Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Thu, 10 Apr 2003 16:33:56 -0400 (EDT)
From: "Ryan W. Maple" <ryan@...rdiandigital.com>
To: xvendor@...ts.openwall.com
Subject: Re: openssl blinding and threads?


On Wed, 9 Apr 2003, Nalin Dahyabhai wrote:

> On Wed, Apr 09, 2003 at 09:38:11AM -0700, Seth Arnold wrote:
> > Yesterday, I saw someone on IRC mention that Red Hat's OpenSSL update
> > (either to turn on blinding, or the oracle fix) broke threading, backed up
> > with the idea that recompiling stunnel to use fork() instead of whatever
> > thread library it had been using, caused some problems of his to go away.
> >
> > I wasn't able to drag out better information from him before he
> > dissapeared, but I thought I'd mention it as a heads-up, in case any of
> > you run into similar problems.
>
> There's been some traffic about this on the openssl development list as
> well.  Apparently the blinding changes aren't safe for threaded apps,
> and fixes are coming in 0.9.6j and 0.9.7b (and should be in the current
> snapshots, too), probably Thursday.

This looks like it here:

  http://marc.theaimsgroup.com/?l=openssl-cvs&m=104927702431768&w=2

-r

Please check out the xvendor mailing list charter.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux