OpenSSL Crash as Shared Object

2010-10-22 Thread Jeffrey Walton
have not yet read the manual, including a couple of GTK modules. Jeffrey Walton Baltimore, MD, US [1] Switch to warn of global variables in a C++ shared object, http://gcc.gnu.org/bugzilla/show_bug.cgi?id=46097 [2] Global variable in static library - double free or corruption error, http

Re: OpenSSL Crash as Shared Object

2010-10-22 Thread Jeffrey Walton
Hi All, Forgot to mention. If you have so global data that is being cleaned up prematurely, see http://gcc.gnu.org/bugzilla/show_bug.cgi?id=46097#c17. One of the GCC folks made the recommendations. Jeff On Fri, Oct 22, 2010 at 2:21 AM, Jeffrey Walton noloa...@gmail.com wrote: Hi All, I

Re: OpenSSL Crash as Shared Object

2010-10-22 Thread Jeffrey Walton
On Fri, Oct 22, 2010 at 5:01 PM, Andy Polyakov ap...@openssl.org wrote: I helped Wei Dai wrestle with a similar problem for Crypto++. We wrote a couple audit tools, one of which is attached. I just completed an audit on my /usr/lib. The following OpenSSL modules crashed during a simple

Re: [openssl.org #2399] Request: Allow -no-xxx options in ./config for FIPS build

2010-12-17 Thread Jeffrey Walton
Hi Doctor, Thanks very much for a reply (I did not expect one for a suggestion). It should be possible to exclude algorithms from the FIPS capable version of OpenSSL, apart from the DES related algorithms. If not that's a bug that will be fixed. Please don't take this as a bug report. I was

Re: [openssl.org #2399] Request: Allow -no-xxx options in ./config for FIPS build

2010-12-17 Thread Jeffrey Walton
On Fri, Dec 17, 2010 at 7:31 AM, Stephen Henson via RT r...@openssl.org wrote: [noloa...@gmail.com - Fri Dec 17 11:56:52 2010]: When the OpenSSL source code is re-validated, please consider allow folks to remove the algorithms. There are a few reasons to allow the removal of unused

Re: [openssl.org #2401] PATCH: Spelling corrections in FAQ

2010-12-21 Thread Jeffrey Walton
On Mon, Dec 20, 2010 at 10:30 PM, Brad Hards br...@frogmouth.net wrote: On Monday, December 20, 2010 08:02:39 pm noloa...@gmail.com via RT wrote: -page of the openssl x509 command line tool for details. The old behaviour +page of the openssl x509 commandline tool for details. The old behaviour

Re: FIPS fingerprint in .data not .rodata

2012-02-22 Thread Jeffrey Walton
On Tue, Feb 21, 2012 at 3:51 PM, Andy Polyakov ap...@openssl.org wrote: Another option (but shoot it down if its bogus :-): I noticed that if I compile fipscanister.o without -fPIC, then the const variables do get placed in the (really readonly) .rodata section as desired. I thought maybe if

Re: Need input for Certificate generation

2012-11-20 Thread Jeffrey Walton
On Thu, Nov 15, 2012 at 6:03 AM, Pravesh Rai pravesh@gmail.com wrote: Hi, At one place, we are using following logic for generating self-signed certificate: #define SEED_SIZE 128 k = RAND_status(); while(k == 0) { // custom logic for getting random numbers from system variables ...

Re: Need input for Certificate generation

2012-11-20 Thread Jeffrey Walton
On Thu, Nov 15, 2012 at 10:41 AM, Jeffrey Walton noloa...@gmail.com wrote: On Thu, Nov 15, 2012 at 6:03 AM, Pravesh Rai pravesh@gmail.com wrote: CryptGenRandom(hCryptProv, SEED_SIZE, buf); // On Windows OS apr_generate_random_bytes(buf, SEED_SIZE); // On Linux OS Speaking of poor

Re: Need input for Certificate generation

2012-11-20 Thread Jeffrey Walton
On Fri, Nov 16, 2012 at 9:17 AM, Graham Leggett minf...@sharp.fm wrote: On 16 Nov 2012, at 4:36 AM, Jeffrey Walton noloa...@gmail.com wrote: On Thu, Nov 15, 2012 at 10:41 AM, Jeffrey Walton noloa...@gmail.com wrote: On Thu, Nov 15, 2012 at 6:03 AM, Pravesh Rai pravesh@gmail.com wrote

Re: Need input for Certificate generation

2012-11-20 Thread Jeffrey Walton
On Fri, Nov 16, 2012 at 12:57 PM, Jeffrey Walton noloa...@gmail.com wrote: On Fri, Nov 16, 2012 at 9:17 AM, Graham Leggett minf...@sharp.fm wrote: On 16 Nov 2012, at 4:36 AM, Jeffrey Walton noloa...@gmail.com wrote: On Thu, Nov 15, 2012 at 10:41 AM, Jeffrey Walton noloa...@gmail.com wrote

Re: Undefined reference to 'FIPS_text_start()'

2012-11-22 Thread Jeffrey Walton
On Tue, Nov 20, 2012 at 6:16 PM, Santhosh Kokala santhosh.kok...@riverbed.com wrote: Hi, I am trying to build an application with the FIPS Object module. I followed the build instructions mentioned in FIPS User Guide 2.0. FIPS Object Module: ./config Make make install Open SSL:

Re: Need help in loading private key for ECDSA

2012-12-19 Thread Jeffrey Walton
On Thu, Dec 13, 2012 at 12:34 AM, jeetendra gangele gangele...@gmail.com wrote: Hi i tried to load private key into 224 curve for ecdsa and I am getting below error. EC_KEY_check_key failed: error:100B1043:lib(16):func(177):reason(67). Bleow is my fun to load key. Can anybody guide me? $

Re: Help in loading EC_KEY

2012-12-19 Thread Jeffrey Walton
On Thu, Dec 13, 2012 at 4:04 AM, jeetendra gangele gangele...@gmail.com wrote: HI, I am trying to sign the data using EC-DSA algorithm. i have the private key to sign the data and I could load using EC_KEY_set_private_key. But when check the loaded key its failing with the error code below.

