"libeay32 libssl32"
=
230 hits for the no space :)
--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond
Hallo Ivanko,
Du schriebst am Sat, 8 Sep 2012 15:29:20 +0500:
> libeay32 ssleay32 = 136 000 hits
> libeay32libssl32 = 25 900 hits
>
> That's 5 times as prevailing :)
And if you add the missing space in the search for the second set?
v
(I.e. search for "libeay32 libss
How about the Google statistics acc to which ssleay32 wins 5:1 over libssl32 ?
That's with the current loading order we have 5 times as bigger
chances to encounter troubles with 3-rd party helpers (like STunnel,
PostgreSQL,) ?
PS:
Me understand that the problem has arisen because of placing the DL
On Saturday 08 September 2012 10:30:26 Ivanko B wrote:
> Why do you think ssleay32.dll is more "official" than libssl32.dll?
> =
> Maybe.. PostgreSQL, STunell .. only rely on ssleay32.dll.
>
> PS:
> Me've copied libssl32.dll 1.0.0c from Win32OpenSSL_Light-1_0_1c.exe
> to the app directory
Martin, there're some inherited form issues - me wrote some reports to
this conference but they haven't loaded yet for some reasons.
--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's
> Why do you think ssleay32.dll is more "official" than libssl32.dll?
>
Googling for :
libeay32 ssleay32 = 136 000 hits
libeay32libssl32 = 25 900 hits
That's 5 times as prevailing :)
--
Live Security Virtual Conferenc
Why do you think ssleay32.dll is more "official" than libssl32.dll?
=
Maybe.. PostgreSQL, STunell .. only rely on ssleay32.dll.
PS:
Me've copied libssl32.dll 1.0.0c from Win32OpenSSL_Light-1_0_1c.exe
to the app directory (where STunnel DLLs are present) still having all
these DLLs in syst
On 07.09.2012 20:00, Ivanko B wrote:
>> You copy into the project directory:
> >libeay32.dll, libss32.dll, ssleay32.dll. Which one to use?
>
> Removing libss32.dll from the directory doesn't fix.
>
>
> So "mainline distributions" contain ssleay32.dll and libeay32.dll? 100%?
> ==
Can it be only 100% secured by manual loading
the DLLs ?
=
Same for PostgerSQL's LIBPQ ? But LIBPQ also loads LIBICONV,
LIBINTL...and it can find them in a improper place, correct ? How to
avoid that ? Though, as me read, in win-32, 1-st place to search for
DLLs is a program start director
system32 directory?
==
This + systemwow64 eliminates this message. But we still can't get the
nature of this problem. Can it be only 100% secured by manual loading
the DLLs ?
--
Live Security Virtual Conference
Exc
Am 07.09.2012 19:00, schrieb Ivanko B:
>> You copy into the project directory:
> >libeay32.dll, libss32.dll, ssleay32.dll. Which one to use?
>
> Removing libss32.dll from the directory doesn't fix.
>
system32 directory?
>
> So "mainline distributions" contain ssleay32.dll and libeay3
>You copy into the project directory:
>libeay32.dll, libss32.dll, ssleay32.dll. Which one to use?
Removing libss32.dll from the directory doesn't fix.
So "mainline distributions" contain ssleay32.dll and libeay32.dll? 100%?
Yes. Although there's sometimes a full [intern
Am 07.09.2012 17:44, schrieb news.gmane.org:
>> If this does not match your requirementsyou must initialize the
>
> Mine ? Me just use the library :)
>
You copy into the project directory:
libeay32.dll, libss32.dll, ssleay32.dll. Which one to use?
>
>> libraries at program start:
>> "
>>initial
> If this does not match your requirementsyou must initialize the
Mine ? Me just use the library :)
> libraries at program start:
> "
> initializeopenssl(['ssleay32.dll'],['libeay32.dll']);
> "
>
If it(reodrering) fixes the problem then it should be incorporated to the
MSEgui.
---
Am 07.09.2012 15:00, schrieb news.gmane.org:
>> MSEgui calls getprocaddress() with them. What is wrong with that
>> approach?
>
> We only need to fix error messages as startup of MSEgui SSL-client apps,
> after conforming these messages the apps work well.
