[openssl-dev] [openssl.org #3847] [PATCH] Fix the heap corruption in libeay32!OBJ_add_object

Patch applied in commit 56d88027f026afd97ddf4e501f98437ca9819bfb. Many thanks. Matt ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2958] Bug report: dtls handshake loops after 'certificate verify' packet loss

This has been fixed in commit a0bd649336 on master, and similar commits for 1.0.2 and 1.0.1. Many thanks for your report. Matt ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] Question about valgrind error in DH in 1.0.2

Hi. I have an application that generates Diffie-Hellman key pairs based on some precomputed primes. In 1.0.1 (and earlier) this works just fine, while in 1.0.2 it gives valgrind errors (while still working). The error only occurs on x86_64, and it does not occur on 1024 bit DH. I've attached

Re: [openssl-dev] [openssl-users] Kerberos

On 08/05/15 09:40, Matt Caswell wrote: On 08/05/15 02:28, Jeffrey Altman wrote: Regardless, the inability to improve the support in this area has left the those organizations that rely upon 2712 with the choice of use insecure protocols or re-implement the applications. I do not

[openssl-dev] [openssl.org #3816] Call of memcmp with null pointers in obj_cmp()

Patch applied. Many thanks. Matt ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Question about valgrind error in DH in 1.0.2

Upon further investigation, it looks like the problem is in your sample code. You need to invoke CRYPTO_cleanup_all_ex_data() before terminating your program. On 05/13/2015 07:25 AM, Henrik Grindal Bakken wrote: Hi. I have an application that generates Diffie-Hellman key pairs based on some

Re: [openssl-dev] Question about valgrind error in DH in 1.0.2

If you add the --show-reachable option to valgrind, you can see where the leaks originate. They appear to be in the ex_data code (see below). As a side note, I see 416 bytes lost when using OpenSSL 1.0.1f as well as 1.0.2a. ==18173== HEAP SUMMARY: ==18173== in use at exit: 416 bytes in 6

Re: [openssl-dev] Question about valgrind error in DH in 1.0.2

John Foley fol...@cisco.com writes: If you add the --show-reachable option to valgrind, you can see where the leaks originate. They appear to be in the ex_data code (see below). As a side note, I see 416 bytes lost when using OpenSSL 1.0.1f as well as 1.0.2a. Ah, I forgot to mention. I'm

[openssl-dev] [openssl.org #1369] BUG Openssl executable 0.9.8a (Unix) fails when setuid/setgid

commit b6d3cb543c2e91aa6820cde637db55ad1cee525f Author: Rich Salz rs...@akamai.com Date: Mon May 4 07:52:27 2015 -0400 RT1369: don't do helpful access check. Don't do access check on destination directory; it breaks when euid/egid is different from real uid/gid. Reviewed-by: Richard Levitte

[openssl-dev] [openssl.org #3849] [BUG] openssl s_client delays on Windows

OpenSSL version: 1.0.2a after applying the patch from http://rt.openssl.org/Ticket/Display.html?user=guestpass=guestid=3464 OS: Windows (tested on Windows 2012 r2 64 bit and Windows 7 64 bit) openssl s_client introduces 2 delays of 1 second when closing the connection, clearly visible when

[openssl-dev] [openssl.org #3801] need NULL check in CMAC_CTX_free

OpenSSL_0_9_8-stable 155ca14 Add NULL checks from master OpenSSL_1_0_0-stable 690d040 Add NULL checks from master OpenSSL_1_0_1-stable 76b49a8 Add NULL checks from master OpenSSL_1_0_2-stable f34b095 Add NULL checks from master commit f34b095fab1569d093b639bfcc9a77d6020148ff Author: Rich Salz

[openssl-dev] [openssl.org #3841] Uninitialized memory causes segmentation fault

Fixed in master. Note that existing code can use the EVP_CTRL_INIT ctrl operation to initialise cipher_data. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] Question about valgrind error in DH in 1.0.2

Changing the movzwl to movzbl in bn_get_bits5 eliminates the valgrind error. But this isn't a valid fix since bn_get_bits5 no longer returns the correct data. My assembly skills are near nil. Maybe someone else can propose a valid fix. Having said this, this does show the problem appears to

[openssl-dev] [openssl.org #3848] [PATCH] Fix memory leak caused by not calling SSL_COMP_free_compression_methods()

Hello, Currently 'apps_shutdown()' in 'openssl.c' isn't freeing the compression methods. This is causing the CRT debug heap (and I assume various other tools) to indicate a memory leak. Though OS will free all the resources when user-mode application exits, it's better to do this explicitly

[openssl-dev] [openssl.org #3847] [PATCH] Fix the heap corruption in libeay32!OBJ_add_object

Hello, Original 'sizeof(ADDED_OBJ)' was replaced with 'sizeof(*ao)'. However, they return different sizes. Therefore as the result heap gets corrupted and at some point later debug version of malloc() detects the corruption. Issue reproduces with either enabling CRT debug heap or Application

Re: [openssl-dev] Question about valgrind error in DH in 1.0.2

Could this be the issue your seeing? It was fixed in boringssl I think. https://boringssl.googlesource.com/boringssl/+/bf681a40d6142edfa44a27dc0d6e07e0c37865a4 https://boringssl-review.googlesource.com/#/c/1393/ --- Kurt Cancemi https://www.x64architecture.com On Wed, May 13, 2015 at 1:19 PM,