Re: Support for 448 bit hash value generation in opnessl.

2012-12-19 Thread Jeffrey Walton
On Mon, Dec 17, 2012 at 11:16 PM, jeetendra gangele gangele...@gmail.com wrote: Hi, Do we have support for 448 bit hash value generation in openssl.? I looked into the header file and I did not find functiobn related to that. Actually I need to compute shared key for ecdh and that should be

Re: [openssl.org #3080] Android NEON and CFLAGS options

2013-07-02 Thread Jeffrey Walton
On Sun, Jun 30, 2013 at 5:54 PM, Andy Polyakov via RT r...@openssl.org wrote: ... OpenSSL doesn't have any floating point, at least not on performance-critical paths, I believe the PRNG interface uses floating point operations (specifically, for the estimate of entropy). Jeff

Questions on SSL_OP_SAFARI_ECDHE_ECDSA_BUG

2013-12-09 Thread Jeffrey Walton
Reference: http://openssl.6102.n7.nabble.com/openssl-org-3068-PATCH-Safari-broken-ECDHE-ECDSA-workaround-td45432.html and http://openssl.6102.n7.nabble.com/Apple-are-apparently-dicks-td45512.html. BL ...and don't intend to fix their broken ECDSA support in Safari. Apple really needs to fix

Re: Questions on SSL_OP_SAFARI_ECDHE_ECDSA_BUG

2013-12-11 Thread Jeffrey Walton
On Tue, Dec 10, 2013 at 7:06 AM, Rob Stradling rob.stradl...@comodo.com wrote: On 09/12/13 23:34, Jeffrey Walton wrote: Reference: http://openssl.6102.n7.nabble.com/openssl-org-3068-PATCH-Safari-broken-ECDHE-ECDSA-workaround-td45432.html and http://openssl.6102.n7.nabble.com/Apple

Re: OpenSSL version 1.0.1f released

2014-01-07 Thread Jeffrey Walton
snip *) Integrate hostname, email address and IP address checking with certificate verification. New verify options supporting checking in opensl utility. [Steve Henson] *) Fixes and wildcard matching support to hostname and email checking functions. Add manual page.

Re: [openssl.org #3344] PATCH: don't crash or fail in ASN1_print from t_pkey.c

2014-05-29 Thread Jeffrey Walton
Matt - I have not forgot about this I can't find the machine I wrote the code on (my place probably looks a lot like your place - different computers and laptops with different OSes all over the place). Looking at the return values, I don't believe Test 3 should have failed. Also, add a

Re: [openssl.org #3416] PATCH: EVP_EncryptionInit and AES-NI note

2014-07-03 Thread Jeffrey Walton
Since this may in future cover much more than just AES-NI... Good observation Doctor, done. Attached is the updated text. diff --git a/doc/crypto/EVP_EncryptInit.pod b/doc/crypto/EVP_EncryptInit.pod index f6e4396..8d7636c 100644 --- a/doc/crypto/EVP_EncryptInit.pod +++

Re: [openssl.org #3424] Misaligned pointers for buffers cast to a size_t*

2014-07-07 Thread Jeffrey Walton
On Sun, Jul 6, 2014 at 6:06 PM, David Jacobson dmjacob...@sbcglobal.net wrote: On 7/6/14 1:44 PM, Andy Polyakov via RT wrote: ... As for warning. I personally would argue that we are looking at platform-specific i.e. implementation-defined behaviour, not undefined. Once again, this applies

Re: [openssl.org #3424] Misaligned pointers for buffers cast to a size_t*

2014-07-08 Thread Jeffrey Walton
On Tue, Jul 8, 2014 at 4:33 PM, Andy Polyakov via RT r...@openssl.org wrote: As for warning. I personally would argue that we are looking at platform-specific i.e. implementation-defined behaviour, not undefined. Once again, this applies to all three tickets. One is effectively identical to

Re: Platform query

2014-08-21 Thread Jeffrey Walton
On Wed, Aug 20, 2014 at 10:12 AM, Salz, Rich rs...@akamai.com wrote: Minor clarification is appropriate. MSDOS is supported in single stance, namely DJGPP, which is 32-bit environment. Good point. So the idea is that MSDOS gets turned into DJGPP. BEOS and OS/2 are removed in HEAD (i.e.,

Re: [openssl.org #3504] PATCH: documentation update for dgst command

2014-08-27 Thread Jeffrey Walton
Oops, thanks Rich. On Tue, Aug 26, 2014 at 10:06 AM, Rich Salz via RT r...@openssl.org wrote: The key is not optional with the -hmac option. This is fixed in the rsalz-monolith branch of akamai/openssl on github, to be rpart of release after 1.0.2 thanks. -- Rich Salz, OpenSSL dev team;

Re: Patch to mitigate CVE-2014-3566 (POODLE)

2014-10-18 Thread Jeffrey Walton
Thanks for the patch. Is there a way to compile without the patch? I think I would rather 'config no=ssl3' and omit the additional complexity. Its additional protocol complexity and heartbleed is still fresh in my mind. Also, are there any test cases that accompany the patch? I'm trying to

Re: [openssl-dev] [openssl.org #3894] AutoReply: PATCH: EVP_PKEY_get_type (new function)

