...@gmail.com via RT wrote: > On Mon, Mar 7, 2016 at 6:02 PM, Jeffrey Walton wrote: >> This just showed up on OS X 10-5, 64-bit PowerPC. Its not present under >> Linux. >> >> $ git reset --hard HEAD >> HEAD is now at

Re: [openssl-dev] overflow issue in b2i_PVK_bio

On 03/03/16 11:54, Marcus Meissner wrote: > Hi, > > https://guidovranken.wordpress.com/2016/03/01/public-disclosure-malformed-private-keys-lead-to-heap-corruption-in-b2i_pvk_bio/ > > Integer overflow in b2i_PVK_bio > > Have you assigned a CVE internally for that already? > > Ciao, Marcus >

Re: [openssl-dev] MSVC 2015 internal compiler error

On 24/02/16 16:48, Gisle Vanem wrote: > Matt Caswell wrote: > >> The complete patch is attached. This is currently going through review, >> and solves the link issue. > > That brought MSVC-2015 back on track. Thanks! > This has now been committed, so hopefully

Re: [openssl-dev] Ubsec and Chil engines

On 23/02/16 16:38, Sander Temme wrote: > All, > > I toyed over the weekend with resurrecting CHIL: intermediate result > here https://github.com/sctemme/openssl/tree/rescue-chil and I AM NOT > PROUD OF THIS but have no cycles to clean it up for at least a couple > of days to come. It builds now

Re: [openssl-dev] SSL_library_init

On 24/02/16 15:50, The Doctor wrote: > As of 2106-20-24 SSL_librbary_init may not be avialable in the libssl.so . > > Is their a workaround for this? > SSL_library_init is still available in ssl.h as a compatibility macro: #if OPENSSL_API_COMPAT < 0x1010L # define SSL_library_init()

Re: [openssl-dev] MSVC 2015 internal compiler error

On 24/02/16 10:29, Gisle Vanem wrote: > Matt Caswell wrote: > >> The attached seems to avoid the problem - but then for reasons I cannot >> understand link errors result later on in the build. > > I too can confirm that your patch fixes MSVC-2105 compila

Re: [openssl-dev] MSVC 2015 internal compiler error

On 23/02/16 15:59, Matt Caswell wrote: > > > On 23/02/16 01:55, Bill Bierman wrote: >> The Microsoft compiler team has suggested removing the include of ssl.h >> from srtp.h as it creates a circular reference which is likely confusing >> the compiler. >> &

Re: [openssl-dev] MSVC 2015 internal compiler error

513236b6e0ffd5290d0f53b71f56c9 Mon Sep 17 00:00:00 2001 From: Matt Caswell <m...@openssl.org> Date: Tue, 23 Feb 2016 15:27:05 + Subject: [PATCH] Workaround for VisualStudio 2015 bug VisualStudio 2015 has a bug where an internal compiler error was occurring. By reordering the DEFINE_STACK_

[openssl-dev] [openssl.org #4322] SSL_shutdown:shutdown while in init (1.0.2f)

On Fri Feb 19 13:58:34 2016, i...@ecsystems.nl wrote: > openssl 1.0.2f static build with nginx 1.9.12 (development version) > > about > https://github.com/openssl/openssl/commit/64193c8218540499984cd63cda41f3cd491f3f59 > > This may solve the initial issue but creates a new one: > SSL_shutdown()

Re: [openssl-dev] Ubsec and Chil engines

On 19/02/16 13:11, Jaroslav Imrich wrote: > Hello Matt, > > If I don't hear from anyone I will remove these. > > > I can confirm that CHIL engine is actively used with OpenSSL 1.0.* by > the owners of nCipher/THALES nShield HSMs. > > I have notified vendor support about this thread. >

[openssl-dev] Ubsec and Chil engines

Hi all The ubsec and chil engines are currently disabled in 1.1.0 and do not build. As far as ubsec is concerned I understand that this is an engine for broadcom cards. There has been very little activity with this engine since it was first introduced. Google brings up some very old historic

[openssl-dev] [openssl.org #1736] Enhancement Request: do away with error in chil engine in absence of dynamic locks

Looks like the last suggested patch against this ticket was applied. No further activity since 2008, so assuming this is resolved. Closing. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=1736 Please log in as guest with password guest if prompted -- openssl-dev mailing list

Re: [openssl-dev] memory leaks detected using libSSL 1.1

On 18/02/16 13:59, Michel wrote: > Yes ! > With your 2 patches applied, tls_decrypt_ticket.patch and > fix-win-thread-stop.patch, > (looks like I lost the first one yesterday), > none of my tests programs using libSSL v1.1 reports leaks. > > I feel better. :-) Great. I'll get those reviewed

