Re: [CVS] OpenSSL: openssl/apps/ apps.c openssl/crypto/jpake/ Makefile jpa...
Dr. Stephen Henson wrote: OpenSSL CVS Repository http://cvs.openssl.org/ Server: cvs.openssl.org Name: Dr. Stephen Henson Root: /v/openssl/cvs Email: [EMAIL PROTECTED] Module: openssl Date: 27-Oct-2008 13:02:53 Branch: HEAD Handle: 2008102712025200 Modified files: openssl/appsapps.c openssl/crypto/jpakeMakefile jpake.c jpake.h jpaketest.c Log: Fix warnings and various issues. C++ style comments. Signed/unsigned warning in apps.c Hmm. Why do I not get these warnings? -- http://www.apache-ssl.org/ben.html http://www.links.org/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
[openssl.org #1767] bug of EVP_Cipher when use openssl engine
I found a bug in s3_enc.c t1_enc.c and d1_enc.c. following function int ssl3_enc(SSL *s, int send) int tls1_enc(SSL *s, int send) int dtls1_enc(SSL *s, int send) locat: EVP_Cipher(ds,rec-data,rec-input,l); openssl has not check the return value of EVP_Cipher, and the address of rec-data equals the address of rec-input. when user implements an openssl engine for do_cipher(both client and server), but just return error(no nothing,for other reason), openssl do_cipher just like memcpy, all data to be tansmitted will be not securiy. forxy 2008-10-27 I found a bug in s3_enc.c t1_enc.c and d1_enc.c. following function int ssl3_enc(SSL *s, int send) int tls1_enc(SSL *s, int send) int dtls1_enc(SSL *s, int send) locat: EVP_Cipher(ds,rec-data,rec-input,l); openssl has not check the return value of EVP_Cipher, and the address of rec-data equals the address of rec-input. when user implements an openssl engine for do_cipher(both client and server), but just return error(no nothing,for other reason), openssl do_cipher just like memcpy, all data to be tansmitted will be not securiy. forxy 2008-10-27
Re: [CVS] OpenSSL: openssl/apps/ apps.c openssl/crypto/jpake/ Makefile jpa...
On Mon, Oct 27, 2008, Ben Laurie wrote: Dr. Stephen Henson wrote: OpenSSL CVS Repository http://cvs.openssl.org/ Server: cvs.openssl.org Name: Dr. Stephen Henson Root: /v/openssl/cvs Email: [EMAIL PROTECTED] Module: openssl Date: 27-Oct-2008 13:02:53 Branch: HEAD Handle: 2008102712025200 Modified files: openssl/appsapps.c openssl/crypto/jpakeMakefile jpake.c jpake.h jpaketest.c Log: Fix warnings and various issues. C++ style comments. Signed/unsigned warning in apps.c Hmm. Why do I not get these warnings? You need -pedantic to get them which is in my compilation options by default. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [PATCH] keep CHIL engine from breaking in non-threaded situations [openssl.org #1736]
On Oct 20, 2008, at 11:21 AM, Sander Temme via RT wrote: Dear OpenSSL developers, I would like to propose the following patch to engines/e_chil.c: -- Polite nag -- I have been trying to raise this topic, on the list and through RT, since August. I have had no reaction from any of the folks I see commit to OpenSSL CVS. While I appreciate that you are all very busy, would one of you please consider this extremely simple patch and fold it in? Thank you very much, Sander -- End nag -- Index: engines/e_chil.c === RCS file: /home/openssl/cvs/openssl/engines/e_chil.c,v retrieving revision 1.5 diff -u -r1.5 e_chil.c --- engines/e_chil.c18 Mar 2006 14:22:20 - 1.5 +++ engines/e_chil.c20 Oct 2008 19:12:11 - @@ -588,12 +588,6 @@ hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock; hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy; } - else if (CRYPTO_get_locking_callback() != NULL) - { - HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_LOCKING_MISSING); - ERR_add_error_data(1,You HAVE to add dynamic locking callbacks via CRYPTO_set_dynlock_{create,lock,destroy}_callback()); - goto err; - } } /* Try and get a context - if not, we may have a DSO but no The effect will be that the CHIL engine can be loaded into any program, whether multithreaded or not. It does not release the developer from the obligation to set up the dynamic locking callbacks. It just stops the engine from trying to be its brother's keeper, which it has no business doing. Please consider this patch against the CVS trunk for backport to 0.9.8. -- [EMAIL PROTECTED] http://www.temme.net/sander/ PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [PATCH] keep CHIL engine from breaking in non-threaded situations [openssl.org #1736]
Well, FWIW, I will ACK the patch. And if nobody gets round to putting it in (and doing any other admin that goes with it, like regenerating the error definitions which probably change as a consequence of this, etc), then I'll try to do this myself this some time this week. If you want to help edge this forward in the mean-time - try patching the latest CVS snapshots of HEAD and/or 0.9.8-stable, and preferably after running make update so that your patch(es) require(s) less man-handling. TIA. Cheers, Geoff On Monday 27 October 2008 11:11:29 Sander Temme wrote: On Oct 20, 2008, at 11:21 AM, Sander Temme via RT wrote: Dear OpenSSL developers, I would like to propose the following patch to engines/e_chil.c: -- Polite nag -- I have been trying to raise this topic, on the list and through RT, since August. I have had no reaction from any of the folks I see commit to OpenSSL CVS. [snip] -- Un terrien, c'est un singe avec des clefs de char... __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]