Re: [openssl.org #1681] 0.9.8h bug report

Hi, You should not touch the file sha1-586.pl because the problem is located in the file x86ms.pl that is dedicated to MASM. In this file, the line 273 containing $extra should be removed to be able to compile the generated assembly files. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On

[openssl.org #2118] [PATCH] handle ECDSA_sign error correctly in pkey_ec_sign (the correct one)

Hi, This is a patch against openssl-1.0.0-stable-SNAP-20091129 which corrects the way the error code returned by ECDSA_sign is handled in the function pkey_ec_sign. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr ---

Re: [openssl.org #2240] Missing Supported Point Formats Extension in ServerHello should be ignored

Hi, I'm attaching a simple patch that should correct this behavior. Can you test it and tell us the results? Thanks, -- Mounir IDRASSI IDRIX http://www.idrix.fr Dear openssl support, I investigated the following web servers. But all of them failed with the same error. 1)

Re: [openssl.org #2245] [PATCH] Add /Zi to VC++ CFLAG in debug configuration (1.0.0 and 0.9.8)

IDRASSI via RT wrote: Hi, This patch adds the /Zi switch to CFLAG in the debug configuration in order to permit stepping inside OpenSSL code during debug sessions. It applied to the latest snapshots of 1.0.0 and 0.9.8 source trees. It should be in base_cflags, since it is required

Re: [openssl.org #2312] Function protos in 1.0.0a: unsigned long changed to size_t not so good for amd/x64, Itanium

Hi, As far as I know, OpenSSL 1.0 is not meant to be binary compatible with OpenSSL 0.9.8x, at least for low-level APIs like the AES one you are referring to. So, as you suggest it, an application should know if it is using a 0.9.8 libeay32 or an 1.0 one, and depending on that it will use

[openssl.org #2314] [PATCH] fix double free in ssl3_get_key_exchange in case of error

Hi, This patch corrects a double free bug in ssl3_get_key_exchange (s3_clnt.c) when an error happens during the connection to a server. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr --- E:/dev/libraries/openssl-1.0.latest/ssl/s3_clnt.c.original Sun Feb 28 01:24:24 2010 +++

Re: [openssl.org #2240] Missing Supported Point Formats Extension in ServerHello should be ignored

Hi Steven, Can you please check the protocol and the cipher used for each case (SSLv3_server_method vs SSLv23_server_method) using the same client? The only explanation for the difference you are seeing is that when you use SSLv3_server_method, TLS extension ECPointFormats is sent with

[openssl.org #2358] [PATCH] Correct a double free bug in ssl3_send_server_key_exchange

Hi, This patch against the latest 1.0.1 stable snapshot corrects a double free bug in function ssl3_send_server_key_exchange (s3_srvr.c) that occurs when an ECDHE cipher is used, leading to a crash. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr ---