Welcome! Log In Create A New Profile

Advanced

Re: OT: OpenSSL 1.0.1f

coderman
January 07, 2014 12:42PM
On Tue, Jan 7, 2014 at 9:35 AM, coderman <coderman@gmail.com> wrote:
>...
> in any case, end result: use 1.0.1f and be happy


and if concerned that your OS distribution or upstream OpenSSL lacks this fix,
confirm yourself via openssl-1.0.1f/crypto/engine/eng_rdrand.c in patched src

if you see !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL)
in the near bottom of file static int bind_helper(ENGINE *e){} definition,
then you are safe from accidental use.

c.f. good ver: openssl-1.0.1f/crypto/engine/eng_rdrand.c
static int bind_helper(ENGINE *e)
{
if (!ENGINE_set_id(e, engine_e_rdrand_id) ||
!ENGINE_set_name(e, engine_e_rdrand_name) ||
!ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) ||
!ENGINE_set_init_function(e, rdrand_init) ||
!ENGINE_set_RAND(e, &rdrand_meth) )
return 0;

return 1;
}

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

OT: OpenSSL 1.0.1f

Jeffrey Walton January 06, 2014 03:42PM

Re: OT: OpenSSL 1.0.1f

Rob Stradling January 06, 2014 04:04PM

Re: OT: OpenSSL 1.0.1f

Rob Stradling January 07, 2014 05:00AM

RE: OT: OpenSSL 1.0.1f

Lukas Tribus January 06, 2014 05:06PM

Re: OT: OpenSSL 1.0.1f

coderman January 07, 2014 12:38PM

Re: OT: OpenSSL 1.0.1f

coderman January 07, 2014 12:42PM

Re: OT: OpenSSL 1.0.1f

itpp2012 January 07, 2014 02:43PM

Re: OT: OpenSSL 1.0.1f

itpp2012 January 08, 2014 05:08AM

Re: OT: OpenSSL 1.0.1f

Aidan Scheller January 09, 2014 12:18AM

Re: OT: OpenSSL 1.0.1f

itpp2012 January 09, 2014 03:51AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 117
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready