santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Berin Lautenbach <be...@wingsofhermes.org>
Subject Re: DO NOT REPLY [Bug 37075] - WINCAPI RSA Signatures Destructor ~WinCAPICryptoKeyRSA does not destroy key
Date Mon, 23 Jan 2006 08:55:30 GMT
<GRIN>.  No apology required!  Rather I should be saying thanks for 
picking up a rather insidious bug!  Most of my testing is with the 
OpenSSL API (I like Linux :>), so I've managed to clear most memory 
leaks out of the main library, but clearly I've missed some pieces in 
the Windows CAPI layer.

Cheers,
	Berin

Steve Cullum wrote:

> Berin,
> 
> Please accept my apologies
> 
> Steve
> ----- Original Message ----- From: "Berin Lautenbach" 
> <berin@wingsofhermes.org>
> To: <security-dev@xml.apache.org>
> Sent: Saturday, January 21, 2006 10:16 PM
> Subject: Re: DO NOT REPLY [Bug 37075] - WINCAPI RSA Signatures 
> Destructor ~WinCAPICryptoKeyRSA does not destroy key
> 
> 
>> Steve,
>>
>> I think everything you refer to below is fixed.  Don't forget that the 
>> CVS repo is now read-only - all updates are happening to SVN.  Have a 
>> look at svn.apache.org.
>>
>> Cheers,
>> Berin
>>
>> Steve Cullum wrote:
>>
>>> Berin,
>>>  Unfortunately i dont have my list of fixes available to me at the 
>>> moment.. im away at the moment.  As soon as i get back to work i will 
>>> take a closer look.
>>>  However I have just taken a look at the  WinCAPICryptoKeyDSA.cpp 
>>> from the html CVS interface and i see there is at least one fix missing
>>>  Inside bool WinCAPICryptoKeyDSA::verifyBase64Signature()
>>>  A tempory hask key "h" is created and not destroyed
>>>  BOOL fResult;
>>> HCRYPTHASH h;
>>> fResult = CryptCreateHash(m_p,
>>> CALG_SHA1,
>>> 0,
>>> 0,
>>> &h);
>>>  This one needs destroying... i am afraid !
>>>  Steve
>>>  PS...
>>>  There was a list of these problems i reported to the mailing list, i 
>>> dont think i sent them to the bugzilla.. sorry!
>>>  The mailing thread was entitled *            [C++] more memory leaks 
>>> in windows WinCAPICryptoXXXX files* 
>>> <http://news.gmane.org/find-root.php?message_id=%3c4F014656062C1140880B2247EDAFD3B102E0750A%40ukspm204.emea.corp.eds.com%3e>

>>>
>>> Subject: *RE: [C++] Memory Leak In DSIGSignature::verify() using RSA 
>>> Signatures with WINCAPI* 
>>> <http://news.gmane.org/find-root.php?message_id=%3c4F014656062C1140880B2247EDAFD3B101068366%40ukspm204.emea.corp.eds.com%3e>

>>>
>>> They are described in 
>>> http://news.gmane.org/gmane.text.xml.security.devel
>>>
>>>  ----- Original Message -----
>>> From: "Berin Lautenbach" <berin@wingsofhermes.org 
>>> <mailto:berin@wingsofhermes.org>>
>>> To: <general@incubator.apache.org <mailto:general@incubator.apache.org>>
>>> Cc: <juice-dev@xml.apache.org <mailto:juice-dev@xml.apache.org>>;

>>> <security-dev@xml.apache.org <mailto:security-dev@xml.apache.org>>;

>>> <wss4j-dev@ws.apache.org <mailto:wss4j-dev@ws.apache.org>>
>>> Sent: Thursday, January 19, 2006 8:26 AM
>>> Subject: Re: [VOTE] Werner as juice committer
>>>
>>>  > Geez - for some reason I thought he already was!!!
>>>  >
>>>  > +1
>>>  >
>>>  > Cheers,
>>>  > Berin
>>>  >
>>>  >
>>>  > Davanum Srinivas wrote:
>>>  >> As part of reviving juice, can we please VOTE werner as a 
>>> committer to
>>>  >> enable him to continue his offline work? [1]
>>>  >>
>>>  >> Here's my +1.
>>>  >>
>>>  >> thanks,
>>>  >> dims
>>>  >>
>>>  >> [1] : 
>>> http://www.nabble.com/Status-of-my-upgrades-and-so-on-t945224.html
>>>  >>
>>>  >> --
>>>  >> Davanum Srinivas : http://wso2.com/blogs/
>>>  >>
>>>  >> 
>>> ---------------------------------------------------------------------
>>>  >> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org 
>>> <mailto:general-unsubscribe@incubator.apache.org>
>>>  >> For additional commands, e-mail: 
>>> general-help@incubator.apache.org 
>>> <mailto:general-help@incubator.apache.org>
>>>  >>
>>>  >>
>>>  >>
>>>  >
>>>  >
>>>  >
>>>  > ---
>>>  > avast! Antivirus: Inbound message clean.
>>>  > Virus Database (VPS): 0603-3, 18/01/2006
>>>  > Tested on: 20/01/2006 11:50:44
>>>  > avast! - copyright (c) 1988-2005 ALWIL Software.
>>>  > http://www.avast.com
>>>  >
>>>  >
>>>  >
>>>
>>> ------------------------------------------------------------------------
>>>
>>> avast! Antivirus <http://www.avast.com>: Outbound message clean.
>>>
>>> Virus Database (VPS): 0603-4, 20/01/2006
>>> Tested on: 21/01/2006 13:43:17
>>> avast! - copyright (c) 1988-2005 ALWIL Software.
>>>
>>>
>>
>>
>>
>> ---
>> avast! Antivirus: Inbound message clean.
>> Virus Database (VPS): 0603-4, 20/01/2006
>> Tested on: 22/01/2006 18:44:16
>> avast! - copyright (c) 1988-2005 ALWIL Software.
>> http://www.avast.com
>>
>>
>>
> 
> 
> 
> ---
> avast! Antivirus: Outbound message clean.
> Virus Database (VPS): 0603-4, 20/01/2006
> Tested on: 22/01/2006 18:45:10
> avast! - copyright (c) 1988-2005 ALWIL Software.
> http://www.avast.com
> 
> 
> 
> 
> 

Mime
View raw message