Stephen Henson via RT -> [EMAIL PROTECTED] @ Thu, 20 Jul 2006 18:12:35 +0200
(METDST):
>> Yeah. And I even managed to reproduce it on solaris64-sparcv9-cc. So
>> it's our bug, not compiler. Verify below patch. Why I commented on gcc
>> and being root thing? Well, for future reference. If you run into
>> compiler bug, you can't expect us to test several compilers. You should
>> be prepared to do that without false excuses:-) A.
>>
>> --- crypto/pkcs7/pk7_doit.c 10 Jul 2006 18:36:53 -0000 1.72
>> +++ crypto/pkcs7/pk7_doit.c 20 Jul 2006 15:19:58 -0000
>> @@ -829,7 +829,7 @@
>> EVP_PKEY_CTX *pctx;
>> unsigned char *abuf = NULL;
>> int alen;
>> - unsigned int siglen;
>> + size_t siglen;
>> const EVP_MD *md = NULL;
>>
>> md = EVP_get_digestbyobj(si->digest_alg->algorithm);
>>
SHvR> Oops, mea culpa on that. I changed it from the old EVP_Sign*() interface
SHvR> to EVP_DigestSign(). The old one was unsigned int * for the sig length
SHvR> the new one (in line with other things) uses size_t *.
SHvR> Which causes problems is sizeof(size_t) == sizeof(unsigned int).
SHvR> Is there a compiler warning when compiling that file?
Yes. And similar (reverse) are in ec_pmeth:144 (ECDSA_sign expects
unsigned int *siglen) and rsa_pmeth.c:251 (here declaration of
int_rsa_verify in rsa_pmeth.c differs in prototype from definition in
rsa_sign.c, mainly with respect to prm_len; usage and definition are
consistent, both use unsigned int *). There are some different warnings
which I cannot understand. I'll try to dig them.
--
Artem Chuprina
RFC2822: <ran{}ran.pp.ru> Jabber: [EMAIL PROTECTED]
èÏÄÑÞÁÑ ÜÎÃÉËÌÏÐÅÄÉÑ - ÜÔÏ ÄÅ×ÕÛËÁ, ËÏÔÏÒÁÑ ÐÙÔÁÅÔÓÑ ÍÎÏÇÏÚÎÁÎÉÅÍ
ËÏÍÐÅÎÓÉÒÏ×ÁÔØ ÏÔÓÕÔÓÔ×ÉÅ ÍÙÓÌÉÔÅÌØÎÙÈ ÎÁ×ÙËÏ× (ó)ÜÎÔÁ
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
