Hi,
I would like the same change as the following PR to be applied to the
OpenSSL FIPS module:
https://github.com/openssl/openssl/pull/342
How should I proceed in this case?
Should I make a pull request for the openssl:OpenSSL-fips-2_0-dev branch?
Thank you,
-- misaki
--
Oracle Solaris
Hi Rick,
Can you run the truss(1) command when you run openssl version as follows?
i.e.
% truss -lf -u libcrypto:: -u libpkcs11:: -o /tmp/truss.out openssl version
The output will tell you more information about the function calls made
by the openssl(1) application.
Thank you,
-- misaki
Hi,
We encountered a segmentation fault in our engine code as
EVP_CIPHER-cleanup() is called before EVP_CIPHER_CTX-cipher_data gets
initialized by EVP_CIPHER-init(). This can be prevented if
EVP_CIPHER_CTX-cipher_data is initialized with 0s after the allocation
in EVP_CipherInit_ex().
On 10/10/14 10:15, Andy Polyakov wrote:
If I press ‘continue’, then also it give segmentation fault. It is not
working normally, it exits with seg fault: saying illegal
instruction.
??? Segmentation fault != illegal instruction. What does exits with seg
fault saying illegal instruction mean?
Thank you, Tim.
2. Error: Null pointer dereference (CWE 476)
Read from null pointer rctx
at line 114 of
components/openssl/openssl-1.0.1/build/sparcv9-wanboot/crypto/ocsp/ocsp_ht.c
in function 'OCSP_REQ_CTX_free'.
Function OCSP_sendreq_new may return constant 'NULL'
Thank you, Tim.
2. Error: Null pointer dereference (CWE 476)
Read from null pointer rctx
at line 114 of
components/openssl/openssl-1.0.1/build/sparcv9-wanboot/crypto/ocsp/ocsp_ht.c
in function 'OCSP_REQ_CTX_free'.
Function OCSP_sendreq_new may return constant
... The SPARC random
instruction was never implemented and never will be implemented.
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=926725b3d7c1528f2dc116a48623c42264188277
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e79d34c24b96943ae653dc93371bcae19021
As
... The SPARC random
instruction was never implemented and never will be implemented.
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=926725b3d7c1528f2dc116a48623c42264188277
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e79d34c24b96943ae653dc93371bcae19021
As
Hi Steve,
Sorry for the late response.
Thank you for looking into the bug.
In our case, EVP_MD_CTX_copy() failure was caused by an application bug.
A child process was trying to use the session from its parent process,
and that caused an issue down in pkcs11 engine.
The application will be
Hi Steve,
Sorry for the late response.
Thank you for looking into the bug.
In our case, EVP_MD_CTX_copy() failure was caused by an application bug.
A child process was trying to use the session from its parent process,
and that caused an issue down in pkcs11 engine.
The application will be
Hi,
We don't have RNG instructions, and calling _sparcv9_random() causes
SIGILL and debug tools (i.e. gdb and mdb) stops when libcrypto.so is
loaded (at _init()).
% mdb `which openssl`
::run
mdb: stop on SIGILL
mdb: target stopped at:
libcrypto.so.1.0.0`_sparcv9_random+4: random%d8
Hello,
We have encountered a Segmentation Fault while trying to send a SSL
packet via Oracle VM agent.
The Segmentation Fault occurred when EVP_MD_CTX_copy() failed in tls1_mac().
tls1_mac() doesn't check the return code of EVP_MD_CTX_copy() and keep
going, which results in Segmentation Fault
Hello,
We have been testing OpenLDAP with the latest OpenSSL 1.0.1e, and we
encountered a segfault issue.
libldap calls CRYPTO_set_locking_callback( tlso_locking_cb) where
tlso_locking_cb is a function pointer in libldap address space.
The problem occurs when libldap gets unloaded while
Thanks for the quick response, Steve.
On 08/03/13 11:27, Dr. Stephen Henson wrote:
On Fri, Aug 02, 2013, Misaki.Miyashita wrote:
Hello,
We have a server where its ServerCert is signed by an
intermediateCA, which is signed by a RootCA.
Currently, OpenSSL seems to require RootCA
Try commenting out the next line:
if (sk_X509_num(ctx-chain) == 1)
The following code block checks for an exact match of the EE certificate, but
it is currently only performed if there is only one certificate in the chain.
Commenting out that lnie means it tries to match
Hello,
We have a server where its ServerCert is signed by an intermediateCA,
which is signed by a RootCA.
Currently, OpenSSL seems to require RootCA cert to be installed (in the
certs dir) in order to connect to the server.
We would like a feature where the leaf certificate (ServerCert) can be
Hi
We've been testing OpenSSL 1.0.2 AES-CBC, and we encountered a seg fault
when the input length is less than a block size.
Looking at e_aes.c, aes_cbc_cipher() doesn't have the length check seen
in aes_ecb_cipher().
I patched aes_cbc_cipher() as follows, and that seems to fix the seg
fault
Hi Andy,
Thank you so much for looking into the issue with Ferenc!
I'll incorporate the change into Solaris to verify the 20-30%
performance improvement.
The conservative approach sounds like the best approach at this point.
Once the performance improvement is verified, can you commit the
Hi Andy,
The measurement I sent yesterday for OpenSSL (with inlined T4
instruction support) was not quite accurate.
Some of the T4 specific code you committed was not enabled when we
tested, and I realized that__sparc__ was not defined on our system.
Thus, I changed #if defined(__sparc__) to
Hi Andy,
On 05/30/13 15:08, Ferenc Rakoczi wrote:
Hi, Andy,
Andy Polyakov wrote:
First of all, RSA512 is essentially irrelevant and no attempt was
made to optimize it. So let's just disregard RSA512 results (I have
even removed them from above quoted part). Secondly note that our RSA
20 matches
Mail list logo