[PATCH] ssl3_send_server_key_exchange (rsa) bug ?

2007-06-01 Thread Robin Bryce
Hi, In both openssl-0.9.8b and openssl trunk ssl3_send_server_key_exchange passes the address of an uninitialised variable to RSA_sign as the siglen parameter. In the presence of RSA_FLAG_SIGN_VER and an engine implementation that provides an rsa_sign method this can cause problems futher down th

Re: [PATCH] ssl3_send_server_key_exchange (rsa) bug ?

2007-06-01 Thread Martin Simmons
> On Fri, 1 Jun 2007 16:21:35 +0100, Robin Bryce said: > > Hi, > > In both openssl-0.9.8b and openssl trunk ssl3_send_server_key_exchange > passes the address of an uninitialised variable to RSA_sign as the > siglen parameter. In the presence of RSA_FLAG_SIGN_VER and an engine > implementatio

Visual Studio 2005 and openssl question

2007-06-01 Thread gary clark
hello, I know this is probably inappropriate venue but I am at a loss on why I cannot run openssl on a XP windows machine which does not have openssl installed. I have built a client and server on a machine which has had openssl installed and got it to work with certificates. However when I port

Re: Visual Studio 2005 and openssl question

2007-06-01 Thread Alon Bar-Lev
You probably need the manifest at the application directory. The dll cannot find its runtime. On 6/2/07, gary clark <[EMAIL PROTECTED]> wrote: hello, I know this is probably inappropriate venue but I am at a loss on why I cannot run openssl on a XP windows machine which does not have openssl in

Re: Visual Studio 2005 and openssl question

2007-06-01 Thread gary clark
Alon, Could you elaborate further? I check the setting embed manifest to 'Yes' in Visual Studio? Is this valid for this? Much appreciated, Garyc --- Alon Bar-Lev <[EMAIL PROTECTED]> wrote: > You probably need the manifest at the application > directory. > The dll cannot find its runtime. > > O

Re: Visual Studio 2005 and openssl question

2007-06-01 Thread Mounir IDRASSI
Hi, Does the Windows XP machine where you have troubles contain the Microsoft runtime for msvcr80 installed? Visual Studio 2005 links by default to the msvcr80 dll. This dll must be installed in the target machine using a setup that can be downloaded using the following link: http://go.microsoft.co

Re: [PATCH] ssl3_send_server_key_exchange (rsa) bug ?

2007-06-01 Thread Robin Bryce
Maybe kn-2 would be better, to match &(p[2])? Oh, yuck - If the remaining memory beyond &(p[2]) is less than 'kn' then the buffer has been under allocated and we have a second bug don't we ? I don't know how big the buffer is to start with. 'kn' is the result of EVP_PKEY_size(pkey) and ssl3_sen