>
> (do You see these messages at Your wit
> MSEgui calls getprocaddress() with them. What is wrong with that
> approach?
We only need to fix error messages as startup of MSEgui SSL-client apps,
after conforming these messages the apps work well.
(do You see these messages at Your with the test case & main stream
OpenSSL 1.0 DLLs? )
On Friday 07 September 2012 13:26:44 news.gmane.org wrote:
> > They are optional in MSEgui:
>
> But LoadLibrary (or app loader) seems to try them or does smth else evil :)
> With OpenSSL 1.0, its DLLs match each other perfectly so the problem is
> beyond them.
> Anyway, we should fix that otherwise
> They are optional in MSEgui:
But LoadLibrary (or app loader) seems to try them or does smth else evil :)
With OpenSSL 1.0, its DLLs match each other perfectly so the problem is
beyond them.
Anyway, we should fix that otherwise we can use the mainstream OpenSLL.
You can see the thing Yourself
On Friday 07 September 2012 13:09:18 news.gmane.org wrote:
> The below symbols MSEgui refers don't exist anymore in mainstream &
> STunnel (1.0x) OpenSSL installations :
>
> BIO_get_mem_ptr
> BIO_set_mem_buf
> BIO_set_mem_eof_return
They are optional in MSEgui:
"
funcsopt: array[0..3] of funcinfo
The below symbols MSEgui refers don't exist anymore in mainstream &
STunnel (1.0x) OpenSSL installations :
BIO_get_mem_ptr
BIO_set_mem_buf
BIO_set_mem_eof_return
EVP_md2
EVP_PKEY_assign_DH
EVP_PKEY_assign_DSA
EVP_PKEY_assign_EC_KEY
EVP_PKEY_assign_RSA
--
> http://www.stunnel.org/downloads/beta/stunnel-4.54b5-installer.exe
>
> Its DLLs are compatible with MSEgui but the startup message related to
> EVP_md2.
>
>
Just checked - the 1.0x DLLs shipped with STunnel 4.54 do fully match
treir exp-imp. So, the complains are only cause by MSEgui's LoadLib
>> On loading(LoadLibrary) LIBSSL its DllMain loads LIBEAY32 & checks for
>> not-matching imp-exps between these DLLs and if found then generates
To have less errors with sSTunnel it's better to download its 1.0.1 based
version :
http://www.stunnel.org/downloads/beta/stunnel-4.54b5-installer.ex
On loading(LoadLibrary) LIBSSL its DllMain loads LIBEAY32 & checks for
not-matching imp-exps between these DLLs and if found then generates
an uncatchable error. There 's an interesting discussion about these
issues :
http://blogs.msdn.com/b/oldnewthing/archive/2005/02/14/372266.aspx
2012/9/6,
> Please list all ddl's your application uses.
The cause is STunnel 4.53's prebuilt FIPS-ed OpenSSL DLLs. Having replaced
with the mainstream OpenSSL DLLs (with those MSEgui apps & PG-clients load
well), STunnel stops loading (with same error message as me reported,
before exit). These FIPSe
On Wednesday 05 September 2012 06:51:50 news.gmane.org wrote:
> >> It is possible to import only requested symbols/ordinals w/o checking
> >> whole SSLEAY-2-LIBEAY32 imp-exp match ? Does what cause this full check
> >> ?
> >
> > I don't understand. The error message in your application is *not*
> >
>> It is possible to import only requested symbols/ordinals w/o checking
>> whole SSLEAY-2-LIBEAY32 imp-exp match ? Does what cause this full check
>> ?
>>
> I don't understand. The error message in your application is *not*
> caused by
> MSEgui OpenSSL binding but form the operating system I a
On Tuesday 04 September 2012 19:45:32 Ivanko B wrote:
> BTW, the extreme activity in the conference last months :) [ and just
> imagine which nightmare could produce many MSEgui users if exist ]
> Doesn't it make You tired, Martin ?
>
I like activity. :-)
If there are new users you will answer thei
On Tuesday 04 September 2012 17:47:47 news.gmane.org wrote:
> >> A link error caused by MSEgui looks like:
> >> "
> >> edynload : Can not load OpenSSL library, Library "libssl.so.1.0.0":
> >> Function "SSL_library_initxxx" not found.
> >> "
>
> It is possible to import only requested symbols/ordina
BTW, the extreme activity in the conference last months :) [ and just
imagine which nightmare could produce many MSEgui users if exist ]
Doesn't it make You tired, Martin ?
--
Live Security Virtual Conference
Exclusive liv
The full testcase is at "http://www.likan.uz/uploads/sslcrash.rar";.
--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers
>> A link error caused by MSEgui looks like:
>> "
>> edynload : Can not load OpenSSL library, Library "libssl.so.1.0.0":
>> Function "SSL_library_initxxx" not found.
>> "
>
It is possible to import only requested symbols/ordinals w/o checking
whole SSLEAY-2-LIBEAY32 imp-exp match ? Does what cau
>> Sure, here attached :)
>
> A link error caused by MSEgui looks like:
> "
> edynload : Can not load OpenSSL library, Library "libssl.so.1.0.0":
> Function "SSL_library_initxxx" not found.
> "
Who else ? The massage title shows "popdpska.exe"(MSEgui app). The system
DLL Loader ? But STunnel als
On Tuesday 04 September 2012 17:13:35 news.gmane.org wrote:
> >> 1) no apps but the MSEgui based one use that library
> >
> > Can you send a screenshot of the error message?
>
> Sure, here attached :)
A link error caused by MSEgui looks like:
"
edynload : Can not load OpenSSL library, Library "lib
1) no apps but the MSEgui based one use that library
Can you send a screenshot of the error message?
Sure, here attached :)<>--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's sec
On Tuesday 04 September 2012 16:46:50 news.gmane.org wrote:
> > Please answer my question. I assume a library you use links to that
> > symbol ->
> > the application can not be started by the loader.
>
> 1) no apps but the MSEgui based one use that library
Can you send a screenshot of the error me
> Please answer my question. I assume a library you use links to that
> symbol ->
> the application can not be started by the loader.
>
1) no apps but the MSEgui based one use that library
2) the application uses PostgreSQL's LIBPG which imports in turn :
LIBEAY32.dll
Import Lookup Table
On Tuesday 04 September 2012 15:35:21 news.gmane.org wrote:
> > I can't help because MSEgui does not need and link that function.
> > Correct?
>
> We only need to suppress the error (by mistake) message on startup - so
> that the app starts silently & GDB can debug the app.
>
Please answer my quest
> I can't help because MSEgui does not need and link that function.
> Correct?
>
We only need to suppress the error (by mistake) message on startup - so
that the app starts silently & GDB can debug the app.
--
Live S
On Tuesday 04 September 2012 15:18:43 news.gmane.org wrote:
> >> Really LIBEAY32 (0.9.8) exports :
> >
> > Use a more recent OpenSSL version?
>
> No stable STunnel version for that. But tried anyway before reporting You
> - the 4.54th beta client doesn't work with keys+cert used in the 4.53rd &
> r
>> Really LIBEAY32 (0.9.8) exports :
>>
> Use a more recent OpenSSL version?
>
No stable STunnel version for that. But tried anyway before reporting You
- the 4.54th beta client doesn't work with keys+cert used in the 4.53rd &
remote servers of 4.53rd version. But 4.54th + OpenSSL 1.0 can't be
On Tuesday 04 September 2012 13:47:48 news.gmane.org wrote:
> > MessageBox on app startup (translated form Russian): The ordinal 4540 is
> > not found in LIBEAY32 DLL.
>
> Really LIBEAY32 (0.9.8) exports :
>
Use a more recent OpenSSL version?
Martin
---
> What means "ordinal 4540 of LIBEAY32 be present"?
>
MessageBox on app startup (translated form Russian): The ordinal 4540 is
not found in LIBEAY32 DLL.
--
Live Security Virtual Conference
Exclusive live event will c
On Tuesday 04 September 2012 13:31:43 news.gmane.org wrote:
> The problem was caused by wrong LIBEAY32 DLL (taken from PostgreSQL ODBC).
