There are a few UMRs and one FIU in the current OpenSSL-0.9.8g code base.
The attached patch fixes this with minimal code changes.
A better solution would be to use a BN_init call on each of the local BN
variables being used which would be a trivial adaptation of this patch.
Without this patch
I kicked off some builds last night as I was curious as to the answer to
the question - 0.9.8d fails in make test, 0.9.8k passes in make test.
The 1.0.0 beta 3 fails with the SHA1 asm code and in the AES asm code.
I haven't had a chance to look into this in any detail - just noting that the
On 26/04/2014 11:04 PM, Kurt Roeckx via RT wrote:
Libressl has a patch for this at:
http://anoncvs.estpak.ee/cgi-bin/cgit/openbsd-src/commit/lib/libssl?id=cb8b51bf2f6517fe96ab0d20c4d9bba2eef1b67c
I believe that patch is not really the correct fix.
My understanding is that tot is what is
The two echo commands are different values (being different actual echo
programs) and hence have different digests.
As a user:
macbuild:~ tjh$ echo -n 12345 | od -x 000 3231 3433 0035 005
As root:
echo -n 12345 | od -x 000 6e2d 3120 3332 3534 000a 011
The root echo is one
On Fri May 03 19:05:13 2013, burton.sm...@williams.com wrote:
Thanks, but after playing with this puzzle for a while I combined the
configuration options that were supposed to correct it individually.
It worked.
Closed as resolved.
On Tue Mar 04 16:03:58 2014, dominik.stras...@onespin-solutions.com wrote:
Hi all,
the top level Makefile has a small with quoting when CC has an argument.
The attached mini-patch fixes the problem
Closing item s resolved as SteveH checked in a fix for this in master, 1.0.1
stable and 1.0.2
Note: PR#3274 is a duplicate of this issue just closed.
Closing this item too as resolved as SteveH checked in a fix for this in
master, 1.0.1 stable and 1.0.2 stable after the issue was reported.
https://github.com/openssl/openssl/commit/24e20db4aa18ff8a6f67ae7faf80cf2b99f8b74a
On Wed Apr 02 19:22:14 2014, e...@pobox.com wrote:
Fixing one of my own bugs, there since SSLeay days I belive :-)
Closing item as resolved.
SteveH committed the fix across all branches ...
https://github.com/openssl/openssl/commit/10378fb5f4c67270b800e8f7c600cd0548874811
On Wed Apr 16 14:25:34 2014, s...@pdflib.com wrote:
Am 15.04.14 20:00, schrieb Stephen Henson via RT:
I've just added a fix (and to two other cases in the same file). Let
me know of any problems.
Closed as resolved.
SteveH committed changes across all branches.
On Mon Feb 03 15:16:14 2014, steve wrote:
...
I've just committed a fix. Let me know of any problems.
Closed as resolved.
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Leaving issue open.
Note: SteveH checked in a partial fix adding in a getter function -
SSL_CTX_get_ssl_method
https://github.com/openssl/openssl/commit/ba168244a14bbd056e502d7daa04cae4aabe9d0d
Tim.
__
OpenSSL Project
On Tue Jan 07 09:26:25 2014, rainer.j...@kippdata.de wrote:
File test/testssl in branches 0.9.8 and 1.0.0 contains the line
if [ $protocol == SSLv3 ] ; then
Closed as resolved.
SteveH committed fixes.
https://github.com/openssl/openssl/commit/080ae6843299c873808c04487d4ccf51624fe618
Tim
Marking issue as resolved.
SteveH checked in fixes.
https://github.com/openssl/openssl/commit/2911575c6e790541e495927a60121d7546a66962
Tim.
__
OpenSSL Project http://www.openssl.org
Development
Closed as resolved.
SteveH committed fix.
https://github.com/openssl/openssl/commit/44314cf64d1e51c7493799e77b14ae4e94a4c8cf
Tim.
