[openssl.org #2363] bug: memory allocated by DH_new() may never be free()ed

be found by using ::dis on each address, thus rebuilding the stack. -- Jan Pechanec http://blogs.sun.com/janp __ OpenSSL Project http://www.openssl.org Development Mailing List

[openssl.org #2325] memory corruption after libssl is unloaded from memory

think we should file a bug in the RT. Is there anything else we should provide? thanks, Jan. -- Jan Pechanec http://blogs.sun.com/janp /* * Demo for the SSL memory corruption bug. The problem is if libssl is * dlopen()ed, SSL error strings loaded, and the library is dlclose()d

Re: memory corruption after libssl is unloaded from memory

on Linux as well. thanks, Jan. -- Jan Pechanec http://blogs.sun.com/janp __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org

Re: memory corruption after libssl is unloaded from memory

this stop function, I believe we may end up in a similar situation and crash again. Jan. -- Jan Pechanec http://blogs.sun.com/janp __ OpenSSL Project http://www.openssl.org Development

memory corruption after libssl is unloaded from memory

in the RT. Is there anything else we should provide? thanks, Jan. -- Jan Pechanec http://blogs.sun.com/janp /* * Demo for the SSL memory corruption bug. The problem is if libssl is * dlopen()ed, SSL error strings loaded, and the library is dlclose()d then. The * hash string table built

Re: NO_FORK problem in speed.c

and reconfigure/rebuild. Or, just put #define HAVE_FORK 1 after the endif and rebuild. J. -- Jan Pechanec http://blogs.sun.com/janp __ OpenSSL Project http://www.openssl.org Development Mailing List

[openssl.org #2183] 0.9.8m broke -multi option in openssl(1) on unix(-like) systems

, fixing it in speed.c could bring the problem back again, just for yet another architecture not specified in the #ifdef. cheers, Jan. -- Jan Pechanec http://blogs.sun.com/janp __ OpenSSL Project

Re: [openssl.org #2124] memory mismanagement in OpenSSL (patch included against 0.9.8l)

On Tue, 8 Dec 2009, Jan Pechanec wrote: sorry, forgot to include a link to the OpenSolaris bugster: http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6441083 with an explanation of a person who reported the problem. J. hi, there are some places

Re: adding a new NID

-gate/usr/src/common/openssl/crypto/engine/hw_pk11.c -- Jan Pechanec

Re: AES counter mode support missing from EVP

to modify OpenSSL at all. aha, thanks, that's a good idea. It seems to me that I can't use OBJ_create() without providing an OID but ASN1_OBJECT_create() + OBJ_add_object() is OK for me and no phony OIDs are used then. J. -- Jan Pechanec

AES counter mode support missing from EVP

bits long counter for AES counter mode so that's why OpenSSH can work with its own EVP functions for this mode. However, above mentioned changes are needed so that CTR mode can be offloaded to the engine. thanks, Jan. -- Jan Pechanec

Re: PKCS#11 wrapper around OpenSSL

, from reading the code this is not really usable. correct, not with the current bits in Solaris (I guess we talk about accesing tokens). We plan to work on that but it's not top priority for now. cheers, Jan. -- Jan Pechanec

[openssl.org #1564] bug: FIPS module can't be built on Solaris

it to printf, or to replace it with printf right away, or something different. After the fix the module builds fine. For more information about echo's in Solaris, see: man -M /usr/man echo regards, Jan. -- Jan Pechanec

Re: HMAC_Final()/tls1_P_hash() problem with PKCS#11

to deallocate memory in the token allocated in C_DigestInit() is to call C_DigestFinal(), which means unless app calls EVP_DigestFinal() there is a leak. Jan. -- Jan Pechanec __ OpenSSL Project

HMAC_Final()/tls1_P_hash() problem with PKCS#11

would like to fix it the same way as in OpenSSL - if you decide to fix it of course. Having separate patches is too painful. thanks, Jan. -- Jan Pechanec __ OpenSSL Project http

[openssl.org #1528] bug/typo: TLS_DEBUG section prints pre-master instead of master

)?' ':'\n'); } printf(pre-master\n); { int z; for (z=0; zs-session-master_key_length; z++) printf(%02X%c,s-session-master_key[z],((z+1)%16)?' ':'\n'); } #endif which uses pre-master\n in printf(). However, s-session-master_key is a master key. Jan. -- Jan Pechanec

[openssl.org #1529] doc: AES support not documented in enc(1) manual page

. Jan. -- Jan Pechanec __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL

[openssl.org #1530] bug/typo: incorrent comment in s3_srvr.c

0.9.8e, s3_srvr.c claims this in a comment: * s-tmp.new_cipher- the new cipher to use. it should read s-s3-tmp.new_cipher ... Jan. -- Jan Pechanec __ OpenSSL Project

[openssl.org #1531] typo: 'rouines' should read 'routines' in all Copyright sections

as per $subj: * The word 'cryptographic' can be left out if the rouines from the library it seems to be everywhere: janp:ananke:/export/openssl$ ggrep -e rouines -R openssl-0.9.8e/* | wc -l 541 -- Jan Pechanec

[openssl.org #1438] BUG: extra backslash in openssl macros (version 0.9.8d)

these backslashes are unnecessary, and they're a maintenance hazard. If somebody puts non-null text on the following line, it will get sucked into the macro. thanks, Jan. -- Jan Pechanec Software Engineer Security Technologies | OS Hardening

[openssl.org #1354] patch: SSL_SESSION_get_time.pod mentions SSL_SESSION_get_timeout twice

hi, SSL_SESSION_get_time(3) mentions SSL_SESSION_get_timeout twice in NAME section instead of SSL_SESSION_set_timeout. Patch included. Jan. -- Jan Pechanec Software Engineer Security Technologies | OS Hardening

[openssl.org #1355] patch: bug in CONF_modules_free.pod

hi, man page for CONF_modules_free mistakenly mentions CONF_modules_load instead of CONF_modules_finish (CONF_modules_load has its own manual page). Patch attached. checked against snapshot from 2006-06-20. Jan. -- Jan Pechanec