Re: [openssl-dev] memory leaks detected using libSSL 1.1

err.c (598): > TestsTLS-11.exe!ERR_clear_error() + 0x5 bytes > e:\openssl-1.1.git\ssl\statem\statem.c (279): > TestsTLS-11.exe!state_machine() > e:\openssl-1.1.git\ssl\statem\statem.c (222): > TestsTLS-11.exe!ossl_statem_accept() + 0xB bytes > e:\openssl-1.1.git\ssl\ssl_

Re: [openssl-dev] memory leaks detected using libSSL 1.1

hread. > Both of them have OPENSSL_thread_stop() in their [pre-]exit member function. > > Michel. > > -Message d'origine- > De : openssl-dev [mailto:openssl-dev-boun...@openssl.org] De la part de Matt > Caswell > Envoyé : mercredi 17 février 2016 17:23 > À :

Re: [openssl-dev] memory leaks detected using libSSL 1.1

> f:\dd\vctools\crt\crtw32\misc\dbgmalloc.c (56): TestsTLS-11.exe!malloc() > + 0x15 bytes > e:\openssl-1.1.git\crypto\mem.c (138): TestsTLS-11.exe!CRYPTO_malloc() + > 0x9 bytes > e:\openssl-1.1.git\crypto\mem.c (158): TestsTLS-11.exe!CRYPTO_zalloc() + > 0x11 bytes >

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 3 published

On 16/02/16 16:17, David Woodhouse wrote: > On Mon, 2016-02-15 at 22:17 +0000, Matt Caswell wrote: >> >> Maybe EVP_cleanup() and other similar explicit deinit functions should >> be deprecated, and do nothing in 1.1.0? The auto-deinit capability >> should handle it.

Re: [openssl-dev] memory leaks detected using libSSL 1.1

p:\mes programmes\shared\ocrypto-11\tls.cpp (1017): > TestsTLS-11.exe!OTLS::TLSSss::DoHandshake() + 0xC bytes > p:\mes programmes\tests\_testsshared\teststls-11-leak\clttasks.cpp (63): > TestsTLS-11.exe!CltThread::Main() + 0xB bytes > p:\mes programmes\shared\sthread.cpp (17): > Tests

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 3 published

On 15/02/16 21:50, Jouni Malinen wrote: > On Mon, Feb 15, 2016 at 09:34:33PM +0000, Matt Caswell wrote: >> On 15/02/16 21:25, Jouni Malinen wrote: >>> Is this change in OpenSSL behavior expected? Is it not allowed to call >>> EVP_cleanup() and then re

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 3 published

On 15/02/16 21:25, Jouni Malinen wrote: > On Mon, Feb 15, 2016 at 10:52:27PM +0200, Jouni Malinen wrote: >> On Mon, Feb 15, 2016 at 07:04:20PM +, OpenSSL wrote: >>>OpenSSL version 1.1.0 pre release 3 (alpha) > >> It looks like something in pre release 3 has changed behavior in a way >>

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 3 published

On 15/02/16 20:52, Jouni Malinen wrote: > On Mon, Feb 15, 2016 at 07:04:20PM +, OpenSSL wrote: >>OpenSSL version 1.1.0 pre release 3 (alpha) >> >>OpenSSL 1.1.0 is currently in alpha. OpenSSL 1.1.0 pre release 3 has now >>been made available. For details of changes and known

[openssl-dev] Pipelining

I have just pushed to github some code that I have been working on to implement a feature I have called "pipelining". This is still WIP, although is fairly well advanced. I am keen to hear any feedback. You can see the PR here: https://github.com/openssl/openssl/pull/682 The idea is that some

Re: [openssl-dev] memory leaks detected using libSSL 1.1

well! Anyway, please try the attached patch to see if that helps. Let me know how you get on. Thanks Matt >From a47094a928f56cb62d57d4b53f2e4e20f9a0a031 Mon Sep 17 00:00:00 2001 From: Matt Caswell <m...@openssl.org> Date: Sat, 13 Feb 2016 23:22:45 + Subject: [PATCH] Fix memory lea

Re: [openssl-dev] openssl-SNAP-20160212 issue

On 12/02/16 14:31, The Doctor wrote: > Here is another fix needed: > > making all in ssl... > gcc -I.. -I../include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_EXPERIMENTAL_JPAKE > -DOPENSSL_THREADS -DOPENSSL_PIC -DOPENSSL_BN_ASM_PART_WORDS > -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM

[openssl-dev] [openssl.org #3824] FEATURE: Please provide a function to unintialize the library

On Wed Apr 29 05:10:28 2015, noloa...@gmail.com wrote: > This question crops up on occasion: How do you shutdown the OpenSSL > library. See, for example: > > * "How to properly uninitialize OpenSSL", > http://stackoverflow.com/questions/29845527/how-to-properly- > uninitialize-openssl. > * "Order

