Welcome! Log In Create A New Profile

Re: OT: OpenSSL 1.0.1f

Forum List Message List New Topic Print View

coderman

January 07, 2014 12:42PM

On Tue, Jan 7, 2014 at 9:35 AM, coderman <coderman@gmail.com> wrote:
>...
> in any case, end result: use 1.0.1f and be happy

and if concerned that your OS distribution or upstream OpenSSL lacks this fix,
confirm yourself via openssl-1.0.1f/crypto/engine/eng_rdrand.c in patched src

if you see !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL)
in the near bottom of file static int bind_helper(ENGINE *e){} definition,
then you are safe from accidental use.

c.f. good ver: openssl-1.0.1f/crypto/engine/eng_rdrand.c
static int bind_helper(ENGINE *e)
{
if (!ENGINE_set_id(e, engine_e_rdrand_id) ||
!ENGINE_set_name(e, engine_e_rdrand_name) ||
!ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) ||
!ENGINE_set_init_function(e, rdrand_init) ||
!ENGINE_set_RAND(e, &rdrand_meth) )
return 0;

return 1;
}

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
OT: OpenSSL 1.0.1f	Jeffrey Walton	January 06, 2014 03:42PM
Re: OT: OpenSSL 1.0.1f	Rob Stradling	January 06, 2014 04:04PM
Re: OT: OpenSSL 1.0.1f	Rob Stradling	January 07, 2014 05:00AM
RE: OT: OpenSSL 1.0.1f	Lukas Tribus	January 06, 2014 05:06PM
Re: OT: OpenSSL 1.0.1f	coderman	January 07, 2014 12:38PM
Re: OT: OpenSSL 1.0.1f	coderman	January 07, 2014 12:42PM
Re: OT: OpenSSL 1.0.1f	itpp2012	January 07, 2014 02:43PM
Re: OT: OpenSSL 1.0.1f	itpp2012	January 08, 2014 05:08AM
Re: OT: OpenSSL 1.0.1f	Aidan Scheller	January 09, 2014 12:18AM
Re: OT: OpenSSL 1.0.1f	itpp2012	January 09, 2014 03:51AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 227

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018