https://msdn.microsoft.com/en-us/library/windows/desktop/aa378149(v=vs.85).aspx
--
Kurt Cancemi
https://www.x64architecture.com
On Fri, Jan 27, 2017 at 12:13 AM, Rod Falck wrote:
> Hi,
>
>
>
> I have an OpenSSL based client which fails when validating a certificate
> generated by IBM RACF. It
) returns NULL and SSL_CTX_new()
returns NULL because the input argument (the server method) is NULL. You should
check the return value of SSL_CTX_new() no matter what because it can fail.
Kurt Cancemi
k...@x64architecture.com
> On Jul 11, 2016, at 08:10, Dmytro Shamatrin via RT wr
) returns NULL and SSL_CTX_new()
returns NULL because the input argument (the server method) is NULL. You should
check the return value of SSL_CTX_new() no matter what because it can fail.
Kurt Cancemi
k...@x64architecture.com
> On Jul 11, 2016, at 08:10, Dmytro Shamatrin via RT wr
Link to GitHub PR: https://github.com/openssl/openssl/pull/1039
--
Kurt Cancemi
https://www.x64architecture.com
On Mon, May 9, 2016 at 5:41 AM, Matt Caswell wrote:
> Looks ok to me. I suggest you raise it as a GitHub PR.
>
> Matt
>
--
openssl-dev mailing list
To unsubs
@@ -135,10 +135,10 @@
int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void))
{
-if (InitOnceExecuteOnce(once, once_cb, init, NULL))
-return 1;
+if (!InitOnceExecuteOnce(once, once_cb, init, NULL))
+return 0;
-return 0;
+return 1;
}
# endif
--
Kurt
Attached is the patch to fix the issue, also please close RT#4534 I
sent an invalid reply which got translated into another RT issue.
--
Kurt Cancemi
https://www.x64architecture.com
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4533
Please log in as guest with password guest if
Attached is the patch to fix the issue
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4534
Please log in as guest with password guest if prompted
>From c27b3a648532388cf59ee55c41ad433c8f323542 Mon Sep 17 00:00:00 2001
From: Kurt Cancemi
Date: Wed, 4 May 2016 17:34:23 -0
The attached patch adds a missing NULL check in i2d_PrivateKey(), it
also removes the parentheses around the last return value to be
consistent with the rest of the function.
--
Kurt Cancemi
https://www.x64architecture.com
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4533
stdout issue
(I don't know if its proper) that uses the method from the
x86_64 perl files if thats the way to go I'll make a complete patch.
(see aes-armv4.pl.patch)
--
Kurt Cancemi
https://www.x64architecture.com
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4325
Please
Rich,
I think he was asking if the OpenSSL team would say if a new vulnerability
affected 0.9.8 after support has ended.
> On Jul 21, 2015, at 7:04 AM, Salz, Rich wrote:
>
>> could we (0.9.8 users!) expect patch suggestions from the community on
>> potential vulnerabilities found in 2016, in
NASM (http://nasm.us) is the only officially supported assembler for
OpenSSL on Windows. So install NASM and add it to your path and then
retry.
--
Kurt Cancemi
https://www.x64architecture.com
On Thu, Jul 2, 2015 at 11:19 AM, Amit Shil via RT wrote:
> Hello OpenSSL,
> I can compile o
NASM (http://nasm.us) is the only officially supported assembler for
OpenSSL on Windows. So install NASM and add it to your path and then
retry.
--
Kurt Cancemi
https://www.x64architecture.com
On Thu, Jul 2, 2015 at 11:19 AM, Amit Shil via RT wrote:
> Hello OpenSSL,
> I can compile o
#x27;t count as an
argument in the opt_num_rest() function.
See the attached patch
--
Kurt Cancemi
https://www.x64architecture.com
>From db7179922b901f9ad935bf6324e108656f0c33b5 Mon Sep 17 00:00:00 2001
From: Kurt Cancemi
Date: Fri, 26 Jun 2015 02:13:45 -0400
Subject: [PATCH] Fix -evp option in
This ticket can be closed I think, not sure why I haven't received a
response maybe the random RT issues. But it appears that it has been
fixed in response to this ticket in
f2dc4d517fa11208b90ba0e92a2590f8cfdafb28.
---
Kurt Cancemi
https://www.x64architectur
n--;
i--;
}
--
Kurt Cancemi
https://www.x64architecture.com
___
openssl-bugs-mod mailing list
openssl-bugs-...@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
___
openssl-dev mail
I don't think its optimizing it out I agree with you, but your
suggested change resolved the error so Wim was right about it being
undefined behaviour, and the tool which uses clang 3.4 was warning us
about that.
