similar to: ssl-params: slow startup (patch for consideration)

In src/lib-ssl-iostream/iostream-openssl-params.c a call is made to DH_generate_parameters. This function has been deprecated since OpenSSL 0.9.8. With OpenSSL 1.1 compilation will throw an error. Not sure how to send patches, I don't even know if the patch I wrote actually works (I don't program in C, but gave it a shot anyway) but below is the patch. ---

Patch v2 --- a/src/lib-ssl-iostream/iostream-openssl-params.c +++ b/src/lib-ssl-iostream/iostream-openssl-params.c @@ -13,10 +13,19 @@ generate_dh_parameters(int bitsize, buffer_t *output, const char **error_r) { DH *dh; unsigned char *p; - int len, len2; + int len, len2, success; +#if OPENSSL_VERSION_NUMBER >= 0x00908000L + success = DH_generate_parameters_ex(dh, bitsize,

> On April 26, 2017 at 3:15 PM Peter van der Does <peter at avirtualhome.com> wrote: > > > Patch v2 > > --- a/src/lib-ssl-iostream/iostream-openssl-params.c > +++ b/src/lib-ssl-iostream/iostream-openssl-params.c > @@ -13,10 +13,19 @@ generate_dh_parameters(int bitsize, buffer_t *output, const char **error_r) > { > DH *dh; > unsigned char *p;

> On Apr 25, 2017, at 5:37 PM, KT Walrus <kevin at my.walr.us> wrote: > > Also, I spotted a deprecation warning that you might want to look into since it has to do with building against OpenSSL 1.1 (which is the default version for Debian 9). Oops!!! Forgot to attach the warning: libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../src/lib -I../../src/lib-test

Forwarded to respective mailing lists Regards, Lutz ----- Forwarded message from Thomas Schulz <schulz at adi.com> ----- X-Original-To: jaenicke at serv01.aet.tu-cottbus.de X-Original-To: rt at aet.tu-cottbus.de Delivered-To: rt at master.openssl.org Date: Wed, 12 Apr 2006 14:42:27 -0400 (EDT) From: Thomas Schulz <schulz at adi.com> To: openssl-bugs at openssl.org Subject: 0.9.8a:

> On Apr 25, 2017, at 4:30 PM, Peter van der Does <peter at avirtualhome.com> wrote: > > The problem with making the Dovecot check for libmysqlclient.so.20 would > be that you have have to make sure older/newer packages are also > supported. The 20 extension is subject to changes. > > If I check the Oracle DEB file for Debian 9, it seems they do use the > name

http://bugzilla.mindrot.org/show_bug.cgi?id=1260 Summary: Link failure with openssl 0.9.8 Product: Portable OpenSSH Version: 4.4p1 Platform: Sparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: bitbucket at mindrot.org ReportedBy: schulz at

Thank you, Clayton. It works now! Our debugger server responds "name:J28;generic:fp;bitsize:32;encoding:uint;format:hex;gcc:60;dwarf:60". And I also set other "generic" attributes like sp, pc, ra, arg1~arg8 to related registers. I dig a little and find llvm dwarf generator uses TargetRegisterInfo::getFrameRegister() to obtain frame base, and uses

On Tue 2015-05-26 12:57:05 -0400, Hubert Kario wrote: > creating composites that will pass even 100000 rounds of Miller-Rabin is > relatively simple.... > (assuming the values for M-R tests are picked randomly) Can you point me to the algorithms for doing that? This would suggest that we really do want primality proofs (and a good way to verify them). Do those algorithms hold for

On Thu, 28 May 2015, Hubert Kario wrote: > > If this is the only attack you're trying to address, and you've > > already limited yourself to safe primes, then NUMS properties don't > > really add anything. The NUMS approach is there are to try to avoid > > the possibility of other, unknown cryptanalytic attacks against some > > infrequent type of group,

http://bugzilla.mindrot.org/show_bug.cgi?id=567 Summary: pb at the end of compil with a dump of ssh-keygen Product: Portable OpenSSH Version: -current Platform: MIPS OS/Version: IRIX Status: NEW Severity: critical Priority: P1 Component: Build system AssignedTo: openssh-unix-dev at mindrot.org

On Fri 2015-05-22 00:06:29 -0400, Darren Tucker wrote: > On Thu, May 21, 2015 at 11:26 PM, Matthew Vernon <matthew at debian.org> wrote: >> >> You will be aware of https://weakdh.org/ by now, I presume; the >> take-home seems to be that 1024-bit DH primes might well be too weak. >> I'm wondering what (if anything!) you propose to do about this issue, >>

Hi, we found a bug in ssl-params. It calls openssl DH generator for 512 and 1024 bits, but in FIPS mode, openssl won't generate anything for less than 1024, so it fails with: error:0506A06E:Diffie-Hellman routines:DH_BUILTIN_GENPARAMS:key size too small but when DH generator fails, ssl-params hangs forever in io_loop_run: __epoll_wait_nocancel() io_loop_handler_run(..) at

On Tue 2015-05-26 14:02:07 -0400, Hubert Kario wrote: > On Tuesday 26 May 2015 13:43:13 Daniel Kahn Gillmor wrote: >> On Tue 2015-05-26 12:57:05 -0400, Hubert Kario wrote: >> > creating composites that will pass even 100000 rounds of Miller-Rabin is >> > relatively simple.... >> > (assuming the values for M-R tests are picked randomly) >> >> Can you

On Wed 2015-05-27 05:23:41 -0400, Hubert Kario wrote: > On Tuesday 26 May 2015 15:10:01 Daniel Kahn Gillmor wrote: >> On Tue 2015-05-26 14:02:07 -0400, Hubert Kario wrote: >> > OEIS A014233 >> >> Hm, this is a sequence, but not an algorithm. It looks to me like it is >> not exhaustive, just a list of those integers which are known to have >> the stated

The *.shared targets require -shared on powerpc, and -R leads to linker errors. This patch makes the -R an arch define. ia64 at least requires -R. --- ash/Makefile +++ ash/Makefile 2003/11/27 15:04:02 @@ -36,7 +36,7 @@ $(STRIP) $(PROG) $(PROG).shared: $(OBJS) $(LIBS) - $(LD) $(LDFLAGS) -o $(PROG).shared -e main $(KLIBSRC)/interp.o $(OBJS) -R $(KLIBSRC)/libc.so $(LIBGCC) + $(LD) $(LDFLAGS)

Hi, In case of tl;dr: I fixed a bug in TLS support for LMTP which caused chained certificates not to work, and another one which caused certificate read errors to be ignored; the patches are attached to this email. While testing LMTP with TLS and certificate verification by Postfix I discovered that certificate chains are not exchanged properly when using LMTP, even though everything works fine

This patch protects against redefinitions of size_t. There are currently at least two different definitions provided with klibc: unistd.h -> stddef.h -> bits32/bitsize/stddef.h sys/times.h -> linux/times.h -> linux/types.h both define size_t, causing gcc to complain. I suspect ptrdiff_t has a similar problem; not covered by this patch. Regards, Erik diff -urN

Hi all, Please review this patch. It's fixing PR3232 comment #8. Function bar from 2008-03-24-BitFiled-And-Alloca.c compiles to: %struct.Key = type { { i32, i32 } } ... define i32 @bar(i64 %key_token2) nounwind { entry: %key_token2_addr = alloca i64 ; <i64*> [#uses=2] %retval = alloca i32 ; <i32*> [#uses=2] %iospec =

I've installed grep PRETTY /etc/os-release PRETTY_NAME="Fedora 32 (Server Edition)" dovecot --version 2.3.10.1 (a3d0e1171) openssl version OpenSSL 1.1.1g FIPS 21 Apr 2020 iiuc, Dovecot has apparently had support for setting TLS 1.3 ciphersuites since v2.3.9, per this commit lib-ssl-iostream: Support TLSv1.3 ciphersuites