[openssl.org #3046] bug report, openssl 1.0.1e sha1 hash generation
The two echo commands are different values (being different actual echo programs) and hence have different digests. As a user: macbuild:~ tjh$ echo -n 12345 | od -x 000 3231 3433 0035 005 As root: echo -n 12345 | od -x 000 6e2d 3120 3332 3534 000a 011 The root echo is one that does not support the -n option: macbuild:~ root# echo -n 12345 -n 12345 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
FIPS Library, Components, Object Module, Library with Android Application Development - AgileInfoways.com
*FIPS Library and Android* This document will provide instructions for building the OpenSSL FIPS Object Module and OpenSSL FIPS Capable library for Android devices. The FIPS Object Module provides validated cryptography, and the FIPS Capable Library uses the validated cryptography. As an OpenSSL developer, you will use the library the same as in the past – except you must call FIPS_mode_set to enter FIPS mode and engage the validated cryptography. The FIPS Object Module, fipscanister.o, is a sequestered container of object code and data built from source code. The sources, object code and data are strictly controlled by the OpenSSL FIPS 140-2 Security Policy. No changes can be made to the procedure for building the FIPS Object Module, and no changes can be made to the sources. If you need to make changes to the FIPS Object Module, you will need to engage the OpenSSL Foundation for a separate validation. The FIPS Capable Library is comprised of libcrypto and libssl. They are the same libraries you have been using for years. The FIPS Capable Library is tolerant of changes to procedures and source code. You are allowed to modify them within reason, as long as the changes do not adversely affect the FIPS Object Module. This guide is intended to be informative and easy to use. In case of discrepancies between this document and the OpenSSL FIPS Security Policy, the Security Policy will prevail. You can download the Security Policy from http://www.openssl.org/docs/fips/. The instructions that follow depend upon a properly configured Android NDK and SDK. The NDK is used to compile programs and link the OpenSSL library; while SDK tools are used to push programs to a device. Be sure ANDROID_NDK_ROOT and ANDROID_SDK_ROOT are set properly, and the SDK's tools and platform-tools are available. Prepare the OpenSSL Sources # From the 'root' directory $ rm -rf openssl-fips-2.0.5/ $ rm -rf openssl-1.0.1e/ $ tar xzf openssl-fips-2.0.5.tar.gz $ tar xzf openssl-1.0.1e.tar.gz $ chmod a+x setenv-android.sh *Build the FIPS Object Module* # From the 'root' directory $ . ./setenv-android.sh $ cd openssl-fips-2.0.5/ $ ./config $ make $ sudo make install # Execute after install $ sudo -E cp $FIPS_SIG /usr/local/ssl/fips-2.0/bin $ sudo -E mv /usr/local/ssl/fips-2.0/ /usr/local/ssl/$ANDROID_API [edit] Build the FIPS Capable Library # From the 'root' directory $ . ./setenv-android.sh $ cd openssl-1.0.1e/ $ perl -pi -e 's/install: all install_docs install_sw/install: install_docs install_sw/g' Makefile.org $ ./config fips shared -no-ssl2 -no-ssl3 -no-comp -no-hw -no-engine --openssldir=/usr/local/ssl/$ANDROID_API \ --with-fipsdir=/usr/local/ssl/$ANDROID_API --with-fipslibdir=/usr/local/ssl/$ANDROID_API/lib/ $ make depend $ make all $ sudo -E make install CC=$ANDROID_TOOLCHAIN/arm-linux-androideabi-gcc RANLIB=$ANDROID_TOOLCHAIN/arm-linux-androideabi-ranlib *OpenSSL FIPS Components* While the Executive Summary provided the whirlwind instructions for building and installing the OpenSSL library, this sections provides detailed instructions. There are six steps to building the FIPS Object Module and FIPS Capable Library for use in various projects, and they are listed below__ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3039] Can't Compile openssl-fips-1.1.2: collect2: ld returned 1 exit status
On Fri May 03 19:05:13 2013, burton.sm...@williams.com wrote: Thanks, but after playing with this puzzle for a while I combined the configuration options that were supposed to correct it individually. It worked. Closed as resolved. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #3328] [PATCH] Support for GOST R 34.10-2012 digital signature algorithm
