[openssl-dev] [openssl.org #4558] Performance issue with DTLS packet reassembly

2016-06-02 Thread paul.d...@oracle.com via RT
The DTLS packet reassembly code has a performance problem that could result in a DoS attack being possible. The DTLS packet reassembly uses the data structure defined in ssl/pqueue.c for the purpose (it is the only user of this data structure that I can find). This source file implements a

[openssl-dev] [openssl.org #4556] Unknown: mysterious perl(1) error during [master:8d054a5] installation process

2016-06-02 Thread Richard Levitte via RT
On Thu Jun 02 15:50:31 2016, stef...@sdaoden.eu wrote: > Hello. > > I have never seen something like this: > > Parser.c: loadable library and perl binaries are mismatched (got > handshake key 0xdb00080, needed 0xdb80080) > > This is v5.24 on a Linux system, and it flawless afaik. Are you sure

[openssl-dev] [openssl.org #4555] Enhancement request: allow installation without manuals, but anyway without HTML manuals

2016-06-02 Thread Richard Levitte via RT
On Thu Jun 02 15:50:31 2016, stef...@sdaoden.eu wrote: > Oh yes, please! The 'install' target calls three other targets: install_sw install_ssldirs install_docs So if you simple do 'make install_sw' or 'nmake install_sw', I think you'll get what you want. Closing this ticket. -- Richard

[openssl-dev] [openssl.org #4557] Nit: temporary files left over after [master:8d054a5] installation process

2016-06-02 Thread Steffen Nurpmeso via RT
Yep: -rw--- 1 steffen steffen 1848 Jun 2 14:46 VhXl383LiQ -rw--- 1 steffen steffen 1612 Jun 2 14:46 F1RkvxEZi0 -rw--- 1 steffen steffen 1848 Jun 2 14:46 qg_wML0XIF -rw--- 1 steffen steffen 1848 Jun 2 14:46 4MUN7KIs69 -rw--- 1 steffen steffen 1840 Jun 2

[openssl-dev] [openssl.org #4555] Enhancement request: allow installation without manuals, but anyway without HTML manuals

2016-06-02 Thread Steffen Nurpmeso via RT
Oh yes, please! --steffen -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4555 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4556] Unknown: mysterious perl(1) error during [master:8d054a5] installation process

2016-06-02 Thread Steffen Nurpmeso via RT
Hello. I have never seen something like this: Parser.c: loadable library and perl binaries are mismatched (got handshake key 0xdb00080, needed 0xdb80080) This is v5.24 on a Linux system, and it flawless afaik. Thanks. --steffen -- Ticket here:

Re: [openssl-dev] DTLS retransmission api

2016-06-02 Thread Matt Caswell
On 02/06/16 14:33, Alfred E. Heggestad wrote: > > > On 01/06/16 13:58, Matt Caswell wrote: >> >> >> On 01/06/16 11:15, Alfred E. Heggestad wrote: >>> hi, >>> >>> we are using DTLS from OpenSSL to implement DTLS-SRTP in our >>> product (Wire.com) .. The code and implementation works really well

Re: [openssl-dev] DTLS retransmission api

2016-06-02 Thread Alfred E. Heggestad
On 01/06/16 13:58, Matt Caswell wrote: On 01/06/16 11:15, Alfred E. Heggestad wrote: hi, we are using DTLS from OpenSSL to implement DTLS-SRTP in our product (Wire.com) .. The code and implementation works really well and is very robust. We are using OpenSSL version 1.0.2g since our

[openssl-dev] [openssl.org #4474] Overflow optimizations being taken by GCC

2016-06-02 Thread Stephen Henson via RT
It looks like a lot of these warnings are bogus. For example ct_validation is only ever set to 0 or 1 yet it throws out a warning with if(ct_vlidation) in one place while not warning about a similar expression just above it. I tidied up ocsp_prn.c which avoided the warning in that file: though

Re: [openssl-dev] [openssl.org #4548] s390x build problem

2016-06-02 Thread Andy Polyakov via RT
>>> I'm getting: >>> crypto/chacha/chacha-s390x.S: Assembler messages: >>> crypto/chacha/chacha-s390x.S:7: Error: Unrecognized opcode: `clgije' >>> >>> >>> A full build log is available on: >>> https://buildd.debian.org/status/fetch.php?pkg=openssl=s390x=1.1.0~pre5-1=1464594754 >> >> It's overly

[openssl-dev] [openssl.org #4554] Bug: psk argument of the s_client/s_server command strips leading zero bytes.

2016-06-02 Thread Ian Miller via RT
In s_client.c (function psk_client_db), the "-psk" value is converted from hexadecimal to binary by converting to a BN using BN_hex2bn() [line 285] and then from BN to binary using BN_bn2bin [line 301]. This means that it is not possible to input a key where the first byte is zero. e.g. If the

Re: [openssl-dev] Null Ciphers in FIPS mode

2016-06-02 Thread Dr. Stephen Henson
On Wed, Jun 01, 2016, Mody, Darshan (Darshan) wrote: > > Does Openssl allows NULL ciphers when we put openssl in FIPS mode? > If you mean NULL ciphersuites then yes though they're not enabled by default just like non-FIPS mode. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer.

Re: [openssl-dev] 1.1 release being delayed

2016-06-02 Thread Nikhil Agarwal
When it is expected to release now? Regards Nikhil -Original Message- From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of Salz, Rich Sent: Monday, May 23, 2016 6:46 PM To: openssl-dev@openssl.org; openssl-us...@openssl.org Subject: [openssl-dev] 1.1 release being