Re: [openssl-dev] How to do reneg with client certs in 1.1.0 API

On 08/02/16 15:46, Viktor Dukhovni wrote: > >> On Feb 8, 2016, at 9:49 AM, Matt Caswell <m...@openssl.org> wrote: >> >> Actually, yes that is a good point. There could be some subtle security >> issues there. You probably need to additionally check th

Re: [openssl-dev] How to do reneg with client certs in 1.1.0 API

On 08/02/16 12:11, Rainer Jung wrote: > I'm adding support for OpenSSL 1.1.0 to the Apache web server. > > I struggle to migrate the renegotiation code in the case wehere we want > the client to send a client cert. The current code works like explained in > >

Re: [openssl-dev] How to do reneg with client certs in 1.1.0 API

On 08/02/16 12:34, Matt Caswell wrote: > > > On 08/02/16 12:11, Rainer Jung wrote: >> I'm adding support for OpenSSL 1.1.0 to the Apache web server. >> >> I struggle to migrate the renegotiation code in the case wehere we want >> the client to send a client

Re: [openssl-dev] version script

On 08/02/16 13:41, Catalin Vasile wrote: > I'm trying to compile a custom OpenSSL library to work with nginx. > nginx requires that the SSL library have version data included in the .so > files, so I'm using this patch[1] for this. > The problem is that if I set the library versiont to 1.0.1

Re: [openssl-dev] How to do reneg with client certs in 1.1.0 API

On 08/02/16 14:36, Viktor Dukhovni wrote: > >> On Feb 8, 2016, at 9:26 AM, Matt Caswell <m...@openssl.org> wrote: >> >> SSL_renegotiate(ssl); >> SSL_do_handshake(ssl); >> do { >>read_some_app_data(); >>if(no_client_cert_yet())

Re: [openssl-dev] How to do reneg with client certs in 1.1.0 API

On 08/02/16 13:45, Tomas Mraz wrote: > On Po, 2016-02-08 at 12:34 +0000, Matt Caswell wrote: >> >> On 08/02/16 12:11, Rainer Jung wrote: >>> >> Renegotiation isn't entirely within the control of the server. A >> server >> can request that a renegot

Re: [openssl-dev] SSL_R_HTTP_REQUEST no longer supported in 1.1.0

On 08/02/16 20:49, Rainer Jung wrote: > The constant SSL_R_HTTP_REQUEST is still defined, but I can't find code > that sets it and practical experiments indicate it is no longer set. > > In Apache land we use it to detect "HTTP spoken on HTTPS port". OpenSSL > 1.0.2 has code in

Re: [openssl-dev] [openssl.org #3528] [PATCH] ssl: SSL_MODE_ASYNC_KEY_EX

On 06/02/16 04:24, Fedor Indutny via RT wrote: > On Fri, Feb 5, 2016 at 7:14 PM, Matt Caswell <m...@openssl.org> wrote: > >> >> >> On 05/02/16 22:42, Fedor Indutny wrote: >>> Matt, >>> >>> I have looked through the APIs. Will have t

Re: [openssl-dev] [openssl.org #3528] [PATCH] ssl: SSL_MODE_ASYNC_KEY_EX

On 06/02/16 04:24, Fedor Indutny via RT wrote: > On Fri, Feb 5, 2016 at 7:14 PM, Matt Caswell <m...@openssl.org> wrote: > >> >> >> On 05/02/16 22:42, Fedor Indutny wrote: >>> Matt, >>> >>> I have looked through the APIs. Will have t

[openssl-dev] [openssl.org #4214] [GitHub PR] RFC 7714 DTLS-SRTP profiles

Patch applied to master. Closing ticket. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4214 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #3528] [PATCH] ssl: SSL_MODE_ASYNC_KEY_EX

; On Thu, Feb 4, 2016 at 4:56 AM, Fedor Indutny via RT <r...@openssl.org > <mailto:r...@openssl.org>> wrote: > > Thank you very much, Matt, Rich. > > I will read through these docs tomorrow. > > On Thu, Feb 4, 2016 at 4:29 AM, Matt Caswell via RT <r.

Re: [openssl-dev] [openssl.org #3528] [PATCH] ssl: SSL_MODE_ASYNC_KEY_EX

; On Thu, Feb 4, 2016 at 4:56 AM, Fedor Indutny via RT <r...@openssl.org > <mailto:r...@openssl.org>> wrote: > > Thank you very much, Matt, Rich. > > I will read through these docs tomorrow. > > On Thu, Feb 4, 2016 at 4:29 AM, Matt Caswell via RT <r.

