At 10:53 AM 9/5/2006, Mike Tancsa wrote:
Does anyone know the practicality of this attack ? i.e. is this trivial to do ?
Also, for RELENG_6, can someone confirm the patch referenced in http://www.openssl.org/news/patch-CVE-2006-4339.txt be applied with the one change of +{ERR_REASON(RSA_R_PKCS1_PADDING_TOO_SHORT),"pkcs1 padding too short"}, to +{RSA_R_PKCS1_PADDING_TOO_SHORT,"pkcs1 padding too short"},I manually added in the diffs and everything seems to compile and function with some limited testing. I did
cd /usr/src/crypton/openssl/crypto/rsa patch < p cd /usr/src/secure make clean make obj make depend make includes make make install
---Mike
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, [EMAIL PROTECTED]
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
p
Description: Binary data
_______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"
