> That said -- to the extent that RSAREF is still being used as a
> crypto library for SSLeay/OpenSSL and SSHv.1 "testbed implementations," in
> the US and elsewhere (?!) -- would not it be easier and safer to address
> this sort of potential problem with a wrapper which checks for appropriate
> input, and flags or blocks unruly exceptions?
I committed a patch to that effect to our RSAREF wrapper functions.
I don't seem to have RSAREF around any more. Someone who does, please
check whether the patch is correct. Once it is confirmed, I think we
should also make it available on the download site.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
