[PATCH] Bug in X509V3_get_d2i.
Hi,
The X509V3_get_d2i never finds any extensions unless the idx argument is
NULL, which is not the intended behaviour. Here is a patch against
openssl-0.9.6g.
Regards,
Zoltan
Index: crypto/x509v3/v3_lib.c
===
RCS file: /var/cvs/openssl/crypto/x509v3/v3_lib.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 v3_lib.c
--- crypto/x509v3/v3_lib.c 2002/05/10 20:33:09 1.1.1.1
+++ crypto/x509v3/v3_lib.c 2002/09/21 13:45:23
@@ -201,6 +201,7 @@
if(OBJ_obj2nid(ex-object) == nid) {
if(idx) {
*idx = i;
+ found_ex = ex;
break;
} else if(found_ex) {
/* Found more than one */
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
[PATCH] Bug in the OBJ_txt2obj method.
Hi, The OBJ_txt2obj does not call d2i_ASN1_OBJECT with the correct length parameter, so that method always fails in openssl-0.9.6g (This used to work in previous releases because the length checking was commented out in d2i_ASN1_OBJECT). Please see the patch below. Regards, Zoltan Index: crypto/objects/obj_dat.c === RCS file: /var/cvs/openssl/crypto/objects/obj_dat.c,v retrieving revision 1.1.1.3 retrieving revision 1.1.1.3.2.1 diff -u -r1.1.1.3 -r1.1.1.3.2.1 --- crypto/objects/obj_dat.c2002/09/15 09:55:03 1.1.1.3 +++ crypto/objects/obj_dat.c2002/09/22 18:55:39 1.1.1.3.2.1 @@ -417,7 +417,7 @@ a2d_ASN1_OBJECT(p,i,s,-1); p=buf; - op=d2i_ASN1_OBJECT(NULL,p,i); + op=d2i_ASN1_OBJECT(NULL,p,j); OPENSSL_free(buf); return op; } __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: [PATCH] Bug in the OBJ_txt2obj method.
Welcome to the club. I also sent in for a patch for this one, and then Stephen Henson told me that it had been fixed. It in CVS but not in any of the official releases. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Zoltan Glozik Sent: Monday, 23 September 2002 5:47 PM To: [EMAIL PROTECTED] Subject: [PATCH] Bug in the OBJ_txt2obj method. Hi, The OBJ_txt2obj does not call d2i_ASN1_OBJECT with the correct length parameter, so that method always fails in openssl-0.9.6g (This used to work in previous releases because the length checking was commented out in d2i_ASN1_OBJECT). Please see the patch below. Regards, Zoltan Index: crypto/objects/obj_dat.c === RCS file: /var/cvs/openssl/crypto/objects/obj_dat.c,v retrieving revision 1.1.1.3 retrieving revision 1.1.1.3.2.1 diff -u -r1.1.1.3 -r1.1.1.3.2.1 --- crypto/objects/obj_dat.c2002/09/15 09:55:03 1.1.1.3 +++ crypto/objects/obj_dat.c2002/09/22 18:55:39 1.1.1.3.2.1 @@ -417,7 +417,7 @@ a2d_ASN1_OBJECT(p,i,s,-1); p=buf; - op=d2i_ASN1_OBJECT(NULL,p,i); + op=d2i_ASN1_OBJECT(NULL,p,j); OPENSSL_free(buf); return op; } __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #274] session ID length bug (in 0.9.6g and 0.9.7beta3)
Lutz Jaenicke wrote: On Fri, Sep 20, 2002 at 10:34:27AM +0200, Bodo Moeller wrote: On Thu, Sep 19, 2002 at 01:44:01PM +0200, Bodo Moeller via RT wrote: I don't know why that message is empty. What I wrote is that this should now be fixed in the current snapshots (0.9.6-stable and 0.9.8-dev -- seems I forgot about 0.9.7-stable, this will have the fix tomorry). RT2 seems to have problems with some MIME messages... But sorry, no, I currently don't have time to look into it.. Probably the same ones ezmlm mangles (i.e. multipart-alternative). Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Why does OpenSSL_add_all_algorithms() exist?
Chris Brook wrote: Those of us who make heavy use of the crypto library, with a limited group of algorithms and without SSL, would certainly not want this pulling in all the algorithms every time we call EVP_PKEY_new. What do you mean by pulling in? They get linked in anyway. And only the ones you use get, err, used. So, I'm not sure what you are getting at here. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #262] bug: init race in SSLv3_client_method
On Fri, Sep 20, 2002 at 06:19:48PM -0700, Patrick McCormick wrote: Here's one step by step scenario. You are absolutely right about the bug. I somehow had not realized that the memcpy accesses the same struct as the following assignments. We need a lock to fix this. -- Bodo Möller [EMAIL PROTECTED] PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html * TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt * Tel. +49-6151-16-6628, Fax +49-6151-16-6036 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #262] bug: init race in SSLv3_client_method
__ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #262] bug: init race in SSLv3_client_method
On Mon, Sep 23, 2002 at 04:26:00PM +0200, Bodo Moeller via RT wrote: Somehow the RT2 system doesn't like the comments I enter at the website when resolving a ticket ... I wrote that the next snapshots should solve the problem. Functions SSLv23_client_method(), SSLv23_server_method(), SSLv2_client_method(),SSLv2_server_method(), SSLv3_client_method(),SSLv3_server_method(), TLSv1_client_method(),TLSv1_server_method() now use a lock. -- Bodo Möller [EMAIL PROTECTED] PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html * TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt * Tel. +49-6151-16-6628, Fax +49-6151-16-6036 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
PBEParams
I am converting some code from BSAFE to OpenSSL, using 0.9.7 beta 3, and have an issue with the PKCS#5 PBEParameters encoding/decoding. In BSAFE, the algorithm ObjId is included in the PBEParameters encoding with an outer SEQUENCE. In OpenSSL it is not. I can manually add strip off the algo ObjId and Seqence to get at the real PBE Params but this is a pain. Is there a d2i/id2 that will encode/decode the PBEParams Info Object with the algo in it? Thanks, Chris Brook __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: PBEParams
On Mon, Sep 23, 2002, Chris Brook wrote: I am converting some code from BSAFE to OpenSSL, using 0.9.7 beta 3, and have an issue with the PKCS#5 PBEParameters encoding/decoding. In BSAFE, the algorithm ObjId is included in the PBEParameters encoding with an outer SEQUENCE. In OpenSSL it is not. I can manually add strip off the algo ObjId and Seqence to get at the real PBE Params but this is a pain. Is there a d2i/id2 that will encode/decode the PBEParams Info Object with the algo in it? Yes X509_ALGOR: its equivalent to AlgorithmIdentifier. Steve. -- Dr. Stephen Henson [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~steve/ __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
