than connecting over local
IP addresses).
Signed-off-by: Geoff Thorpe ge...@openssl.org
---
This is just a request for comments. Anyone think this is worth
putting in? Eg.
[In one shell]
cd apps openssl s_server -unix foobar -naccept 1
[In another shell]
cd apps openssl s_client
favour the latter case by punishing the former. The init work
gets done by each thread that finds the context to be uninitialised, and
we then lock the set logic after that work is done - the winning
thread's work gets used, the losing threads throw away what they've done.
Signed-off-by: Geoff Thorpe ge
David (thanks!) re-raised this ticket with the following details. (I am also
attaching his 'base64-bug.txt' file.)
Our UC-KLEE tool found a buffer overflow in OpenSSL's base64 decoder that
results in a negative length passed to memcpy. This is likely exploitable,
depending on where PEM-encoded
I'm attaching a patch that I think is the right fix, but would appreciate
feedback from people who understand evp/b64 better than me. It passes make
test, and ceases to dump-core with David's sample input (also attached to this
ticket).
BTW, this patch seems to apply to all branches as far back
I contacted the original submitter and he said there is unlikely to be any
value in this line of enquiry now. He asked me to close the ticket and I'm
happy to oblige.
--
Geoff Thorpe, RT/openssl.org
__
OpenSSL Project
On Thursday 02 April 2009 04:44:55 Marc Haisenko wrote:
Just a little load thinking... my patch *seems* to fix the blinding
issue. All the patch does is to make sure that once the thread/process
id's are different locking is *always* done and rsa-mt_blinding is
always used.
But since locking
On Wednesday 01 April 2009 04:48:01 Marc Haisenko wrote:
Forgive my frustration, but which god do I need to sacrifice to to get
some attention ? Even a go away, we don't care would be OK...
I have your email tagged for attention, but haven't had a good enough
moment to look at it. But please
OK, I've taken a look at this, and scratched my head a little. It's a
touch complicated by the fact that thread-ids have changed in the head
of development relative to what you're looking at in 0.9.8. But I'm now
wondering if you haven't misunderstood the nature of openssl's threading
support;
Fair comment, I'll respond to this as best I can, but this is not any
kind of official statement.
On Wednesday 01 April 2009 14:01:18 Kurt Roeckx wrote:
Hi,
I was under the impression that for the 1.0 version you would
change the API so that the ABI doesn't break all the time, and
I see no
On Tuesday 24 March 2009 09:45:20 Maxim Masiutin wrote:
Hello All,
We have a BN_GENCB structure BN_GENCB_set_*** macros to set fields.
Problem is that when compiling OpenSSL as a library and using it from
a different application written in different language, converting
structures and unions
On Tuesday 23 December 2008 02:01:38 Huang Ying wrote:
This patch adds support to Intel AES-NI instruction set for x86_64
platform.
Cool. I'm relying on Andy to provide a more thorough review than my quick
scan - I don't do perl-asm :-) In particular, I haven't tried patching
and building
On Tuesday 23 December 2008 11:58:52 Andy Polyakov wrote:
Out of curiosity, what does NI stand for anyway? Or is it just
something the knights kept saying? But didn't they stop doing so?
ROFL :-)
Next up, eng_shrubbery.c ...
Cheers,
Geoff
--
Un terrien, c'est un singe avec des clefs de
On Tuesday 16 December 2008 05:54:28 Richard Levitte wrote:
OpenSSL CVS Repository
http://cvs.openssl.org/
__
__
Server: cvs.openssl.org Name: Richard Levitte
He's bck! :-)
How's things?
Oops, chalk up another victim to reply-to ... sorry for the noise (and
the follow-up noise of this apology).
Cheers,
Geoff
On Tuesday 16 December 2008 14:52:34 Geoff Thorpe wrote:
On Tuesday 16 December 2008 05:54:28 Richard Levitte wrote:
OpenSSL CVS Repository
http://cvs.openssl.org
On Thursday 11 December 2008 05:04:36 Peter Waltenberg wrote:
Anything in memory could end up swapped out, but stack is the least
likely since it's more often in use, the best you can do is zero the
area ASAP.
