openssl pkcs12 -export -in _.pem -nodes -out _.p12
generates PFX DER data with MacData in which empty password is used
incorrectly, violating following quote from Chapter B, section B.2, item
3 of PKCS#12 standard [1]:
Note that if the password is the empty string, then so is P.
However,
This transaction appears to have no content
Hi,I am trying to install openssl-0.9.8e on Solaris v10 12/06. I got Fatal error when I build OpenSSL by running make command.I attached the output of ./config and make (config_log.txt and make_log.txt).Could you please advice me what should I
Yes, it's desirable that that data is unknown however there is a
compromise possible:
Complement the area. It'll mean valgrind will only complain at the correct
place, or possibly not at all, and it's still random. The performance hit
from doing that will be so small it won't matter.
This annoyed
Hi All,
I was looking for EAP-FAST support in openssl library. In the mail list
I found a patch. Patch was distributed for openssl-0.9.8.
And I also found some mails stating EAP-FAST support will be added in
openssl-0.9.9.I have few queries now.
I. Will EAP-FAST support will be added in
Hello,
I am also encountering the behaviour described in
http://rt.openssl.org/Ticket/Display.html?id=1455
I'd like help fixing this bug, maybe by providing Logs or Network
Traffic dumps - would somebody with OpenSSL developement experience be
kind enough to consider looking into this bug?
It's
One can omit the SSL_CTX_free but in oder to be clean, someone must call
it, and this may unfortunately not necessarily be the same instance who
created
it.
I think you are kind of right, but there's another possibility.
Does the other instance call SSL_free as well? Note that SSL_free
Hi All,
Can any one tell me when SessionTicket TLS Extension support will be
included in openssl library?
Thanks in advance.
Regards,
Jaya.
__
OpenSSL Project http://www.openssl.org
Development
[EMAIL PROTECTED] - Fri Mar 02 09:58:13 2007]:
openssl pkcs12 -export -in _.pem -nodes -out _.p12
generates PFX DER data with MacData in which empty password is used
incorrectly, violating following quote from Chapter B, section B.2, item
3 of PKCS#12 standard [1]:
Note that if
On Fri, 02 Mar 2007 07:58:14 +, Darryl Miles said:
Delivered-To: openssl-dev-l@master.openssl.org
Delivered-To: openssl-dev@openssl.org
Martin Simmons wrote:
On Thu, 01 Mar 2007 11:40:24 +0100, Peter Sylvester said:
The crtl function basically would do:
Peter Waltenberg wrote:
Yes, it's desirable that that data is unknown however there is a
compromise possible:
Complement the area. It'll mean valgrind will only complain at the correct
place, or possibly not at all, and it's still random. The performance hit
from doing that will be so small
Can't someone just create a valgrind suppression entry for this?
Valgrind can read a file that tells it things to ignore, like lint's old
NOTREACHED comment.
/r$
--
STSM
Senior Security Architect
DataPower SOA Appliances
Darryl Miles [EMAIL PROTECTED] writes:
[...]
So the -DPURIFY kills the only known source of uninitialized data
warnings in the OpenSSL project that has been reported todate.
There's another little one in RAND_load_file. If the function is
given a non-NULL file that doesn't exist, it still
Richard Salz wrote:
Can't someone just create a valgrind suppression entry for this?
Valgrind can read a file that tells it things to ignore, like lint's old
NOTREACHED comment.
Valgrind reports at the point of use where it considers the usage
potentially harmful.
This means you can copy
On Fri, 02 Mar 2007 13:21:18 +0100, Peter Sylvester said:
One can omit the SSL_CTX_free but in oder to be clean, someone must call
it, and this may unfortunately not necessarily be the same instance who
created it.
OK, so a less hacky solution using the current APIs would be to do your own
This belongs on openssl-users, not openssl-dev.
I. I don't have the precise information, but I think it likely will
be if it was a project committer who stated it will be.
II. Your guess is as good as mine.
III. If it applies, compiles, and functions then there shouldn't be
a problem. It
Maybe valgrind should have a rule put in place which resets the
uninitialized data bit in the memory bitmap over the block of data
returned by the low level RAND_() functions provided by OpenSSL.
Yes, exactly my point.Until someone enhances valgrind, however,
something like this
In dsa_gen.c:
for (i = qsize-1; i = 0; i--)
{
buf[i]++;
if (buf[i] != 0)
break;
}
i is a size_t, so the expression i = 0 is always true. If the value
of seed is 0xFF...FF, the break will never be triggered either, and
it will modify memory after seed.
Test
If RAND_load_file is called with a non-NULL file which does not exist,
then it still does:
i=stat(file,sb);
/* If the state fails, put some crap in anyway */
RAND_add(sb,sizeof(sb),0.0);
if (i 0) return(0);
And sb may well be uninitialized.
Obviously that's of
Guessing on the stack being non-predictable does not seem to improve
entropy too much to me. I have therefore modified the code to no longer
use uninitialized memory in any case.
Not relying on -DPURIFY will also make valgrind users happy :-)
Best regards,
Lutz
Jack Lloyd wrote:
In dsa_gen.c:
for (i = qsize-1; i = 0; i--)
{
buf[i]++;
if (buf[i] != 0)
break;
}
i is a size_t, so the expression i = 0 is always true.
true ... 'i' is now a 'int' again.
Thanks,
Nils
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Lutz,
why not...
Lutz Jaenicke wrote:
patch -p0 '@@ .'
Index: openssl/crypto/rand/rand_lib.c
$ cvs diff -u -r1.16 -r1.17 rand_lib.c
---
Stephen Henson via RT wrote:
[EMAIL PROTECTED] - Fri Mar 02 09:58:13 2007]:
openssl pkcs12 -export -in _.pem -nodes -out _.p12
generates PFX DER data with MacData in which empty password is used
incorrectly, violating following quote from Chapter B, section B.2, item
3 of PKCS#12
Christian Marg wrote:
Hello,
Since noone on the openssl-users list could help, I'm trying this list
for help.
In http://marc.theaimsgroup.com/?l=openssl-usersm=116111352610602w=2
Geert Van Muylem reports a similar problem but didn't get a response, so
I just repost this issue along with my
On Fri, Mar 02, 2007 at 02:06:09PM +1100, Erik de Castro Lopo wrote:
Hi all,
I'm working with version 0.9.8c distributed as part of Ubuntu but
I have also veryfied that the same problem exists with the latest
release 0.9.8e.
Please see:
Lutz Jaenicke wrote:
Lutz Jaenicke wrote:
Peter Waltenberg wrote:
Yes, it's desirable that that data is unknown however there is a
compromise possible:
Complement the area. It'll mean valgrind will only complain at the correct
place, or possibly not at all, and it's still random. The
25 matches
Mail list logo