> With shipped with STunnel 4.53, there're no more crashes & no more leaks.
> But another problem - impossible to debug since the app executable wants
> ordinal 4
The problem was caused by wrong LIBEAY32 DLL (taken from PostgreSQL ODBC).
With shipped with STunnel 4.53, there're no more crashes & no more leaks.
But another problem - impossible to debug since the app executable wants
ordinal 4540 of LIBEAY32 be present but it doesn't. It's referenced in
On Tuesday 04 September 2012 07:29:37 news.gmane.org wrote:
> > application.createdatamodule(tdmmainmo,dmmainmo);
> > application.createdatamodule(tdminfoconnmo,dminfoconnmo);
>
> Component instances created via "application.create*" are managed by
> application and cleaned up on application termin
On Tuesday 04 September 2012 07:25:10 news.gmane.org wrote:
>
> The final part of "../common/appstart.inc":
>
> //--
>
> [...]
>
> application.createdatamodule(tdmmainmo,dmmainmo);
> application.createdatamodule(tdminfoconnmo,dminfoconnmo);
>
> [...]
>
> application.createfo
> application.createdatamodule(tdmmainmo,dmmainmo);
> application.createdatamodule(tdminfoconnmo,dminfoconnmo);
>
Component instances created via "application.create*" are managed by
application and cleaned up on application termination [no need in direct
"instance.release" calls ], correct ?
> What means "allows application to advance by a few after-steps", what do
> you
> want to achieve?
> You can't expect that it is possible without bad aftermath to abort a
> program
> and not to call the necessary cleanup code.
>
The final part of "../common/appstart.inc":
//-
On Tuesday 04 September 2012 06:46:40 news.gmane.org wrote:
> > On Monday 03 September 2012 19:08:30 Ivanko B wrote:
> >> BTW, is the pure EVP_Cleanup 100% enough for proper deinitializing
> >> LIBEAY32 in any situation ?
> >
> > I don't know.
>
> Ok.
> How to terminate application in place of call
> On Monday 03 September 2012 19:08:30 Ivanko B wrote:
>> BTW, is the pure EVP_Cleanup 100% enough for proper deinitializing
>> LIBEAY32 in any situation ?
>>
> I don't know.
>
Ok.
How to terminate application in place of calling the termination command
not by HALT ?
"Terminate[d]" allows applic
On Monday 03 September 2012 19:08:30 Ivanko B wrote:
> BTW, is the pure EVP_Cleanup 100% enough for proper deinitializing
> LIBEAY32 in any situation ?
>
I don't know.
--
Live Security Virtual Conference
Exclusive live eve
On Monday 03 September 2012 19:06:47 Ivanko B wrote:
> Thanx !
> Also, is it correct to call "Application.terminated[d:= true]" before
> calling "Application.Run" ?
Yes.
> (as me do in the startup code of my project)
> What's lifetime strategy for components crated before & after
> "Application.R
BTW, is the pure EVP_Cleanup 100% enough for proper deinitializing
LIBEAY32 in any situation ?
--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has cha
Thanx !
Also, is it correct to call "Application.terminated[d:= true]" before
calling "Application.Run" ?
(as me do in the startup code of my project)
What's lifetime strategy for components crated before & after
"Application.Run" ?
-
On Monday 03 September 2012 18:23:11 news.gmane.org wrote:
> The below code looks no leaks:
>
> //--
>
> function symbase64cypherfrom(const avalue: ansistring; const apassw:
> msestring; const cypher_name: msestring = 'aes-256-cfb'): msestring;
> begin
> with tbase64handler.create(n
On Monday 03 September 2012 18:08:41 news.gmane.org wrote:
> > Does the memory alloc/dealloc code correct in the below code:
>
> Or :
>
> //--
>
> function symbase64cypherfrom(const avalue: ansistring; const apassw:
> msestring; const cypher_name: msestring = 'aes-256-cfb'): mse
The below code looks no leaks:
//--
function symbase64cypherfrom(const avalue: ansistring; const apassw:
msestring; const cypher_name: msestring = 'aes-256-cfb'): msestring;
begin
with tbase64handler.create(nil) do begin
chain:= tsymciphercryptohandler.create(nil);
with tsymciph
> Does the memory alloc/dealloc code correct in the below code:
Or :
//--
function symbase64cypherfrom(const avalue: ansistring; const apassw:
msestring; const cypher_name: msestring = 'aes-256-cfb'): msestring;
begin
with tbase64handler.create(nil) do begin
chain:= tsymcip
On Monday 03 September 2012 17:39:08 news.gmane.org wrote:
> > Who knows? I would fix them anyway. Do you call halt()? You should not.