My other objection to putting all of this into an engine is that the
engine code
On Thursday 11 December 2008 10:52:36 Thor Lancelot Simon wrote:
On Thu, Dec 11, 2008 at 10:03:32AM -0500, Geoff Thorpe wrote:
Engines like eng_cryptodev.c *are* built in (they're in
./crypto/engine/ rather ./engines/) and the intention is that they
should be the implementation de base
On Thursday 11 December 2008 20:39:41 Huang Ying wrote:
On Thu, 2008-12-11 at 23:03 +0800, Geoff Thorpe wrote:
Engines like eng_cryptodev.c *are* built in (they're in
./crypto/engine/ rather ./engines/) and the intention is that they
should be the implementation de base for those build
On Thursday 11 December 2008 23:02:12 Huang Ying wrote:
On Fri, 2008-12-12 at 11:38 +0800, Geoff Thorpe wrote:
The cipher and digest support is at the granularity of nids, and
these combine algorithm, key-length, and mode. So if you implement
support for those cipher,length,mode
I doubt the OS vendors would bother
to enable an engine by default, testing of the possible
configurations is expensive and the costs of support calls if they
mess up makes autodetecting the engine to use a very unattractive
proposition.
One can discuss loading selected engines by
On Tuesday 18 November 2008 19:22:55 Sander Temme wrote:
On Nov 11, 2008, at 12:28 AM, Sander Temme wrote:
On Nov 2, 2008, at 9:19 AM, Sander Temme wrote:
The following compiles and tests cleanly on trunk and on the latest
snapshot of 0.9.8-stable (with offset 1 in e_chil.c). Also
On Tuesday 28 October 2008 02:07:18 Sander Temme wrote:
On Oct 27, 2008, at 8:20 AM, Geoff Thorpe wrote:
Well, FWIW, I will ACK the patch. And if nobody gets round to
putting it
in (and doing any other admin that goes with it, like regenerating
the error definitions which probably change
Well, FWIW, I will ACK the patch. And if nobody gets round to putting it
in (and doing any other admin that goes with it, like regenerating the
error definitions which probably change as a consequence of this, etc),
then I'll try to do this myself this some time this week.
If you want to help
Which version of openssl are you using?
Cheers,
Geoff
On Monday 13 October 2008 16:08:53 Pirasenna Velandai Thiyagarajan wrote:
How to load a DSO from within an engine?
I call DSO_load(NULL, mylibname, NULL, 0);
The code path I debugged is as follows:
#0 DSO_ctrl (dso=0x48ab98, cmd=2,
On Monday 13 October 2008 18:05:17 David Woodhouse wrote:
On Mon, 2008-10-13 at 13:08 -0700, Pirasenna Velandai Thiyagarajan
wrote:
How to load a DSO from within an engine?
See the code that this patch is mostly ripping out in favour of direct
linking:
I see that you've cross-posted to both lists a few times, please don't.
Most of your posts (if not all) belong on openssl-users. openssl-dev is
for discussing the development of openssl itself, whereas openssl-users
is for discussing development *using* openssl (or anything else related
to
Hi again,
On Thursday 11 September 2008 09:32:14 Geoff Thorpe wrote:
On Thursday 11 September 2008 09:06:39 Harald Welte wrote:
On Thu, Sep 11, 2008 at 10:22:38PM +1200, Michal Ludvig wrote:
Have a look here:
http://marc.info/?l=openssl-devm=109113625526391w=2
and in the corresponding
Please refrain from cross-posting to all the openssl lists. In particular,
please don't post to openssl-cvs, that's not what it's for (the Reply-To for
cvs mailouts is intentionally set to openssl-dev).
Thanks,
Geoff
--
Un terrien, c'est un singe avec des clefs de char...
On Thursday 11 September 2008 09:06:39 Harald Welte wrote:
On Thu, Sep 11, 2008 at 10:22:38PM +1200, Michal Ludvig wrote:
And finally the one you already knew about. That's the final works for
me version ready to be committed to openssl tree current at that time
(may not apply smoothly
On Thursday 11 September 2008 15:16:48 Andy Polyakov wrote:
BTW, my memory is vague here, is this Padlock block only able to do
one-shot hashing?