[openssl-dev] [openssl.org #4290] HMAC_Init_ex() return bug

On Wed Feb 03 18:32:20 2016, mikkrat...@gmail.com wrote: > I built it using cocoapods, the OpenSSL headers show 1.0.2f. > I’ll try to make some sample program tomorrow. > > > > On 3 veebr 2016, at 18:27, Salz, Rich via RT wrote: > > > >> I’m running OS X 10.11.3 and OpenSSL

Re: [openssl-dev] [openssl.org #3003] Enhancement Request - RFC6698 (DANE) TLSA Support

On 04/02/16 05:49, Rich Salz via RT wrote: > currently in master, planned for 1.1 scheculed for april 2017 That would be April 2016!! Matt ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #3003] Enhancement Request - RFC6698 (DANE) TLSA Support

On 04/02/16 05:49, Rich Salz via RT wrote: > currently in master, planned for 1.1 scheculed for april 2017 That would be April 2016!! Matt ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #3528] [PATCH] ssl: SSL_MODE_ASYNC_KEY_EX

On 04/02/16 06:34, Salz, Rich via RT wrote: > It’s late and my response was incomplete. > The other part has already landed in master, and that's the "async engine" > support. See: https://www.openssl.org/docs/manmaster/crypto/ASYNC_start_job.html

Re: [openssl-dev] [openssl.org #3528] [PATCH] ssl: SSL_MODE_ASYNC_KEY_EX

On 04/02/16 06:34, Salz, Rich via RT wrote: > It’s late and my response was incomplete. > The other part has already landed in master, and that's the "async engine" > support. See: https://www.openssl.org/docs/manmaster/crypto/ASYNC_start_job.html

[openssl-dev] [openssl.org #2256] CVS HEAD: question: must this be hardcoded '8' or is it 'md_len' in disguise? :-S

The length is specified by the standards and is less than the digest length. Closing this ticket. Matt - http://rt.openssl.org/Ticket/Display.html?id=2256 Please log in as guest with password guest if prompted

Re: [openssl-dev] [openssl.org #4289] OpenSSL 1.0.2f serious bug in Win32 makefiles, easy to fix, solution provided

On 03/02/16 19:43, Salz, Rich via RT wrote: >> The diff works perfectly on master, but exposed a new bug (bare snprintf). >> The following patch fixes it. I can make a PR (or add it to my existing PR >> #512) >> if you'd like. > > Please do as a separate PR. Thanks. I think Richard is

Re: [openssl-dev] [openssl.org #4289] OpenSSL 1.0.2f serious bug in Win32 makefiles, easy to fix, solution provided

On 03/02/16 19:43, Salz, Rich via RT wrote: >> The diff works perfectly on master, but exposed a new bug (bare snprintf). >> The following patch fixes it. I can make a PR (or add it to my existing PR >> #512) >> if you'd like. > > Please do as a separate PR. Thanks. I think Richard is

Re: [openssl-dev] OpenSSL Security Advisory

On 02/02/16 21:34, Rainer Jung wrote: > Hi there, > > reading the last advisory again, I noticed, that there's one logical > inconsistency. > > First: > > OpenSSL before 1.0.2f will reuse the key if: > ... > - Static DH ciphersuites are used. The key is part of the certificate > and so it

[openssl-dev] [openssl.org #3600] When compiling with enable-ec_nistp_64_gcc_128, then EC_GROUP_have_precompute_mult always returns 0

Fixed in master and 1.0.2. Thanks for the report. Matt ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4278] DH_CHECK_PUBKEY_INVALID should be 0x4, not 0x3

Thanks David - fixed. Matt ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] 1.0.1r release not committed to git repo

On 28/01/16 16:40, John Foley wrote: > I just cloned the OpenSSL git repo at > git://git.openssl.org/openssl.git. Looking at the OpenSSL_1_0_1-stable > branch, the fix for CVE-2015-3197 still isn't in the repo. The most > recent commit is: > > foleyj@hobknob:~/gitsync/ossl/openssl$ git log >

Re: [openssl-dev] OpenSSL 1.1 SSL_CTX issues

On 21/01/16 17:57, Viktor Dukhovni wrote: > On Thu, Jan 21, 2016 at 05:33:51PM +, Howard Chu wrote: > >> In OpenLDAP we've been using >> CRYPTO_add(>references, 1, CRYPTO_LOCK_SSL_CTX) >> to manage our own SSL_CTXs but this is not possible with current 1.1. Making >> the structures opaque

[openssl-dev] [openssl.org #3863] [PATCH] ECC: Add missing NULL check. Set a flag.

Patch applied. Thanks Matt ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

<    1   2   3   4   5   6   7   8   9   10   >