nother if it
happens again.
Kind regards,
--
William BONNET
CTO & Founder / The IT Makers
william.bon...@theitmakers.com
GSM +33 689 376 977
twitter @theitmakers
signature.asc
Description: OpenPGP digital signature
Hi Kurt
> I think not returning which error occurred is actually intentional,
since you might
> leak that information and turn it into a padding oracle.
> But I'll check what the others thinks
Thanks for the feedback.
I have thought of the padding oracle attack, but since all others errors
have
Hi Jérémy
> I'm pretty amazed the problem comes from openssl.
So am i. But after analyzing the problem it really makes sense, let me
try to be more clear.
> Did you check upstream openssl ? maybe it's a known bug,
> so the "Origin" field could link to it, ideally.
I did checked upstream, and the p
de in EVP_DecryptFinal_ex when padding is not good
+ (Closes #768681)
+
+ -- William Bonnet Sun, 16 Nov 2014 13:46:13 +0100
+
openssl (1.0.1j-1) unstable; urgency=high
* New upstream release
diff -Nru openssl-1.0.1j/debian/patches/EVP_DecryptFinal_ex_missing_EVPerr_call.patch openssl-1.0.1j/d
4 matches
Mail list logo
