|
Steve,
I like to know whether the patch submitted previously is well to do for
fixing the bug.
Please help me. In my application I'm running into various memory
constraints and I need to free the ERROR strings.
Can I apply this patch for fixing ERROR_load_SSL_strings( )
thanks,
Haridharan.
----- Original Message -----
Sent: Friday, April 07, 2006 9:23
AM
Subject: Re: Problem with
ERR_load_SSL_strings() with PATCH
Is there any updates in this
issue?
thanks,
Haridharan
On 3/31/06, Haridharan
Nattamai <[EMAIL PROTECTED]
> wrote:
Hi Kyle, The previous bug was on the
function ERR_load_crypto_strings( )
and this OpenSSL user has filed, the bug exists in ERR_load_SSL_strings( ) . The
reason for this bug is
1. The static variable, "done" used in the function
ERR_load_crypto_strings( ).
The purpose of this variable is
to bypass the load function process, if it is called again and again. At the
first instance of the call to this function, the value of the variable done
is set to 1. But on call to the function ERR_free_strings( ) the
value of done is not reset to 0. By disabling the check for the flag
done is set or not, we got the output as
error:0607A082:digital envelope
routines:EVP_CIPHER_CTX_set_key_length:invalid key
length
error:0607A082:digital envelope
routines:func(122):reason(130)
Which shows only the library name in which the error has
occured.
2. The function ERR_load_crypto_strings( ) internally calls 25
load functions for various cryptographic algorithms. In each load function a
static variable "init" is used for the same purpose as mentioned
above. And by disabling the check for the flag init, the required reson text
is obtained.
3. The value of the flags done and init is not RESET in the function
ERR_free_strings( ), rather it just clears the memory.
FYI:
The same bug exists fips' error load function
ERR_load_FIPS_strings( ).
A patch to fix this bug is
provided in the file attached.
But this but must be put to the notice of the
OpenSSL development community as the patch affects 53 files (including FIPS
code).
On 3/30/06, Kyle
Hamilton < [EMAIL PROTECTED]>
wrote:
I
thought we'd already established this as a bug?
When a state is
changed, the marker of the state needs to change,
as
well. The fact that freeing the strings doesn't clear the
"loaded"
flag is... well, overlooking something obvious.
On
3/29/06, Viji <[EMAIL PROTECTED]> wrote:
>
>
Hello All,
>
> It seems there is a bug in
ERR_load_SSL_strings() function when called more
> than once.
ERR_error_string() doesnot print the error
message.
>
>
> This can be reproduced using the
following sample program.
>
====================================================
> #include
<openssl/err.h>
> #include
<openssl/ssl.h>
>
> int
main()
>
{
>
>
ERR_load_SSL_strings();
>
printf("%s\n",ERR_error_string(336109761,NULL));
>
ERR_free_strings();
>
>
ERR_load_SSL_strings();
>
printf("%s\n",ERR_error_string(336109761,NULL));
>
ERR_free_strings();
>
>
return 0;
> }
>
====================================================
>
> # cc
err.c -lcrypto -lssl
> # ./a.out
> error:1408A0C1:SSL
routines:SSL3_GET_CLIENT_HELLO:no shared
> cipher
>
error:1408A0C1:lib(20):func(138):reason(193)
>
> This is
because ERR_load_SSL_strings() sets a static variable when it is
>
called and it dooesnot unset this variable in ERR_free_strings(). So
any
> further call to ERR_load_SSL_strings() does nothing and
returns.
>
> Please provide ur views on this.
>
>
Thanks,
>
Vijayalakshmi.
______________________________________________________________________
OpenSSL
Project
http://www.openssl.org
Development Mailing
List
[email protected]
Automated List
Manager
[EMAIL PROTECTED]
|
