Re: [openssl-dev] [openssl.org #4702] OPENSSL: Linux SLESS11

On 10/10/16 15:14, Jose Carlos de Oliveira via RT wrote: > Hi, > I have downloaded and builded last tree openssl versions for linux: > 1) openssl-1.0.1u.tar.gz > 2) openssl-1.0.2j.tar.gz > 3) openssl-1.1.0b.tar.gz Any particular reason why you need all three? > > I successful

[openssl-dev] [openssl.org #4636] Are the point-at-infinity checks in ecp_nistz256 correct?

Fixed in master by e3057a57c and c74aea8d6. Still needs cherry-picking to 1.0.2. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4636 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4621] BUG: nistz256 point addition check for a = +/-b doesn't work for unreduced values

Fixed in master by b62b2454f and dfde4219f. Still needs cherry-picking to 1.0.2. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4621 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4641] [openssl-1.1.0-pre6] make test stops with solaris64-x86_64-gcc

On Thu Aug 11 17:12:10 2016, appro wrote: > Hi, > > > I have no time to check with debugger now, > > Then no progress will be made. Problem needs to be identified first, and > since similar problem was identified earlier, I'd have to insist on > confirmation whether or not it's the same. > > > but

[openssl-dev] [openssl.org #4362] chacha-x86.pl has stricter aliasing requirements than other files

Resolved by overlapping buffer checks. Closing. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4362 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4628] EVP_f_cipher regression due to overlapping regions check

On Mon Aug 22 15:05:17 2016, david...@google.com wrote: > I may not have time to fully digest the change before the release date, but > I'm not sure this snippet quite works: > > if (ctx->read_start == ctx->read_end) { /* time to read more data */ > ctx->read_end = ctx->read_start =

[openssl-dev] [openssl.org #4609] Configure does not honor requests for ld.gold

On Wed Aug 17 16:18:26 2016, levitte wrote: > On Fri Jul 08 09:36:42 2016, levitte wrote: > > On Fri Jul 08 09:33:01 2016, noloa...@gmail.com wrote: > > > Hmmm... If I want to use ld.gold as my linker, the easiest path is to > > > set LD=ld.gold. It makes perfect sense to some > > > > Did it

[openssl-dev] [openssl.org #4584] Self test failures under X32

On Tue Aug 16 08:05:06 2016, matt wrote: > On Thu Aug 11 16:36:42 2016, matt wrote: > > Could be this: > > > > https://github.com/openssl/openssl/pull/1432 > > > That MR has now been merged. > > Jeff - please can you confirm that it resolves the issue for this ticket? No response, so assuming

[openssl-dev] [openssl.org #4646] [1.0.2 stable branch] .\crypto\pem\pvkfmt.c(279): error C2065: 'PEM_R_HEADER_TOO_LONG': undeclared identifier

This should be fixed now. Closing. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4646 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4644] bug: cert verification always examining entire chain

Closing this - "working as designed". Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4644 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4584] Self test failures under X32

On 11/08/16 13:29, Andy Polyakov via RT wrote: >> ( cd test; \ >> SRCTOP=../. \ >> BLDTOP=../. \ >> PERL="perl" \ >> EXE_EXT= \ >> OPENSSL_ENGINES=.././engines \ >> perl .././test/run_tests.pl test_afalg ) >> ../test/recipes/30-test_afalg.t .. >> 1..1 >> ALG_PERR:

Re: [openssl-dev] [openssl.org #4584] Self test failures under X32

On 02/08/16 01:26, noloa...@gmail.com via RT wrote: > On Tue, Jul 19, 2016 at 10:01 AM, Matt Caswell wrote: >> >> >> On 19/07/16 14:41, Richard Levitte via RT wrote: >>> Hi Jeff, >>> >>> I'm going to assume that a newer checkout of the master branch won't change >>> much, so

[openssl-dev] [openssl.org #4572] SSL_set_bio and friends

Closing this ticket. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4572 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4584] Self test failures under X32

On Mon Jul 25 08:49:27 2016, matt wrote: > Ping Jeff? Ping again? Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4584 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4638] Fwd: Missing const EC_KEY *EC_KEY_dup(EC_KEY *src);

Fix for this was merged as 4a9a0d9bcb. Closing. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4638 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4572] SSL_set_bio and friends

On 30/07/16 23:45, David Benjamin via RT wrote: > It is a behavior change, but > one I'm sure will break no one. Unfortunately I don't share your optimism that it won't break any one :-( Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4572 Please log in as guest with

[openssl-dev] [openssl.org #4618] BUG: Crash in do_ssl3_write unless OPENSSL_NO_MULTIBLOCK

On Mon Jul 25 18:36:56 2016, d...@inky.com wrote: > Yes, that appears to fix it. Thanks! Fixed in 58c27c207dd. Closing ticket. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4618 Please log in as guest with password guest if prompted -- openssl-dev mailing list To

[openssl-dev] [openssl.org #4636] Are the point-at-infinity checks in ecp_nistz256 correct?

Ticket submitted by Brian Smith When doing math on short Weierstrass curves like P-256, we have to special case points at infinity. In Jacobian coordinates (X, Y, Z), points at infinity have Z == 0. However, instead of checking for Z == 0, p256-x86-64 instead checks for (X, Y) == (0, 0). In other

[openssl-dev] [openssl.org #4572] SSL_set_bio and friends

On Tue Jun 14 20:30:09 2016, david...@google.com wrote: > I recently made some changes around BoringSSL's SSL_set_bio, etc. > which you > all might be interested in. The BIO management has two weird behaviors > right now: > > 1. The existence of bbio is leaked in the public API when it should be >

[openssl-dev] [openssl.org #4618] BUG: Crash in do_ssl3_write unless OPENSSL_NO_MULTIBLOCK

On Wed Jul 20 19:46:37 2016, d...@inky.com wrote: > OS: Mac OS X 11.11.5 > Version: OpenSSL 1.1-pre6 (head code as of yesterday) > When the server fails under some circumstances, this line reads a bad > address: > /* write the header */ > > *(outbuf[j]++) = type & 0xff; > > Because outbuf is 3.

[openssl-dev] [openssl.org #4584] Self test failures under X32

Ping Jeff? -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4584 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4591] asynctest: double free or corruption on hppa

On Tue Jul 19 16:22:22 2016, k...@roeckx.be wrote: > On Tue, Jul 19, 2016 at 02:12:41PM +0000, Matt Caswell via RT wrote: > > > > Is this still an issue? And if so are you able to provide a backtrace? > > This might be a combination of kernel, glibc and gcc bugs, some of &g

Re: [openssl-dev] [openssl.org #4614] pthread_once and malloc failures

On 19/07/16 16:23, Richard Levitte via RT wrote: > On Mon Jul 11 16:20:29 2016, k...@roeckx.be wrote: >> Hi, >> >> When trying to check what happens if we simulate malloc() >> returning NULL I'm running into a problem that I'm not sure how to >> deal with. >> >> We have CRYPTO_THREAD_run_once(),

[openssl-dev] [openssl.org #4591] asynctest: double free or corruption on hppa

On Mon Jun 27 09:51:21 2016, matt wrote: > > > On 26/06/16 15:44, Kurt Roeckx via RT wrote: > > Hi, > > > > My last upload of openssl to experimental show this on hppa: > > *** Error in `./asynctest': double free or corruption (out): > > 0x007307d8 *** > > ../util/shlib_wrap.sh ./asynctest => 134

Re: [openssl-dev] [openssl.org #4584] Self test failures under X32

On 19/07/16 14:41, Richard Levitte via RT wrote: > Hi Jeff, > > I'm going to assume that a newer checkout of the master branch won't change > much, so if you please, try this command and send mack the result: Who is Mack? ;-) > > make test TESTS='test_afalg test_rehash' Did you mean to

[openssl-dev] [openssl.org #4606] BUG: Windows Startup Code in OpenSSL RAND_poll() Is Ineffective

Closing this ticket - fixed in 1.1.0. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4606 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4589] Resolved: simplifying writing code that is 1.0.x and 1.1.x compatible

