The Blue Coat Systems cryptography team is reviewing our usage of OpenSSL and
has discovered the following minor bug. We do not believe that this bug is
exploitable.
In branch master, file evp_pbe.c, observe the function EVP_Cipher_init. At line
175, we see the following:
if (cipher_nid ==
The Blue Coat Systems cryptography team is reviewing our usage of OpenSSL and
has discovered the following minor bug. We do not believe that this bug is
exploitable.
In branch OpenSSL-fips-2_0-stable, file fips_rsa_sign.c observe the function
FIPS_rsa_verify_digest. At line 353 the code looks l
The Blue Coat Systems cryptography team is reviewing our usage of OpenSSL and
has discovered the following minor bug. We do not believe that this bug is
exploitable.
In branch OpenSSL-fips-2_0-stable, file rsa_x931g.c observe the function
RSA_X931_derive_ex. At line 84 we see the following:
oops, fixed :) thanks.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Removed in master. Thanks.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
For the sake of brevity I’ll answer to only some of your points (that I
consider relevant to my views or work).
On 8/10/15, 5:44 , "openssl-dev on behalf of David Woodhouse"
wrote:
>UEFI is widely mocked for how bloated it is, given that the job of a sane
>firmware is to boot the operating as qu
I am trying to determine if the tls_session_secret_cb return value is used to
indicate an unrecoverable error has been encountered
(i.e. bad pointer for data needed to calculate secret) or if it is intended to
be an indicator that the session secret is deemed
invalid (EAP-FAST PAC expired result
est development snapshot.
(openssl-SNAP-20150810.tar.gz)
It seems that this bug
is fixed and there is compilable ecp_nistz256-x86_64.pl,
Both fails with same diagnostics:
...-windres
Invalid syntax: line 6
Investigation shows, that problem is with util/mkrc.pl script
It attempts to open crypto/o
Apologies, previous patch was incomplete. This one actually builds
*and* I committed the last changes and included them this time.
--
David WoodhouseOpen Source Technology Centre
david.woodho...@intel.com Intel Corporation
>From d83c175af
Updated patch. fixing a typo that broke the no-rfc3779 support in
util/mkdef.pl
--
David WoodhouseOpen Source Technology Centre
david.woodho...@intel.com Intel Corporation
>From 03ac2e3a1052c73e030884c2df501c0fe6715e8c Mon Sep 17 00:00:00
> > and recognize two new settings,
> > OPENSSL_NO_ARM_NEON and OPENSSL_ARM_THUMB_ONLY, to accommodate this.
>
> While NO_NEON might make sense, I really see no reason to introduce
> THUMB_ONLY. Because pre-defines set by the compiler driver are
> sufficient.
>
>
> You mean,
On Fri, 2015-08-07 at 15:34 +, Blumenthal, Uri - 0553 - MITLL via
RT wrote:
> Alas, not right now (and here we're in agreement).
>
> However I expect the field to evolve with the threats, and the means
> for using this capability to emerge.
UEFI is widely mocked for how bloated it is, give
1.0.2 long term support
===
The OpenSSL project team would like to announce that the 1.0.2
version will be supported until 2019-12-31.
Further details about the OpenSSL Release Strategy can be found here:
https://www.openssl.org/about/releasestrat.html
The OpenSSL Project Te
13 matches
Mail list logo
