On Fri, Mar 24, 2017 at 01:29:53PM +0100, Richard Levitte wrote:
> In message <20170324121435.gq70...@colo.drijf.net> on Fri, 24 Mar 2017
> 13:14:35 +0100, Otto Moerbeek <o...@drijf.net> said:
>
> otto> On Fri, Mar 24, 2017 at 11:53:10AM +, Blumenthal, Uri - 05
On Fri, Mar 24, 2017 at 11:53:10AM +, Blumenthal, Uri - 0553 - MITLL wrote:
> I personally think this issue is being blown way out of proportion and beyond
> the boundary of reason.
>
> Regards,
> Uri
Is it reasonable to step on the rights of authors with the backing of
large
On Fri, Mar 24, 2017 at 09:40:16AM +0100, Kurt Roeckx wrote:
> On Fri, Mar 24, 2017 at 08:36:02AM +0100, Otto Moerbeek wrote:
> > On Fri, Mar 24, 2017 at 08:21:49AM +0100, Marcus Meissner wrote:
> >
> > > On Fri, Mar 24, 2017 at 07:48:58AM +0100, Otto Moerbeek wrote:
>
On Fri, Mar 24, 2017 at 08:21:49AM +0100, Marcus Meissner wrote:
> On Fri, Mar 24, 2017 at 07:48:58AM +0100, Otto Moerbeek wrote:
> > On Fri, Mar 24, 2017 at 04:11:48AM +, Blumenthal, Uri - 0553 - MITLL
> > wrote:
> >
> > > Apache license is fine for me,
On Fri, Mar 24, 2017 at 04:11:48AM +, Blumenthal, Uri - 0553 - MITLL wrote:
> Apache license is fine for me, while GPL could be problematic.
> Incompatibility with GPLv2 is not a problem for us.
>
> If it is a problem for somebody - feel free to explain the details. Though I
> think the
On Thu, Jul 10, 2014 at 11:26:46AM +0200, Chaney, Benjamin via RT wrote:
Hello,
I have been looking at the OpenSSL source code, and this jumped out as a
possible error. 'n?? is an unsigned before it is passed into ssl3_read_n,
which causes the worry of an overflow. To prevent this, I
On Thu, Jul 03, 2014 at 11:35:15PM +0200, Kurt Roeckx wrote:
On Thu, Jul 03, 2014 at 09:28:47PM +0100, Ben Laurie wrote:
On 3 July 2014 20:06, Kurt Roeckx via RT r...@openssl.org wrote:
On Thu, Jul 03, 2014 at 07:51:28PM +0200, Toralf F?rster via RT wrote:
I think cppcheck is right here
On Fri, Jul 04, 2014 at 08:38:23AM +0200, Kurt Roeckx wrote:
On Fri, Jul 04, 2014 at 08:21:15AM +0200, Otto Moerbeek wrote:
On Thu, Jul 03, 2014 at 11:35:15PM +0200, Kurt Roeckx wrote:
On Thu, Jul 03, 2014 at 09:28:47PM +0100, Ben Laurie wrote:
On 3 July 2014 20:06, Kurt Roeckx via
On Sat, Jun 21, 2014 at 06:15:28PM +0100, Ben Laurie wrote:
On 12 June 2014 23:15, Matt Caswell m...@openssl.org wrote:
On 12/06/14 22:43, Otto Moerbeek wrote:
On Thu, Jun 12, 2014 at 10:26:56PM +0200, Matt Caswell via RT wrote:
Patch applied:
https://git.openssl.org/gitweb/?p
On Sat, Jun 21, 2014 at 09:58:33PM +0100, Matt Caswell wrote:
On 21 June 2014 19:51, Otto Moerbeek o...@drijf.net wrote:
You care confusing the matter. Kurt already expained he got the fix
from OpenBSD. After that explanation, the OpenSSL repo was fixed to
contain the attribution.
I
On Thu, Jun 12, 2014 at 11:15:18PM +0100, Matt Caswell wrote:
On 12/06/14 22:43, Otto Moerbeek wrote:
On Thu, Jun 12, 2014 at 10:26:56PM +0200, Matt Caswell via RT wrote:
Patch applied:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=abfb989fe0b749ad61f1aa4cdb0ea4f952fc13e0
On Thu, Jun 12, 2014 at 10:26:56PM +0200, Matt Caswell via RT wrote:
Patch applied:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=abfb989fe0b749ad61f1aa4cdb0ea4f952fc13e0
Many thanks for your contribution.
