Hi
I have encountered a problem whilst building the HTML documentation. All
appears to build successfully, however when I view the file
crypto/crypto.html and click on the link dsa, this takes me to
apps/dsa.html instead of the expected crypto/dsa.html.
Interestingly the documentation on
Hello
The openssl EC library is a fantastic resource which provides an
extensive set of functions for performing work with elliptic curves.
Unfortunately the documentation available is somewhat minimalistic.
The documentation is not in the standard openssl pod format (it is
instead in doxygen
Hello
When using OpenSSL-1.0.1e-fips a call to PEM_write_bio_PrivateKey
silently fails and produces a corrupt pem file when using an
EVP_PKEY_EC key and a binary curve. The same function works fine when
not using a FIPS capable OpenSSL. I suspect the same problem will
affect any ASN.1 routines
On 4 June 2013 13:49, Adam Langley via RT r...@openssl.org wrote:
This change saves several EC routines from crashing when an EC_KEY is
missing a public key. The public key is optional in the EC private key
format and, without this patch, running the following through `openssl
ec` causes a
Hello
The attached patch fixes an issue identified during a discussion on
the users list here:
http://openssl.6102.n7.nabble.com/Problem-with-DSA-signing-verification-td47553.html
If the verification of a DSA signature fails then an error is added to
the OpenSSL error stack erroneously - no
Fixed in this commit:
https://github.com/openssl/openssl/commit/23f5908ac753b176af2a0690e0ebb53c95ef192b
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Fixed in this commit:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a141effa7b2c731fe6e099334be5ded050f965ea
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Fixed in commit:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=e5676b8328a486565fc3c7f408a40beb4d47cd08
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List
This patch looks like a bit of a kludge to me. Release a buffer only to then
immediately set it up again. Compare with this commit on master:
https://github.com/openssl/openssl/commit/3ef477c69f2fd39549123d7b0b869029b46cf989
I think a backport of this might be more appropriate.
Matt
Resolved in this commit:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=16ba70746b3bd9d1bd17cf7135c00ff1e47dfcfe
Also, simiilar commits in 1.0.2, 1.0.1 and 1.0.0 branches.
Many thanks for your contribution.
Matt
__
Closing this ticket as per Steve's comments.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
This patch changes the output of pkg-config --libs libssl from:
-L/usr/local/ssl/lib -lssl -lcrypto
to:
-L/usr/local/ssl/lib -lssl
Arguably this is the strictly correct approach. However in practice I suspect
many build scripts will rely on this behaviour and break as a result of this
change. I'm
As per comments in PR#3332
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
As per comments by Viktor on the dev list, this is by design:
On 27 April 2014 17:10, Viktor Dukhovni openssl-us...@dukhovni.org wrote:
On Sun, Apr 27, 2014 at 01:04:13PM +0200, sch_m via RT wrote:
I was playing around with openssl and found a minor bug which
makes possible to put the end date
This ticket has been reopened. Given the current discussion on this topic, I
will leave this for a week to give people some time to air their views, and
then I will revisit the decision.
__
OpenSSL Project
Setting this ticket as resolved:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8bbfd94e36559ceb7187d4d8a63e950713b93e0d
Above for master branch. Similar commits for 1.0.2, and 1.0.1 (the first branch
with SRP support).
Matt
Hi David
Many thanks for your report. I can confirm that I have recreated your results,
and have applied the following fix:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2d2e0479eb758dddb4b5236aa6e3288f2682b279
Similar commits have been applied to the 1.0.2, 1.0.1 and 1.0.0 branches.
Thanks Tim. Patch applied
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b6e69d284b79097d0d9e39996cbe59eae6bb36e2
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8e94fadd0b79491714401d89b338db27211b9819
Similar commits on 1.0.2, 1.0.1 and 1.0.0 branches.
This also fixes
On 12 May 2014 11:36, Ajit Menon via RT r...@openssl.org wrote:
I think this is the right change. However, I see that there is another
len-tot in the following conditional block
#if !defined(OPENSSL_NO_MULTIBLOCK) EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
This is within the same function. I wonder
Nice catch - thanks!
I've committed Kurt's revised patch to all appropriate branches.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List
I promised to look at this again after a week. Including myself and Mike I have
had 5 people express an opinion on this (one of those privately to me).
Of those:
3 have spoken in favour of the patch
2 have spoken in favour of the status quo
My concern was that this fix might break existing
Committed:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ab6577a46ecee670b640f0ee49e2ebef80ad18a7
Thanks for your contribution.
Matt
__
OpenSSL Project http://www.openssl.org
Committed:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=18c4f522f49eb54a61bada6d39a8b137b6751f01
Thanks for your contribution,
Matt
__
OpenSSL Project http://www.openssl.org
Development
Committed:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2af071c0bc3f5573574ccf8927dbf60f47c81df5
Thanks for your contribution,
Matt
__
OpenSSL Project http://www.openssl.org
Development
Hi Jeff
Hmmm, I cannot reproduce this. Using the attached as a test case I see the
following output (i.e. no crashes):
Test one
Return code 0
Test two
NULL 1 (0x1)
Return code 1
Test three
Return code 0
Test four
1 (0x1)
Return code 1
The NULL bio should be checked ultimately in BIO_write
Closing this ticket. Problem was with ubuntu package.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
Hi Jeff
Do you have an update on this, as per my last message?
Thanks
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
This is a pretty cool patch!
Martin sent me some instructions on how to get this working with wireshark,
which I have reproduced for reference at the end. This worked for me using
Wireshark 1.10.6
With regards to the patch itself, it is the idiom of many of the OpenSSL
command line apps to take
I've discussed this one with Steve who tells me that this is a known bug. The
current fix is to not have expired certificates in the trust store.
It can be fixed but it has some complex consequences which need to be explored.
Probably needs revision of the verification algorithm which is
Steve has committed the following fixes:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6f719f063cff50cc2f2f25fa55c0d2384eea08fb
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=558c94efc00ce15a9fcc9370598d8841392ff0f3
Closing this ticket.
Matt
Hi Luiz
Thanks for the patch. I've reviewed it and it looks good. With regards to your
comments around X509_V_ERR_PERMITTED_VIOLATION vs
X509_V_ERR_UNSUPPORTED_NAME_SYNTAX, I think you did it right.
Therefore:
Hi Martin
Thanks for your contribution. I have applied your updated patch:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=189ae368d91d2c9de5ed1fa21e993f5c83fc4445
Matt
__
OpenSSL Project
Patch applied:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c5f0b9bd8650a92eac1ef2fa28c726bbbc272904
Thanks for your contribution.
Matt
__
OpenSSL Project http://www.openssl.org
Fixed.
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=955376fde3c60999b27deeebb41d82ad17dca3da
Thanks for the report.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing
Fixed:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=15658d0cbf51ae32f7c9d0d3dc1eac36e220a167
Thanks for the report.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing
Thanks for the feedback. I have changed tack slightly:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=3d9243f1b614640f3dcbba0d7de89f363581e8e0
I think this is a better approach anyway, and resolves your issue with trailing
data after the END marker.
Matt
Dmitry has confirmed that this is not a defect, so closing this ticket.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Dmitry has confirmed that this is not a defect, so closing this ticket.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Patch applied:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=028bac0670c167f154438742eb4d0fbed73df209
Many thanks for your contribution.
Matt
__
OpenSSL Project http://www.openssl.org
Hi Libor
Many thanks for your submission. Please could your resubmit this with a
separate ticket for each item?
Having a single ticket for multiple issues makes it quite difficult for us to
track and manage - they may not all be reviewed at the same time, or by the
same person.
Thanks
Matt
Hi Hubert
The title for this request is slightly misleading as this was actually 3
commits only one of which was regards to an example in ciphers(1).
Taking the 3 commits in turn:
fix example with DH cipher suites:
I don't agree that the man page implies anything about anonymous ECDH when it
Steve Henson has comitted this here:
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4fdf917
Thanks
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Hi David
Patch applied:
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d1e1aee
Many thanks for your contribution.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing
On Thu May 29 08:28:24 2014, noloa...@gmail.com wrote:
Matt -
I have not forgot about this I can't find the machine I wrote the
code on (my place probably looks a lot like your place - different
computers and laptops with different OSes all over the place).
My place does look a bit like
This pull request appears to be closed. Is this ticket still valid?
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated
Patch applied:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8e3231642b89332fa56ed2b6f501e28722e2048e
Thanks for your contribution.
Matt
__
OpenSSL Project http://www.openssl.org
Hi Lubu
Thanks for your submission. However this is intentional and won't be changed.
Closing this ticket.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List
On Thu Jun 05 20:40:49 2014, rainer.j...@kippdata.de wrote:
File ssl/s3_pkt.c uses INT_MAX since May 19th. This macro is defined in
limits.h which is not included in s3_pkt.c.
+#include limits.h
#include stdio.h
#include limits.h
Hmmmlook two lines down from where you've added an
On 05/06/14 20:08, Rainer Jung wrote: One correction to self: no problem for
1.0.1, which had been fixed in
commit 8ca7d124304502158fba780eed293c4e3c5c1c71 Fixed Windows
compilation failure.
But 1.0.0 and 0.9.8 lack tha addition.
I have back ported the commit to 1.0.0 and 0.9.8
Matt
Hi Mike
On Sun Apr 27 13:04:20 2014, vap...@gentoo.org wrote:
It's a standard setting that other build systems use.
Can you explain why you need this?
@@ -217,6 +217,7 @@ BUILDENV= PLATFORM='$(PLATFORM)'
PROCESSOR='$(PROCESSOR)' \
MAKEDEPEND='{TOP}/util/domd {TOP} -MD
On Thu Jun 05 20:41:05 2014, k...@roeckx.be wrote:
This is probably related to me not exporting those symbols as they are
marked local.
Kurt
Is this related to the way you build the Debian packages? We are likely to see
a lot more like this as Mike's test team get going. In unit testing its
On Thu Jun 05 23:42:31 2014, k...@roeckx.be wrote:
We are likely to see
a lot more like this as Mike's test team get going. In unit testing
its okay
to access internal symbols.
But then you shouldn't link to the shared library. The static
library probably works.
Any chance you can
Patch merged:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7be1d8764d30d2f04696d7f834df349bc4bffd73
Thanks for the contribution
Matt
__
OpenSSL Project http://www.openssl.org
Hi Quanah
Thanks for the submission. The problem with correcting this is that technically
it forms part of the public API (since the macro is defined in asn1.h). I guess
there's probably not a huge risk in changing it, as I can't imagine there's too
many people relying on that define being there,
Hi Hubert
Nice patch!
A couple of comments:
* aNULL also includes some SRP based ciphersuites
SRP-AES-256-CBC-SHA SSLv3 Kx=SRP Au=None Enc=AES(256) Mac=SHA1
SRP-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=None Enc=3DES(168) Mac=SHA1
SRP-AES-128-CBC-SHA SSLv3 Kx=SRP Au=None Enc=AES(128) Mac=SHA1
* The
Merged.
Thanks for your contribution.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
Hi Pieter
Can you confirm that this resolves your problem:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=5a0d057e49a6f7b5ee5ff6f8af5ae395abc7b918
Thanks
Matt
__
OpenSSL Project
RFC5054 says:
Cipher suites that begin with TLS_SRP_SHA_RSA or TLS_SRP_SHA_DSS
require the server to send a certificate message containing a
certificate with the specified type of public key, and to sign the
server key exchange message using a matching private key.
Cipher suites that do not
Hi Hubert
Many thanks for your contribution. I have merged all 3 of your pull requests.
Nice work!
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=343e5cf194b7baf244ed24efa4b8e6d9fc5d4921
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4ceddeea6c626a922e1b8f54b6fe1d2b89f8ef90
Should have added: I did not include the issue around SRP and aNULL.
I thought this was a bit odd myself, so after a bit of investigation have
decided this is a bug. Raised as #3396
Matt
__
OpenSSL Project
Closing this ticket. Patch has been reported as working.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List
Steve H has fixed this through this commit:
https://github.com/openssl/openssl/commit/447280ca7babd7532f23ab7afd9e8393f0b07fc0
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing
Fixed.
I have made the following commit to master and 1.0.2:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d84ba7ea23b386f3fe56c4fe7a7aa8ece2e0c356
And this one to 1.0.0 and 0.9.8:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d663f506dc43752b64db58e9169e2e200b3b4be6
Many
This version number refers to the ABI version of the library.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List
Patch applied:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=abfb989fe0b749ad61f1aa4cdb0ea4f952fc13e0
Many thanks for your contribution.
Matt
__
OpenSSL Project http://www.openssl.org
To be honest I'm not too sure what the policy here is, but I think we generally
don't update copyright messages unless some significant change is made. There
are a lot of files in the OpenSSL source code with these dates inI'd rather
not go through each one individually fixing them!
Matt
Merged:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8a6c6bbf21cc11ea0fed69a106250af0d734d786
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96fc4b72506c1573fd80cfc1d2e5ca4d3d0c2b3f
On Sun Jun 22 20:00:14 2014, k...@x64architecture.com wrote:
Hello,
Sorry about this whole mess, the issue was discovered and fixed by the
OpenBSD team. I reply'd to the original person who discovered my
mistake of not attributing the OpenBSD team instead of to this list (I
thought I reply'd
Applied. Thanks for your contribution.
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6e6ba36d980f67b6e5c7b139f78da7acbbf8ec76
Matt
__
OpenSSL Project http://www.openssl.org
Development
Closing this as a dupe of #3198
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
I can confirm that CVE-2014-0198 is fixed in OpenSSL-1.0.1h.
Setting this ticket to resolved.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List
I've done some digging on this and its kind of interesting.
What is happening is that the code is calling the BN_consttime_swap function.
This takes a condition variable and two BIGNUMs a and b, and swaps the value of
a and b over if the condition is set. Inside a BIGNUM structure there is a
Thanks Jeff:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=75b7606881b08a892f487629cc30e63dff1800cb
Applied to master, 1.0.2 and 1.0.1. I don't believe 1.0.0 has AES-NI support
(?) so haven't applied it to that branch.
Matt
Please raise this issue on the openssl-users list - this is preferred way of
raising support questions.