On 29/06/16 08:33, Tomas Mraz via RT wrote: > On Út, 2016-06-28 at 22:10 +, Thomas Waldmann via RT wrote: >> On 06/28/2016 11:18 PM, Kurt Roeckx via RT wrote: >>> >>> On Mon, Jun 27, 2016 at 08:50:43PM +, Thomas Waldmann via RT >>> wrote: I didn't ask where to get the missing

Re: [openssl-dev] [openssl.org #4594] openssl s_client issue on windows platform

On 28/06/16 16:18, Oleg Kukartsev via RT wrote: > Guys, > There is an issue with openssl s_client described here: > http://stackoverflow.com/questions/25760596/how-to-terminate-openssl-s-client-after-connection > Basically, it prevents openssl s_client automation on windows platform. > > And a

Re: [openssl-dev] [openssl.org #4591] asynctest: double free or corruption on hppa

On 26/06/16 15:44, Kurt Roeckx via RT wrote: > Hi, > > My last upload of openssl to experimental show this on hppa: > *** Error in `./asynctest': double free or corruption (out): 0x007307d8 *** > ../util/shlib_wrap.sh ./asynctest => 134 > > # Failed test 'running asynctest' > # at

Re: [openssl-dev] [openssl.org #4545] Crash in crypto/rand/md_rand.c

ed by > the same thread. > > It looks like state_index is going outside of the expected range. > > This is possible if one or more threads do >state_index += num_ceil; > > and then another thread reads it before >if ( state_index > state_num ) > state_

[openssl-dev] [openssl.org #4561] BUG: openssl-1.0.2h, evp_enc.c, non-portable bitwise operation

On Mon Jun 13 09:37:59 2016, loic.etie...@qnective.com wrote: > My claim about portability issues was wrong (sorry): The C-standard > ensures that positive values are handled in the two's complement > system, indeed. > > However, inl % block_size == inl & (block_size-1) is true if and only > if

[openssl-dev] [openssl.org #4378] Multiple warnings under OpenBSD 5.7/64-bit

Fixed in latest master. There are a few spurious warning left that I did not fix. They look like cases of the compiler being overly picky IMO. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4378 Please log in as guest with password guest if prompted -- openssl-dev mailing

Re: [openssl-dev] [openssl.org #4545] Crash in crypto/rand/md_rand.c

On 17/06/16 20:56, Matt Caswell via RT wrote: > > > On 17/06/16 19:43, Mick Saxton via RT wrote: >> Perhaps we should consider if there are any negative consequences to my >> solution? >> It does work. >> >> I am trying really hard to get conte

Re: [openssl-dev] [openssl.org #4545] Crash in crypto/rand/md_rand.c

On 17/06/16 19:43, Mick Saxton via RT wrote: > Perhaps we should consider if there are any negative consequences to my > solution? > It does work. > > I am trying really hard to get contention but I am only seeing this problem > in about 1 out of 100,000 successful TLSv1.2 connections > On a

Re: [openssl-dev] [openssl.org #4572] SSL_set_bio and friends

On 14/06/16 21:30, David Benjamin via RT wrote: > For OpenSSL master, I believe it'd also work to add an s->rbio != s->wbio > check to SSL_set_rbio, but I think those are worse semantics for > SSL_set_{rbio,wbio}. They are new APIs, so, before it's too late, give them > clear semantics like

[openssl-dev] [openssl.org #4456] Fedora 1, i386: error: field `next_timeout` has incomplete type

Jeff has confirmed that this issue has been fixed in latest master. Closing this ticket. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4456 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4565] Fatal error: Command failed for target `link_shlib.solaris'

This is fixed in latest master. Closing. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4565 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4526] bug: use of ExitProcess on Windows platforms, 1.0.2g

On Wed Jun 15 17:42:58 2016, rsalz wrote: > OpenSSL_1_0_2-stable 75f9068 RT4526: Call TerminateProcess, not ExitProcess > master 9c1a9cc RT4526: Call TerminateProcess, not ExitProcess > > Author: Rich Salz > Date: Tue Jun 14 16:19:37 2016 -0400 > > RT4526: Call

[openssl-dev] [openssl.org #4038] SSLv2 session reuse is broken on the 1.0.2 branch

On Tue Jun 14 20:42:36 2016, rsalz wrote: > SSLv2 is not supported any more. Uyes it is on the 1.0.2 branch? It is off by default though. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4038 Please log in as guest with password guest if prompted -- openssl-dev

[openssl-dev] [openssl.org #2388] out-of-date comment for renegotiation handling

Fixed in commit e7653f3bab. Closing ticket. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2388 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #597] SSL_set_session() problem (?)