On 28.04.2014 16:49, Andrey Kulikov wrote: Дмитрий, а есть ли у вас планы по внедрению TLS, основанного на новых ГОСТах, в OpenSSL ? Сам собирался занятся этим в начале лета, после отпуска. С вашей помощью, теперь, это совсем тривиально должно получиться. Можно скооперироваться как-нибудь. Если вы, конечно, всё сами не сделаете до этого. :-) I thought it wasn't customary to use Russian on a public mail list ;) Anyhow, indeed the last missing piece of new GOST support is TLS and I have plans to add that with 3rd patch. I believe it should be straight-forward: - add a new key exchange (VKO 34.10-2012) that simply uses HMAC of new hash instead of GOST 34.11-94 - twiddle with registration of new cipher-suites in libssl Any help is welcome, e.g. pull requests for my openssl fork. -- Dmitry Olshansky Systems Engineer Demos llc. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3274] Quoting problem in v1.0.1f
On Tue Mar 04 16:03:58 2014, dominik.stras...@onespin-solutions.com wrote: Hi all, the top level Makefile has a small with quoting when CC has an argument. The attached mini-patch fixes the problem Closing item s resolved as SteveH checked in a fix for this in master, 1.0.1 stable and 1.0.2 stable after the issue was reported. https://github.com/openssl/openssl/commit/24e20db4aa18ff8a6f67ae7faf80cf2b99f8b74a https://github.com/openssl/openssl/commit/19a68574a9d1f59c355385a1b64cbd443bf49e00 https://github.com/openssl/openssl/commit/7f6e09b5316928a9da24d2f695d1885a26dd38ec Thanks, Tim. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #3274] Quoting problem in v1.0.1f
The same for #3232 ? Regards Jan On 29. April 2014 11:24:57 MESZ, Tim Hudson via RT r...@openssl.org wrote: On Tue Mar 04 16:03:58 2014, dominik.stras...@onespin-solutions.com wrote: Hi all, the top level Makefile has a small with quoting when CC has an argument. The attached mini-patch fixes the problem Closing item s resolved as SteveH checked in a fix for this in master, 1.0.1 stable and 1.0.2 stable after the issue was reported. https://github.com/openssl/openssl/commit/24e20db4aa18ff8a6f67ae7faf80cf2b99f8b74a https://github.com/openssl/openssl/commit/19a68574a9d1f59c355385a1b64cbd443bf49e00 https://github.com/openssl/openssl/commit/7f6e09b5316928a9da24d2f695d1885a26dd38ec Thanks, Tim. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org -- Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3232] [PATCH] Makefile.org: Fix usage of CC=gcc -m32
Note: PR#3274 is a duplicate of this issue just closed. Closing this item too as resolved as SteveH checked in a fix for this in master, 1.0.1 stable and 1.0.2 stable after the issue was reported. https://github.com/openssl/openssl/commit/24e20db4aa18ff8a6f67ae7faf80cf2b99f8b74a https://github.com/openssl/openssl/commit/19a68574a9d1f59c355385a1b64cbd443bf49e00 https://github.com/openssl/openssl/commit/7f6e09b5316928a9da24d2f695d1885a26dd38ec Thanks, Tim. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3289] base64 BIO decoding bug - patch supplied + examples
On Wed Apr 02 19:22:14 2014, e...@pobox.com wrote: Fixing one of my own bugs, there since SSLeay days I belive :-) Closing item as resolved. SteveH committed the fix across all branches ... https://github.com/openssl/openssl/commit/10378fb5f4c67270b800e8f7c600cd0548874811 https://github.com/openssl/openssl/commit/bfc3424d1fbaf684c812c03e3c6cb8d38d2d6f1d etc Thanks, __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3309] Bug: Missing critical flag for extended key usage not detected in time-stamp verification
On Wed Apr 16 14:25:34 2014, s...@pdflib.com wrote: Am 15.04.14 20:00, schrieb Stephen Henson via RT: I've just added a fix (and to two other cases in the same file). Let me know of any problems. Closed as resolved. SteveH committed changes across all branches. https://github.com/openssl/openssl/commit/300b9f0b704048f60776881f1d378c74d9c32fbd etc Tim. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3253] Compile issues - Solaris 10
On Mon Feb 03 15:16:14 2014, steve wrote: ... I've just committed a fix. Let me know of any problems. Closed as resolved. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3183] SSL_set_SSL_CTX() should apply more settings from the SSL_CTX being switched to
Leaving issue open. Note: SteveH checked in a partial fix adding in a getter function - SSL_CTX_get_ssl_method https://github.com/openssl/openssl/commit/ba168244a14bbd056e502d7daa04cae4aabe9d0d Tim. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3216] Invalid shell syntax == in test/testssl (only 0.9.8 and 1.0.0)
On Tue Jan 07 09:26:25 2014, rainer.j...@kippdata.de wrote: File test/testssl in branches 0.9.8 and 1.0.0 contains the line if [ $protocol == SSLv3 ] ; then Closed as resolved. SteveH committed fixes. https://github.com/openssl/openssl/commit/080ae6843299c873808c04487d4ccf51624fe618 Tim __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3106] [PATCH] Fix build with OPENSSL_NO_NEXTPROTONEG.
