Hi there,
the following problem is present in 0.9.6 and 0.9.6c.
It is possible to put server code into the internal infinite
loop in ssl3_read_bytes() by sending the following data from
the client right after establishing TCP connection:
01 03 01 00 01 00
i.e. the record with type 1, version T
Praveen> Hi I am building an openssl image on to the Vxworks plaform.
[snip]
Praveen> My Priority is reduce the image size , as this is very
Praveen> crtitical in RTOS. My Questions are : Crypto directory is
This is more of an application question than development. The answer is
quite simple.
> > I'm also a bit suspicious about the OIDs of "secp192r1" and "secp256r1".
> > In obj_dat.h they both end up having OID 0. Their corresponding OBJ_
> > macros in obj_mac.h get mapped to OBJ_X9_62_prime{192,256}v1 (of which I
> > suppose they are aliases), though, so it may be OK.
> > I'm not in
Praveen> Hi I am building an openssl image on to the Vxworks plaform.
[snip]
Praveen> My Priority is reduce the image size , as this is very
Praveen> crtitical in RTOS. My Questions are : Crypto directory is
Bill> This is more of an application question than development. The
Bill> answer i
Harald... We build our software token with -Bsymbolic. In fact all the
shared objects we create are with -Bsymbolic. Because of licensing
issues I can't staticaly bind with libcrypto (and even under debug
scenarios, it turns out that binding static to libcrypto.a the problem
occurs as well s
I'm getting an error when compiling bind-9.2.1rc2
because of this here in ossl_typ.h:
#ifdef OPENSSL_SYS_WIN32
#undef X509_NAME/* line 97 */
#undef PKCS7_ISSUER_AND_SERIAL
#endif
[...]
typedef struct X509_name_st X509_NAME; /* line 110 */
[...]
The error is:
inc32\ope
> Here is a patch I created for the Makefile.org file to correct the
> problem we were having...
I wouldn't like to see this in OpenSSL by default; there are times when
you *want* to over-ride functions inside the library in your own
program, and times when you don't.
I'd advise you instead to
> > Any of the more experienced openSSL developers out there have any
> > suggestions of things we may try with regard to linker options or other
> > ideas that we could do to address this collision (I doubt that I;m
> > going to be able to get netscape to chance their function names :)
Here is a patch I created for the Makefile.org file to correct the
problem we were having...
Steven Bade wrote:
> It seems that building with -Wl,-Bsymbolic on the linker options for
> creating the libcrypto.so makes this issue go away...
>
> Tom Wu wrote:
>
>> Steven Bade wrote:
>>
>>>
Thanks, but I don;t think that in this case this will help since the
particular use of the function is down in the deep libcrypto code itself
so creating macros for our calls internaly would not do much good...
I've been able to get past some of these types of problems in the past
with -Wl,
Fred Not sure what Tom is using... but we're using openCryptoki
which is the IBM LTC sponsored open source implementation of PKCS#11
it has nothing to do with gpkcs11, and is available at the IBM
Developerworks site under the Common Public License...
Frederic DONNAT wrote:
> Hi Tom
>
>
Sorry, my last message had a wrong subject:
It seems to me that the ASN1 decoder of integers is
not signaling encoding errors and tries to silently
repair parts of them.
There are three cases:
A integer with length 0 is silently converted to
a 0.
If the encoded value has a leading 0 octet,
Hi Tom
You say that you where loading openssl based modules under iplanet.
Are you talking about gpkcs11 stored on www.sourceforge.net ?
Could you tell me more about this ? What are these modules ? Are they free ? Where
could i find them if there are free ?
Thanks in advance
Fred
-Orig
It seems to me that the ASN1 decoder of integers is
not signaling encoding errors and tries to silently
repair parts of them.
There are three cases:
A integer with length 0 is silently converted to
a 0.
If the encoded value has a leading 0 octet, this
is simply removed without validation th
14 matches
Mail list logo
