e another if it
happens again.
Kind regards,
--
William BONNET
CTO & Founder / The IT Makers
william.bon...@theitmakers.com
GSM +33 689 376 977
twitter @theitmakers
signature.asc
Description: OpenPGP digital signature
in EVP_DecryptFinal_ex when padding is not good
+ (Closes #768681)
+
+ -- William Bonnet wllmb...@gmail.com Sun, 16 Nov 2014 13:46:13 +0100
+
openssl (1.0.1j-1) unstable; urgency=high
* New upstream release
diff -Nru openssl-1.0.1j/debian/patches/EVP_DecryptFinal_ex_missing_EVPerr_call.patch openssl
Hi Jérémy
I'm pretty amazed the problem comes from openssl.
So am i. But after analyzing the problem it really makes sense, let me
try to be more clear.
Did you check upstream openssl ? maybe it's a known bug,
so the Origin field could link to it, ideally.
I did checked upstream, and the
Hi Kurt
I think not returning which error occurred is actually intentional,
since you might
leak that information and turn it into a padding oracle.
But I'll check what the others thinks
Thanks for the feedback.
I have thought of the padding oracle attack, but since all others errors
have a
4 matches
Mail list logo