> > ;-)
>
> Does the memory alloc/dealloc code correct in the below code:
>
Looks correct to me.
> //==
>
> function symbase64cypherfrom(const aval
>> Do you call halt()? You should not. ;-)
>
> Me've removed them all :)
>
Also, the heap tracer shows that "application.terminate[d:= true]" called
in application startup PAS-file (PROGRAM ) doesn't wait until the
app exits but performs some more command before exiting - it definitely
spawn
> Who knows? I would fix them anyway. Do you call halt()? You should not.
> ;-)
>
Does the memory alloc/dealloc code correct in the below code:
//==
function symbase64cypherfrom(const avalue: ansistring; const apassw:
msestring; const cypher_name: msestring = 'aes-256-cfb'):
> On Monday 03 September 2012 16:57:15 news.gmane.org wrote:
>> > Please send a simple testcase.
>>
>> Everything is OK on simple testcases. It can only occur on my main
>> project
>> which has greatly complex startup procedure. And this project has some
>> memory leaks. Can these leaks be relate
On Monday 03 September 2012 16:57:15 news.gmane.org wrote:
> > Please send a simple testcase.
>
> Everything is OK on simple testcases. It can only occur on my main project
> which has greatly complex startup procedure. And this project has some
> memory leaks. Can these leaks be relates to the cra
>> >> procedure deinit(const info: dynlibinfoty);
>> >> begin
>> >> evp_cleanup; // << HERE
>> >> end;
>> >
>> > Reproducible?
>>
>> 100%.
>>
> Please send a simple testcase.
>
Everything is OK on simple testcases. It can only occur on my main project
which has greatly complex startup procedure
On Monday 03 September 2012 11:43:31 news.gmane.org wrote:
> >> It happend in /lib/common/crypto/mseopensslevp.pas:
> >>
> >> procedure deinit(const info: dynlibinfoty);
> >> begin
> >> evp_cleanup; // << HERE
> >> end;
> >
> > Reproducible?
>
> 100%.
>
Please send a simple testcase.
Martin
>> It happend in /lib/common/crypto/mseopensslevp.pas:
>>
>> procedure deinit(const info: dynlibinfoty);
>> begin
>> evp_cleanup; // << HERE
>> end;
>>
> Reproducible?
100%.
--
Live Security Virtual Conference
Exclusive
On Monday 03 September 2012 10:30:30 Ivanko B wrote:
> It happend in /lib/common/crypto/mseopensslevp.pas:
>
> procedure deinit(const info: dynlibinfoty);
> begin
> evp_cleanup; // << HERE
> end;
>
Reproducible?
--
Live S
On Monday 03 September 2012 10:13:41 news.gmane.org wrote:
> Possible suspicion : HIGH(empty_array) gives 0 which allows to enter
> 0-based FOR cycle where to try accessing elements of that array.
HIGH(empty_array) returns -1.
-
It happend in /lib/common/crypto/mseopensslevp.pas:
procedure deinit(const info: dynlibinfoty);
begin
evp_cleanup; // << HERE
end;
INFO =
{LIBHANDLE = 263192576, LIBNAME = 0x5f6e50 'libeay32.dll', REFCOUNT =
1, INITHOOKS = 0x56738, DEINITHOOKS = 0x66920, CW8087 = 4978}
Where to dig ?
Me can't u
Possible suspicion : HIGH(empty_array) gives 0 which allows to enter
0-based FOR cycle where to try accessing elements of that array.
Maybe "length(array)-1" will be more reliable here, ? If yes, should we
recheck all other supsicious places ?
#0 0FB2CC1B :0 LIBEAY32!ENGINE_load_chil()
#1
70 matches
Mail list logo