Yes, but a technique bypassing this limitation was proposed and proven
to work (as per end of SHA1 thread mentioned earlier). Technique
involved
* Harald Welte ([EMAIL PROTECTED]) wrote:
Hi guys,
ist has been 10 days since I posted this mail about certain questions
with regard to the suboptimal integration of VIA padlock support in OpenSSL.
Is there some kind of taboo against this topic or some bad history that I'm
missing? If
On Friday 18 July 2008 10:57:50 Bodo Moeller wrote:
On Thu, Jul 17, 2008 at 7:07 PM, Frederic Heem [EMAIL PROTECTED]
wrote:
Please find attached a patch which makes valgrind and friends happy. Some
changes had been done in md_rand.c which broke the purpose of PURIFY.
Needless to say that
On Wednesday 16 July 2008 16:58:11 Ger Hobbelt wrote:
Hi,
Sorry to bother, but just a quick question: those new threadid
handling routines that got into 0.9.9 a while ago disappeared from the
latest CVS (today) again. I assume this is intentional?
Just a Yes/No 's all I crave.
Thanks for
Hi Steph,
Didn't see this show up on openssl-dev but that's probably because of the
attachments. In any case, I'll top-post to leave your original email there
(minus attachment) so that it's visible for whoever else wants to know.
FWIW, I had your original post still flagged as TODO in my
A quick skim of this patch seems to indicate that it makes sense, though the
litmus test will be to get some kind of regression coverage. Eg. do
connections get left dangling in any common scenarios?
BTW, I note that the patch is against 0.9.8b, that's ... umm ... *old*. Could
you please regen
On Friday 30 May 2008 09:52:40 Ben Laurie wrote:
Dr. Stephen Henson wrote:
- if (len == -1)
+ if ((len == -1) !(attrtype MBSTRING_FLAG))
I do wish you wouldn't use these extra brackets around comparison
operators.
if (len == -1 !(attrtype MBSTRING_FLAG))
works just fine
On Monday 19 May 2008 15:27:24 dean gaudet wrote:
Note that you should always build with no-asm if you're doing this kind
of debug analysis. The assembly optimisations are likely to operate at
granularities and in ways that valgrind could easily complain about. I
don't know that this is
On Thursday 15 May 2008 16:51:55 John Parker wrote:
I'm still seeing a lot of errors from valgrind, even with the latest
snapshot.
19 15:12 tar xvfz ../openssl-0.9.8-stable-SNAP-20080515.tar.gz
20 15:12 cd openssl-0.9.8-stable-SNAP-20080515/
21 15:12 ls
22 15:12
On Friday 16 May 2008 00:47:52 Thor Lancelot Simon wrote:
On Thu, May 15, 2008 at 11:45:14PM +0200, Bodo Moeller wrote:
It may be zero, but it may be more, depending on what happened earlier
in the program if the same memory locations have been in use before.
This may very well include data
On Thursday 15 May 2008 11:52:08 John Parker wrote:
It is already possible to use openssl and valgrind - just build OpenSSL
with -DPURIFY, and it is quite clean.
(we do it all the time here with WvStreams and Pathfinder, and it works
like a charm).
The problem is that this may reduce
On Thursday 15 May 2008 12:38:24 John Parker wrote:
It is already possible to use openssl and valgrind - just build
OpenSSL with -DPURIFY, and it is quite clean.
Actually on my system, just -DPURIFY doesn't satisfy valgrind. What
I'm asking for is something that both satisfies valgrind
I forgot to mention something;
On Thursday 15 May 2008 12:38:24 John Parker wrote:
It is already possible to use openssl and valgrind - just build
OpenSSL with -DPURIFY, and it is quite clean.
