During our memory stress testing we discovered a bug in the
BN_generate_prime() function. In the case that the creation of a new BN_CTX
fails (line 143), execution drops down into the error path starting on line
204. In the error path, a call is made (line 206) to BN_free() on the local
variab
Hello,
Some typos in the openssl man pages were discovered (see NetBSD's PR
misc/19627
http://www.NetBSD.org/cgi-bin/query-pr-single.pl?number=19627), attached
please find a patch to correct them.
Cheers,
-Jan
--
http://www.netbsd.org -
Multiarchitecture OS, no hype required.
I've managed to download SP5 and the processor add on pack.
With VC++ 6.0 and SP5 only it passes all tests.
With VC++ 6.0, SP5 and processor add on it misbehaves and things like
AES give invalid results.
After playing around with various options it seems that disabling global
optimization with
Title: memory bug in BN_generate_prime()
During our memory stress testing we discovered a bug in the BN_generate_prime() function. In the case that the creation of a new BN_CTX fails (line 143), execution drops down into the error path starting on line 204. In the error path, a call is mad
On Thu, Jan 09, 2003 at 08:58:29PM +0100, Andy Polyakov wrote:
> I found the documentation for .def ... .endef, but it doesn't say a
> thing about the values of .scl and .type. So I just copied from an .s
> file generated by compiler. Verify the values with your people.
This is from the gas info p
> > And I don't think it's openssl's fault.
>
> Yes, it apparently is...
Verify that the attached patch solves the problem.
> > I'm going
> > to ask some linker experts...
>
> Ask about this .def ... .endef line. Any documentation available
> on-line?
I found the documentation for .def ... .en
> And I don't think it's openssl's fault.
Yes, it apparently is... Compile foo(){} with cc -S and note that
compiler add some .def ... .endef line, but not perlasm thing which is
reponsible for assembler code generation.
> I'm going
> to ask some linker experts...
Ask about this .def ... .endef
[[EMAIL PROTECTED] - Thu Jan 9 08:17:07 2003]:
> At 02:14 AM 1/9/2003 +0100, you wrote:
>
> >[[EMAIL PROTECTED] - Wed Jan 8 22:09:03 2003]:
> >
>
> >Assuming that isn't the case I've also just been tracing the cause of
> a
> >problem with VC++ SP4 with the processor pack.
> >
> >It was giving
On Thu, Jan 09, 2003 at 06:32:05PM +0100, Andy Polyakov wrote:
> > > > > Until I found a solution for that linker problem (which is a linker bug,
> > > > > apparently) I'd like to build the Cygwin version using rc4_enc.o. How
> > > > > can I do that most cleanly?
> > > >
> > > > By fixing rx86-out
On Thu, Jan 09, 2003 at 06:25:57PM +0100, Andy Polyakov wrote:
> I meant "be patient:-)" As for details, you should have provided more of
> them:-) At least that you've configured with shared flag and that 'make
> test' fails. In other words something we can *easily* reproduce. Cheers.
Uhm... I th
> > > > > Until I found a solution for that linker problem (which is a linker bug,
> > > > > apparently) I'd like to build the Cygwin version using rc4_enc.o. How
> > > > > can I do that most cleanly?
> > > >
> > > > By fixing rx86-out.o:-) A.
>
> Did it ever work? Assembler support in cygwin-sha
> > > > Until I found a solution for that linker problem (which is a linker bug,
> > > > apparently) I'd like to build the Cygwin version using rc4_enc.o. How
> > > > can I do that most cleanly?
> > >
> > > By fixing rx86-out.o:-) A.
Did it ever work? Assembler support in cygwin-shared build that
> > As for .*_end symbols. Apparently there're more... Any particular reason
> > why are you complaining just about .RC4_end?
>
> No. Just the one I found first due to the ssh crash.
>
> > > Until I found a solution for that linker problem (which is a linker bug,
> > > apparently) I'd like to bu
On Thu, Jan 09, 2003 at 05:53:57PM +0100, Andy Polyakov wrote:
> As for .*_end symbols. Apparently there're more... Any particular reason
> why are you complaining just about .RC4_end?
No. Just the one I found first due to the ssh crash.
> > Until I found a solution for that linker problem (whic
In message <[EMAIL PROTECTED]> on Thu, 9 Jan 2003 17:26:12
+0100, Corinna Vinschen <[EMAIL PROTECTED]> said:
vinschen> What I don't understand is the following.
vinschen>
vinschen> crypto/rc4/Makefile.ssl contains the following:
vinschen>
vinschen> RC4_ENC=rc4_enc.o
vinschen> # or use
vinsc
In message <[EMAIL PROTECTED]> on Thu, 09 Jan 2003 17:34:39 +0100, Andy
Polyakov <[EMAIL PROTECTED]> said:
appro> > c=`echo $$i | sed 's/^lib\(.*\).dll/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`;
appro> ^ this of course works, but it probably
appro> should be \., not ju
> What I don't understand is the following.