Fixed in commit e70656cf1c. Closing ticket. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=597 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4434] Gentoo 13, x86_64: 4 failed self tests

On Wed Jun 01 22:20:38 2016, matt wrote: > Hi Jeff > > Please could you try the attached patch? Jeff confirmed to me that the patch solved the problem. Pushed as commit 25b9d11c0. Closing ticket. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4434 Please log in as guest

[openssl-dev] [openssl.org #4329] OpenSSL 1.1.0 pre3: internal error in tls_post_process_client_key_exchange during reneg

On Wed Jun 08 16:02:39 2016, matt wrote: > On Tue May 24 13:53:07 2016, steve wrote: > > On Sun Feb 21 13:55:35 2016, rainer.j...@kippdata.de wrote: > > > Running the Apache test suite for Apache 2.4 with OpenSSL 1.1.0 > > > adjustments, I get > > > > > > > Can you please check to see if this

[openssl-dev] [openssl.org #4558] Performance issue with DTLS packet reassembly

On Thu Jun 02 23:24:44 2016, paul.d...@oracle.com wrote: > The DTLS packet reassembly code has a performance problem that could > result in a DoS attack being possible. > > > > The DTLS packet reassembly uses the data structure defined in > ssl/pqueue.c for the purpose (it is the only user of this

[openssl-dev] [openssl.org #4562] Possible bug in OPENSSL_config - ignore input parameter

On Fri Jun 10 13:02:57 2016, z...@ua7.net wrote: > Hello > > Looks like OPENSSL_config have a bug as result users can't set > alternative path to openssl.cnf file. > If you take a look on implementation of void OPENSSL_config(const char > *config_name) it call a > CONF_modules_load_file(NULL,

[openssl-dev] [openssl.org #1051] SSL_CTX_set_default_paths

Fixed in f5de06aae. Closing. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=1051 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3720] Patch for "Increment SSL session miss counter appropriately"

Patch applied - thanks. Closing. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3720 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4561] BUG: openssl-1.0.2h, evp_enc.c, non-portable bitwise operation

On Mon Jun 06 18:26:50 2016, loic.etie...@qnective.com wrote: > crypto/evp/evp_enc.c, EVP_EncryptUpdate > line 337: inl & (ctx->block_mask) > line 367: inl & (bl - 1) /* with bl = ctx->cipher->block_size */ Why do you consider this a problem? Matt -- Ticket here:

[openssl-dev] [openssl.org #4456] Fedora 1, i386: error: field `next_timeout` has incomplete type

On Tue May 31 16:49:23 2016, rsalz wrote: > Re-Ping Jeff to take a look and see if things are fixed now. Ping Jeff. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4456 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4479] OS X 10.8 (x86_64): Compile errors when using "no-asm -ansi"

Status as per ticket 4480. Closing this ticket. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4479 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4480] Ubuntu 14 (x86_64): Compile errors and warnings when using "no-asm -ansi"

I applied the original roll up patch. I wasn't keen on adding all the __STRICT_ANSI__ ifdefs from the later patch. That seems excessive to me for little benefit - we are generally trying to reduce the ifdef code as much as possible. I also didn't add the __WORDSIZE bit. I believe that symbol is an

[openssl-dev] [openssl.org #4434] Gentoo 13, x86_64: 4 failed self tests

On Wed Jun 01 22:20:38 2016, matt wrote: > Hi Jeff > > Please could you try the attached patch? Any update on this? Thanks Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4434 Please log in as guest with password guest if prompted -- openssl-dev mailing list To

