Bugfixes and new functionality in the CAPI engine

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Bugfixes and new functionality in the CAPI engine

Alexey Melnikov
Hi,
I have several patches with bugfixes to engines/e_capi.c, as well as
some new functionality:

1) some memory/resource leaks in e_capi.c

ctx->cspname can be leaked in capi_ctx_set_provname()
hprov is leaked on error in capi_list_containers()
pname is leaked in capi_ctx_set_provname_idx()

2) enabling support for SHA256/SHA512

3) Allow multiple instantiations of the capi.dll

Before this patch on each instantiation of the CAPI ENGINE new OpenSSL
indexes were allocated for storing CAPI related information. On Windows
DLLs share memory, so this resulted in new values overwriting old values.
Later on, when (for example) CAPI context was retrieved in the CAPI ENGINE
instance 1, it was NULL and this was causing crashes. The fix is to only
instantiate indexes once.


Also some new features:

1) Added a new option to the CAPI ENGINE for controlling client
certificate use TLS

This patch adds a new CAPI ENGINE command called "ssl_client_cert_id"
for setting the name of the certificate (e.g. "friendly name" property)
to be used by client side TLS. This option allows suppressing GUI dialog
when only a single certificate with the specified name is present,
which is usually the case for non GUI applications (or services that have
a client component).

I believe all of the above apply to OpenSSL 1.0.0f.

What is the best place to submit these?

Best Regards,
Alexey

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Bugfixes and new functionality in the CAPI engine

Dr. Stephen Henson
On Thu, Jan 12, 2012, Alexey Melnikov wrote:

> Hi,
> I have several patches with bugfixes to engines/e_capi.c, as well as
> some new functionality:
>
> 1) some memory/resource leaks in e_capi.c
>
> ctx->cspname can be leaked in capi_ctx_set_provname()
> hprov is leaked on error in capi_list_containers()
> pname is leaked in capi_ctx_set_provname_idx()
>
> 2) enabling support for SHA256/SHA512
>
> 3) Allow multiple instantiations of the capi.dll
>
> Before this patch on each instantiation of the CAPI ENGINE new OpenSSL
> indexes were allocated for storing CAPI related information. On Windows
> DLLs share memory, so this resulted in new values overwriting old values.
> Later on, when (for example) CAPI context was retrieved in the CAPI ENGINE
> instance 1, it was NULL and this was causing crashes. The fix is to only
> instantiate indexes once.
>
>
> Also some new features:
>
> 1) Added a new option to the CAPI ENGINE for controlling client
> certificate use TLS
>
> This patch adds a new CAPI ENGINE command called "ssl_client_cert_id"
> for setting the name of the certificate (e.g. "friendly name" property)
> to be used by client side TLS. This option allows suppressing GUI dialog
> when only a single certificate with the specified name is present,
> which is usually the case for non GUI applications (or services that have
> a client component).
>
> I believe all of the above apply to OpenSSL 1.0.0f.
>
> What is the best place to submit these?
>

They should be submitted to the request tracker [hidden email]. Note that new
features will never appear in OpenSSL 1.0.0 or 0.9.8 trees just bugfixes.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Bugfixes and new functionality in the CAPI engine

ken@bitzermobile.com
so this is not in 1.01c either?

Dr. Stephen Henson wrote
On Thu, Jan 12, 2012, Alexey Melnikov wrote:

> Hi,
> I have several patches with bugfixes to engines/e_capi.c, as well as
> some new functionality:
>
> 1) some memory/resource leaks in e_capi.c
>
> ctx->cspname can be leaked in capi_ctx_set_provname()
> hprov is leaked on error in capi_list_containers()
> pname is leaked in capi_ctx_set_provname_idx()
>
> 2) enabling support for SHA256/SHA512
>
> 3) Allow multiple instantiations of the capi.dll
>
> Before this patch on each instantiation of the CAPI ENGINE new OpenSSL
> indexes were allocated for storing CAPI related information. On Windows
> DLLs share memory, so this resulted in new values overwriting old values.
> Later on, when (for example) CAPI context was retrieved in the CAPI ENGINE
> instance 1, it was NULL and this was causing crashes. The fix is to only
> instantiate indexes once.
>
>
> Also some new features:
>
> 1) Added a new option to the CAPI ENGINE for controlling client
> certificate use TLS
>
> This patch adds a new CAPI ENGINE command called "ssl_client_cert_id"
> for setting the name of the certificate (e.g. "friendly name" property)
> to be used by client side TLS. This option allows suppressing GUI dialog
> when only a single certificate with the specified name is present,
> which is usually the case for non GUI applications (or services that have
> a client component).
>
> I believe all of the above apply to OpenSSL 1.0.0f.
>
> What is the best place to submit these?
>

They should be submitted to the request tracker rt@openssl.org. Note that new
features will never appear in OpenSSL 1.0.0 or 0.9.8 trees just bugfixes.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majordomo@openssl.org