Dear Stephen,
On Mon, Nov 30, 2015 at 4:17 AM, Stephen Henson via RT
wrote:
> On Sun Nov 29 09:04:03 2015, beld...@gmail.com wrote:
> > Hello OpenSSL Team,
> >
> > I found out that the commit 28f4580c1e510ccf4278a20975c9bc3306f758d6
> breaks
> > GOST 2012 client auth processing.
> >
>
> This sho
Dear Stephen,
On Mon, Nov 30, 2015 at 4:17 AM, Stephen Henson via RT
wrote:
> On Sun Nov 29 09:04:03 2015, beld...@gmail.com wrote:
> > Hello OpenSSL Team,
> >
> > I found out that the commit 28f4580c1e510ccf4278a20975c9bc3306f758d6
> breaks
> > GOST 2012 client auth processing.
> >
>
> This sho
Yes. Malloc failed in our case.
Srinivas
-Original Message-
From: Kurt Roeckx via RT [mailto:r...@openssl.org]
Sent: Sunday, November 29, 2015 6:59 PM
To: Srinivas Koripella
Cc: openssl-dev@openssl.org
Subject: Re: [openssl-dev] [openssl.org #4159] BUG ::: Null dereference in
ssl3_free
On Sun Nov 29 09:04:03 2015, beld...@gmail.com wrote:
> Hello OpenSSL Team,
>
> I found out that the commit 28f4580c1e510ccf4278a20975c9bc3306f758d6 breaks
> GOST 2012 client auth processing.
>
This should be fixed by commit aa430c7467bcb7aa0a88
Steve.
--
Dr Stephen N. Henson. OpenSSL project cor
On Sun, Nov 29, 2015 at 11:09:35AM +, Trevor Larock via RT wrote:
> Hi folks,
>
> Can I ask about malloc failure handling issues, seems affecting OpenSSL
> 1.0.1p and 1.0.2d,
>
> 1. In s3_enc.c::ssl3_digest_cached_records, we have the below code.
>
> s->s3->handshake_dgst =
> OP
On Sun, Nov 29, 2015 at 11:09:34AM +, Srinivas Koripella via RT wrote:
> Description.
>
> We are dereferencing s->s3 in ssl3_free without checking if s->s3 is null or
> not.
This has already been fixed in the current git versions.
I'm wondering why you see this, you should only get this in
Hi folks,
Can I ask about malloc failure handling issues, seems affecting OpenSSL 1.0.1p
and 1.0.2d,
1. In s3_enc.c::ssl3_digest_cached_records, we have the below code.
s->s3->handshake_dgst =
OPENSSL_malloc(SSL_MAX_DIGEST * sizeof(EVP_MD_CTX *));
memset(s->s3->handshake_dgst, 0
On Mon, 23 Nov 2015 11:11:37 PM Alessandro Ghedini wrote:
> Is this TLS connections?
Yes, this is just measuring the TLS handshake. Renegotiations predominately.
We deliberately didn't test the bulk symmetric crypto phase of the connection.
> I'd like to know more...
The data are a bit rough a
Description.
We are dereferencing s->s3 in ssl3_free without checking if s->s3 is null or
not.
s->s3 can be null because of the below code path.
SSL_new--> ssl3_new/tls1_new (via s->method->ssl_new) which allocates s3 and
assigns s->s3 if successful. If not s->s3 will remain null as we memset
Hello OpenSSL Team,
I found out that the commit 28f4580c1e510ccf4278a20975c9bc3306f758d6 breaks
GOST 2012 client auth processing.
If the call to the EVP_PKEY_get_default_digest_nid() function is
unacceptable here, it can be replaced with the chain of if expressions (the
patch is attached).
BTW,
10 matches
Mail list logo