[openssl-dev] [openssl.org #4329] OpenSSL 1.1.0 pre3: internal error in tls_post_process_client_key_exchange during reneg

On Tue May 24 13:53:07 2016, steve wrote: > On Sun Feb 21 13:55:35 2016, rainer.j...@kippdata.de wrote: > > Running the Apache test suite for Apache 2.4 with OpenSSL 1.1.0 > > adjustments, I get > > > > Can you please check to see if this issue is still present in the latest > OpenSSL 1.1.0? Hi

[openssl-dev] [openssl.org #4395] OpenSSL doesn't reject out-of-context empty records

On Mon Mar 07 22:27:23 2016, david...@google.com wrote: > ssl3_get_record silently discards empty records without much context, > which > means OpenSSL will happily accept, e.g., empty app data records > mid-handshake or empty records of bogus type. They get silently > discarded > and never

[openssl-dev] [openssl.org #4501] bug in BN_mod_word

On Thu Apr 07 11:44:09 2016, peter.chernys...@gmail.com wrote: > Hello! > BN part program > > BN_ULONG BN_mod_word (const BIGNUM * a, BN_ULONG w); > > does not work properly on 64-bit machine with some w> 2 ^ 32, although > declared as BN_ULONG (64 bits). Fixed in commit e82fd1b4 (1.0.2) and

[openssl-dev] [openssl.org #4496] [PATCH] ssl_cert: use the recommended minimum hash from RFC 5480 for EC

On Sat Apr 02 14:05:50 2016, sebast...@breakpoint.cc wrote: > A TLS1.2 connetion with openssl server and gnutls-cli using a > SECP384R1 > key ends up with SHA256 as the hash algorithm for signing the key > exchange. > This is because gnutls sends the hash algorithms from weak to strong > and by

[openssl-dev] [openssl.org #3198] [PATCH] Fix missing NULL pointer checks and memory leaks in crypto/asn1 files

The last patches from this have now been applied so closing this ticket. Thanks! Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3198 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4434] Gentoo 13, x86_64: 4 failed self tests

Hi Jeff Please could you try the attached patch? Thanks Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4434 Please log in as guest with password guest if prompted >From 199bf71fb68a26a9d7ff52af7233bd0b52d0f824 Mon Sep 17 00:00:00 2001 From: Matt Caswell

[openssl-dev] [openssl.org #4244] dhparam -check should

dhparam will never generate parameters that fail DH_check(). It would be an internal error if it did. I added a sanity check anyway and also brought the documentation up to date. Commit eeb21772e. Closing this ticket. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4244

[openssl-dev] [openssl.org #4379] "arch/async_posix.h:67:24: error: ucontext.h: No such file or directory" under OpenBSD 5.7/64-bit

On Wed Jun 01 09:17:18 2016, noloa...@gmail.com wrote: > > Please could you try the attached patch? > > It tested OK. 'make test' executed without any problems. Ship it and > close the ticket. Pushed in commit e51329d38. Closing ticket. Thanks Matt -- Ticket here:

[openssl-dev] [openssl.org #4149] [PATCH] ssl_set_pkey() unnecessarily updates certificates

Steve fixed this via commit f72f00d495. Closing. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4149 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4189] PR #512: Clean up Windows RNG

On Mon Dec 21 11:07:24 2015, dra...@dancingdragon.be wrote: > https://github.com/openssl/openssl/pull/512 > > This PR removes all of the dangerous Windows entropy gathering routines > in favor of standard CryptGenRandom calls, as was discussed in the > "Improving OpenSSL default RNG" thread on

[openssl-dev] [openssl.org #4255] OpenSSL-1.1.0-pre2 failures using MinGW-W64

On Tue May 10 12:36:40 2016, matt wrote: > Re-opening. OP reports there are still issues with "make test" hanging. The "make test" hang issue on mingw should now be resolved in the head of master. Unfortunately there is now a completely different issue preventing compilation for mingw :-( That is

Re: [openssl-dev] [openssl.org #4545] Crash in crypto/rand/md_rand.c

On 27/05/16 11:07, Mick Saxton via RT wrote: > Hi Matt > > The test program runs against our major new development so I cannot share it > as is. > > I will try to produce a skeleton version which I could let you have. > > - But that will be end if next week as I am away for a few

[openssl-dev] [openssl.org #4545] Crash in crypto/rand/md_rand.c

On Fri May 20 15:49:49 2016, mi...@1e.com wrote: > Hi > > Before going any further I would like to state that I have only seen > this problem when we have 1 or more concurrent connections. > > Mostly we notice it on Windows but I have seen it on linux (Ubuntu). > > I first noticed it when

[openssl-dev] [openssl.org #2270] CVS HEAD: bugfix for BIO printf() code: floating point does not print + other wrongs in that code path

I applied this patch in part. The code has moved on since this was written and this was from pre-reformat times so I added the changes that were still applicable "manually". See commit 242073bdbc. Also properly implemented the %e and %g format specifiers in commit d6056f085d. Finally I added a

[openssl-dev] [openssl.org #4180] Isses with respect to malloc failures handling.

You don't say what version of OpenSSL you were testing. It seems to be either 1.0.2 or 1.0.1 (not master). Anyway, comments inserted. On Mon Dec 14 13:45:20 2015, skoripe...@juniper.net wrote: > Issue 1) > We could have failed to allocate the ctx->cipher_data in > EVP_CipherInit_ex > >

[openssl-dev] [openssl.org #4501] bug in BN_mod_word

On Thu Apr 07 11:44:09 2016, peter.chernys...@gmail.com wrote: > Добрый день! > программа библиотеки BN_mod_word > BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); > > работает неверно на 64 бит машине при некоторых w>2^32, хотя объявлена как > BN_ULONG (64 бита). > > Петр > > Hello! > BN part

[openssl-dev] [openssl.org #4430] #1852: [BUG] Invalid Proxy Certificates Pass Validation

This ticket was opened in error. The correct ticket that remains open is #1852. Closing,. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4430 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4525] [PATCH] SRP client key computation (PR #1017)

This got merged recently. Closing. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4525 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4537] [PATCH] Fix a NULL dereference in chacha20_poly1305_init_key()

This got merged recently. Closing. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4537 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4379] "arch/async_posix.h:67:24: error: ucontext.h: No such file or directory" under OpenBSD 5.7/64-bit

On Wed May 11 10:24:31 2016, matt wrote: > Hi Jeff > > Please could you try the attached patch? Hi Jeff Were you able to try out the patch? Thanks Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4379 Please log in as guest with password guest if prompted -- openssl-dev

[openssl-dev] [openssl.org #2289] [PATCH 1/3] crypto/hmac: support EVP_MD_CTX_FLAG_ONESHOT and set it properly

No movement on this in 6 years. Doesn't look like this is going to happen. Closing. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2289 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #1878] [PATCH] Fix RSA blinding locking hole

It is unclear whether this is still an issue. The code looks quite a bit different in master and I suspect things have moved on. Given the age of this ticket I think it should be closed and a new one opened if this issue resurfaces. Matt -- Ticket here:

[openssl-dev] [openssl.org #2257] CVS HEAD: [quite probable] bug in ssl3_write: does not indirect through callback like it sibling ssl3_read

Someone already made this change. Closing. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2257 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #1971] [PATCH 09/14] Only test speeds up to 4K packets.

We're not going to do this. Closing. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=1971 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2290] [PATCH 2/3] apps/speed: fix digest speed measurement and add hmac-sha1 test

The code has moved on too much for this patch to be applicable. Closing this. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2290 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #2021] sni bug

The code in this area has changed significantly so it is far from clear whether this report is still relevant. Therefore closing. Please open a new ticket if required. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2021 Please log in as guest with password guest if prompted

[openssl-dev] [openssl.org #2497] [PATCH] Improve RSAOaep Error Handling

Looks like this was independently fixed in the time since this was raised. Closing. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2497 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #1639] BUG in BN_mod_inverse

AFAIK it is valid to call BN_sub() in this way, and looking at the code I can't see any problem with doing so. There is no reproducer of an actual issue in this report, so closing. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=1639 Please log in as guest with password guest

