Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Wed, 9 Apr 2003 14:32:06 -0400
From: Nalin Dahyabhai <nalin@...hat.com>
To: xvendor@...ts.openwall.com
Subject: Re: openssl blinding and threads?

On Wed, Apr 09, 2003 at 09:38:11AM -0700, Seth Arnold wrote:
> Yesterday, I saw someone on IRC mention that Red Hat's OpenSSL update
> (either to turn on blinding, or the oracle fix) broke threading, backed up
> with the idea that recompiling stunnel to use fork() instead of whatever
> thread library it had been using, caused some problems of his to go away.
> 
> I wasn't able to drag out better information from him before he
> dissapeared, but I thought I'd mention it as a heads-up, in case any of
> you run into similar problems.

There's been some traffic about this on the openssl development list as
well.  Apparently the blinding changes aren't safe for threaded apps,
and fixes are coming in 0.9.6j and 0.9.7b (and should be in the current
snapshots, too), probably Thursday.

Nalin

Please check out the xvendor mailing list charter.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux