openssl 0.9.7g --> 0.9.8h ?

Old SourceForge Discussion forum that is now archived. Please use one of the other forums.

openssl 0.9.7g --> 0.9.8h ?

Postby stockpicker » Mon Oct 13, 2008 7:20 pm

Hello All,

I'm now making ebuilds for RetroShare on Gentoo.
I have started from the monolithic ebuild here and split it into a number of ebuilds for miniupnpc, libretroshare, retroshare-ui etc.

However, now I'm making an ebuild for openssl-xpgp, and I wonder whether anyone tried xpgp patches for openssl against newer version 0.9.8h ?
Are there any known issues with that ?

RE: openssl 0.9.7g --> 0.9.8h ?

Postby Dr Bob » Mon Oct 13, 2008 11:15 pm

Hi Stockpicker,

I don't think that the patches would work with 0.9.8h or any 0.9.8 series of openssl.
But you could probably apply the patches to later releases in 0.9.7 series.

In fact I had a copy of it patched up to 0.9.7k or something.

If you have any problems... I'll be glad to help out.

Dr Bob

RE: openssl 0.9.7g --> 0.9.8h ?

Postby stockpicker » Tue Oct 14, 2008 7:53 pm

Hi DrBob,

do you have some kind of tests for openpgp functionality ?
After little hacking, I've compiled openssl 0.9.8h with your patches from
Approx half of patches just worked, the other required manual work, and there were some new changes, for example, because SSL_METHOD structure is a bit longer now.

I am testing it now... are there any other tests available besides tests/pgptest1.c ?
As far as I see, it only loads the certs (this works) and does not do any actual SSL connection.

RE: openssl 0.9.7g --> 0.9.8h ?

Postby Dr Bob » Wed Oct 15, 2008 8:38 pm

If you look in openssl-0.9.7g-xpgp-0.1c/test/ssltest.c

you will find a flag for the USE_PGP or something similar.
switch it on to run the pgp versions of the tests.

you can also find a slightly updated version of openssl-0.9.7g-xpgp-0.1c
if you look in the latest source releases.

Dr Bob

RE: openssl 0.9.7g --> 0.9.8h ?

Postby Dr Bob » Wed Oct 15, 2008 8:42 pm

Oh and I meant to say - congrats on getting the patches to work.
I thought significant parts of 0.9.8 were different - so I never tried the upgrade.

I believe they added a bunch more hooks into the OpenSSL API, which will make
the creation of OpenPGP + OpenSSL quite feasible. Have you seen them?

if it passes the tests, send it out, and we'll upgrade the ssl library.

Dr Bob

RE: openssl 0.9.7g --> 0.9.8h ?

Postby stockpicker » Thu Oct 16, 2008 10:14 am

IMHO I found one memory leak in xPGP_vfy.c. Otherwise, ssltest is passed - shall I submit my patches as a bug attach ?

What looks like memory leak:

--- xPGP_vfy.c.orig 2006-10-07 15:22:20.000000000 +0200
+++ xPGP_vfy.c 2008-10-16 12:07:15.000000000 +0200
@@ -919,7 +919,12 @@
XPGP_SIGNATURE *ss = sk_XPGP_SIGNATURE_value(cert->signs, 0);
EVP_PKEY *key = XPGP_get_pubkey(cert);

- return XPGP_verify_it(cert, ss, key);
+ // memory leak: need to free the key!
+ int ret = XPGP_verify_it(cert, ss, key);
+ EVP_PKEY_free(key);
+ return ret;

RE: openssl 0.9.7g --> 0.9.8h ?

Postby Dr Bob » Thu Oct 16, 2008 11:50 pm

Yeah, there were a couple of memory leaks that I didn't manage to track down.
glad you found one of them ... there might be more.
Not too concerned about their affect on security, but good to fix anyway,

please email to me, or submit as patches, and we will get them included in next release.


Dr Bob

Return to Developers Corner - Archive

Who is online

Users browsing this forum: No registered users and 1 guest