Re: Race Condition

2019-06-14 Thread Dr Paul Dale
I did confuse things, apologies. One day I’ll learn that I shouldn’t answer questions late on a Friday evening after a long week. Pauli -- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia > On 15 Jun 2019, at 5:33 am, Viktor Dukhovni > wro

Re: Race Condition

2019-06-14 Thread Viktor Dukhovni
> On Jun 14, 2019, at 8:02 AM, Dr Paul Dale wrote: > > The SSL sessions are not thread safe. It is up to the calling application to > ensure that this race condition does not occur. Paul, it sounds like you're confusing (SSL_SESSION *) with (SSL *). -- Viktor.

Re: failing in reproducing .so files

2019-06-14 Thread Salz, Rich via openssl-users
If you are adding new functions to the library, you need to 1A Make sure there is a prototype in one of the existing OpenSSL header files; OR 1B If your prototype is in a new header file, you will have to edit Configurations/unix-Makefile.tmpl to pick up that f

Re: failing in reproducing .so files

2019-06-14 Thread Kyle Hamilton
Log into a different terminal window, run top. Figure out if it's infinitely looping, if it's getting stuck in a syscall (which sounds likely -- if it is the case, you need to figure out why, which could be as simple as a needed fsck or a required kernel update to address a bug), or if you can kil

Re: failing in reproducing .so files

2019-06-14 Thread Giovanni Fontana
...I just tried once more and (after a make clean) I run again a make update, but it is stopped always in the same place. No more commands in that specific terminal. After that opening a new terminal and run the make, of course, I get the same error again (Error: EVP_PKEY_get0_TUV does not have a n

Re: failing in reproducing .so files

2019-06-14 Thread Dmitry Belyavsky
It's worth trying to run make update before running make. пт, 14 июн. 2019 г., 20:13 Giovanni Fontana : > A little bit further...with my problem in trying to build a tailored > version of openSSL. > > If I do make I get at the end of building (trying to make .map file > before the .so files ) > >

Re: failing in reproducing .so files

2019-06-14 Thread Giovanni Fontana
A little bit further...with my problem in trying to build a tailored version of openSSL. If I do make I get at the end of building (trying to make .map file before the .so files ) creating test/libtestutil.a ranlib test/libtestutil.a || echo Never mind. /usr/bin/perl util/mkdef.pl crypto linux >

Re: RSA PSS RSAE Cert Generation

2019-06-14 Thread Matt Caswell
On 14/06/2019 13:28, Raja Ashok wrote: > Hi All, > > For using with TLS1.3, I am able to generate rsa_pss_pss cert (Both Public key > and Signature of RSA_PSS OID) with the below script. > > https://github.com/raja-ashok/sample_certificates/blob/master/RSA_PSS_PSS_Certs/gen_rsa_cert.sh > > Ca

Re: Race Condition

2019-06-14 Thread Dr Paul Dale
The SSL sessions are not thread safe. It is up to the calling application to ensure that this race condition does not occur. Pauli -- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia > On 14 Jun 2019, at 8:09 pm, Serti Ayoub wrote: > > H

RSA PSS RSAE Cert Generation

2019-06-14 Thread Raja Ashok
Hi All, For using with TLS1.3, I am able to generate rsa_pss_pss cert (Both Public key and Signature of RSA_PSS OID) with the below script. https://github.com/raja-ashok/sample_certificates/blob/master/RSA_PSS_PSS_Certs/gen_rsa_cert.sh Can some one help me to find out the command for generating

Re: Race Condition

2019-06-14 Thread Matt Caswell
On 14/06/2019 11:09, Serti Ayoub wrote: > > I can't provide a sample to reproduce the crash, it's totaly random. >   > Here example of thread call stack: Yes, this does look like a bug. My guess is most people don't hit this because they don't set SSL_OP_NO_TICKET in TLSv1.3. The default behav

Race Condition

2019-06-14 Thread Serti Ayoub
Hi, We upgraded a code base from openssl 1.0.2 to openssl1.1.1b. The upgrade was straightforward and we manage to activate and use TLS1.3. OpenSSL is used to implement multi-threaded HTTPS server. While using TLS1.3 as the minimum version with option SSL_OP_NO_TICKET the app crash randomly due t

SHA1_Init () is called through SSL_shutdown () in FIPS mode

2019-06-14 Thread Chethan Kumar
Hi all, Need help in resolving an error or understanding the flow. Openssl library we are using is FIPS capabled. Openssl version is 1.0.2n with fips-2.0.16 Platform: Linux version 3.10.38-ltsi-WR6.0.0.11_standard (gcc version 4.8.1) We have an application which uses libssl and libcrypto for its o

Re: Shutting down openssl - is the correct thing to do nothing?

2019-06-14 Thread Matt Caswell
On 14/06/2019 09:17, Graham Leggett wrote: > On 14 Jun 2019, at 09:41, Matt Caswell > wrote: > >> Correct. *All* of the above calls are no-ops in 1.1.0+, e.g: >> >> #  define EVP_cleanup() while(0) continue >> >> There are one or two caveats around auto-init and auto-d

Re: Shutting down openssl - is the correct thing to do nothing?

2019-06-14 Thread Graham Leggett
On 14 Jun 2019, at 09:41, Matt Caswell wrote: > Correct. *All* of the above calls are no-ops in 1.1.0+, e.g: > > # define EVP_cleanup() while(0) continue > > There are one or two caveats around auto-init and auto-deinit of the library. > The documentation for it is here: > > https://www.opens

Re: Shutting down openssl - is the correct thing to do nothing?

2019-06-14 Thread Matt Caswell
On 14/06/2019 00:42, Graham Leggett wrote: > Hi all, > > I am currently reviewing the shutdown behaviour in both httpd’s mod_ssl and > apr’s apr-crypto-openssl modules. > > Am I right in understanding that from openssl v1.1.0 and upwards, all the > following calls are no longer necessary, wi