[geoff - Sat Feb 15 21:48:27 2003]: > Hi there, > > > (1) While testing I found that verification of certain signed > > documents crashed OpenSSL. The problem appears to be that > > hw_ubsec.c:ubsec_dsa_verify() calls > > p_UBSEC_dsa_verify_ioctl() and if this call fails then the code tries > > using software crypto, indirectly calling dsa_ossl.c:dsa_do_verify(). > > However, dsa_do_verify() tries to do: > > > > if (!ENGINE_get_DSA(dsa->engine)->dsa_mod_exp(dsa, &t1,dsa->g,&u1, > > dsa->pub_key,&u2, > > dsa->p,ctx,mont)) > > goto err; > > > > and this dies because dsa_mod_exp is NULL. The current workaround is > > to set up pointers in ubsec_dsa for dsa_mod_exp and dsa_bn_mod_exp > > (just in case): > > Actually you must be looking at one of the openssl-engine-0.9.6 > releases? The linking between algorithm contexts and both their METHOD > implementations and ENGINE handles was altered as of 0.9.7, and the > above line of code thus changed. > > The problem is nonetheless still there, and I am looking at it. However, > to test possible fixes to this, you will need to start working with > 0.9.7 or snapshots (ie. CVS development leading up to 0.9.8). Can you > confirm this misunderstanding of versions, or are you working with a > custom source tree? > > Cheers, > Geoff
You're correct, the original problem showed up on engine-0.9.6g, and that's what this "fix" was applied to. I then went to 0.9.7 for the command line testing to see if that made any difference. We do make some small patches to 0.9.6g in order to get it to build/run with static libraries. This affects hw_ubsec.c, though I don't think it affects anything relevant to where the issues are (though I may be wrong of course). This is another reason why I went to command line testing using 0.9.7, since that does not have our patches in it and so reduced the number of variables. -- Jonathan ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