2015-06-04 Thread Jeffrey Walton
Thanks Kurt. I think I'll need to think about this some more because I don't recall EVP_PKEY_id. I think I never considered it because I could not find it when searching for something to return the inner type ('id' does not make a lot of sense to me, even now). Maybe I should back up a bit. What

Re: [openssl-dev] [openssl.org #3887] PATCH: rsautl and intelligent retry for Public Key parse after Traditional/Subject Public Key Info parse fails

2015-05-31 Thread Jeffrey Walton
On Sun, May 31, 2015 at 12:27 PM, Richard Levitte via RT r...@openssl.org wrote: Nice idea, I'm however thinking that much of the trying different formats could be moved to load_key / load_pubkey, all that would be needed is a keyformat denoting try anything. -1, perhaps? I like the idea,

Re: [openssl-dev] F5 termination of TCP connection

2015-06-01 Thread Jeffrey Walton
On Mon, Jun 1, 2015 at 12:56 PM, Daniel Kahn Gillmor d...@fifthhorseman.net wrote: On Mon 2015-06-01 07:36:01 -0400, Krzysztof Kwiatkowski wrote: Yes, that's exactly what we do in our configuration. We have 24 servers with rather high workload. SSL is offloaded on F5 load balancer and servers

Re: [openssl-dev] [openssl-users] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback

2015-11-13 Thread Jeffrey Walton
> ALL BINARY ELLIPTIC CURVES This one may be premature. I understand the TLS WG is moving against it. However, I am aware of implementations of Shoup's ECIES, and they, in turn, depend on OpenSSL. I don't know if the ECIES implementations rely solely on prime fields or not, however. > BLOWFISH

Re: [openssl-dev] [openssl-users] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback

2015-11-17 Thread Jeffrey Walton
On Tue, Nov 17, 2015 at 7:21 AM, Emilia Käsper <emi...@openssl.org> wrote: > > > On Tue, Nov 17, 2015 at 11:12 AM, Jeffrey Walton <noloa...@gmail.com> wrote: >> >> > MD2 - (The argument that someone somewhere may want to keep verifying >> > old >>

Re: [openssl-dev] [openssl.org #4142] Fail to detect Xcode 7 for Intel AVX code

2015-11-17 Thread Jeffrey Walton
On Tue, Nov 17, 2015 at 12:43 PM, Jun Sun via RT wrote: > Hi, > > I just found the perl script for x86_64 assembly failed to detect Xcode 7 > environment (Apple LLVM 7.x), and skipped generating AVX code for MAC OS > ($avx variable is always false). The reason is Apple since

Re: [openssl-dev] [openssl-users] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback

2015-11-17 Thread Jeffrey Walton
> MD2 - (The argument that someone somewhere may want to keep verifying old > MD2 signatures on self-signed certs doesn't seem like a compelling enough > reason to me. It's been disabled by default since OpenSSL 1.0.0.) > ... Apple still provides two Verisign certificates using

Re: [openssl-dev] Fwd: Re: [openssl-users] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback

2015-11-17 Thread Jeffrey Walton
On Mon, Nov 16, 2015 at 9:06 PM, Peter Waltenberg wrote: > Why not offer another set of get_XYZ_byname() which resticts the caller to > socially acceptable algorithms. Or allows the opposite, it really doesn't > matter but restricted being the newer API breaks less code by

Re: [openssl-dev] [openssl.org #4237] Failed self-tests on AARCH64 (ARM64)

2016-02-11 Thread Jeffrey Walton
On Thu, Feb 11, 2016 at 3:46 PM, Andy Polyakov via RT wrote: > Hi, > >> $ uname -a >> Linux hikey 3.18.0-linaro-hikey #1 SMP PREEMPT Mon Nov 30 00:11:03 UTC >> 2015 aarch64 GNU/Linux >> >> $ make test >> ... >> ../test/recipes/80-test_dane.t ok >>

Re: [openssl-dev] MSVC 2015 internal compiler error

2016-02-23 Thread Jeffrey Walton
> ... > F:\MingW32\src\inet\Crypto\OpenSSL\ssl\s3_lib.c : > fatal error C1001: An internal error has occurred in the compiler. > (compiler file 'f:\dd\vctools\compiler\utc\src\p2\main.c', line 246) >To work around this problem, try simplifying or changing the program near > the locations

Re: [openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity

2016-02-27 Thread Jeffrey Walton
>> Correct me if I am wrong... API's that start with capitol letters are >> public. Private interfaces use lowercase letters. >> Documented/undocumented does not really factor things. > > You're wrong. Once OpenSSL's past sins are remediated, public > interfaces are precisely those that are

Re: [openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity

2016-02-28 Thread Jeffrey Walton
On Sun, Feb 28, 2016 at 12:18 AM, Viktor Dukhovni <openssl-us...@dukhovni.org> wrote: > >> On Feb 27, 2016, at 7:42 PM, Jeffrey Walton <noloa...@gmail.com> wrote: >> >> Please ensure this is documented somewhere. I'm having trouble finding >> information o

Re: [openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity

2016-02-26 Thread Jeffrey Walton
On Fri, Feb 26, 2016 at 12:42 PM, Viktor Dukhovni <openssl-us...@dukhovni.org> wrote: > On Fri, Feb 26, 2016 at 12:37:22PM -0500, Jeffrey Walton wrote: > >> It seems like (to me) the the most direct way to mark a function as >> private is to add a comment in

Re: [openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity

2016-02-26 Thread Jeffrey Walton
On Fri, Feb 26, 2016 at 12:29 PM, Salz, Rich wrote: > As just about the only team member who trolls through RT and closes things > with any quantity, I am not sure that I agree that fixing a bug requires > documentation if the API isn't already documented. +1. Concepts seem

