[openssl.org #393] 0.9.7 beta 5 crypto/x509/x509_vfy.c X509_STORE_CTX_init() memset required

[Richard Levitte via RT]

Nope, no reversing there.  However, what we're cleansing is the pointer itself, which 
is basically ridiculous and a mistake, as the memset() that was there before (and 
didn't generate an exception!) was really there to NULLify the ex_data pointers.

I just committed a change back to using memset().

[[EMAIL PROTECTED] - Mon Dec  9 08:59:25 2002]:

 I'm tracking down the cause of an exception that did not occur with
 Kermit 95 with previous
 0.9.7 builds.  In the process I noticed that in
 
   X509_STORE_CTX_cleanup
 
 the buffer ctx-ex_data is freed with
 
   CRYPTO_free_ex_data
 
 prior to it being cleansed with
 
   OPENSSL_cleanse
 
 I'm pretty sure these two calls need to be reversed.
 
 - Jeff
 
 


-- 
Richard Levitte
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #393] 0.9.7 beta 5 crypto/x509/x509_vfy.c X509_STORE_CTX_init() memset required

[Jeffrey Altman via RT]

Please ignore my previous e-mail, the problem is located in
 
  X509_STORE_CTX_init()

The memset((ctx-ex_data),0,sizeof(CRYPTO_EX_DATA)) that was commented out
needs to be restored due to the use of OPENSSL_cleanse() on that data 
structure.  In previous
releases this data structure would have been zero'd out.  Now it 
contains random data in pointer
fields and therefore must be zero'd before the call to CRYPTO_new_ex_data().

Thanks.



__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]