__
OpenSSL Project http://www.openssl.org
Development Mailing
Closed as resolved.
SteveH committed patch.
https://github.com/openssl/openssl/commit/c8919dde09d56f03615a52031964bc9a77b26e90
Tim.
__
OpenSSL Project http://www.openssl.org
Development Mailing
Closed item as resolved.
SteveH committed patch.
https://github.com/openssl/openssl/commit/ed77017b594754240013c378b4f7c10440c94d7a
Tim.
__
OpenSSL Project http://www.openssl.org
Development
On Fri Jun 07 20:12:54 2013, fr...@baggins.org wrote:
This patch is the first submission of what is planned to be a regular
series of patches. It represents the collected updates made to the pod
documentation published on the openssl wiki:
Closed as resolved. Patch was committed.
Tim
On Mon Jun 06 17:23:48 2011, tm...@redhat.com wrote:
There is code error in s3_srvr.c function ssl3_get_cert_verify().
The bug was found by Coverity scan.
Closing as resolved.
Andy committed fix across all branches.
Closing item as resolved.
SteveH committed patches across all branches.
Tim
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
On Tue Jun 04 17:53:41 2013, rob.stradl...@comodo.com wrote:
The Safari browser on OSX versions 10.8 to 10.8.3 advertises support for
several ECDHE-ECDSA ciphers but fails to negotiate them.
Closing as resolved.
Ben committed fixes across all branches.
Closing item as resolved.
Tim.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
coverity issues 966593-966596
966593 Uninitialized scalar variable The variable will contain an arbitrary
value left from earlier computations. In SRP_create_verifier: Use of an
uninitialized variable
__
OpenSSL Project
966597 Uninitialized scalar variable
The variable will contain an arbitrary value left from earlier computations.
In d2i_SSL_SESSION: Use of an uninitialized variable
__
OpenSSL Project
966577 Resource leak
The system resource will not be reclaimed and reused, reducing the future
availability of the resource.
In init_client_ip: Leak of memory or pointers to system resources
__
OpenSSL
Re-opening item.
See https://rt.openssl.org/Ticket/Display.html?id=3345
This patch introduced an uninitialised read.
A num=0 initialisation is required prior to the for loop.
__
OpenSSL Project
On Tue May 06 05:13:42 2014, arthurm...@gmail.com wrote:
Coverity run has uncovered the following use of uninitialized local
variable in b64_read(). This applies to both 1.0.1g and master branch:
See https://rt.openssl.org/Ticket/Display.html?id=3289 which is the patch which
introduced this
On 24/05/2014 11:06 PM, Krzysztof Kwiatkowski via RT wrote:
Hello,
This patch implements request for ticket 2578. I've also created pull
request in github that you can find here:
https://github.com/openssl/openssl/pull/108
Why is there a crypto/objects/obj_xref.h change mixed in with this
On 7/06/2014 7:10 PM, Jenny Yung via RT wrote:
Hello,
We ran parfait on OpenSSL and found the following errors in openssl-1.0.1g:
1. Error: Uninitialised memory (CWE 456)
Possible access to uninitialised memory 'num'
at line 267 of
On 8/06/2014 11:40 AM, Kurt Roeckx via RT wrote:
On Sun, Jun 08, 2014 at 12:01:28AM +0200, Tim Hudson via RT wrote:
Already fixed in the 1.0.1 stable branch so it is already included in
1.0.1h onwards and 1.0.1m is the current recommended version.
[...]
Can you re-run parfait against
I am closing this item as it is not actually a defect (although we do
appreciate getting rapid feedback on the roadmap).
The discussion in terms of platform strategy should continue on the openssl-dev
mailing list as we work through tackling platform related issues.
Separately I'm looking
Closing this item - see #3434 which is an overlapping (and more detailed
replacement).
Further discussions on AES wrapping should be added into that ticket and/or
continue on openssl-dev.
Thanks,
Tim.
__
OpenSSL Project
31 matches
Mail list logo