I believe Intel's C compiler knows about them too.
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031 7217
Oracle Australia
-Original Message-
From: Erik Forsberg via RT [mailto:r...@openssl.org]
Sent: Saturday, 13 August 2016 5:50 AM
To:
I found some dead code in apps/openssl.c which appears to be some legacy
configuration handling.
Patch to remove it is attached.
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031 7217
Oracle Australia
--
Ticket here:
The RSA_memory_lock (crypto/rsa/rsa_lib.c) call isn't mentioned in the
documentation. It also isn't called from anywhere inside OpenSSL.
The rsa.h header file says:
| /* This function needs the memory locking malloc callbacks to be installed */
| int RSA_memory_lock(RSA *r);
The
The doc/crypto/rand.pod file incorrectly documents the prototype for the
RAND_add function. The last argument is a double not an int.
It is correctly documented in the doc/crypto/RAND_add.pod file.
Fix attached.
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network Security &
No, I didn't create an exploit.
If the number of packets is limited to something that small, there won't be an
issue.
It still seems like pqueue out to be excised from the source base and replace
with something simpler.
Regards,
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network
The DTLS packet reassembly code has a performance problem that could result in
a DoS attack being possible.
The DTLS packet reassembly uses the data structure defined in ssl/pqueue.c for
the purpose (it is the only user of this data structure that I can find). This
source file implements a
The openssl application fails to compile with READLINE defined.
The fix is attached.
--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031 7217
Oracle Australia
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4543
Please log in as
Attached is a patch that fixes a typo in the #ifndef OPENSSL_NO_GOST lines in
ssl/s3_lib.c
regards,
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031 7217
Oracle Australia
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4468
Please
If one of the allocation calls succeeds and the other fails, the patched code
will leak memory.
It needs something along the lines of:
if (order != NULL) BN_clear_free(order);
if (d != NULL) BN_clear_free(d);
in the failure case code.
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network
On Tue, 12 Jan 2016 03:36:59 AM Kaduk, Ben via RT wrote:
> There's also the part where asking 'openssl rand' for gigabytes of data
> is not necessarily a good idea -- I believe in the default configuration
> on unix, it ends up reading 32 bytes from /dev/random and using that to
> seed EAY's
Attached is a fix for a multi-threading issue in the policy cache creation code.
Regards,
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031 7217
Oracle Australia
>From 0ab5da60dbea7af41c3b860c1e71851c46346d9b Mon Sep 17 00:00:00 2001
From: Pauli
11 matches
Mail list logo