Update : Crashes are seen only on MAC OS X and not seen on windows.
Thanks Regards,
-NK
From: Cisco Employee navne...@cisco.commailto:navne...@cisco.com
Reply-To: openssl-dev@openssl.orgmailto:openssl-dev@openssl.org
openssl-dev@openssl.orgmailto:openssl-dev@openssl.org
Date: Tuesday, 10 June
Geoffrey Thorpe ge...@geoffthorpe.com:
So I'm going to propose that we initially put this patch into the
development head only, and defer a decision on whether to cherry-pick it
into stable branches until that testing is in place.
Sure, sounds right. (Will you go ahead and handle the patch?)
Hi,
I have a query for Ca-Cert list.
If at gateway we have configured two CA-certs A1 and A2 both having same
subject and content except time-stamp of generation.
If peer sends Cert matching to A2, gateway tries to validate it with
A1(subject being same and configured first in list) and
You should be using 1.0.1h.
Also, not familiar with MacOS X heap checking, but it looks like heap
corruption, which may or may not be OpenSSL's fault. Probably hard to
diagnose without a test case!
On 10 June 2014 07:25, Navneet Kumar (navneeku) navne...@cisco.com wrote:
Update : Crashes are
- Original Message -
From: Hubert Kario via RT r...@openssl.org
Cc: openssl-dev@openssl.org
Sent: Monday, June 9, 2014 2:12:28 PM
Subject: Re: [openssl.org #3384] Patch: add ECC strings to ciphers(1), point
out difference between DH and ECDH
- Original Message -
From:
- Original Message -
From: Hubert Kario via RT r...@openssl.org
Cc: openssl-dev@openssl.org
Sent: Monday, June 9, 2014 2:12:28 PM
Subject: Re: [openssl.org #3384] Patch: add ECC strings to ciphers(1), point
out difference between DH and ECDH
- Original Message -
From:
On Mon, Jun 09, 2014 at 09:15:15PM +0200, Bodo Moeller wrote:
Geoffrey Thorpe ge...@geoffthorpe.com:
First, you're right, pthreads_locking_callback() is collapsing everything
to a mutex.
I was well aware of this and thought we did this for compatibility reasons
(because I couldn't
Thor, can you quantify what you mean by much more expensive? (And
qualify it - what platform, what operations?)
The way we use the locks, in heavily multi-threaded applications, you can
have a lot of contention with mutexes that wouldn't exist with read/write
locks, because often all threads
Can we imply from this commit that the 1.0.2 release is imminent? If
not, can anyone provide a rough estimate on when 1.0.2 will be released
(1 month, 3 months, 6 months from now)?
On 06/10/2014 10:17 AM, Dr. Stephen Henson wrote:
This is an automated email from the git hooks/post-receive
On Tue, Jun 10, 2014, John Foley wrote:
Can we imply from this commit that the 1.0.2 release is imminent? If
not, can anyone provide a rough estimate on when 1.0.2 will be released
(1 month, 3 months, 6 months from now)?
A 1.0.2-beta2 release will happen shortly (the next day or so). So
Thanks for the guidance, much appreciated.
On 06/10/2014 10:31 AM, Dr. Stephen Henson wrote:
On Tue, Jun 10, 2014, John Foley wrote:
Can we imply from this commit that the 1.0.2 release is imminent? If
not, can anyone provide a rough estimate on when 1.0.2 will be released
(1 month, 3
On Tue, Jun 10, 2014 at 02:33:00PM +0200, Hubert Kario via RT wrote:
Note that I've included also few other simple changes already present in
master that are applicable to either the 1.0.1 or 1.0.2 code base.
The differences between master and 1.0.x which I taken into account while
- Original Message -
From: Viktor Dukhovni openssl-us...@dukhovni.org
To: openssl-dev@openssl.org
Sent: Tuesday, June 10, 2014 4:54:26 PM
Subject: Re: [openssl.org #3384] Patch: add ECC strings to ciphers(1), point
out difference between DH and ECDH
On Tue, Jun 10, 2014 at
- Original Message -
From: Viktor Dukhovni openssl-us...@dukhovni.org
To: openssl-dev@openssl.org
Sent: Tuesday, June 10, 2014 4:54:26 PM
Subject: Re: [openssl.org #3384] Patch: add ECC strings to ciphers(1), point
out difference between DH and ECDH
On Tue, Jun 10, 2014 at
On Tue, Jun 10, 2014 at 12:10:23PM -0400, Hubert Kario wrote:
* aRSA, kRSA and RSA groups behave differently in master and 1.0.x
Which differences did you have in mind specificically for the above?
On second look, there is no difference in behaviour between 1.0.2 and master.
