Hi!
I use valgrind to check my code, and I can't seem to be able to free up 36
bytes.
SSL_library_init() allocates 36 bytes that I am not able to free using the
regular cleanup functions.
The details:
SSL_library_init calls SSL_COMP_get_compression_methods() if
OPENSSL_NO_COMP is defined.
Hi,
When running the openssl with DSA certificates and DH parameter files,
I can't select the ciphers TLS_DH_DSS_WITH_AES_128_CBC_SHA and
TLS_DH_DSS_WITH_AES_256_CBC_SHA. All other options of DH and DSS work,
for example the DHE_DSS ciphers and DH_anon work fine.
Any ideas?
--
Nadav Golombick
On Tue, Nov 15, 2005, Nadav Golombick wrote:
Hi,
When running the openssl with DSA certificates and DH parameter files,
I can't select the ciphers TLS_DH_DSS_WITH_AES_128_CBC_SHA and
TLS_DH_DSS_WITH_AES_256_CBC_SHA. All other options of DH and DSS work,
for example the DHE_DSS ciphers and
Thanks
On 11/15/05, Dr. Stephen Henson [EMAIL PROTECTED] wrote:
On Tue, Nov 15, 2005, Nadav Golombick wrote:
Hi,
When running the openssl with DSA certificates and DH parameter files,
I can't select the ciphers TLS_DH_DSS_WITH_AES_128_CBC_SHA and
TLS_DH_DSS_WITH_AES_256_CBC_SHA. All
No one can help me? :(
Alexis Lefort wrote:
I have forgotten one thing, the call to SSL_connect() returns "-1", and
SSL_get_error() returns SSL_ERROR_SYSCALL.
The error string is empty and errno is NULL.
Alexis Lefort wrote:
Hi list,
When my client (0.9.8a) tries to
compiling openssl 0.9.8a on freebsd 4.11 I've got
errors making libcrypto.so.4:
libcrypto.a(cryptlib.o): In function `OPENSSL_showfatal':
cryptlib.o(.text+0x3c6): undefined reference to `__stderrp'
cryptlib.o(.text+0x3cd): undefined reference to `vfprintf'
libssl.a(s2_srvr.o): In function
Hi,
if(!(x509 = d2i_X509_fp(fpin, NULL))) {
fseek(fpin, 0, SEEK_SET);
x509=PEM_read_X509(fpin, NULL, NULL, NULL);
}
CRYPTO_MDEBUG's output is:
[09:36:15] 1661 file=lhash.c, line=193, thread=121,
number=96, address=302DB948
I caught the address in the debugger and it is coming
from
Calling Err_remove_state(0) before the thread exits
fixed it :)
--- Calista [EMAIL PROTECTED] wrote:
Hi,
if(!(x509 = d2i_X509_fp(fpin, NULL))) {
fseek(fpin, 0, SEEK_SET);
x509=PEM_read_X509(fpin, NULL, NULL, NULL);
}
CRYPTO_MDEBUG's output is:
[09:36:15] 1661 file=lhash.c,
Hi, I had to encode a X509 certificate into base 64 to be able to transfer it into an XML, now when I get the XML I need to put it back inside a X509 structurethe way I did it with a file was easyBIO *cert = NULL; X509 *x509 = NULL;BIO_read_filename(cert, inFileC); x509 =
Hello,
I have built a server application which is using session caching by
writing the session files to disk. The session caching is all working
fine but the (old) session never get removed from the disk. I have set
the SSL_CTX_sess_set_remove_cb function to my own remove session
function
Hi.
I'm i right:
We calculate the salted hash d of the password p and the salt s using the
hash-function H like this:
d = H( p + s ) + s
This will have the affect that d != H( p + s' ) + s' (only if s != s') but
will not protect us against a dictionary attack
since we can easily precompute H(
I use valgrind to check my code, and I can't seem to be able to
free up 36
bytes.
So what?
SSL_library_init() allocates 36 bytes that I am not able to free
using the
regular cleanup functions.
Correct.
The details:
SSL_library_init calls
David,
If 36 bytes are being dynamically allocated and not being freed how is it
not a leak?
Steven
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Schwartz
Sent: Wednesday, 16 November 2005 10:09 AM
To: openssl-users@openssl.org
Subject: RE:
On Nov 15, 2005, at 7:29 PM, Steven Reddie wrote:
David,
If 36 bytes are being dynamically allocated and not being freed how is
it
not a leak?
Steven
Because it only happens once.
Imagine that when you shut off a faucet, water drips out for the next
ten seconds and then stops. That's
I understand about one-off leaks, but we're talking about a dynamically
loadable library when we're talking about OpenSSL.
What would happen if an application did something like this:
for (int i=0; i1000; i++)
{
hSSL = LoadLibrary(libssl.so)
fn =
That is my point, that one-off leaks in DLLs are not one-off leaks at all.
While statically linking against the C runtime library certainly works
around the issue (at least on Windows, and as you say on Mac) it is a poor
resolution for a memory leak as it sacrifices the benefits of using a DLL.
Hi All,
I agree with Steven and think that this is obviously a
leak.
I submitted a trivial patch for this a while back
which added a function that did a pop-free on the SSL
compression methods stack. It hasn't been adopted but
in my opinion it should be in order for the library to
be dynamically
I understand about one-off leaks, but we're talking about a dynamically
loadable library when we're talking about OpenSSL.
What would happen if an application did something like this:
for (int i=0; i1000; i++)
{
hSSL = LoadLibrary(libssl.so)
fn =
Dismissing leaks as one-off's is a pet peeve of mine. The notion
of one-off
leaks in an executable is arguably passable, but becomes a plain
old memory
leak just like any other when packaged as a library.
Not if the memory is reused if the library is unloaded and reloaded.
Sure, that's a contrived and extreme example, but the best way to illustrate
such a leak. For long-running (24x7) servers that may consist of many
components and subcomponents this scenario can occur. With large enterprise
server applications that are built with processes that value component
I don't understand how the memory could be reused since there is no
mechanism that I know of that the runtime library would or could use to
track this. For a dynamically linked C runtime library the allocated memory
is held in the heap that remains after the library unloads, at which time
the
There may be no portable way to handle TSD cleanup, but there is
no portable
way to do threading at all anyway, so I'm not sure what your argument is
there.
Huh? POSIX threads are portable. There are even support libraries for
WIN32.
I'm not arguing that any of this needs to be
Hi
For the scenario where the Proxy server is establishing a TLS connection
with a UA and if UA fails to send “Change Cipher Spec, Encrypted Handshake
Message.” resulting in SSL_connect failure. In this case what does
SSL_get_error return ?
Should SSL_get_error return
Yes, I use pthreads on Windows. Since you stated How would you handle TSD,
for example? There is no *portable* way to hook the destruction of a
thread. I figured you were dismissing pthreads as non-portable due to it
not being natively available on Windows, and accepted that you were only
I guess my 36 bytes are gone for good, and they will not be given back to
me :)
As far as I am concerned OpenSSL has a bug.
Off course is it more a theoretical matter than a practical one, but when
it is detected why not fix it?
Best Regards
Steffen Fiksdal
On Wed, 16 Nov 2005, Jonathon
25 matches
Mail list logo