>
> crypto/rc4/Makefile.ssl contains the following:
>
> RC4_ENC=rc4_enc.o
> # or use
> #RC4_ENC=asm/rx86-elf.o
> #RC4_ENC=asm/rx86-out.o
> #RC4_ENC=asm/rx86-sol.o
> #RC4_ENC=asm/rx86bdsi.o
>
> Even though it's supposed to build rc4_enc.o t
On Thu, Jan 09, 2003 at 05:34:39PM +0100, Andy Polyakov wrote:
> > Btw., does anybody have an idea where a symbol ".RC4_end" could come from?
>
> I should have an idea... To start which I didn't expect to see .RC4_end
> symbol be visible at all. Assembler should have hidden it as names
> starting
> However, currently I'm unfortunately unable to release a Cygwin net
> version of 0.9.7 due to a linker problem, which results in dropped
> symbols in the link stub library. The most prominent dropped symbol
> is RC4. Building OpenSSH with this libs results in ssh and sshd crashing
> immediately
On Thu, Jan 09, 2003 at 05:10:55PM +0100, Richard Levitte - VMS Whacker wrote:
> In message <[EMAIL PROTECTED]> on Thu, 9 Jan 2003 17:05:12
>+0100, Corinna Vinschen <[EMAIL PROTECTED]> said:
>
> vinschen> Btw., does anybody have an idea where a symbol ".RC4_end" could come from?
>
> crypto/rc4/a
In message <[EMAIL PROTECTED]> on Thu, 9 Jan 2003 17:05:12
+0100, Corinna Vinschen <[EMAIL PROTECTED]> said:
vinschen> Btw., does anybody have an idea where a symbol ".RC4_end" could come from?
crypto/rc4/asm/rx86unix.cpp in my case (on Linux)...
I've applied your patches, and will commit them
On Tue, Dec 31, 2002 at 01:34:07AM +0100, Richard Levitte - VMS Whacker wrote:
> -BEGIN PGP SIGNED MESSAGE-
>
>
> OpenSSL version 0.9.7 released
> ===
Hi,
sorry for the late response but I didn't manage to test earlier :-(
I have two patches attached whi
In message <[EMAIL PROTECTED]> on Thu, 9 Jan 2003
14:05:58 +0100 (CET), "Dr. Stephen Henson" <[EMAIL PROTECTED]> said:
steve> Log:
steve> NULL tofree when it is freed to avoid double free.
steve>
steve> Make sure key is not NULL before freeing it.
[...]
steve> Index: openssl/app
> I've checked in a fix for that and another isssue which should fix things.
if (keyfree & key)
??? Bitwise and??? Don't you mean (keyfree && key)? A.
__
OpenSSL Project http://www.openssl.
[[EMAIL PROTECTED] - Thu Jan 9 11:26:42 2003]:
>
> If for any help. WorkShop dbx implements so called run-time check
> which
> catches things like references to uninitialized and unallocated
> memory.
> Not foolproof, but it might help. Here is what it says:
>
> I am unable to access the ./dem
On Thu, Jan 09, 2003 at 02:05:58PM +0100, Dr. Stephen Henson wrote:
> OpenSSL CVS Repository
> http://cvs.openssl.org/
>
>
> Server: cvs.openssl.org Name: Dr. Stephen Henson
> Root: /e/opens
Richard Levitte via RT wrote:
Oh look, there's a draft too:
http://www.ietf.org/internet-drafts/draft-nourse-scep-06.txt
This is the draft I used as a reference to implement SCEP...
--
C'you,
Massimiliano Pala
--o-
M
> > Running under a debugging malloc library causes a crash earlier on with
> > a double free error on something which is only freed once.
> >
> > Very odd...
> >
> > What platform is this on?
> >
> > Does anyone else get a crash with:
> >
> > openssl ca -infiles
>
> Linux: crash
> HP-UX 10.
On Thu, Jan 09, 2003 at 01:52:22AM +0100, Stephen Henson via RT wrote:
> Running under a debugging malloc library causes a crash earlier on with
> a double free error on something which is only freed once.
>
> Very odd...
>
> What platform is this on?
>
> Does anyone else get a crash with:
>
>
Try out openssl-SNAP-20030109 as it becomes available or 'cvs checkout'.
UnixWare 2.x and SCO3 remain without assembler support. If you feel
emotionally attached to these two, I'd suggest to trade assembler
support for a comment in ./Configure which says that
<[EMAIL PROTECTED]&g
On Thu, Jan 09, 2003 at 05:01:37AM +0100, [EMAIL PROTECTED] via RT wrote:
>
> Is there something I can do, use a different file? Any help? Thanks
> much.
Hmm. Actually this should not happen at all. Your c compiler picks up the
wrong file. I actually remember reading a comment somewhere, that
31 matches
Mail list logo