Re: openssl-0.9.7-beta1 Win32 build error
On Fri, Jun 07, 2002 at 11:02:19AM +0530, Bhavin Shah wrote: I was trying to build the OpenSSL 0.9.7 beta1 source. Finally, changed evp_test.c. On line 361 of crypto\evp\evp_test.c changed the function call from strsep() to sstrsep() which is an existing function. The code compiled this time. Also, ran ms\test.bat and it passed all the tests. Is this the right fix though ? Yes, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Bug in RSA_check_key
If the key is loaded via an ENGINE, openssl crashes because of a segfault (function BN_num_bits crypto/bn/bn_lib.c:252). Explanation: When loading a key from an engine the p q and d members of the RSA struct are never set. However RSA_check_key never checked to make sure those members a present before calling the functions to test it. Call stack: BN_num_bits BN_is_prime_fasttest BN_is_prime RSA_check_key ___ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #86] Bug in RSA_check_key
If the key is loaded via an ENGINE, openssl crashes because of a segfault (function BN_num_bits crypto/bn/bn_lib.c:252). Explanation: When loading a key from an engine the p q and d members of the RSA struct are never set. However RSA_check_key never checked to make sure those members a present before calling the functions to test it. Call stack: BN_num_bits BN_is_prime_fasttest BN_is_prime RSA_check_key ___ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #87] openssl 0.9.6b to 0.9.6d with IE5.5 and IE6 and 3DES-CBC-SHA hangs
Hello, I want to report that with IE5.5 and IE6 (but not Netscape) when using as web server: apache 1.3.14 + modssl 2.7.1 + openssl 0.9.6b and restrict the Ciphersuite to DES3-CBC-SHA all is working fine but with web server: apache 1.3.24 + modssl 2.8.8 + openssl 0.9.6d and again restrict the Ciphersuite to DES3-CBC-SHA then Explorer hangs forever when loading any page (apache logs indicate a single successful connection and that's all) clearly this has to do a lot with the openssl change from 0.9.6b to 0.9.6d [ I am not versed in the modssl/openssl technology but I suspect it must be something related to the following CHANGE notice *) Implement a countermeasure against a vulnerability recently found in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment before application data chunks to avoid the use of known IVs with data potentially chosen by the attacker. [Bodo Moeller] ] even though Netscape still works, this should be considered a bug since IE is now broken when in the past it worked fine Can someone comment on this behavior and PLEASE recommend a workaround (enabling us to keep the same Ciphersuite)? Thanks in advance, E.I.Sarmas email: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #88] Encrypted alert 25.
Hello, My user agent is using the openssl library. I noticed some trouble in asecure connection when it connects to the domain www.sharenet-workspace.com. At the end of the connection, there is a weird packet ; After a 3 sec silence, the server answer with aEncrypted Alert packet. The connection close just after. The user agent uses the openssl-0.9.6d library. The concerned URL is https://www.sharenet-workspace.com/witbe.asp. I am using the v32 connection method (meth=SSLv23_client_method()). The socket I am using is non blocking. The tcpdump dump file is linked to the e-mail. If the problem is known, could you tell me if the problem comes from me, the server or the library ? Thanks in advance, Best regards, Fabrice. -- Fabrice Mougin - Witbe.net The Net screener Work email: [EMAIL PROTECTED] Phone: +331 42 91 5000 When there is no solution, there is no pbs ... __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
missing prototypes for functions
Hello folks, Building openssl (openssl-0.9.7-stable-SNAP-20020528) with debug for linux, I get some warnings (that turned into errors) about some missing prototypes. Bye Goetz -- Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de Sonninstr. 24-28, 20097 Hamburg, Germany Tel.: +49-(0)40 80 80 26 -0, Fax: +49-(0)40 80 80 26 -126 Index: apps/apps.c === RCS file: /usr/cvsroot/openssl/apps/apps.c,v retrieving revision 1.5 diff -c -r1.5 apps.c *** apps/apps.c 2002/05/29 15:59:54 1.5 --- apps/apps.c 2002/06/07 14:49:37 *** *** 1256,1262 } /* Try to load an engine in a shareable library */ ! ENGINE *try_load_engine(BIO *err, const char *engine, int debug) { ENGINE *e = ENGINE_by_id(dynamic); if (e) --- 1256,1262 } /* Try to load an engine in a shareable library */ ! static ENGINE *try_load_engine(BIO *err, const char *engine, int debug) { ENGINE *e = ENGINE_by_id(dynamic); if (e) Index: apps/apps.h === RCS file: /usr/cvsroot/openssl/apps/apps.h,v retrieving revision 1.5 diff -c -r1.5 apps.h *** apps/apps.h 2002/05/29 15:59:54 1.5 --- apps/apps.h 2002/06/07 14:49:37 *** *** 135,141 * destroyed! */ #ifdef OPENSSL_NO_STDIO ! BIO_METHOD *BIO_s_file(); #endif #ifdef OPENSSL_SYS_WIN32 --- 135,141 * destroyed! */ #ifdef OPENSSL_NO_STDIO ! BIO_METHOD *BIO_s_file(void); #endif #ifdef OPENSSL_SYS_WIN32 *** *** 217,224 int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data); ! int setup_ui_method(); ! void destroy_ui_method(); int should_retry(int i); int args_from_file(char *file, int *argc, char **argv[]); --- 217,224 int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data); ! int setup_ui_method(void); ! void destroy_ui_method(void); int should_retry(int i); int args_from_file(char *file, int *argc, char **argv[]); Index: apps/enc.c === RCS file: /usr/cvsroot/openssl/apps/enc.c,v retrieving revision 1.5 diff -c -r1.5 enc.c *** apps/enc.c 2002/05/29 15:59:54 1.5 --- apps/enc.c 2002/06/07 14:49:37 *** *** 78,84 #define BSIZE (8*1024) #define PROGenc_main ! void show_ciphers(const OBJ_NAME *name,void *bio_) { BIO *bio=bio_; static int n; --- 78,84 #define BSIZE (8*1024) #define PROGenc_main ! static void show_ciphers(const OBJ_NAME *name,void *bio_) { BIO *bio=bio_; static int n; Index: crypto/asn1/a_strex.c === RCS file: /usr/cvsroot/openssl/crypto/asn1/a_strex.c,v retrieving revision 1.2 diff -c -r1.2 a_strex.c *** crypto/asn1/a_strex.c 2002/05/29 15:59:55 1.2 --- crypto/asn1/a_strex.c 2002/06/07 14:49:37 *** *** 77,84 /* Three IO functions for sending data to memory, a BIO and * and a FILE pointer. */ ! ! int send_mem_chars(void *arg, const void *buf, int len) { unsigned char **out = arg; if(!out) return 1; --- 77,84 /* Three IO functions for sending data to memory, a BIO and * and a FILE pointer. */ ! #if 0 /* never used */ ! static int send_mem_chars(void *arg, const void *buf, int len) { unsigned char **out = arg; if(!out) return 1; *** *** 86,100 *out += len; return 1; } ! int send_bio_chars(void *arg, const void *buf, int len) { if(!arg) return 1; if(BIO_write(arg, buf, len) != len) return 0; return 1; } ! int send_fp_chars(void *arg, const void *buf, int len) { if(!arg) return 1; if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0; --- 86,101 *out += len; return 1; } + #endif ! static int send_bio_chars(void *arg, const void *buf, int len) { if(!arg) return 1; if(BIO_write(arg, buf, len) != len) return 0; return 1; } ! static int send_fp_chars(void *arg, const void *buf, int len) { if(!arg) return 1; if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0; *** *** 240,246 * #01234 format. */ ! int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str) { /* Placing the ASN1_STRING in a temp ASN1_TYPE allows * the DER encoding to readily obtained --- 241,247 * #01234 format. */ ! static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str) { /* Placing the ASN1_STRING in a temp ASN1_TYPE allows * the DER encoding to
[openssl.org #89] missing prototypes for functions
__ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]