Re: [openssl-dev] [openssl.org #4612] Appcrash on SSL_CTX_new(SSLv2_server_method()) on windows 7 x64 with OpenSSL-1.0.1t

Hello, In 1.0.1s OpenSSL disabled SSLv2 by default in the build. So use perl Configure no-asm enable-ssl2 -DOPENSSL_USE_IPV6=0 VC-WIN32 Excerpt from CHANGES "Changes between 1.0.1r and 1.0.1s [1 Mar 2016]" “ Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2 is by def

Re: [openssl-dev] [openssl.org #4533] AutoReply: [PATCH] Add missing NULL check in i2d_PrivateKey()

Attached is the patch to fix the issue, also please close RT#4534 I sent an invalid reply which got translated into another RT issue. -- Kurt Cancemi https://www.x64architecture.com -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4533 Please log in as guest with password guest if pr

[openssl-dev] [openssl.org #4534] Re: [PATCH] Add missing NULL check in i2d_PrivateKey()

Attached is the patch to fix the issue -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4534 Please log in as guest with password guest if prompted >From c27b3a648532388cf59ee55c41ad433c8f323542 Mon Sep 17 00:00:00 2001 From: Kurt Cancemi Date: Wed, 4 May 2016 17:34:23 -0400 Subject

[openssl-dev] [openssl.org #4533] [PATCH] Add missing NULL check in i2d_PrivateKey()

The attached patch adds a missing NULL check in i2d_PrivateKey(), it also removes the parentheses around the last return value to be consistent with the rest of the function. -- Kurt Cancemi https://www.x64architecture.com -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4533 Please

[openssl-dev] [openssl.org #4325] Unified Builds Don't Work With ARM

Hello, There are a few problems that I am facing with unified builds with arm: 1. arm_arch.h is not in the include path. fatal error: arm_arch.h: No such file or directory 2. The arm assembler scripts output to stdout (see attached output.txt) I have a patch for aes-armv4.pl that fixes the std

Re: [openssl-dev] [openssl.org #3928] openssl version 1.0.2c compilation error for 32 bit

NASM (http://nasm.us) is the only officially supported assembler for OpenSSL on Windows. So install NASM and add it to your path and then retry. -- Kurt Cancemi https://www.x64architecture.com On Thu, Jul 2, 2015 at 11:19 AM, Amit Shil via RT wrote: > Hello OpenSSL, > I can compile openssl ver

[openssl-dev] [openssl.org #3926] [PATCH] Fix -evp option in openssl speed command

Hello, The -evp option in the openssl speed command doesn't work in the current master due to the check on line 952: if (argc == 0) should be if (argc == 0 && !doit(D_EVP)) the reason is on line 856: argc = opt_num_rest(); which sets argc to 0 because the argument of -evp doesn't count as an arg

Re: [openssl-dev] [openssl.org #3904] [master] NULL handling Issues in i2c_ibuf() in a_int.c

This ticket can be closed I think, not sure why I haven't received a response maybe the random RT issues. But it appears that it has been fixed in response to this ticket in f2dc4d517fa11208b90ba0e92a2590f8cfdafb28. --- Kurt Cancemi https://www.x64architecture.com ___

[openssl-dev] [openssl.org #3904] [master] NULL handling Issues in i2c_ibuf() in a_int.c

This ticket only applies to master What is the intended behavior when b or blen is NULL? all I see is that ret is set to 1 and the function continues. These issues are both related to the above question. First issue When !neg and b == NULL the following operation is preformed likely resulting i

Re: [openssl-dev] [openssl.org #3852] bn_gfm2.c: in BN_GF2m_mod_arr() a check is optimized out

I don't think its optimizing it out I agree with you, but your suggested change resolved the error so Wim was right about it being undefined behaviour, and the tool which uses clang 3.4 was warning us about that. I added my own debugging statement and ran ectest and it is indeed undefined behaviour

Re: [openssl-dev] [openssl.org #3852] bn_gfm2.c: in BN_GF2m_mod_arr() a check is optimized out

Found by the https://github.com/xiw/stack tool and then I checked the generated asm (gcc and clang) to confirm. In the check "if (d0 && tmp_ulong)" tmp_ulong always evaluates to true because the compiler optimizes out the tmp_ulong value to true because (tmp_ulong = zz