I
Hi Pieter
Can you confirm that this resolves your problem:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=5a0d057e49a6f7b5ee5ff6f8af5ae395abc7b918
Thanks
Matt
__
OpenSSL Project
OpenSSL Support;
I issued the command ms\do_fips (also tried w/ ‘no-ec’ option,) it compiles
for about 5 minutes, and then throws this error…
Creating library tmp32dll\junk.lib and object tmp32dll\junk.exp
fipscanister.lib(rsa_oaep.obj) : error LNK2019: unresolved external symbol
RFC5054 says:
Cipher suites that begin with TLS_SRP_SHA_RSA or TLS_SRP_SHA_DSS
require the server to send a certificate message containing a
certificate with the specified type of public key, and to sign the
server key exchange message using a matching private key.
Cipher suites that do not
On Tue, Jun 10, 2014 at 09:02:18PM +0200, Matt Caswell via RT wrote:
Steve Henson says:
Looks like the SRP cipher decriptions are broken and we need an SSL_aSRP to
do
the same as SSL_aPSK.
Also looks like he already fixed the issue in 1.0.0 and later.
Which is all the branches that have
On 13/12/13 11:54, The default queue via RT wrote:
In attachment you can find 7 patches against git master (generated via git
format-patch) to fix a number of memory leaks (in case of failures) and
missing NULL pointer checks (generally for malloc results) for source files
under
On Tue, Jun 10, 2014 at 09:48:19PM +0200, Jonas Maebe via RT wrote:
On 13/12/13 11:54, The default queue via RT wrote:
In attachment you can find 7 patches against git master (generated via git
format-patch) to fix a number of memory leaks (in case of failures) and
missing NULL pointer
Hi Hubert
Many thanks for your contribution. I have merged all 3 of your pull requests.
Nice work!
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=343e5cf194b7baf244ed24efa4b8e6d9fc5d4921
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4ceddeea6c626a922e1b8f54b6fe1d2b89f8ef90
http://opensslrampage.org/post/88383880093
I don't know if this has in fact been given to the OpenSSL team yet. I
am not jsing, and I am not involved in the OpenBSD audit.
However, this is important. If MD5 passes, but SHA1 fails, then the MAC
verification will pass. This reduces the security
Should have added: I did not include the issue around SRP and aNULL.
I thought this was a bit odd myself, so after a bit of investigation have
decided this is a bug. Raised as #3396
Matt
__
OpenSSL Project
On 10/06/14 21:59, Kurt Roeckx via RT wrote:
On Tue, Jun 10, 2014 at 09:48:19PM +0200, Jonas Maebe via RT wrote:
On 13/12/13 11:54, The default queue via RT wrote:
In attachment you can find 7 patches against git master (generated via git
format-patch) to fix a number of memory leaks (in
http://opensslrampage.org/post/88383880093
The rampager is wrong; see Adam Langley's comments on twitter;
https://twitter.com/agl__/status/476420434095648768
/r$
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rs...@jabber.me; Twitter: RichSalz
On Tue, Jun 10, 2014 at 01:03:17PM -0700, Kyle Hamilton wrote:
http://opensslrampage.org/post/88383880093
I don't know if this has in fact been given to the OpenSSL team yet. I
am not jsing, and I am not involved in the OpenBSD audit.
However, this is important. If MD5 passes, but SHA1
On Tue, Jun 10, 2014 at 10:33:32PM +0200, Kurt Roeckx wrote:
On Tue, Jun 10, 2014 at 01:03:17PM -0700, Kyle Hamilton wrote:
http://opensslrampage.org/post/88383880093
I don't know if this has in fact been given to the OpenSSL team yet. I
am not jsing, and I am not involved in the
Hello
In version openssl-1.0.h
In case of malloc error, the buffer is not tested here
In ssl/d1_both.c
int
dtls1_process_heartbeat(SSL *s)
{
.
/* Allocate memory for the response, size is 1 byte
* message type, plus 2 bytes payload length, plus
On Tue, Jun 10, 2014 at 11:29:02PM +0200, dcrue...@qualitesys.com wrote:
Hello
In version openssl-1.0.h
In case of malloc error, the buffer is not tested here
I think there are already patches available for most of those
issues. See github pull request #131.
Kurt
On 10 June 2014 21:52, Kurt Roeckx k...@roeckx.be wrote:
As far as I can see this is SSLv3 only, and only about the Finish
message.
So it seems that function return the length of the digest, and in
some error cases 0. We'll end up with a wrong value in
(peer_)finish_md_len.
It should then
...
Can you confirm that this resolves your problem:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=5a0d057e49a6f7b5ee5ff6f8af5ae395abc7b918
...
I applied that patch, which corrected the problem on IRIX and didn't
break anything on the other OSes I build on.
Thanks,
Pieter
On Tue, Jun 10, 2014 at 11:35:06PM +0100, Matt Caswell wrote:
On 10 June 2014 21:52, Kurt Roeckx k...@roeckx.be wrote:
As far as I can see this is SSLv3 only, and only about the Finish
message.
So it seems that function return the length of the digest, and in
some error cases 0. We'll
33 matches
Mail list logo
