On Sun, Apr 26, 2015 at 10:37 PM, Brian Smith br...@briansmith.org wrote:
On Fri, Apr 24, 2015 at 5:54 AM, Emilia Käsper emi...@openssl.org wrote:
commit c028254b12 fixes 1., 2. and 3. (also applied to 1.0.2).
commit 53dd4ddf71 fixes 5 and some of 4.
Still ploughing my way through the rest
Is there any progress on this?
Its been about 5 years, and folks are still having trouble with it. For example:
*
http://stackoverflow.com/questions/29845527/how-to-properly-uninitialize-openssl.
*
http://openssl.6102.n7.nabble.com/Preferred-way-to-free-ssl-comp-methods-td48573.html
*
Although bn_wexpand is a private function within the crypto/bn module, it
is exposed to other modules through bn_int.h. It is used from outside
crypto/bn quite frequently.
bn_wexpand is implemented in terms of a function called bn_expand2:
/*
* This is an internal function that should not be
Hello,
Summary: handle possible failures when writing a message to the event log. In
debug builds, send data to the debugger as a last resort.
Additional data:
1) Operating systems affected: all versions of Windows.
2) OpenSSL versions affected: all versions running on Windows.
Thank you,
This question crops up on occasion: How do you shutdown the OpenSSL
library. See, for example:
* How to properly uninitialize OpenSSL,
http://stackoverflow.com/questions/29845527/how-to-properly-uninitialize-openssl.
* Order of Cleanup to avoid memory leaks?,
A patch was posted a year ago, but it's not merged in.
It looks like typically errors are not checked after calls like
EVP_DigestInit_ex(), is it considered unlikely, or is error always
buffered in context?
+nosy
___
openssl-dev mailing list
To
Hi,
BoringSSL reported an out-of-bounds read in BN_mod_exp_mont_consttime and
appear to have patched it: https://boringssl-review.googlesource.com/#/c/1393/
https://boringssl-review.googlesource.com/#/c/1393/
How serious is this issue? Are there any plans for OpenSSL to use a similar fix
too?
It looks like proposed patch to srp_lib.c is obsolete, there's `return
0` there now.
proposed patch to tasn_new.c is obsolete too, `if (!it)` is checked at
the top of the function.
I think it's time to close this ticket.
+nosy
___
openssl-dev mailing