If there is a definite bug then please re-raise a ticket in RT. Closing this
ticket for now.
Matt
__
OpenSSL Project
Please raise this issue on the openssl-users list - this is the preferred way of
raising support questions.
If there is a definite bug then please re-raise a ticket in RT. Closing this
ticket for now.
Matt
__
OpenSSL Project
Copying Kurt Roeckx response to this below (which only went to the openssl-dev
list, and not to RT).
Based on Kurt's response I am closing this ticket for now. Please re-open by
responding to this email if you still think this is a defect.
Matt
On Sun, Jul 06, 2014 at 10:18:29AM +0200,
Emilia is looking at this - assigning this ticket to her.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List
Fixed:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=66816c53bea0ecddb9448da7ea9a51a334496127
I think you meant it should be done like this:
if ((a-method != NULL) (a-method-destroy != NULL))
a-method-destroy(a);
This has been lurking there since SSLeay. In practice I don't think it
Running the applications in this way is not supported. Closing this ticket.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
On Wed Jul 09 16:24:04 2014, lull...@yahoo.com wrote:
Hi,
openssl enc command with -aes-xxx-xts doesnt work if an IV is specified
When you say it doesn't work, what do you mean? Do you get an error? If so
what is it?
as below:
openssl enc -engine af_alg -aes-256-xts -in plaintext_file
On Thu Jul 10 11:26:46 2014, bcha...@akamai.com wrote:
Hello,
I have been looking at the OpenSSL source code, and this jumped out as a
possible error. 'n¹ is an unsigned before it is passed into ssl3_read_n,
which causes the worry of an overflow. To prevent this, I added check that
just makes
Fix applied:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=f8571ce82292ed340ed6302635f9bd6dfbc1043a
Approach based on Rich Salz's suggestion. This seems to be the most pragmatic
way forward, although it does have the disadvantage that this will mask any
other future problems in the bn
I propose the following patch to deal with this ticket (for master, 1.0.2 and
1.0.1), i.e. disable XTS for the enc utility.
Any objections?
Matt
diff --git a/apps/enc.c b/apps/enc.c
index 928d16b..48f1f8b 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -339,6 +339,12 @@ bad:
goto end;
}
+ if
Hi Mike
I'm looking at this. I'll get back to you once I've reviewed.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Taking this ticket to investigate further.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
Fixed (with dkg's suggested wording change):
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2097a17c576f2395a10b05f14490688bc5f45a07
Matt
__
OpenSSL Project http://www.openssl.org
Applied to master. Thanks Mike!
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
Closing this ticket in favour of PR#3462.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
Taking this ticket.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
On 21/07/14 21:34, Billy Brumley wrote:
Bump. Three year anniversary! Where's my leather gift?!
At least libressl picked it up:
https://github.com/libressl-portable/openbsd/commit/530a3e9ab5b28202266d1a443d4f0da1d2452372
BBB
Your leather gift is here:
If you originally obtained your copy of OpenSSL in binary form (such as from
your OS vendor), then please get hold of the latest copy from them.
If you originally obtained your copy of OpenSSL in source form then you will
need to build a new version from the latest release on the OpenSSL website.
Many thanks for your report.
Fixed in this commit (and other similar commits for other branches):
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=f2be92b94dad3c6cbdf79d99a324804094cf1617
Matt
__
OpenSSL Project
Many thanks for your patch.
Applied here:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=750487899ad2b794078ed998b513a4a14f60f2cc
Matt
__
OpenSSL Project http://www.openssl.org
Someone already fixed this for 1.0.2 and 1.0.1, but for some reason it wasn't
fixed in master/1.0.0/0.9.8.
I've fixed this now. Thanks for the report.
Matt
__
OpenSSL Project
This is working as designed. From the man page:
EC_KEY_generate_key generates a new public and private key for the
supplied eckey object.
Matt
__
OpenSSL Project http://www.openssl.org
On 16/09/14 19:31, Dmitry Belyavsky wrote: Hello!
I've made a quick fix to solve this problem (attached). The main problem
with this fix is to move locally-defined engine constants to the level
of evp.h, so if you suggest a better solution, I am ready to implement it.
Thank you!
On Tue,
On Wed Sep 17 21:41:01 2014, beld...@gmail.com wrote:
Hello Matt,
the improved patch is attached. It uses the EVP_DigestSign* API
instead of
EVP_digest and does not modify any header files.
Thank you!
Hi Dmitry
There are still some significant problems with this patch as it is currently
Patch applied to master, 1.0.2, 1.0.1 and 1.0.0:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=e0fdea3e49e7454aa76bd5ecf3a3747641354c68
Many thanks for the contribution
Matt
__
OpenSSL Project
That link just asks me to log in?
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
We have no plans to change this.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
1 - 100 of 487 matches
Mail list logo