Marking issue as resolved. SteveH checked in fixes. https://github.com/openssl/openssl/commit/2911575c6e790541e495927a60121d7546a66962 Tim. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3172] Duplicated entry in ssl_option_single
Closed as resolved. SteveH committed fix. https://github.com/openssl/openssl/commit/44314cf64d1e51c7493799e77b14ae4e94a4c8cf Tim. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3147] [PATCH 2/2] POD: Fix list termination
Closed as resolved. SteveH committed patch. https://github.com/openssl/openssl/commit/c8919dde09d56f03615a52031964bc9a77b26e90 Tim. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3146] [PATCH 1/2] POD: Fix item numbering
Closed item as resolved. SteveH committed patch. https://github.com/openssl/openssl/commit/ed77017b594754240013c378b4f7c10440c94d7a Tim. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3071] [PATCH] Documentation updates from the wiki
On Fri Jun 07 20:12:54 2013, fr...@baggins.org wrote: This patch is the first submission of what is planned to be a regular series of patches. It represents the collected updates made to the pod documentation published on the openssl wiki: Closed as resolved. Patch was committed. Tim __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2538] Code error - bad condition in s3_srvr.c
On Mon Jun 06 17:23:48 2011, tm...@redhat.com wrote: There is code error in s3_srvr.c function ssl3_get_cert_verify(). The bug was found by Coverity scan. Closing as resolved. Andy committed fix across all branches. https://github.com/openssl/openssl/commit/3b1fb1a0226e29c9d7c79ff7fbde21ef9cac4deb Tim. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2836] [PATCH] Staple the correct OCSP Response when multiple certs are configured
Closing item as resolved. SteveH committed patches across all branches. Tim __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #3033] Bug Report: Make Error: can't encode register '%ch' in an instruction requiring REX prefix.
Yes. On 4/29/14 2:29 AM, Tim Hudson via RT r...@openssl.org wrote: On Wed May 08 14:18:53 2013, davi...@ucmail.uc.edu wrote: Updating to Xcode 4.6 fixed this. Ellen, can we mark this issue as resolved given you have updated to 4.6 - i.e. this is no longer an issue for you? Thanks, Tim. Ellen Davis UCIT Lab/Classroom Tech Svcs P. O. Box 210088 Cincinnati OH 45221-0088 513-556-9013 ellen.da...@uc.edu __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3068] [PATCH] Safari broken ECDHE-ECDSA workaround
On Tue Jun 04 17:53:41 2013, rob.stradl...@comodo.com wrote: The Safari browser on OSX versions 10.8 to 10.8.3 advertises support for several ECDHE-ECDSA ciphers but fails to negotiate them. Closing as resolved. Ben committed fixes across all branches. https://github.com/openssl/openssl/commit/cadbbd51c8b4e66515cd3e97754cfeda606c7b15 Tim. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #3274] Quoting problem in v1.0.1f
The same for #3232 ? Regards Jan On 29. April 2014 11:24:57 MESZ, Tim Hudson via RT r...@openssl.org wrote: On Tue Mar 04 16:03:58 2014, dominik.stras...@onespin-solutions.com wrote: Hi all, the top level Makefile has a small with quoting when CC has an argument. The attached mini-patch fixes the problem Closing item s resolved as SteveH checked in a fix for this in master, 1.0.1 stable and 1.0.2 stable after the issue was reported. https://github.com/openssl/openssl/commit/24e20db4aa18ff8a6f67ae7faf80cf2b99f8b74a https://github.com/openssl/openssl/commit/19a68574a9d1f59c355385a1b64cbd443bf49e00 https://github.com/openssl/openssl/commit/7f6e09b5316928a9da24d2f695d1885a26dd38ec Thanks, Tim. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org -- Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.
[openssl.org #3033] Bug Report: Make Error: can't encode register '%ch' in an instruction requiring REX prefix.
Closing item as resolved. Tim. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3335] Bug s3_srvr.c, SSL_kGOST incomplete (incorrect) decode ASN1 tag length
Hi, Upon receipt GET_CLIENT_KEY_EXCHANGE (after /* Decrypt session key */): 1. Manual decoder ASN.1 tag incomplete; 2. Possible buffer overflow, because inlen don't checked; Affected version: 1.0.0, 1.0.1, 1.0.2 and trunk. Attachment ccgost-asn.140428-lowasn1.patch (1 KiB) change manual decoder to call of ASN1_get_object(). ccgost-asn.140429-lowasn1.patch Description: Binary data -- Sorry for my bests English. Serguei E. Leontiev w:+7(495)939-2382 USSR,Moscow,Universitetskij 13 Sternberg Astronom. w:+7(495)780-4820 USSR,Moscow,127018,Sushchevskij val 16-5 Institute, MSU h:+7(495)318-1146 USSR,Moscow,113303,Kakhovka 6-40 m:+7(916)686-1081 SMS: http://www.mts.ru/sms http://lnfm1.sai.msu.ru/~leo
[openssl.org #695] [PATCH] DSO: dlfcn support for MacOS X
I contacted the original submitter and he said there is unlikely to be any value in this line of enquiry now. He asked me to close the ticket and I'm happy to oblige. -- Geoff Thorpe, RT/openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org