On a closer look, it seemst that libeay 0.8.1 has enough checks in its
RSAREF glue code to protect against this problem. So TTSSH should not be
vulnerable.
For a more accurate assessment, I'll have to wait for a US friend to help
me since I can't legally look at RSAREF myself.
Rob
--
[Robert O'Callahan http://www.cs.cmu.edu/~roc 6th year CMU CS PhD student
"I have seen the burden God has laid on men. He has made everything
beautiful in its time. He has also set eternity in the hearts of men; yet
they cannot fathom what God has done from beginning to end."
--- Ecclesiastes 3:10-11]