Matt
On Tue, Jun 10, 2014 at 11:35:06PM +0100, Matt Caswell wrote:
On 10 June 2014 21:52, Kurt Roeckx k...@roeckx.be wrote:
As far as I can see this is SSLv3 only, and only about the Finish
message.
So it seems that function return the length of the digest, and in
some error cases 0. We'll
On Tue, May 27, 2014 at 05:23:45AM +, mancha wrote:
On Mon, May 26, 2014 at 09:01:53PM +, mancha wrote:
On Mon, May 26, 2014 at 08:49:03PM +, Viktor Dukhovni wrote:
On Mon, May 26, 2014 at 08:20:43PM +, mancha wrote:
For our purposes, the operative question is
On Tue, May 27, 2014 at 08:23:29AM +0200, Otto Moerbeek wrote:
On Tue, May 27, 2014 at 05:23:45AM +, mancha wrote:
On Mon, May 26, 2014 at 09:01:53PM +, mancha wrote:
On Mon, May 26, 2014 at 08:49:03PM +, Viktor Dukhovni wrote:
On Mon, May 26, 2014 at 08:20:43PM +
On Mon, May 12, 2014 at 11:20:19AM +0200, Otto Moerbeek wrote:
On Mon, May 12, 2014 at 01:09:15AM +0200, Matt Caswell via RT wrote:
Patch applied in commit 308505b838e4e3ce8485bb30f5b26e2766dc7f8b. Similar
commits in the 1.0.2, 1.0.1, 1.0.0 and 0.9.8 branches.
Many thanks for your
On Fri, Apr 11, 2014 at 05:51:17PM -0500, Reini Urban wrote:
On 04/11/2014 04:13 PM, Carlos Alberto Lopez Perez wrote:
Probably this blog post provides more information about what Akamai has
been doing related to this issue:
https://blogs.akamai.com/2014/04/heartbleed-update.html
It
On Thu, Apr 10, 2014 at 12:46:23PM -0400, Salz, Rich wrote:
We've been compiling -DOPENSSL_NO_BUF_FREELISTS forever. Our only complaint
is that the BUF is misspelled :)
Theo can be obnoxious. This should not be news to most folks.
Read what Ted wrote. There's is a use after free if you
It is better to use the S_IS* macros instead of only masking with the
S_IF* flags. For example, sb.st_mode S_ISDIR is true also when the
file is actually a unix domain socket.
-Otto
Index: ca.c
===
RCS file:
On Mon, 30 Aug 2004, Andy Polyakov wrote:
Are there any OpenBSD people on the list? Yesterday I was cross-testing
assembler modules in HEAD and noticed that OpenBSD shared build is totally
inoperational. After adjusting rules and fixing up assembler modules to be
compiled with -fPIC, I've
On Mon, 27 Oct 2003, Geoff Thorpe wrote:
Hi y'all,
This is a ping -b to anyone who has an interest in the integer math code
in openssl. Otto and Nils had reported a few discrepencies a while back,
and there is already a RT ticket from Otto about one aspect of this.
However, as I wade
HI,
as requested by Nil Larschs, i'm sending this diff to [EMAIL PROTECTED]
For a discussion of these bugs and fixes, see the thread
http://www.mail-archive.com/[EMAIL PROTECTED]/msg16241.html
-Otto
Index: bn_lib.c
===
On Thu, 25 Sep 2003, Geoff Thorpe wrote:
On September 25, 2003 03:33 am, Nils Larsch wrote:
Otto Moerbeek wrote:
OK, that would amount to the fixes below:
- in BN_cmp, call bn_fix_top just before comparing the two tops.
Not really necessary as the normal BN_* functions
On Wed, 24 Sep 2003, Nils Larsch wrote:
Otto Moerbeek wrote:
Hi,
Moin Otto,
I've been working with the big number lib from the open ssl crypto
library, and I have found the following problem, which is demonstrated by
the program below (you may have to fix the includes if you
On Wed, 24 Sep 2003, Nils Larsch wrote:
BN_cmp has a similiar problem. BN_cmp does not check if the top value
is really correct (but it uses the top value nonetheless) i.e. leading
zeros matters for BN_cmp. I think the best solution to avoid this is
to let BN_add_word (BN_sub_word)
: Otto Moerbeek [EMAIL PROTECTED]
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: BN_add_word bug
Hi,
I've been working with the big number lib from the open ssl crypto
library, and I have found the following problem, which is demonstrated by
the program
26 matches
Mail list logo