Re: [openssl-dev] [openssl-team] Discussion: design issue: async and -lpthread

2015-12-07 Thread Florian Weimer
On 11/25/2015 06:48 PM, Kurt Roeckx wrote: > On Wed, Nov 25, 2015 at 01:02:29PM +0100, Florian Weimer wrote: >> On 11/23/2015 11:08 PM, Kurt Roeckx wrote: >> >>> I think that we currently don't do any compile / link test to >>> detect features but that we instead explicitly say so for each >>>

[openssl-dev] [openssl.org #4172] SRP VBASE stuff still leaking memory

2015-12-07 Thread Michel via RT
Hi, Following my previous mail, here attached is an updated patch against 1.02e to fix the SRP VBASE memory leaks. I understand the VBASE stuff is not a TLS critical component, but it is part of the SRP command line tool. NB : it's a pity that the base64 encoding is not the same than the one use

[openssl-dev] [openssl.org #4174] Support the TLS Feature (aka Must Staple) X.509v3 extension (RFC7633)

2015-12-07 Thread Rob Stradling via RT
https://github.com/openssl/openssl/pull/495 -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online ___ openssl-bugs-mod mailing list openssl-bugs-...@openssl.org

[openssl-dev] [openssl.org #4173] help to check whether handshake negociates SRP or PSK ciphersuite

2015-12-07 Thread Michel via RT
Hi, I believe it would be nice to have an efficient way to check if handshake results in a SRP or PSK ciphersuite. As I do not like to trick with OpenSSL internal structures, I suggest to add the following to ssl_ciph.c : int SSL_CIPHER_is_PSK(const SSL_CIPHER *c) { if (c != NULL &&

[openssl-dev] [openssl.org #4171] Compile failure on OS X 10.7 clang with OpenSSL 1.0.2e

2015-12-07 Thread Paul Kehrer via RT
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=301a6dcd4590fb2f69d08259577e215b4cc3caa3#patch5 added a check to see if it should use the ADDX instructions based on the clang version. Unfortunately, on older versions of clang on OS X this check incorrectly returns true and

[openssl-dev] Need CVE-2015-3193 impact explained

2015-12-07 Thread Leif Thuresson
The description of CVE-2015-3193 in 2015-12-04 security advisory states that EC algorithms are not affected, but attacks against DH are considered feasible. Not being a cryptographer that leaves me a bit confused. Are applications supporting cipher suites with ECDHE- variants vulnerable?

Re: [openssl-dev] Need CVE-2015-3193 impact explained

2015-12-07 Thread Andy Polyakov
> The description of CVE-2015-3193 in 2015-12-04 security advisory > states that EC algorithms are not affected, but attacks against DH are > considered feasible. > Not being a cryptographer that leaves me a bit confused. > Are applications supporting cipher suites with ECDHE- variants vulnerable?

Re: [openssl-dev] Need CVE-2015-3193 impact explained

2015-12-07 Thread Viktor Dukhovni
On Mon, Dec 07, 2015 at 10:53:15AM +0100, Leif Thuresson wrote: > The description of CVE-2015-3193 in 2015-12-04 security advisory > states that EC algorithms are not affected, but attacks against DH are > considered feasible. DH as distinct from ECDH. The issue affects modular exponentiation

Re: [openssl-dev] Need CVE-2015-3193 impact explained

2015-12-07 Thread Leif Thuresson
On 2015-12-07 10:59, Viktor Dukhovni wrote: On Mon, Dec 07, 2015 at 10:53:15AM +0100, Leif Thuresson wrote: The description of CVE-2015-3193 in 2015-12-04 security advisory states that EC algorithms are not affected, but attacks against DH are considered feasible. DH as distinct from ECDH.

Re: [openssl-dev] [openssl.org #4170] Illegal instruction in sha1-586.asm when building for win32 using Visual Studio 2015

2015-12-07 Thread Andy Polyakov via RT
> When building openss-1.0.2e for win32 using Visual Studio 2015 I get error > in the assembler code: > > ml /nologo /Cp /coff /c /Cx /Zi /Fotmp32dll\sha1-586.obj > tmp32dll\sha1-586.asm > Assembling: tmp32dll\sha1-586.asm > tmp32dll\sha1-586.asm(1432) : error A2070:invalid instruction

Re: [openssl-dev] [openssl-team] Discussion: design issue: async and -lpthread

2015-12-07 Thread Nico Williams
On Mon, Dec 07, 2015 at 02:41:35PM +0100, Florian Weimer wrote: > On 11/25/2015 06:48 PM, Kurt Roeckx wrote: > > Please note that we use C, not C++. But C11 has the same atomics > > extentions as C++11. > > C++11 support is much more widespread than C11 support. You will have > trouble finding

Re: [openssl-dev] [openssl-team] Discussion: design issue: async and -lpthread

2015-12-07 Thread Nico Williams
Maybe http://trac.mpich.org/projects/openpa/ would fit the bill? ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev