Why is this issue still open? Something wrong with the patch?
The problem described is assigned CVE-2010-5298 and further described in
URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298
and URL: https://security-tracker.debian.org/tracker/CVE-2010-5298 .
--
Happy hacking
Hello Team,
I am experiencing a similar kind of memory leak issue as discussed in
the thread in the subject. Is there a fix for this issue? Could you
please kindly let me know.
Thanks
Sundarlal
__
OpenSSL Project
[Petter Reinholdtsen]
Why is this issue still open? Something wrong with the patch?
I guess not, as I just noticed it was commited today in
URL:
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d1f4b0f3d262edf1cf7023a01d5404945035d5
.
Thank you.
This issue seem to be reported
Hello,
I am trying to upgrade my openSSL version on RHEL5. WHen I tried to update
it using yum commad (it kept pausing with the messages - No packages marked
for update) I found out that this was not installed from the source but was
present along with RHEL in the /usr directory. Following are
You can see a full description in:
http://marc.info/?l=openssl-devm=137766639027317w=2
--
John-Mark Gurney Voice: +1 415 225 5579
All that I will do, has been done, All that I have, has not.
diff --git a/apps/speed.c b/apps/speed.c
index 9232418..f70fd3e
Hello,
I wrote simple application with dtls and in valgrind output I found
memory leak during SSL_connect.
Patch is attached.
Regards,
Martin Brejcha
This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential
This is a second patch to add new Russian standard GOST algorithms.
Needs GOST 34.11-2012 hash implementation listed in RT #3311.
See also both patches required in a pull request on github:
https://github.com/openssl/openssl/pull/75
No test cases added, as there are none present in ccgost nor
Hi ,
Do you have any update on this?
Thanks
SatishKumaar
-Original Message-
From: Satish Kamavaram
Sent: Friday, April 18, 2014 12:29 PM
To: 'r...@openssl.org'
Cc: openssl-dev@openssl.org; Retheesh Ravi
Subject: RE: [openssl.org #3316] Wrong trust chain with new version of openssl
I am not sure if I have to keep ticket number in the subject line to reach you.
Re-sending.
Thanks
SatishKumaar
-Original Message-
From: Satish Kamavaram
Sent: Friday, April 18, 2014 12:29 PM
To: 'r...@openssl.org'
Cc: openssl-dev@openssl.org; Retheesh Ravi
Subject: RE: [openssl.org
Hi Guys
Wouldnt it be much faster to non sidechannel silencing montgomery variants
for muls in ecdsa_do_verify?
I mean since for verify we use only public keys anyways.
ecdsa_do_verify calls generic EC_POINT_mul which calls (plugged in during
init) ec_GFp_mont_field_mul instead of ec_wNAF_mul ?
ec_GFp_mont_field_mul is for the field multiplication. It depends on the
curve, but most GF(p) curves will drill down to a function pointer to
ec_wNAF_mul for the point multiplication. Check crypto/ec/ec_lib.c.
BBB
On Tue, Apr 22, 2014 at 7:10 PM, ; neura...@gmail.com wrote:
Hi Guys
Hi,
For lack of a better name I chose this subject. I have the feeling I
need to ask some questions here, because I - as probably many others
out there - would like to contribute in making a better openssl.
Just to recap a few things that happened:
* Kurt Roeckx asked recently on this list if
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/23/2014 01:30 PM, Hanno Böck wrote:
Hi,
... Basically, what bothers me most is that right now it seems to
me the openssl project is unresponsive. There are people out there
who want to improve things. There are people who want to help. And
Hi OpenSSL Team,
Any suggestions on how to contribute. Are there specific requirements I need
to have?
Thanks,
Daniel
23-Apr-2014 20:48, Billy Brumley пишет:
Please read CVE-2011-1945. You need to propagate the fix in
gost2001_do_sign. If you're unsure, check the comments in
crypto/ecdsa/ecs_ossl.c.
I see the place you refer to. What I can't quite get in this piece is
adding `order` 2 times. Shouldn't the
Am 23.04.2014 19:30, schrieb Hanno Böck:
Hi,
For lack of a better name I chose this subject. I have the feeling I
need to ask some questions here, because I - as probably many others
out there - would like to contribute in making a better openssl.
Just to recap a few things that happened:
*
Hello Team!
I'd like to contribute some stuff too, let me know if I could help.
Thanks,
Fedor.
On Wed, Apr 23, 2014 at 9:17 PM, Daniel Hamacher
danielhamacher...@gmail.com wrote:
Hi OpenSSL Team,
Any suggestions on how to contribute. Are there specific requirements I
need to have?
Hello OpenSSL team!
I would like to offer my help to the project.
Thanks,
-Paul
On Wed, Apr 23, 2014 at 2:50 PM, Fedor Indutny fe...@indutny.com wrote:
Hello Team!
I'd like to contribute some stuff too, let me know if I could help.
Thanks,
Fedor.
On Wed, Apr 23, 2014 at 9:17 PM,
Shruti,
This is probably not the right list to ask that question but i'm
going to help you anyways.
OpenSSL is a library and you can't simply upgrade it across your
entire RHEL installation. What you need is for the packages that you
have installed who have dependencies on OpenSSL to update
On Wed, Apr 23, 2014, Steve Marquess wrote:
On 04/23/2014 01:30 PM, Hanno Böck wrote:
Hi,
... Basically, what bothers me most is that right now it seems to
me the openssl project is unresponsive. There are people out there
who want to improve things. There are people who want to
Say order is m bits. Then k+order is either m or m+1 bits. The condition
fixes it at m+1. (You're right that for most standardized curves the branch
is either negligibly taken or overwhelmingly taken, depending on what the
order looks like.)
BBB
On Apr 23, 2014 12:52 PM, Dmitry Olshansky
Hi Paul,
I misunderstood the community for being a discussion thread for common
issues faced.
Thank you for the help. The yum command does not run as expected
On Wed, Apr 23, 2014 at 4:02 PM, Paul Vander Griend
paul.vandergri...@gmail.com wrote:
Shruti,
This is probably not the right list
Shruti,
No worries. The command should be yum update all. Again, this does
not guarantee that there are not packages that depend on an older
version of openssl. For more questions related to this topic you
should try an RHEL or Fedora forum.
Good luck.
-Paul
On Wed, Apr 23, 2014 at 3:18 PM,
On 23 April 2014 18:17, Daniel Hamacher danielhamacher...@gmail.com wrote:
Any suggestions on how to contribute. Are there specific requirements I need
to have?
Hi Daniel/Fedor/Paul
I am actively seeking people to help out on the OpenSSL Wiki.
Documentation is an area where OpenSSL has
Matt,
Thanks for the information. Coding is definitely more my thing but I
can certainly help out with the documentation until said changes are
announced. That way I don't have to learn two separate processes for
submitting patches.
-Paul
On Wed, Apr 23, 2014 at 3:52 PM, Matt Caswell
On 04/23/2014 04:52 PM, Matt Caswell wrote:
I am actively seeking people to help out on the OpenSSL Wiki.
Documentation is an area where OpenSSL has frequently been criticized
in the past and is an area where we can do something about it NOW.
fwiw, i actually don't think that a wiki is going
I would like to contribute, mainly in coding and stabiliztion and
maintenance of the existing feature set.
I particular, I would like to be able to demonstrate that the
critical code paths in OpenSSL are much less than the 300k lines - in
the spirit that less code means less opportunities for
Hi all -
Dipping my toes into this thread.
Large projects need tools to help manage what's coming in. Matt brings
this point home well below.
Some history, for about 7 or 8 years, I was the ON CRT Chair for Solaris.
The CRT, or Change Review Team, reviewed all changes for the ON (Operating
I stumbled across this a few days ago. Which will at least tell you if the
OS openssl package was patched on RedHat based systems.
rpm -q --changelog openssl
or to save time
rpm -q --changelog openssl | grep CVE
Peter
From: Paul Vander Griend paul.vandergri...@gmail.com
To:
On Wed, Apr 23, 2014 at 07:21:23PM -0400, Daniel Kahn Gillmor wrote:
A serious way to fix this is to have the documentation produced *from*
the code, so that it gets upgraded in sync. For example, neither
x509(1ssl) nor openssl x509 -help ever mention the -sha256 option,
but that option has
On 04/23/2014 09:50 PM, Viktor Dukhovni wrote:
On Wed, Apr 23, 2014 at 07:21:23PM -0400, Daniel Kahn Gillmor wrote:
A serious way to fix this is to have the documentation produced *from*
the code, so that it gets upgraded in sync. For example, neither
x509(1ssl) nor openssl x509 -help ever
On Wed, Apr 23, 2014 at 10:23:11PM -0400, Daniel Kahn Gillmor wrote:
A serious way to fix this is to have the documentation produced *from*
the code, so that it gets upgraded in sync. For example, neither
x509(1ssl) nor openssl x509 -help ever mention the -sha256 option,
but that option
32 matches
Mail list logo