[openssl-dev] [openssl.org #3852] bn_gfm2.c: in BN_GF2m_mod_arr() a check is optimized out

Found by the https://github.com/xiw/stack tool and then I checked the generated asm (gcc and clang) to confirm. In the check "if (d0 && tmp_ulong)" tmp_ulong always evaluates to true because the compiler optimizes out the tmp_ulong value to true because (tmp_ulong = zz >> d1;) zz >> d1 has accordi

Re: [openssl-dev] [openssl.org #3842] [PATCH] Add missing terminating NULL to speed_options table

Attached updated patch according to openssl style. --- Kurt Cancemi https://www.x64architecture.com On Thu, May 7, 2015 at 6:15 PM, Kurt Cancemi wrote: > Add missing terminating NULL to speed_options table. This would cause > memory corruption by opt_init() because it relies on the terminating

[openssl-dev] [openssl.org #3842] [PATCH] Add missing terminating NULL to speed_options table

Add missing terminating NULL to speed_options table. This would cause memory corruption by opt_init() because it relies on the terminating NULL. --- Kurt Cancemi >From 2cbdcd038245df7c78b25a2c22f802d26e030684 Mon Sep 17 00:00:00 2001 From: Kurt Cancemi Date: Thu, 7 May 2015 18:09:53 -0400 Subjec

[openssl-dev] [openssl.org #3840] [PATCH] Add missing NULL check in X509V3_parse_list()

The return value of BUF_strdup is unchecked in X509V3_parse_list() the attached patch fixes the issue. --- Kurt Cancemi >From a42d8f0e5dbc7d56268a06a99133957d09ac8a21 Mon Sep 17 00:00:00 2001 From: Kurt Cancemi Date: Thu, 7 May 2015 16:12:33 -0400 Subject: [PATCH] Add missing NULL check in X509V

[openssl-dev] [openssl.org #3790] [PATCH] The wrong ifdef is used to gaurd usage of PSK code

In the commit "Rewrite ssl_asn1.c using new ASN.1 code." (cc5b6a0) the wrong ifdef is used to gaurd usage of PSK code. --- Kurt Cancemi >From 32533cb9cf698745171ff7d74413156bfef7036f Mon Sep 17 00:00:00 2001 From: Kurt Cancemi Date: Thu, 9 Apr 2015 09:54:38 -0400 Subject: [PATCH] The wrong ifdef

[openssl-dev] [openssl.org #3725] [PATCH] Use warning/fatal constants instead of numbers with comments

The attached patch uses warning/fatal constants instead of numbers with comments for warning/alerts in d1_pkt.c and s3_pkt.c --- Kurt Cancemi https://www.x64architecture.com >From 1b07f801c5eb1ef05c50575e800ebf16a6bd69fb Mon Sep 17 00:00:00 2001 From: Kurt Cancemi Date: Fri, 27 Feb 2015 22:05:56

Re: [openssl-dev] [openssl.org #3708] segfault while generating a certificate signing request based on a malformed certificate

The problem appears to be a NULL pointer dereference in X509_PUBKEY_set() when pkey is NULL, I attached a patch that fixes the issue. After patch output (openssl x509 -x509toreq -in test76crash -out /dev/null -signkey test.key): Getting request Private Key Generating certificate request 1407351

[openssl-dev] [openssl.org #3682] [PATCH] Fix double free in ocsp_main()

There is a double free in ocsp_main() the attached patch fixes the issue. The user provides the -url argument to the ocsp utility and if OCSP_parse_url fails it frees the variable host then the variable host is assigned to thost and then the function goes on and goes to end and then the variable

[openssl.org #3547] [PATCH] Add missing static qualifier

Add missing static qualifier to constant_time_select_int that was introduced in 294d1e36c2495ff00e697c9ff622856d3114f14f -- Kurt Cancemi https://www.x64architecture.com >From 183bd1581c15a164cc2e511e839452401571f05b Mon Sep 17 00:00:00 2001 From: Kurt Cancemi Date: Sun, 28 Sep 2014 15:28:49 -040

[openssl.org #3508] [PATCH] Remove unused variable introduced by b09eb24.

