Re: http://www.openssl.org/news/secadv_20060905.txt
- From: Mike Tancsa <mike@xxxxxxxxxx>
- Date: Tue, 05 Sep 2006 11:56:30 -0400
At 10:53 AM 9/5/2006, Mike Tancsa wrote:
Does anyone know the practicality of this attack ? i.e. is this trivial to do ?
Also, for RELENG_6, can someone confirm the patch referenced in
http://www.openssl.org/news/patch-CVE-2006-4339.txt
be applied with the one change of
+{ERR_REASON(RSA_R_PKCS1_PADDING_TOO_SHORT),"pkcs1 padding too short"},
to
+{RSA_R_PKCS1_PADDING_TOO_SHORT,"pkcs1 padding too short"},
I manually added in the diffs and everything seems to compile and function with some limited testing. I did
cd /usr/src/crypton/openssl/crypto/rsa
patch < p
cd /usr/src/secure
make clean
make obj
make depend
make includes
make
make install
---Mike
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike@xxxxxxxxxx
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
Attachment:
p
Description: Binary data
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- References:
- http://www.openssl.org/news/secadv_20060905.txt
- From: Mike Tancsa
- http://www.openssl.org/news/secadv_20060905.txt
- Prev by Date: http://www.openssl.org/news/secadv_20060905.txt
- Next by Date: Re: http://www.openssl.org/news/secadv_20060905.txt
- Previous by thread: http://www.openssl.org/news/secadv_20060905.txt
- Next by thread: Re: http://www.openssl.org/news/secadv_20060905.txt
- Index(es):
Relevant Pages
|
|
