Hi all, may I draw your attention to this (my) ticket in the OpenSSL bug tracker?
http://rt.openssl.org/Ticket/Display.html?id=3226&user=guest&pass=guest The patch adds various error checks and fixes an undefined return value in case of error that could happen despite the error checking that's in place in the SRP implementation. It's not a nice patch, and it only fixes those parts of the code that I actually need - why bother with polishing a patch for an ugly codebase that is not going to be applied anyhow? Also, it probably won't apply to LibreSSL anymore as-is. If you are interested in pulling it in, I would be willing to clean it up and make it apply to LibreSSL, just let me know. Oh, and thanks for the effort! It's great to see someone finally tackle this, especially when it's people who can reasonably be expected to actually improve things ;-) Regards, Florian
