Peter Chernyshev via RT | 27 May 20:34 2016
Picon

Re: [openssl.org #4501] bug in BN_mod_word

Hi Matt!
in connected file test.

Peter Chernyshev/

2016-05-26 2:50 GMT+04:00, Matt Caswell via RT <rt <at> openssl.org>:
> On Thu Apr 07 11:44:09 2016, peter.chernyshev <at> gmail.com wrote:
>> Добрый день!
>> программа библиотеки BN_mod_word
>> BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
>>
>> работает неверно на 64 бит машине при некоторых w>2^32,
хотя объявлена
>> как
>> BN_ULONG (64 бита).
>>
>> Петр
>>
>> Hello!
>> BN part program
>>
>> BN_ULONG BN_mod_word (const BIGNUM * a, BN_ULONG w);
>>
>> does not work properly on 64-bit machine with some w> 2 ^ 32, although
>> declared as BN_ULONG (64 bits).
>
> Hello
>
> Do you have a test case for this that demonstrates this problem?
>
(Continue reading)

Richard Levitte via RT | 27 May 17:43 2016
Picon

[openssl.org #4486] PATCH: fix NMAKE fatal error U1073: "don't know how to make 'LNAME\openssl\Configurations\windows-makefile.tmpl'"

The fix just got merged into master. Having heard nothing else, I'm closing
this ticket.

Cheers,
Richard

On Wed May 25 11:39:11 2016, levitte wrote:
> Now that 4492 was closed, I could give this a go... and no, the
> proposed patch
> wasn't enough, there were a few more places that needed extra quotes.
>
> https://github.com/openssl/openssl/pull/1125
>
> Cheers,
> Richard
>
> On Tue May 24 15:46:07 2016, levitte wrote:
> > I'm surprised so little is needed... Does it, combined with my fix
> > for 4492?
> >
> > Cheers,
> > Richard
> >
> > On Sun Mar 27 13:29:37 2016, noloader <at> gmail.com wrote:
> > > Using Strawberry PERL from a typical Windows user desktop and
> > > working
> > > from Master at c828cd7...
> > >
> > > > cls && perl Configure VC-WIN32
> > > ...
(Continue reading)

Richard Levitte via RT | 27 May 17:39 2016
Picon

[openssl.org #4311] OpenSSL 1.1.0-pre3: quote PERL=$(PERL) in Makefiles

On Wed May 11 10:51:46 2016, rainer.jung <at> kippdata.de wrote:
> Am 10.05.2016 um 21:54 schrieb Richard Levitte via RT:
> > I understand this part. What I'm questioning is the need to set PERL
> > to
> > "/usr/bin/env perl" to begin with. It's practically not different at
> > all from
> > setting it to just "perl", all this does is that any time the
> > environment
> > variable PERL is used to run a perl script is to have an extra
> > process between
> > the shell and perl itself that will simply pass along the exact
> > environment
> > that it got from the shell. In effect, any time the environment
> > variable PERL
> > with your assignment is used to run a script (assuming the quoting
> > you
> > suggest), i.e.:
> >
> > $PERL blah.pl
> >
> > it would expand to this:
> >
> > /usr/bin/env perl blah.pl
> >
> > If it's only assigned "perl", the command would expand to this:
> >
> > perl blah.pl
> >
> > perl itself literally gets the exact same environment in both cases.
>
(Continue reading)

Matt Caswell | 27 May 17:03 2016
Picon

Re: [openssl.org #4255] OpenSSL-1.1.0-pre2 failures using MinGW-W64


On 27/05/16 15:58, sav_ix <at> ukr.net wrote:
>  
> 
> --- Исходное сообщение ---
> От кого: "Matt Caswell via RT" <rt <at> openssl.org>
> Дата: 27 мая 2016, 17:45:28
> 
>     The "make test" hang issue on mingw should now be resolved in the head of
>     master. Unfortunately there is now a completely different issue preventing
>     compilation for mingw :-( That is nothing to do with this ticket though so
>     closing.
> 
> Hi,
> 
> Thank you for fixing that issue. I'll test it when Mingw-w64 builds
> would be restored.
> 
> Got few questions, if you don't mind:
> 
> 1. Which issue or PR I should look to figure out, whether Mingw builds
> are available again.

There isn't an existing ticket for it but Andy has a commit entitled
"crypto/o_str.c: strerror_s is provided by specific compiler run-time,"
which is currently in internal review that fixes the issue.

> 
> 2. Results for some tests using MSVC there are:
> 
(Continue reading)

Matt Caswell via RT | 27 May 16:45 2016
Picon

[openssl.org #4255] OpenSSL-1.1.0-pre2 failures using MinGW-W64

On Tue May 10 12:36:40 2016, matt wrote:
> Re-opening. OP reports there are still issues with "make test" hanging.

The "make test" hang issue on mingw should now be resolved in the head of
master. Unfortunately there is now a completely different issue preventing
compilation for mingw :-( That is nothing to do with this ticket though so
closing.

Matt

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4255
Please log in as guest with password guest if prompted

--

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Stephen Henson via RT | 27 May 13:38 2016
Picon

[openssl.org #2369] mail/rfc822Mailbox should be encoded as IA5String, not DirectoryString

Fixed now, thanks for the report.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2369
Please log in as guest with password guest if prompted

--

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Mick Saxton via RT | 27 May 12:07 2016
Picon

Re: [openssl.org #4545] Crash in crypto/rand/md_rand.c

Hi Matt

The test program runs against our major new development so I cannot share it as is.

I will try to produce a skeleton version which I could let you have.

-          But that will be end if next week as I am away for a few days

-          That is providing that exhibits the bug.

Mick

From: Matt Caswell via RT [mailto:rt <at> openssl.org]
Sent: 27 May 2016 10:46
To: Mick Saxton
Cc: openssl-dev <at> openssl.org
Subject: [openssl.org #4545] Crash in crypto/rand/md_rand.c

On Fri May 20 15:49:49 2016, micks <at> 1e.com<mailto:micks <at> 1e.com> wrote:
> Hi
>
> Before going any further I would like to state that I have only seen
> this problem when we have 10000 or more concurrent connections.
>
> Mostly we notice it on Windows but I have seen it on linux (Ubuntu).
>
> I first noticed it when using v1.0.2d but have seen it again since
> upgrading to v1.0.2h.
>
> It can happen in one of two places and results in a call to MD_Update
(Continue reading)

Matt Caswell via RT | 27 May 11:46 2016
Picon

[openssl.org #4545] Crash in crypto/rand/md_rand.c

On Fri May 20 15:49:49 2016, micks <at> 1e.com wrote:
> Hi
>
> Before going any further I would like to state that I have only seen
> this problem when we have 10000 or more concurrent connections.
>
> Mostly we notice it on Windows but I have seen it on linux (Ubuntu).
>
> I first noticed it when using v1.0.2d but have seen it again since
> upgrading to v1.0.2h.
>
> It can happen in one of two places and results in a call to MD_Update
> with a negative value.
>
> I have come up with a temporary fix which avoids the possibility of
> crashing at the expense of some randomness.
> The system is very highly stressed at this point so debugging further
> is difficult.
>
> The fix I am using is probably not what you eventually will want to
> implement but it does improve stability.
>
> 273: MD_Update(&m, &(state[st_idx]), (j - k) );
> Change to
> 273: MD_Update(&m, &(state[st_idx]), (j - k) > 0 ? j - k :
> 1); // micks <at> 1e.com (j -k) must not be negative
>
> And
>
> 495: MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 -
(Continue reading)

Matt Caswell via RT | 27 May 11:37 2016
Picon

[openssl.org #2270] CVS HEAD: bugfix for BIO printf() code: floating point does not print + other wrongs in that code path

I applied this patch in part. The code has moved on since this was written and
this was from pre-reformat times so I added the changes that were still
applicable "manually". See commit 242073bdbc. Also properly implemented the %e
and %g format specifiers in commit d6056f085d. Finally I added a test for all
of this in f8f686ec1c.

Closing.

Matt

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2270
Please log in as guest with password guest if prompted

--

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Mody, Darshan (Darshan | 27 May 11:11 2016

FIPs mode and openssl

Hi,

 

I have a query with regards to FIPS mode and use of Openssl. I have put my kernel image n FIPs mode using the documentation (https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Federal_Standards_And_Regulations-Federal_Information_Processing_Standard.html)

 

Do I need to put the openssl in FIPs mode using the API FIPS_mode_set(1) or will by default the openssl will put itself in FIPS mode for my application. There are couple of application on the server we use openssl. Do I need to put each of the application openssl in FIPS mode or will it put itself in FIPS since the kernel is in FIPS mode.

 

Thanks

Darshan

--

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
TJ Saunders | 26 May 23:27 2016
Gravatar

How to get SSL version from SSL_SESSION using OpenSSL-1.1.x?


I'm currently working on updating proftpd and its various modules to
work with the changed APIs in OpenSSL-1.1.x.  My current obstacle(?) is
to determine the SSL protocol version, given an SSL_SESSION pointer.

Using OpenSSL-1.0.x, I currently use:

  ssl_version = sess->ssl_version;

However, I don't see an equivalent accessor in the 1.1.x APIs.  Have I
missed something, or does such a thing not exist yet?

Cheers,
TJ
--

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev


Gmane