Hi,
in version 1.0.2, in crypto/dsa/dsa/ameth.c, line 318 frees `prkey`, which may
be freed again on line 332 if the call on line 320 fails.
318ASN1_INTEGER_free(prkey);
319
320if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0,
321 V_ASN1_SEQUENCE, params, dp,
On 25/03/15 23:40, Douglas E Engert wrote:
The attached patch against https://github.com/openssl/openssl
makes sure the EC private key in an OCTETSTRING retains leading zeros
when converting from BIGNUM to OCTETSTRING.
Thanks for the patch. This has been applied.
Matt
Hi,
I've been hunting down a heap corruption bug in OpenSSL for the past few
days and I found the guilty instruction. At this point, I know what
causes the problem but I am unsure how to solve it nicely.
Here is the minimal sample I used to reproduce the issue on the latest
1.0.2a (happens
Hi!
This is no impact but it would be nice to have UNKNOWN spelled right. Thank
you!
/home/pevnev/tmp/openssl-1.0.2a/crypto/asn1
[pevnev@blessed03 asn1]$ grep UNKOWN *
asn1_err.c:{ERR_REASON(ASN1_R_UNKOWN_FORMAT), unknown format},
asn1_gen.c:ASN1err(ASN1_F_ASN1_CB,
Hi Emilia,
I was able to test the patch and it does successfully now allow the server to
fall back to a Certificate message if it does not accept the SessionTicket sent
by the client.
Thanks for your help,
Erik
On 27 Mar2015, at 12:33, Emilia Käsper emi...@openssl.org wrote:
John, Erik,