I added my own debugging statement and ran ectest and it is indeed
undefined behaviour
Found by the https://github.com/xiw/stack tool and then I checked the
generated asm (gcc and clang) to confirm.
In the check "if (d0 && tmp_ulong)" tmp_ulong always evaluates to true
because the compiler optimizes out the tmp_ulong value to true because
(tmp_ulong = zz
t;> d1;) zz >> d1 has according to the compiler (LLVM)
a logical right-shift overflow. The commit "don't write beyond buffer
" (c237de0) added this check.
---
Kurt Cancemi
https://www.x64architecture.com
___
openssl-dev mailing list
To
red to
not be NULL because of the check (s->handshake_func == 0).
So is there supposed to be a NULL check before the check
(s->handshake_func == 0) or no?
Note: This behavior was changed in commit b31b04 in 1999.
---
Kurt Cancemi
https://www.x64archite
Could this be the issue your seeing? It was fixed in boringssl I think.
https://boringssl.googlesource.com/boringssl/+/bf681a40d6142edfa44a27dc0d6e07e0c37865a4
https://boringssl-review.googlesource.com/#/c/1393/
---
Kurt Cancemi
https://www.x64architecture.com
On Wed, May 13, 2015 at 1:19 PM
Attached updated patch according to openssl style.
---
Kurt Cancemi
https://www.x64architecture.com
On Thu, May 7, 2015 at 6:15 PM, Kurt Cancemi wrote:
> Add missing terminating NULL to speed_options table. This would cause
> memory corruption by opt_init() because it relies on the termi
Add missing terminating NULL to speed_options table. This would cause
memory corruption by opt_init() because it relies on the terminating
NULL.
---
Kurt Cancemi
>From 2cbdcd038245df7c78b25a2c22f802d26e030684 Mon Sep 17 00:00:00 2001
From: Kurt Cancemi
Date: Thu, 7 May 2015 18:09:53 -0
The return value of BUF_strdup is unchecked in X509V3_parse_list() the
attached patch fixes the issue.
---
Kurt Cancemi
>From a42d8f0e5dbc7d56268a06a99133957d09ac8a21 Mon Sep 17 00:00:00 2001
From: Kurt Cancemi
Date: Thu, 7 May 2015 16:12:33 -0400
Subject: [PATCH] Add missing NULL check
In the commit "Rewrite ssl_asn1.c using new ASN.1 code." (cc5b6a0) the
wrong ifdef is used to gaurd usage of PSK code.
---
Kurt Cancemi
>From 32533cb9cf698745171ff7d74413156bfef7036f Mon Sep 17 00:00:00 2001
From: Kurt Cancemi
Date: Thu, 9 Apr 2015 09:54:38 -0400
Subject: [PAT
The attached patch uses warning/fatal constants instead of numbers with
comments for warning/alerts in d1_pkt.c and s3_pkt.c
---
Kurt Cancemi
https://www.x64architecture.com
>From 1b07f801c5eb1ef05c50575e800ebf16a6bd69fb Mon Sep 17 00:00:00 2001
From: Kurt Cancemi
Date: Fri, 27 Feb 2015 22
error:x_pubkey.c:154:
Kurt Cancemi
https://www.x64architecture.com <https://www.x64architecture.com/>
> On Feb 17, 2015, at 4:49 PM, Brian Carpenter via RT wrote:
>
> Good morning. I'm reporting a segfault in openssl via the command line
> "openssl x509 -x509toreq -in test
The problem appears to be a NULL pointer dereference in X509_PUBKEY_set() when pkey is NULL, I attached a patch that fixes the issue.After patch output (openssl x509 -x509toreq -in test76crash -out /dev/null -signkey test.key):Getting request Private KeyGenerating certificate request140735115264848
I can confirm the patch works.
Though it throws some unrelated warnings:
*WARNING: mkdef.pl <http://mkdef.pl> doesn't know the following
algorithms:RMD160APPLINK*
---
Kurt Cancemi
https://www.x64architecture.com
On Mon, Feb 2, 2015 at 10:27 PM, Salz, Rich wr
thost is freed causing a double free.
---
Kurt Cancemi
https://www.x64architecture.com
>From 51c092fc2c05091ae874b91a1d53b378d39422e7 Mon Sep 17 00:00:00 2001
From: Kurt Cancemi
Date: Thu, 29 Jan 2015 20:33:06 -0500
Subject: [PATCH] Fix double free in ocsp_main()
---
apps/ocsp.c |
Add missing static qualifier to constant_time_select_int that was
introduced in 294d1e36c2495ff00e697c9ff622856d3114f14f
--
Kurt Cancemi
https://www.x64architecture.com
>From 183bd1581c15a164cc2e511e839452401571f05b Mon Sep 17 00:00:00 2001
From: Kurt Cancemi
Date: Sun, 28 Sep 2014 15:28
Hello,
The following patch removes an unused variable introduced by b09eb24,
this also fixes the build with -Werror.
>From 6e347fded0c050f4049e5bcbc2647bfdb742c48f Mon Sep 17 00:00:00 2001
From: Kurt Cancemi
Date: Thu, 28 Aug 2014 21:43:04 -0400
Subject: [PATCH] Remove unused varia
I ran make which regenerated the objects, thanks for pointing that
out, I attached an updated patch without the change.
---
Kurt Cancemi
https://www.x64architecture.com
On Thu, Aug 28, 2014 at 12:41 PM, Kurt Roeckx wrote:
> On Thu, Aug 28, 2014 at 03:11:14PM +0200, Kurt Cancemi via RT wr
The attached updated patch fixes a style error.
---
Kurt Cancemi
https://www.x64architecture.com
>From d112c3f7b36a60f8af109b90fe5299f7ac049cc6 Mon Sep 17 00:00:00 2001
From: Kurt Cancemi
Date: Wed, 27 Aug 2014 20:37:45 -0400
Subject: [PATCH] Fix memory leaks.
---
crypto/asn1/x_x509
Hello,
The attached patch fixes some memory leaks that were found via Coverity.
---
Kurt Cancemi
https://www.x64architecture.com
>From 3d2c713113545255b61efe433e130078d4cf2e22 Mon Sep 17 00:00:00 2001
From: Kurt Cancemi
Date: Wed, 27 Aug 2014 20:21:33 -0400
Subject: [PATCH] Fix memory le
Hello,
The attached patch fixes some typos in ssltest.c.
---
Kurt Cancemi
https://www.x64architecture.com
>From ea36aa8516e6e8b16896a089d58b216d38302885 Mon Sep 17 00:00:00 2001
From: Kurt Cancemi
Date: Tue, 26 Aug 2014 17:48:43 -0400
Subject: [PATCH] Fix typos in ssltest.c.
---
Hello,
I noticed in the commit details you put an invalid email address.
The email address is instead of the correct .
---
Kurt Cancemi
https://www.x64Architecture.com <https://www.x64architecture.com/>
On Fri, Aug 22, 2014 at 5:24 PM, Rich Salz via RT wrote:
> Fixed in rsalz
Update patch, the previous version of the patch had corrections to
words that were correct in UK English but not in US English, unless
the OpenSSL project wants to use US English only now then disregard
this updated patch.
---
Kurt Cancemi
https://www.x64Architecture.com
>F
Your using a SHA-1 signed certificate, the current FIPS standard
mandates a SHA-256 (SHA-2) signed certificate with a bit size >= 2048.
---
Kurt Cancemi
https://www.x64Architecture.com
On Mon, Aug 11, 2014 at 5:24 AM, Abdul Anshad wrote:
> Hello All,
>
> I have a set up which runs
Hello,
The attached patch fixes possible null pointers if malloc fails. This
was reported by qualitesys
(http://marc.info/?l=openssl-dev&m=140243635405343), and I created the
fix (no repeat of what happened last time).
Regards,
Kurt Cancemi
>From 033ce19ea9268a81410cd1e07f628dee43dcc
dit
for finding and fixing the issue goes to the OpenBSD team.
Regards,
Kurt Cancemi
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Hello,
The attached patch removes a duplicate or check (the first problem listed
in this ticket).
Regards,
Kurt Cancemi
>From 395cd71ac22028da8545e1796e34b757c91c48d3 Mon Sep 17 00:00:00 2001
From: Kurt Cancemi
Date: Wed, 18 Jun 2014 04:54:52 -0400
Subject: [PATCH] Removed duplicate or ch
Somehow the patch got a > prepended to it, the attached patch removes it.
---
Kurt Cancemi
http://www.getwnmp.org
0001-Fix-off-by-one-errors-in-ssl_cipher_get_evp.patch
Description: Binary data
Hi, In the ssl_cipher_get_evp() function, there are two off-by-one
errors in index validation before accessing arrays. The attached patch
fixes the problem.
Regards,
Kurt Cancemi
>From 72e339f36be4a40436b95a0d07d68167605c31e2 Mon Sep 17 00:00:00 2001
From: Kurt Cancemi
Date: Wed, 4 Jun 2
43 matches
Mail list logo