Actually on my system, just -DPURIFY doesn't satisfy valgrind. What
I'm asking for is
On Thursday 15 May 2008 16:56:17 Erik de Castro Lopo wrote:
Patrick Patterson wrote:
On May 15, 2008 10:58:07 am John Parker wrote:
In the wake of the issues with Debian, is it possible to modify the
source so that it is possible to use valgrind with openssl without
reducing the key
On Thursday 15 May 2008 17:31:45 Erik de Castro Lopo wrote:
Geoff Thorpe wrote:
Then tell your linux distribution to use -DPURIFY.
Hangon, I've got a better idea. How about the OpenSSL develoeprs
fix their library so that the standard version that they ship is
valgrind clean
Did you (re)try with a more recent snapshot? A fix to this area of the ENGINE
logic was made recently in response to bugzilla ticket 1668;
http://rt.openssl.org/Ticket/Display.html?id=1668
http://marc.info/?l=openssl-cvsm=120942258326907w=2
You indicate that you're using 0.9.8e which is a
Nice analysis Ian and John, thanks for digging in to this. I agree with
what you've determined, though I think there was a missing 'uptodate'
line from the code too. I'm attaching a diff that matches yours but has
this extra line. Can you please confirm that this still gives you the
behaviour
Yeah I've raised this with Richard to get his sense of what he intended.
Please raise a ticket on RT if you like and assign it to either of us.
Cheers,
Geoff
On Wed, 2008-04-09 at 11:44 -0400, Brad House wrote:
I'd have to look at the context of what is actually happening
here but it looks
On Wed, 2008-03-26 at 17:07 -0400, Azam Syed wrote:
I loaded openssl 0.9.8g and when I complie Nagios plugin it says yes
next to openssl, but when I do the make I get the following. I
complied Nagios plugin with [EMAIL PROTECTED]
nagios-plugins-1.4.11]# ./configure
Theodore Tso wrote:
I would suggest that the best way to do this is to *add* new mutator
functions (and accessor functions, where necessary) which applications
who care about ABI stability can use, and then document a set of
interfaces for which ABI stability is guaranteed. That could be a
Hi Thor,
On Sun, 2008-03-02 at 23:21 -0500, Thor Lancelot Simon wrote:
FWIW, this is not really the right way of implementing async support in
openssl. Completion events are not always going to be related to file
descriptors in any clear way
Certainly if the file in question is one for a
FWIW, I think we mostly agree but are attacking the general issue from
different angles.
On Wed, 2008-03-05 at 10:44 -0500, Thor Lancelot Simon wrote:
Well, I did not suggest that one would ever use a file descriptor per
operation. But, let me try again.
Note first that that OpenSSL does
On Wed, 2008-03-05 at 13:54 -0500, Thor Lancelot Simon wrote:
On Wed, Mar 05, 2008 at 12:10:04PM -0500, Geoff Thorpe wrote:
I was not involved in the discussion so am not familiar with the
arguments. However I agree that SSL_[poll|select]() would be unwise
because it presumes to make
Hi Thor,
I'm slowly coming back through a few tonnes of spooled email that has
been accumulating for months (including everything openssl-related).
That's just some context. I may have missed prior discussion about all
sorts of things related to ENGINE and async requirements, if so my
apologies.
There's your first clue, build with -DPURIFY :-)
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net/
Self-interest and materialistic desire are parts of who we are, but
not all. To base a social and economic system on these traits is
dangerously fundamentalist.
-- Joel Bakan
anyway - the preprocessor causes disabled modules to
compile empty. I'm not sure what the best fix to this is, but it
certainly involves make, probably perl, and quite a bit of digging.
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net/
Self-interest and materialistic
/* SO_PATH points the ubsec engine to the broadcom library */
Return = ENGINE_ctrl_cmd_string (Engine, SO_PATH, bc.libubsec.so, 0);
/* This implicitly initialises the engine */
Return = ENGINE_set_default (Engine, ENGINE_METHOD_ALL);
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http
lib.
Hope that helps,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net/
Self-interest and materialistic desire are parts of who we are, but
not all. To base a social and economic system on these traits is
dangerously fundamentalist.
-- Joel Bakan
the default path to load the engine
shared lib (libubsec.so). Let me know if this isn't the case, but from an
initial glance that seems to be what you're hitting.
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net/
Self-interest and materialistic desire are parts of who we
0.9.7 and 0.9.8. If that's what
you're trying, I wouldn't be surprised if you hit problems. Anyway, dig a
little deeper if you can - if need be set a break point at or before
eng_dyn.c:433 and go in a step it through.
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net
a more active
participation in the open source ecosystem...)
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net/
Même ceux qui se sentent pas des nôtres, ne nous voyant plus à genoux,
seront, plus que jamais, chez eux chez nous.
-- Loco Locass
tried
this myself. Can you post a little more detail about the problem? Also,
have you played with openssl engine - at all? It may help by
generating an error-trace.
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.openssl.org
version
of openssl they like, but I guess that's not what you're after :-) ]
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.openssl.org/
__
OpenSSL Project http://www.openssl.org
though (ie. I doubt we'll be
dispersing the volunteers with tear-gas or anything).
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.openssl.org/
__
OpenSSL Project http://www.openssl.org
with a clean working directory?
Oops, good call :-)
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net/
Greedy Genghis George, Guru of God and Guns.
__
OpenSSL Project http
. I'll try to dig up more info tomorrow when I get
back to the machine I was on.
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net/
Greedy Genghis George, Guru of God and Guns.
__
OpenSSL Project
[EMAIL PROTECTED] - Thu Oct 21 08:19:52 2004]:
please try a recent snapshot
So it looks like this issue was resolved (I haven't checked, but Nils is
a trustworthy sort :-). I'm closing the ticket.
Cheers,
Geoff
--
Geoff Thorpe, RT/openssl.org
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net/
Greedy Genghis George, Guru of God and Guns.
__
OpenSSL Project http://www.openssl.org
Development Mailing List
in that mail thread has since
begun and resolved a lot of stuff. I'll revisit the issues you raised
and see how they look in the context of the new code - if the problems
are still there, it'll be possible to fix them properly now.
Cheers,
Geoff
--
Geoff Thorpe, RT/openssl.org
version are you
using BTW?
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net/
Greedy Genghis George, Guru of God and Guns.
__
OpenSSL Project http://www.openssl.org
support for RSA, DSA, and DH.
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net/
__
OpenSSL Project http://www.openssl.org
Development Mailing List
that this leaves your host machine's processor free of the overhead
so that it can do other things. However, I won't be drawn into debating
the merits one way or the other ... :-)
Regards,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net
On September 27, 2004 02:02 pm, Richard Levitte - VMS Whacker wrote:
In message [EMAIL PROTECTED] on Mon, 27 Sep
2004 13:41:18 -0400, Geoff Thorpe [EMAIL PROTECTED] said:
geoff Well eng_padlock.c is #ifdef'd out unless we are on a
geoff supported platform, so I don't think portability
On September 27, 2004 03:20 pm, Richard Levitte - VMS Whacker wrote:
In message [EMAIL PROTECTED] on Mon, 27 Sep
2004 14:33:32 -0400, Geoff Thorpe [EMAIL PROTECTED] said:
geoff Quick reaction without checking the code properly. No, I think
geoff the issue is that further down there is other
, just thought I'd throw
the question out there in case anyone had any ideas.
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net/
__
OpenSSL Project http://www.openssl.org
and
the misleading commentry.
--
Geoff Thorpe, RT/openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager
suggest that you and Andy get happy with the gritty stuff, and then I'll
help with the rest. (We should probably at that point also put a contrib
link to your site if it's not already there to cover people wanting a
version backfitted to 0.9.7.)
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http
to openssl) but
rather of the system and run-time environment (a probem it would be
futile for openssl to address). It's a piece of rope, you can put it to
any use you know a knot for ...
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net
to be safe on the remaining x86 chips,
particularly older ones without cpuid.
Regards,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net/
__
OpenSSL Project http://www.openssl.org
this, I'll be able to
proceed.
Cheers,
Geoff
--
Geoff Thorpe, RT/openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List
in private email.
Thanks for carrying out the updates.
Cheers,
Geoff
--
Geoff Thorpe, RT/openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL
by specific target?
The Configure script (invoked by ./config if you choose to go that way)
uses different targets for different compiler/OS/CPU combinations. And
whatever else is required to build without using autoconf. Run;
perl Configure -?
Cheers,
Geoff
--
Geoff Thorpe, RT/openssl.org
of finding a fix for 0.9.7 to avoid
ERR_get_implementation. duck object=rancid tomatoesOr we could ignore
this problem altogether./duck :-)
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net/
__
OpenSSL
(ie. they
build engine libs), and that in turn opens the interop questions stable
branches normally don't raise.
Hmmm.
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net/
__
OpenSSL Project
questions. I've got a cold, that's all I can
manage for now. :-)
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net/
__
OpenSSL Project http://www.openssl.org
Development Mailing
(), but doesn't reset ibmca_dso=NULL. The next time openssl
| call ibmca_init, ibmca_dso!=NULL, so we enter an error path, which
| re-call's DSO_free on the already freed ibmca_dso variable.
Ahh, cool. Glad you got to the bottom of it.
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http
to know why you're seeing (or think you're seeing) errors in the
statically-compiled case? Can you alter the macro to display the values
of ERR_get_implementation() and fns-err_fns before that if(){} branch,
as those values should match in the static case.
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net/
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager
accept such a situation with
the padlock stuff given that the majority of run-time environments
wouldn't be able to use it. Is there anything else specific about
padlock-capable systems that could be used to set specific targets for
this stuff?
Cheers,
Geoff
--
Geoff Thorpe, RT/openssl.org
your code for that. 0.9.7-stable is maintenance-only unless
under exceptional circumstances, so 0.9.8-dev (HEAD) is where this needs
to go.
Cheers,
Geoff
--
Geoff Thorpe, RT/openssl.org
__
OpenSSL Project
Yo,
On June 1, 2004 02:34 am, Richard Levitte - VMS Whacker wrote:
In message [EMAIL PROTECTED] on Tue, 1
Jun 2004 05:18:59 +0200 (CEST), Geoff Thorpe [EMAIL PROTECTED]
said:
geoff Log:
geoff This fixes the installation target for dynamic engines,
geoff which was trying
for a subject called Discrete Math. My
[snip]
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.openssl.org/
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL
attached a patch
that works for me, but it'd be good if you could verify you see the same
behaviour. For example, I can generate RSA keys of 31 bits (meaning the
primes are 15/16 bits each) but it fails for 30 bits. Do you see the same
thing?
Cheers,
Geoff
--
Geoff Thorpe, RT/openssl.org
your patch?
Cheers,
Geoff
--
Geoff Thorpe, RT/openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager
Antti,
Any news on an update for your patch?
Cheers,
Geoff
--
Geoff Thorpe, RT/openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL
be able to take this further.
Cheers,
Geoff
--
Geoff Thorpe, RT/openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List
Looks mostly ok. It's missing a RSA_METHOD change and has a redundant
BN_new() (memory leak), but nothing major. I'll tidy it up and commit it
in a sec, thanks.
--
Geoff Thorpe, RT/openssl.org
__
OpenSSL Project
it by then.
Quick question: is this occuring in the head of CVS or just release
branches?
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net/
__
OpenSSL Project http
] Missing loop end check in
crypto/engine/eng_table.c from Geoff Thorpe. In short: the bug is
already corrected in the CVS.
Actually, only the sk_value() case was addressed, so the report is valid
w.r.t. sk_set(). I'm just checking for other cases and will commit
shortly.
Cheers,
Geoff
) but it fails for 30 bits. Do you see the same
thing?
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.openssl.org/
Index: crypto/rsa/rsa_gen.c
===
RCS file: /e/openssl/cvs/openssl/crypto/rsa/rsa_gen.c,v
retrieving revision
NULL for out-of-range indexes, making the stack API a little more
robust and, by no coincidence, enforcing a behaviour I'd been relying on
in eng_table.c that had never actually existed. gulp
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net
Can you please resubmit the patch as an attachment rather than inlining
it? The patch gets word-wrapped otherwise and is unusable.
--
Geoff Thorpe, RT/openssl.org
__
OpenSSL Project http
1 - 100 of 324 matches
Mail list logo