[openssl.org #1695] RSA_padding_check_SSLv23 broken

2008-06-04 Thread Jacques Vidrine via RT
We have addressed the following issue in Mac OS X: RSA_padding_check_SSLv23 has a bug in the loop that verifies the presence of eight consecutive 0x03 padding bytes just before the null marker signifying the end of the padding. The problem is that at the start of the for loop (for (k= -8;

[openssl.org #1696] fail to check the return value of d2i_PBEPARAM() in /crypto/pkcs12/p12_npas.c

2008-06-04 Thread Ray-Yaung Chang via RT
File Name: /crypto/pkcs12/p12_npas.c Function Name: alg_get() Buggy Code: 210: pbe = d2i_PBEPARAM(NULL, p, alg-parameter-value.sequence- length); // if (pbe == NULL) return is missed here 211: *pnid = OBJ_obj2nid(alg-algorithm); 212: *piter = ASN1_INTEGER_get(pbe-iter);

[openssl.org #1697] openssl 2.2.8g: failure to check the return value of sk_new_null() in /apps/pkcs12.c, ocsp.c, engine.c and cr12p7.c

2008-06-04 Thread Ray-Yaung Chang via RT
File Name: /crypto/stack/stack.c Function Name: sk_new_null() Code: 115: STACK *sk_new_null(void) 117: return sk_new((int (*)(const char * const *, const char * const *))0); File Name: /apps/crl2p7.c Function Name: main() Buggy Code: 144: if (!certflst) certflst =

[openssl.org #1698] potential bugs discovered by interprocedural code analysis for version 0.9.8g of Openssl

2008-06-04 Thread Ray-Yaung Chang via RT
Dear Openssl developers, I am a Ph.D. student in the Software Engineering Research Group of EECS department at Case Western Reserve University, under the instruction of Prof. Andy Podgurski. In our very recent research, we applied inter-procedural static program analysis and data mining

Re: SSL_shutdown nonblocking behavior

2008-06-04 Thread Thor Lancelot Simon
On Tue, Jun 03, 2008 at 11:37:02AM -0400, Geoff Thorpe wrote: A quick skim of this patch seems to indicate that it makes sense, though the litmus test will be to get some kind of regression coverage. Eg. do connections get left dangling in any common scenarios? Darryl (who wrote the patch)

Re: [openssl.org #1693] Compiling OpenSSL with mingw-w64

2008-06-04 Thread Roumen Petrov
Hi Stefan, [EMAIL PROTECTED] via RT wrote: Hi, I just tried to compile OpenSSL-0.9.8h with mingw-w64 (see http://sourceforge.net/projects/mingw-w64/) and needed a couple of changes to the source code (see attached patch). Some notes: - I added a mingw64 line to Configure and

openssl 0.9.8h, .\crypto\err\err.c:418 392

2008-06-04 Thread BORODA(C)
What does this diagnostics mean? perl Configure VC-WIN32 --prefix=C:/Programm/openssl-0.9.8h ms\do_masm nmake -f ms\ntdll.mak nmake -f ms\ntdll.mak test [skip] testenc start testenc C:\Programm\openssl-0.9.8h\out32dll test enc openssl (lock_dbg_cb): already locked (mode=9, type=1) at

Openssl 0.9.8g build with Apache 2.2.8 for WIN32

2008-06-04 Thread Beth E. Okun
Hello to all.. I'm able to build the openssl 0.9.8g on windows 2003 using VC++ version 7 and the ms\do_ms build..I'm also able to build Apache 2.2.8 with the openssl dlls included...However, the service will not start, and I am getting a weird error in the event viewer

RE: [openssl.org #1682] AutoReply: BIO_snprintf can NOT work properly on HPUX 11.23 IA for 32bits mo

2008-06-04 Thread qianbohound via RT
Hi OpenSSL Dev, Is there any investigation progress of this isse? Thank you! Subject: [openssl.org #1682] AutoReply: BIO_snprintf can NOT work properly on HPUX 11.23 IA for 32bits mode From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Thu, 29 May 2008 09:30:40 +0200 Greetings,