Error codes aren't part of the API. It's a bit of a grey area in some cases,
but for EVP_DecryptFinal_ex, you really should be checking the return value and
not relying on errors left on stack. In particular, reporting detailed
decryption errors was a historical mistake that has led to serious
Dear all,
I would like to submit a patch to the current sources of openssl. This
patch is fixing a missing error code in the EVP_DecryptFinal_ex function.
During the latest Debian Bug Squashing Party i was working on NodeJS
packaging and trying to fix an issue. I noticed a unit test failure (on
Unfortunately I don't think it is as simple as that. If I understand the
previous change correctly, Emilia has deliberately removed the error message as
part of work to protect against timing attacks. The very act of adding an error
to the error queue could introduce a measurable timing difference
On Sun, Nov 16, 2014 at 09:11:42PM +0100, Matt Caswell via RT wrote:
Unfortunately I don't think it is as simple as that. If I understand the
previous change correctly, Emilia has deliberately removed the error message
as
part of work to protect against timing attacks. The very act of adding
On Sun, Nov 16, 2014 at 09:11:42PM +0100, Matt Caswell via RT wrote:
Unfortunately I don't think it is as simple as that. If I understand the
previous change correctly, Emilia has deliberately removed the error message
as
part of work to protect against timing attacks. The very act of adding
Hi
Unfortunately I don't think it is as simple as that. If I understand the
previous change correctly, Emilia has deliberately removed the error message
as
part of work to protect against timing attacks. The very act of adding an
error
to the error queue could introduce a measurable