Some suggestions for crypto library

Thu, 15 Jun 2000 16:33:52 -0700 

Hi,
after poking around for a while I've got the following suggestions to change
couple minor things in crypto library:
1. crypto/rand/randfile.c
at the end of the function RAND_write_file (lines ~213/214 in OpenSSL 0.95)
the same symbol (err) used for local variable and for label, as a result the
following code always returns fault code (at least under MS compiler):
{
int err=0;
....
set err to something
....
err:
        return(err ? -1 : ret); <--- err label is used, which is always not 0
}

2. crypto/evp/evp_key.c
This is a suggestion really:
function EVP_BytesToKey (line 119) has hardcoded value for the salt of 8
bytes:
EVP_DigestUpdate(&c,salt,8);
I would suggest changing this to:
{
int saltSz = 8;
if(type->iv_len > 0)
        saltSz = type->iv_len;
EVP_DigestUpdate(&c,salt, saltSz);
}
This will keep it compatible with older versions and will make room for the
new ciphers.


-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Richard Levitte - VMS
Whacker
Sent: Thursday, June 15, 2000 9:12 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: ASN1_INTEGER is freed twice in d2i_DSAPrivateKey()


From: Robert Eiglmaier <[EMAIL PROTECTED]>

robert.eiglmaier> I found the following lines in crypto/asn1/d2i_s_pr.c:
robert.eiglmaier>
robert.eiglmaier> (Line  94) :  M_ASN1_INTEGER_free(bs);
robert.eiglmaier> ...
robert.eiglmaier> ... skipping some unrelevant code
robert.eiglmaier> ...
robert.eiglmaier> (Line 102) :  if (bs != NULL) M_ASN1_INTEGER_free(bs);
robert.eiglmaier>
robert.eiglmaier> which causes my application to crash.

Congrats, you found a bug.  I've fixed it, it should be there in the
next snapshot (sometime tonight).

--
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken   \ S-168 35  BROMMA  \ T: +46-8-26 52 47
Redakteur@Stacken   \      SWEDEN       \ or +46-709-50 36 10
Procurator Odiosus Ex Infernis             -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, Celo Communications: http://www.celocom.com/

Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to