date:20101229

Re: OCSP_BASICRESP_free() segmentation fault

2010-12-29 Thread Dr. Stephen Henson

On Wed, Dec 29, 2010, Bin Lu wrote:

> Hi Steve,
> 
> 
> 
> My code looks like this(error checking is omitted):
> 
> 
> 
> OCSP_BASICRESP* bs = OCSP_response_get1_basic(resp);
> 
> OCSP_check_nonce(req, bs);
> 
> OCSP_basic_verify(bs, chain, store, verifyFlags);
> 
> OCSP_resp_find_status(bs, id, &status, ...);
> 
> 
> 
> if (resp!=NULL) OCSP_RESPONSE_free(resp);
> 
> if (bs != NULL) OCSP_BASICRESP_free(bs);
> 
> 
> 
> Do I need to explicitly free this OCSP_BASICRESP(does 
> OCSP_response_get1_basic() return dup'ed data structure)?
> 

Yes you do need to explicitly free it. The '1' in the function name indicates
it returns structures which must be freed.

Are you seting the remaining arguments to OCSP_resp_find_status() to NULL or
do you extract those fields too? The other fields are *not* duped. 

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: openssl socket

2010-12-29 Thread David Schwartz


On 12/29/2010 1:11 AM, Esimorp E wrote:

Hi all,
I tried changing the one-to-one socket type in OpenSSL to one-to-many by
changing SOCK_STREAM to SOCK_SEQPACKET and it compiled fine but while
trying to run other program on it I had the following error:
bss_dgram.c(236): OpenSSL internal error, assertion failed: ret >= 0

Please, can anyone tell me how to solve this problem.


Change the socket type back to SOCK_STREAM or implement all the code 
necessary to handle the semantic differences between these socket types.


DS

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: OCSP_BASICRESP_free() segmentation fault

2010-12-29 Thread Bin Lu

Hi Steve,



My code looks like this(error checking is omitted):



OCSP_BASICRESP* bs = OCSP_response_get1_basic(resp);

OCSP_check_nonce(req, bs);

OCSP_basic_verify(bs, chain, store, verifyFlags);

OCSP_resp_find_status(bs, id, &status, ...);



if (resp!=NULL) OCSP_RESPONSE_free(resp);

if (bs != NULL) OCSP_BASICRESP_free(bs);



Do I need to explicitly free this OCSP_BASICRESP(does 
OCSP_response_get1_basic() return dup'ed data structure)?



This code has been in our product for many years and this is the first time we 
saw this crash.



Regards and Happy New Year!

-binlu



-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Dr. Stephen Henson
Sent: Monday, December 13, 2010 11:49 AM
To: openssl-users@openssl.org
Subject: Re: OCSP_BASICRESP_free() segmentation fault



On Mon, Dec 13, 2010, Bin Lu wrote:



> OK, let me look into this.

>

> But could you please let me know where these _free functions are defined, for 
> OCSP_BASICRESP_free(), OCS_RESPONSE_free(), OCSP_REQUEST_free()?

>



The actual definition is in crypto/ocsp/ocsp_asn.c but that wont help much

because the FAQ: http://www.openssl.org/support/faq.html#PROG16 is relevant

here.



Steve.

--

Dr Stephen N. Henson. OpenSSL project core developer.

Commercial tech support now available see: http://www.openssl.org

__

OpenSSL Project http://www.openssl.org

User Support Mailing Listopenssl-users@openssl.org

Automated List Manager   
majord...@openssl.org


On Thu, Dec 09, 2010, Bin Lu wrote:



> Hi,

>

> I am getting the following crash in openssl-0.9.8d:

>

> #0 0x2332885e in ASN1_primitive_free ()

> #1 0x233288a4 in ASN1_primitive_free ()

> #2 0x23328935 in ASN1_primitive_free ()

> #3 0x23328b5a in ASN1_template_free ()

> #4 0x23328a74 in ASN1_primitive_free ()

> #5 0x23328b5a in ASN1_template_free ()

> #6 0x23328a74 in ASN1_primitive_free ()

> #7 0x23328b12 in ASN1_template_free ()

> #8 0x23328a74 in ASN1_primitive_free ()

> #9 0x23328b93 in ASN1_item_free ()

> #10 0x2335698d in OCSP_BASICRESP_free ()

>

Re: S/MIME encrypted by Bouncycastle cannot be decrypted with openssl

2010-12-29 Thread Dr. Stephen Henson

On Wed, Dec 29, 2010, Markus Wernig wrote:

> On 12/28/10 18:35, Dr. Stephen Henson wrote:
> 
> > At around line 184 there is a longer line which seems to be confusing
> > OpenSSL's base64 decoder. If you add a newline in there it seems to be OK.
> 
> Yes, I noted that too. This also does the trick:
> 
> # base64 -d encMsgNok.eml > encMsg.bin
> # base64 encMsg.bin > encMsg.eml
> 
> asn1parse and smime -decrypt happy again :-)
> 
> PS: Actually, the reason seems to be (not having looked at the code)
> that the base64 decoder of openssl enforces a maximum encoded line
> length of 76, which seems to be derived from RFC 2045 (MIME), stripping
> any character beyond position 76. Which of course would leave it with a
> garbled DER structure afterwards ...

Yes the base64 decoder is a bit picky. It could do with rewriting to be more
robust (it has been patched up several times over the years) and to include
new functionality (e.g. so PEM headers can be streamed).

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: S/MIME encrypted by Bouncycastle cannot be decrypted with openssl

2010-12-29 Thread Markus Wernig

On 12/28/10 18:35, Dr. Stephen Henson wrote:

> At around line 184 there is a longer line which seems to be confusing
> OpenSSL's base64 decoder. If you add a newline in there it seems to be OK.

Yes, I noted that too. This also does the trick:

# base64 -d encMsgNok.eml > encMsg.bin
# base64 encMsg.bin > encMsg.eml

asn1parse and smime -decrypt happy again :-)

PS: Actually, the reason seems to be (not having looked at the code)
that the base64 decoder of openssl enforces a maximum encoded line
length of 76, which seems to be derived from RFC 2045 (MIME), stripping
any character beyond position 76. Which of course would leave it with a
garbled DER structure afterwards ...
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

openssl socket

2010-12-29 Thread Esimorp E

Hi all,
I tried changing the one-to-one socket  type in OpenSSL to one-to-many by 
changing SOCK_STREAM to SOCK_SEQPACKET and it compiled fine but while trying to 
run other program on it I had the following error: 

bss_dgram.c(236): OpenSSL internal error, assertion failed: ret >= 0

Please, can anyone tell me how to solve this problem.

Regards,
Esimorp.

Re: OCSP_BASICRESP_free() segmentation fault

Re: openssl socket

RE: OCSP_BASICRESP_free() segmentation fault

Re: S/MIME encrypted by Bouncycastle cannot be decrypted with openssl

Re: S/MIME encrypted by Bouncycastle cannot be decrypted with openssl

openssl socket

6 matches

Site Navigation

Mail list logo

Footer information