[openssl-dev] [openssl.org #2510] [PATCH] ebcdic issues: Bad time value when issuing openssl x509 -text -in

The supplied patch is not in an acceptable form, and the diff mentioned in the report (sourcename.txt) does not seem to be attached. Given the length of time since this was raised this will no longer apply anyway. Please raise a new ticket if this is still a problem. Matt -- Ticket here:

[openssl-dev] [openssl.org #1747] capi engine and mingw

CAPI can now be build under mingw in master. Closing this ticket. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=1747 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2523] Patch to use standard RFC 5054 constants and behavior for TLS-SRP (OpenSSL 1.0.1)

A lot of the stuff that this is removing already seems to have gone and the patch no longer applies. I suspect that most of this is no longer necessary. If any of it is, please open a new ticket. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2523 Please log in as guest with

[openssl-dev] [openssl.org #2274] SSL demo programs in openssl-1.0.0

Most of the demos have been removed from master, and the other patches no longer apply. Please reopen new issues if any of this is still valid. Closing. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2274 Please log in as guest with password guest if prompted --

[openssl-dev] [openssl.org #2325] memory corruption after libssl is unloaded from memory

This shouldn't be an issue any more with auto-init/auto-deinit in master. Closing this. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2325 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #2036] bug report: TLS session resumption not checking for existence of client finished message

I'm guessing this is no longer an issue due to the time elapsed and I think there have been changes in this area since then (and definitely in master). In any case there is insufficient information in this report to identify the problem. If this is still a problem please open a new ticket.

[openssl-dev] [openssl.org #2530] crypto/dsa/dsa_gen.c::dsa_builtin_paramgen has potential uninitialized seed

Looks like the code has changed since this was raised and this issue has been fixed. Closing. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2530 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #1928] interface bug on Windows 64

Will not fix for 1.1.0...Moving to a later milestone. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=1928 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4394] OpenSSL 1.1.0 state machine can't read handshake headers async

Fixed in 1689e7e6. Also I added a test in d7295cd6d. Thanks Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4394 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4391] [PATCH] Tighten up logic around ChangeCipherSpec.

Patch applied in 1257adecd. Thanks! Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4391 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #1979] Add uClibc support

Reclosing this. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=1979 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4352] Failed test 'Duplicate ClientHello extension' when testing under Clang undefined behavior sanitizer

I can't reproduce this on latest master, so I am assuming it has been fixed. Closing ticket. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4352 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4179] fix a bug in ssl_next_proto_validate (ssl/t1_lib.c) [GitHub PR #506]

The associated github PR was merged so closing this ticket. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4179 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2146] [Fwd: Re: unexpected message during renegotiate attempt]

This issue has been discussed a number of times, but will not be fixed at this time. Closing Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2146 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #2037] GENERAL_NAME IPv6 parsing bug....

I can't reproduce this, and it looks like Steve couldn't either at the time. Closing. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2037 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #1518] [PATCH] Securing private RSA keys

After 9 years looks like there is no support for this patch (and it will not apply now anyway). I'd suggest if anyone does support this then a new patch be submitted via GitHub. Closing this ticket. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=1518 Please log in as guest

[openssl-dev] [openssl.org #1919] Bug in buffer_ctrl in BIO_f_buffer?

This seems to have been fixed at some point. Closing. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=1919 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2363] bug: memory allocated by DH_new() may never be free()ed

This appears to be a usage problem where the library is not being de-inited properly. This should be resolved anyway in 1.1.0 with auto-deinit. Closing ticket. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2363 Please log in as guest with password guest if prompted --

[openssl-dev] [openssl.org #2485] Heap walking in RAND_poll causes deadlock in process on Windows Server 2008 R2 (x64) that uses libCurl, OpenSSL and ADO

Closing this ticket in favour of: https://github.com/openssl/openssl/pull/1079 -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2485 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #2459] ecdsa_method declaration prevents use in implementing a dynamic engine

This has been fixed in 1.1.0. Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2459 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

  1   2   3   4   5   >