Re: [openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity

2016-02-26 Thread Jeffrey Walton
>> > I have PR https://github.com/openssl/openssl/pull/739 with the below >> > changes, please have a look. >> > >> > - In EC_KEY_priv2buf(), check for pbuf sanity. >> > - If invoked with NULL, gracefully returns the key length. > ... > I'd like to propose a policy of no bug fixes to undocumented

Re: [openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity

2016-02-26 Thread Jeffrey Walton
>> > I'd like to propose a policy of no bug fixes to undocumented public >> > interfaces. If the interface is useful enough to fix, it has to be >> > documented. Anyone care to produce manpages for EC_KEY_priv2buf or >> > EC_KEY_priv2oct? >> > >> Correct me if I am wrong... API's that start with

Re: [openssl-dev] [openssl.org #4326] Failed to configure for Cygwin-x64

2016-02-20 Thread Jeffrey Walton
> I believe that the auto-detecting script, ./config, is lacking detection of > architecture for Cygwin. Does one preferably recognise a x86_64 Cygwin from > `uname -m` or is there something in `uname -s` that should be used as an > indicator? Yes, that seems to be the issue at hand for OpenSSL

Re: [openssl-dev] [openssl.org #4326] Failed to configure for Cygwin-x64

2016-02-21 Thread Jeffrey Walton
On Sun, Feb 21, 2016 at 2:50 AM, Richard Levitte via RT wrote: > Would you try the attached patch, please? > Looks good for both 1.0.2 and Master. Its also nice to see CHACHA_ENC and POLY1305_OBJ in the list below. = openssl-git $ ./config Operating system:

Re: [openssl-dev] [openssl.org #4406] Linaro and ARM/64/AARCH64: fatal error: arm_arch.h: No such file or directory

2016-03-10 Thread Jeffrey Walton
On Thu, Mar 10, 2016 at 4:05 AM, Richard Levitte via RT wrote: > Sometimes, things happen fast. > > The diff I posted got into master just moments ago, commit > d46057277f3b805e5f198e31fc81a892bf5c9141 > > Still, please try it and report back so I can (hopefully) close this

[openssl-dev] Please consider delaying the Beta-1 freeze for a week or two

2016-03-10 Thread Jeffrey Walton
Hi Everyone, Testing master on real hardware is showing some minor issues on a few platforms, including ARM32, ARM64, PowerPC and i686. In addition, there seems to be one-off issues on other combinations, like VIA's C7 processor on Linux. In addition to the base issues, there are other minor

Re: [openssl-dev] [openssl.org #4414] NetBSD 7.0: make test fails with "don't know how to make usr/include/stddef.h"

2016-03-11 Thread Jeffrey Walton
Close it; it was cleared around bb26842d1c8f99c1267b45361a2fc76822c0f913. On Fri, Mar 11, 2016 at 5:11 AM, noloa...@gmail.com via RT wrote: > Working from Master. > > $ make test > make: don't know how to make usr/include/stddef.h. Stop > > make: stopped in /root/openssl --

Re: [openssl-dev] Please consider delaying the Beta-1 freeze for a week or two

2016-03-11 Thread Jeffrey Walton
> noloader> Testing master on real hardware is showing some minor issues on a > few > noloader> platforms, including ARM32, ARM64, PowerPC and i686. In addition, > noloader> there seems to be one-off issues on other combinations, like VIA's > C7 > noloader> processor on Linux. > noloader> >

Re: [openssl-dev] [openssl.org #4414] NetBSD 7.0: make test fails with "don't know how to make usr/include/stddef.h"

2016-03-11 Thread Jeffrey Walton
On Fri, Mar 11, 2016 at 5:14 AM, Richard Levitte via RT wrote: > In message on Fri, 11 > Mar 2016 10:11:43 +, "noloa...@gmail.com via RT" said: > > rt> Working from Master. > rt> > rt> $ make test >

Re: [openssl-dev] [openssl.org #4411] VIA C7-D processor: Hang in 30-test_afalg.t

2016-03-11 Thread Jeffrey Walton
>> What is actually running? How can I get it under a debugger? > > > $ ./config -d > $ make > $ make test/afalgtest > $ cd test > $ OPENSSL_ENGINES=../engines/afalg gdb ./afalgtest > Ooh, -d looks like a new option. Would that be for Debug builds? Jeff -- openssl-dev mailing list To

Re: [openssl-dev] [openssl.org #4411] VIA C7-D processor: Hang in 30-test_afalg.t

2016-03-11 Thread Jeffrey Walton
On Fri, Mar 11, 2016 at 7:26 PM, Richard Levitte via RT <r...@openssl.org> wrote: > In message > <cah8yc8mkx7t7szp-09dmetqaczzvqw2xdsuoyy--a+qo7ky...@mail.gmail.com> on Fri, > 11 Mar 2016 19:12:27 -0500, Jeffrey Walton <noloa...@gmail.com> said: > > noloader&

Re: [openssl-dev] [openssl.org #4366] OS X 10.5, 64-bit PPC, no-asm, and "Failed test 'running asynctest'"

2016-03-13 Thread Jeffrey Walton
Bump... The issue is still present as of b36a2ef for OS X 10.6 64-bit. 32-bit tests OK. The relevant snippets are: $ make test ... ../test/recipes/90-test_async.t ... 1/1 # Failed test 'running asynctest' # at ../test/testlib/OpenSSL/Test/Simple.pm line 70. # Looks like you failed 1

Re: [openssl-dev] [openssl.org #4425] CentOS 5: mkdir /include: Permission denied at ./Configure line 1248

2016-03-13 Thread Jeffrey Walton
On Sun, Mar 13, 2016 at 7:56 PM, Richard Levitte via RT wrote: > Vid Sun, 13 Mar 2016 kl. 23.16.45, skrev noloa...@gmail.com: >> On Sun, Mar 13, 2016 at 7:09 PM, Richard Levitte via RT >> wrote: >> > Vid Sun, 13 Mar 2016 kl. 22.05.21, skrev

Re: [openssl-dev] [openssl.org #4398] BUG / 1.0.2g breaks CURL extension

2016-03-09 Thread Jeffrey Walton
On Tue, Mar 8, 2016 at 8:43 AM, Thomas Brunnthaler via RT wrote: > CURL not working since upgrade to 1.0.2g on windows. I use PHP 5.2.17 VC6 > x86 TS. Error Message: OS cannot load %1 or so. > Is it possible to release an out-of-band update for this fix? Many folks are

Re: [openssl-dev] [openssl.org #4419] OS X, 32-bit PowerPC: Makefile:4398: *** unterminated variable reference. Stop.

2016-03-12 Thread Jeffrey Walton
The issue is present under 64-bit OS X PowerPC builds, also. On Sat, Mar 12, 2016 at 11:33 PM, noloa...@gmail.com via RT wrote: > Working from Master at 4c1cf7e. > > $ KERNEL_BITS=32 ./config > ... > $ make depend && make clean && make > ... > > cc -DDSO_DLFCN -DHAVE_DLFCN_H

Re: [openssl-dev] [openssl.org #4411] VIA C7-D processor: Hang in 30-test_afalg.t

2016-03-12 Thread Jeffrey Walton
>> It looks like the hang is still present as of 603358d. >> >> When the following runs: >> >> ../test/recipes/30-test_afalg.t >> >> What is actually running? How can I get it under a debugger? > > > $ ./config -d > $ make > $ make test/afalgtest > $ cd test > $

Re: [openssl-dev] [openssl.org #4379] "arch/async_posix.h:67:24: error: ucontext.h: No such file or directory" under OpenBSD 5.7/64-bit

2016-03-12 Thread Jeffrey Walton
Bump... Still present in Master at 4c1cf7e. On Fri, Mar 4, 2016 at 9:22 PM, noloa...@gmail.com via RT wrote: > cc -I.. -I../.. -I../modes -I../include -I../../include -DDSO_DLFCN > -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE > -DOPENSSL_PIC -DOPENSSL_IA32_SSE2

Re: [openssl-dev] [openssl.org #4412] Debian and ARM32 (armv7l): fatal error: arm_arch.h: No such file or directory

2016-03-12 Thread Jeffrey Walton
I think this was closed earlier... retesting at 4c1cf7e confirmed the issue was cleared. On Thu, Mar 10, 2016 at 3:41 PM, noloa...@gmail.com via RT wrote: > Working from Master on a BeagleBone Black... > > $ git reset --hard HEAD && git pull > HEAD is now at 0d4d5ab check

Re: [openssl-dev] [openssl.org #4411] VIA C7-D processor: Hang in 30-test_afalg.t

2016-03-12 Thread Jeffrey Walton
>> It looks like the hang is still present as of 603358d. >> >> When the following runs: >> >> ../test/recipes/30-test_afalg.t >> >> What is actually running? How can I get it under a debugger? > > > $ ./config -d > $ make > $ make test/afalgtest > $ cd test > $

Re: [openssl-dev] [openssl.org #4443] Re: VIA C7-D processor: Hang in 30-test_afalg.t

2016-03-19 Thread Jeffrey Walton
>> Yeah, this looks fishy... According to the libc manual, 13.10 Perform >> I/O Operations in Parallel >> (https://www.gnu.org/software/libc/manual/html_node/Asynchronous-I_002fO.html): >> >>volatile void *aio_buf >> >>This is a pointer to the buffer with the data to >>be

Re: [openssl-dev] [openssl.org #4428] Gentoo 12.1, x86_64: crypto/aes/aes_cfb.c:1:0: error: CPU you selected does not support x86-64 instruction set

2016-03-15 Thread Jeffrey Walton
On Mon, Mar 14, 2016 at 10:52 AM, Andy Polyakov via RT wrote: > On 03/14/16 03:58, noloa...@gmail.com via RT wrote: >> Working from Master... >> >> gentoo@Gentoo-2012 ~/openssl $ ./config >> Operating system: x86_64-whatever-linux2 >> ... > > Can you confirm that it's not a

Re: [openssl-dev] [openssl.org #4451] OS X 10.8, x86_64: 01-test_abort.t... sh: line 1: 71522 Abort trap: 6

2016-03-18 Thread Jeffrey Walton
On Fri, Mar 18, 2016 at 8:56 PM, Richard Levitte via RT wrote: > This is a non issue, the test comes through ok as expected. The printout is a > bit ugly, sure, but... > > And I'd love if someone could figure out a good way not to have that output. > My > attempts failed

[openssl-dev] AF_ALG engine support and kernel versions

2016-03-18 Thread Jeffrey Walton
Hi Everyone, Looking at the code in engines/afalg/e_afalg.c, there is the following: ... #define K_MAJ 4 #define K_MIN1 1 #define K_MIN2 0 #if LINUX_VERSION_CODE <= KERNEL_VERSION(K_MAJ, K_MIN1, K_MIN2) # warning "AFALG ENGINE requires Kernel Headers >= 4.1.0" # warning

Re: [openssl-dev] [openssl.org #4451] OS X 10.8, x86_64: 01-test_abort.t... sh: line 1: 71522 Abort trap: 6

2016-03-18 Thread Jeffrey Walton
On Fri, Mar 18, 2016 at 9:46 PM, Richard Levitte via RT wrote: > In this case, though, it's an application that explicitely calls an > aborting function. No subterfuge at all there, so if you wanted to > complain, this is a particularly bad example. > > We do use

Re: [openssl-dev] [openssl.org #4451] OS X 10.8, x86_64: 01-test_abort.t... sh: line 1: 71522 Abort trap: 6

2016-03-18 Thread Jeffrey Walton
This might be a philosophical difference, but: $ test/aborttest test/aborttest.c:15: OpenSSL internal error: Voluntary abort Abort trap I don't believe its the library's place to shutdown an application. Libraries don't make policy decisions for applications. I think in this case, the

Re: [openssl-dev] [openssl.org #4411] VIA C7-D processor: Hang in 30-test_afalg.t

2016-03-11 Thread Jeffrey Walton
On Thu, Mar 10, 2016 at 2:29 PM, noloa...@gmail.com via RT wrote: > Working from Master: > It looks like the hang is still present as of 603358d. When the following runs: ../test/recipes/30-test_afalg.t What is actually running? How can I get it under a debugger? Jeff

Re: [openssl-dev] [openssl.org #4425] CentOS 5: mkdir /include: Permission denied at ./Configure line 1248

2016-03-13 Thread Jeffrey Walton
On Sun, Mar 13, 2016 at 7:09 PM, Richard Levitte via RT wrote: > Vid Sun, 13 Mar 2016 kl. 22.05.21, skrev noloa...@gmail.com: >> $ perl --version >> This is perl, v5.8.8 built for x86_64-linux-thread-multi > > This is a problem. We don't really support perl older than 5.10, so

Re: [openssl-dev] [openssl.org #4419] OS X, 32-bit PowerPC: Makefile:4398: *** unterminated variable reference. Stop.

2016-03-13 Thread Jeffrey Walton
On Sun, Mar 13, 2016 at 6:14 AM, Richard Levitte via RT wrote: > Identified and corrected, waiting to pass internal review. I've attached the > fix for your viewing and application before it lands in master. > It looks like the change was pushed with 6d505f2. It tested OK

Re: [openssl-dev] [openssl.org #4422] OS X 32-bit PowerPC: blake2b.c:27: warning: integer constant is too large for 'unsigned long' type

2016-03-13 Thread Jeffrey Walton
On Sun, Mar 13, 2016 at 6:57 AM, Kurt Roeckx via RT wrote: > On Sun, Mar 13, 2016 at 10:30:54AM +, noloa...@gmail.com via RT wrote: >> crypto/blake2/blake2b.c:27: warning: integer constant is too large for >> 'unsigned long' type > > That's a uint64_t. Why do you have an

Re: [openssl-dev] [openssl.org #4415] test/certs/mkcert.sh uses "#! /binbash"

2016-03-13 Thread Jeffrey Walton
> ... > Another potential pain point is PERL: > > grep -iIR perl * | grep '#' | grep -v 'env' | wc -l > 232 > > It looks like most uses of PERL are expected to be at > /usr/local/bin/perl. 160 of them use /usr/bin/env, but 230 or so use > the potentially incorrect path. This is testing OK

Re: [openssl-dev] [openssl.org #4421] Make clean leaving tmp.bak artifacts

2016-03-13 Thread Jeffrey Walton
On Sun, Mar 13, 2016 at 6:48 AM, Richard Levitte via RT wrote: > Could you check again? I believe it should have been fixed when I did away > with > `sed` for dependency post-processing. > Yes, you're right. My bad. Close it. -- openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] [openssl.org #4422] OS X 32-bit PowerPC: blake2b.c:27: warning: integer constant is too large for 'unsigned long' type

2016-03-13 Thread Jeffrey Walton
> static const uint64_t blake2b_IV[8] = > { > 0x6a09e667f3bcc908U, 0xbb67ae8584caa73bU, > 0x3c6ef372fe94f82bU, 0xa54ff53a5f1d36f1U, > 0x510e527fade682d1U, 0x9b05688c2b3e6c1fU, > 0x1f83d9abfb41bd6bU, 0x5be0cd19137e2179U > }; > > I've run into this before, but in C++. I think you

Re: [openssl-dev] [openssl.org #4422] OS X 32-bit PowerPC: blake2b.c:27: warning: integer constant is too large for 'unsigned long' type

2016-03-13 Thread Jeffrey Walton
>> static const uint64_t blake2b_IV[8] = >> { >> 0x6a09e667f3bcc908U, 0xbb67ae8584caa73bU, >> 0x3c6ef372fe94f82bU, 0xa54ff53a5f1d36f1U, >> 0x510e527fade682d1U, 0x9b05688c2b3e6c1fU, >> 0x1f83d9abfb41bd6bU, 0x5be0cd19137e2179U >> }; >> >> I've run into this before, but in C++. I

Re: [openssl-dev] [openssl.org #4411] VIA C7-D processor: Hang in 30-test_afalg.t

2016-03-12 Thread Jeffrey Walton
> OK, I've got two hung processes from two attempts to debug this: > > $ ps -A | grep afalgtest > 1030 pts/000:00:00 afalgtest > 1196 pts/000:00:00 afalgtest > > Both appear to be hanging in syscall 248: > > via:test$ sudo cat /proc/1030/syscall > 248 0xb7fd6000 0x1

Re: [openssl-dev] [openssl.org #4411] VIA C7-D processor: Hang in 30-test_afalg.t

2016-03-12 Thread Jeffrey Walton
On Thu, Mar 10, 2016 at 2:29 PM, noloa...@gmail.com via RT wrote: > Working from Master: > > $ git reset --hard HEAD && git pull > HEAD is now at fb04434 In the recipe using "makedepend", make sure the > object file extension is there > Already up-to-date. > > $ ./config > ... >

Re: [openssl-dev] [openssl.org #4429] Cannot decrypt RC4-encrypted CMS object

2016-03-14 Thread Jeffrey Walton
On Mon, Mar 14, 2016 at 3:24 PM, Blumenthal, Uri - 0553 - MITLL wrote: > In that bug description I see a reference to code in “enc.c” that aborts > if the cipher is AEAD or XTS (and an offer to submit PR that hasn’t > materialized so far). > > Would you be able to elaborate why

Re: [openssl-dev] [openssl.org #4451] OS X 10.8, x86_64: 01-test_abort.t... sh: line 1: 71522 Abort trap: 6

2016-03-19 Thread Jeffrey Walton
On Sat, Mar 19, 2016 at 6:44 AM, Richard Levitte via RT wrote: > I think that's a discussion that deserves its own new thread on openssl-dev. > > A RT ticket is *not* the right place for a philosophical discussion. Closing > this. Please don't respond on this message, create a

Re: [openssl-dev] [openssl.org #4443] Re: VIA C7-D processor: Hang in 30-test_afalg.t

2016-03-19 Thread Jeffrey Walton
>> This is bad news... A 32-bit pointer's sign extension is >> implementation defined, which means it may as well be undefined >> behavior... >> >> GCC sign extends. I think you can get around it with an intermediate >> cast to uintptr_t: >> >>cb->aio_buf = (uint64_t)(uintptr_t)buf; > > The

Re: [openssl-dev] OS X 10.8, x86_64: 01-test_abort.t... sh: line 1: 71522 Abort trap: 6

2016-03-19 Thread Jeffrey Walton
> Point is, if any of the the assertions are triggered into faulting, > there's a but in the library and it shouldn't get released. That's > the whole point. The tests are supposed to catch those and basically > raise a big red flag. > > Are you telling me that according to Apple's App Store

Re: [openssl-dev] Is a "no next protocol negotiation" (no-npn) a supported option?

2016-03-21 Thread Jeffrey Walton
On Mon, Mar 21, 2016 at 4:02 AM, Richard Levitte wrote: > Yes, there is such a configuration option: no-nextprotoneg > Thank you very much. That leads to: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2

[openssl-dev] Is a "no next protocol negotiation" (no-npn) a supported option?

2016-03-20 Thread Jeffrey Walton
Is no-npn a supported configuration option for 1.1.0? Its causing a test script to fail: Testing no next protocol negotiation Operating system: x86_64-whatever-linux2 Configuring for linux-x86_64 Configuring OpenSSL version 1.1.0-pre5-dev (0x0x1015L) * Unsupported options: no-npn

Re: [openssl-dev] [openssl.org #4473] Compile errors when compiling with C++ compiler

2016-03-23 Thread Jeffrey Walton
On Wed, Mar 23, 2016 at 8:32 PM, Rich Salz via RT wrote: > You can link C++ against openssl API because of the extern C wrapper we use. That's what I was on my way to testing. > You cannot compile openssl with a C++ compiler. Closing ticket. (The days of > "C++ is a better C"

Re: [openssl-dev] [openssl.org #4476] PATCH: fix cast-alignment of "struct lhash_st *"

2016-03-25 Thread Jeffrey Walton
>> > $ git diff include/openssl/lhash.h >> > diff --git a/include/openssl/lhash.h b/include/openssl/lhash.h index >> > 2edd738..5da5054 100644 >> > --- a/include/openssl/lhash.h >> > +++ b/include/openssl/lhash.h >> > @@ -180,7 +180,7 @@ void lh_node_usage_stats_bio(const _LHASH *lh, BIO >> >

Re: [openssl-dev] AF_ALG engine support and kernel versions

2016-03-25 Thread Jeffrey Walton
> Looking at the code in engines/afalg/e_afalg.c, there is the following: > > ... > #define K_MAJ 4 > #define K_MIN1 1 > #define K_MIN2 0 > #if LINUX_VERSION_CODE <= KERNEL_VERSION(K_MAJ, K_MIN1, K_MIN2) > # warning "AFALG ENGINE requires Kernel Headers >= 4.1.0" > # warning

Re: [openssl-dev] [openssl.org #4476] PATCH: fix cast-alignment of "struct lhash_st *"

2016-03-24 Thread Jeffrey Walton
>> > $ git diff include/openssl/lhash.h >> > diff --git a/include/openssl/lhash.h b/include/openssl/lhash.h index >> > 2edd738..5da5054 100644 >> > --- a/include/openssl/lhash.h >> > +++ b/include/openssl/lhash.h >> > @@ -180,7 +180,7 @@ void lh_node_usage_stats_bio(const _LHASH *lh, BIO >> >

Re: [openssl-dev] [openssl.org #4480] ROLLUP PATCH: Ubuntu 14 (x86_64): Compile errors and warnings when using "no-asm -ansi"

2016-03-25 Thread Jeffrey Walton
Here's the rollup patch that makes -ansi work. Most of it was "inline" -> "ossl_inline". Some hoops were jumped through to get SSIZE_MAX defined correctly. To configure: ./config shared no-asm -ansi -D_DEFAULT_SOURCE=__STRICT_ANSI__ I'm not sure if Configure should set

Re: [openssl-dev] [openssl.org #4479] ROLLUP PATCH: OS X 10.8 (x86_64): Compile errors when using "no-asm -ansi"

2016-03-25 Thread Jeffrey Walton
Here's the rollup patch that makes -ansi work. Most of it was "inline" -> "ossl_inline". Some hoops were jumped through to get SSIZE_MAX defined correctly. Drepper signed-off on roughly the same fix about 15 years ago for glibc; see http://sourceware.org/ml/libc-hacker/2002-08/msg00031.html. To

Re: [openssl-dev] [openssl.org #4480] Ubuntu 14 (x86_64): Compile errors and warnings when using "no-asm -ansi"

2016-03-25 Thread Jeffrey Walton
On Fri, Mar 25, 2016 at 1:00 PM, Richard Levitte via RT wrote: > Vid Fre, 25 Mar 2016 kl. 10.29.39, skrev noloa...@gmail.com: >> gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS >> -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC >> -DOPENSSLDIR="\"/usr/local/ssl\"" >>

Re: [openssl-dev] [openssl.org #4479] ROLLUP PATCH: OS X 10.8 (x86_64): Compile errors when using "no-asm -ansi"

2016-03-25 Thread Jeffrey Walton
> Just out of interest, what requirement is there to be able to build with > compilers which support only a 27 year old version of C which was superseded > 17 years ago? I can't imagine much need to build now with compilers which > don't support at least the most popular features of C99 like

Re: [openssl-dev] [openssl.org #4479] OS X 10.8 (x86_64): Compile errors when using "no-asm -ansi"

2016-03-25 Thread Jeffrey Walton
> It's the fact of its being defined which indicates features - it's tested in > the GNU headers to decide what functionality to make visible. The norm is > just to define it, or to define it to 1; setting it to __STRICT_ANSI__ would > be a very confusing thing to do since the whole point of

Re: [openssl-dev] OS X 10.8, x86_64: 01-test_abort.t... sh: line 1: 71522 Abort trap: 6

2016-03-19 Thread Jeffrey Walton
On Sat, Mar 19, 2016 at 7:31 PM, Richard Levitte wrote: > In message on Sat, 19 > Mar 2016 23:08:17 +, "noloa...@gmail.com via RT" said: > > rt> On Sat, Mar 19, 2016 at 6:44 AM, Richard Levitte via

Re: [openssl-dev] OS X 10.8, x86_64: 01-test_abort.t... sh: line 1: 71522 Abort trap: 6

2016-03-19 Thread Jeffrey Walton
> noloader> Allowing a library to make policy decisions for the application is a > noloader> philosophical debate. > > The few places we're using something that drastic is when the internal > structures can only be seen as corrupt by our own fault. That's a > point where you can expect things to

Re: [openssl-dev] [openssl.org #4460] [PATCH] BIO_METHODs should be const

2016-03-20 Thread Jeffrey Walton
On Sun, Mar 20, 2016 at 6:20 PM, David Benjamin via RT wrote: > Patch attached. This is a mechanical change. BIO_new takes a non-const > BIO_METHOD and the various BIO_METHODs defined in the library are also > non-const, so they don't get placed in .rodata. > > The change to

Re: [openssl-dev] [openssl.org #4461] No rule to make target 'crypto/include/internal/blake2_locl.h'

2016-03-20 Thread Jeffrey Walton
On Sun, Mar 20, 2016 at 9:29 PM, Salz, Rich via RT wrote: > >> $ make depend && make clean && make >> ... >> >> No rule to make target 'crypto/include/internal/blake2_locl.h' > > Shouldn't that be clean ; make depend? > > At any rate, yes, some header files moved around. Old

[openssl-dev] Changing/deleted ordinals for exported function in the Windows DLLs

2016-03-27 Thread Jeffrey Walton
It looks like ordinals are changing and/or being removed for functions exported by the Windows DLL. Its causing pain points for users in the field, and it appears to be trending. Confer: * WAMP OpenSSL ordinal 372 error, http://stackoverflow.com/q/36238887 * The Ordinal 112 could not be located

Re: [openssl-dev] [openssl.org #4485] big number tests and Math::BigInt changes

2016-03-27 Thread Jeffrey Walton
On Fri, Mar 25, 2016 at 7:05 PM, Richard Levitte via RT wrote: > I've attached a tentative patch for test/recipes/bc.pl. Would you be willing > to > try it out? OpenSSL master (c828cd7) experienced what appeared to be the same issue under Windows 7 Pro x64 with Strawberry

Re: [openssl-dev] [openssl.org #4482] Wrong results with Poly1305 functions

2016-03-27 Thread Jeffrey Walton
On Fri, Mar 25, 2016 at 8:10 AM, Hanno Boeck via RT wrote: > Attached is a sample code that will test various inputs for the > Poly1305 functions of openssl... I'm seeing compiler conversion warnings about size_t to int truncation. Do you have any vectors that cross the 2GB

Re: [openssl-dev] [openssl.org #4443] Re: VIA C7-D processor: Hang in 30-test_afalg.t

2016-03-19 Thread Jeffrey Walton
On Thu, Mar 17, 2016 at 8:43 PM, Viktor Dukhovni wrote: > >> On Mar 17, 2016, at 8:25 PM, noloa...@gmail.com via RT >> wrote: >> >> Yeah, this looks fishy... According to the libc manual, 13.10 Perform >> I/O Operations in Parallel >>

Re: [openssl-dev] [openssl.org #4445] Configure does not honor enable-afalgeng

2016-03-19 Thread Jeffrey Walton
On Fri, Mar 18, 2016 at 9:18 AM, Matt Caswell via RT wrote: > > > On 18/03/16 12:52, noloa...@gmail.com via RT wrote: >> I've configured with: >> >> ./config enable-afalgeng >> >> When I run the self tests, I see: >> >> ../test/recipes/30-test_afalg.t ... skipped:

Re: [openssl-dev] [openssl.org #4456] Fedora 1, i386: error: field `next_timeout` has incomplete type

2016-03-20 Thread Jeffrey Walton
On Sun, Mar 20, 2016 at 2:45 PM, Richard Levitte via RT wrote: > '#include ' should be added in e_os.h rather than ssl/ssl_locl.h > Thanks. Would it be possible to add , , and ? Then all these tickets can be closed. It should also allow moving onto Android testing. Android,

  1   2   >