Hello, The following patch removes an unused variable introduced by b09eb24, this also fixes the build with -Werror. >From 6e347fded0c050f4049e5bcbc2647bfdb742c48f Mon Sep 17 00:00:00 2001 From: Kurt Cancemi Date: Thu, 28 Aug 2014 21:43:04 -0400 Subject: [PATCH] Remove unused variable introduced

Re: [openssl.org #3507] [PATCH] Fix memory leaks.

The attached updated patch fixes a style error. --- Kurt Cancemi https://www.x64architecture.com >From d112c3f7b36a60f8af109b90fe5299f7ac049cc6 Mon Sep 17 00:00:00 2001 From: Kurt Cancemi Date: Wed, 27 Aug 2014 20:37:45 -0400 Subject: [PATCH] Fix memory leaks. --- crypto/asn1/x_x509a.c | 2

[openssl.org #3507] [PATCH] Fix memory leaks.

Hello, The attached patch fixes some memory leaks that were found via Coverity. --- Kurt Cancemi https://www.x64architecture.com >From 3d2c713113545255b61efe433e130078d4cf2e22 Mon Sep 17 00:00:00 2001 From: Kurt Cancemi Date: Wed, 27 Aug 2014 20:21:33 -0400 Subject: [PATCH] Fix memory leaks. -

[openssl.org #3506] [PATCH] Fix typos in ssltest.c.

Hello, The attached patch fixes some typos in ssltest.c. --- Kurt Cancemi https://www.x64architecture.com >From ea36aa8516e6e8b16896a089d58b216d38302885 Mon Sep 17 00:00:00 2001 From: Kurt Cancemi Date: Tue, 26 Aug 2014 17:48:43 -0400 Subject: [PATCH] Fix typos in ssltest.c. --- ssl/ssltest.c

Re: [openssl.org #3501] Re: [PATCH] s_server.c: fix typos.

Hello, I noticed in the commit details you put an invalid email address. The email address is instead of the correct . --- Kurt Cancemi https://www.x64Architecture.com On Fri, Aug 22, 2014 at 5:24 PM, Rich Salz via RT wrote: > Fixed in rsalz-monolith branc

[openssl.org #3501] Re: [PATCH] s_server.c: fix typos.

Update patch, the previous version of the patch had corrections to words that were correct in UK English but not in US English, unless the OpenSSL project wants to use US English only now then disregard this updated patch. --- Kurt Cancemi https://www.x64Architecture.com >From 27c9379231ac6cce871

[openssl.org #3411] Fixed possible null pointers if malloc fails

Hello, The attached patch fixes possible null pointers if malloc fails. This was reported by qualitesys (http://marc.info/?l=openssl-dev&m=140243635405343), and I created the fix (no repeat of what happened last time). Regards, Kurt Cancemi >From 033ce19ea9268a81410cd1e07f628dee43dcc3ad Mon Sep

Re: [openssl.org #3375] Patch: Off-by-one errors in ssl_cipher_get_evp()

Hello, Sorry about this whole mess, the issue was discovered and fixed by the OpenBSD team. I reply'd to the original person who discovered my mistake of not attributing the OpenBSD team instead of to this list (I thought I reply'd here). Again i'm sorry for this mess, and all credit for finding a

Re: [openssl.org #3305] Cppcheck report

Hello, The attached patch removes a duplicate or check (the first problem listed in this ticket). Regards, Kurt Cancemi >From 395cd71ac22028da8545e1796e34b757c91c48d3 Mon Sep 17 00:00:00 2001 From: Kurt Cancemi Date: Wed, 18 Jun 2014 04:54:52 -0400 Subject: [PATCH] Removed duplicate or check in

[openssl.org #3375]

Somehow the patch got a > prepended to it, the attached patch removes it. --- Kurt Cancemi http://www.getwnmp.org 0001-Fix-off-by-one-errors-in-ssl_cipher_get_evp.patch Description: Binary data

[openssl.org #3375] Patch: Off-by-one errors in ssl_cipher_get_evp()

Hi, In the ssl_cipher_get_evp() function, there are two off-by-one errors in index validation before accessing arrays. The attached patch fixes the problem. Regards, Kurt Cancemi >From 72e339f36be4a40436b95a0d07d68167605c31e2 Mon Sep 17 00:00:00 2001 From: Kurt Cancemi Date: Wed, 4 Jun 2014 03