gmane.comp.misc.xvendor

Seth Arnold | 9 Apr 18:36

openssl blinding and threads?

Yesterday, I saw someone on IRC mention that Red Hat's OpenSSL update
(either to turn on blinding, or the oracle fix) broke threading, backed up
with the idea that recompiling stunnel to use fork() instead of whatever
thread library it had been using, caused some problems of his to go away.

I wasn't able to drag out better information from him before he
dissapeared, but I thought I'd mention it as a heads-up, in case any of
you run into similar problems.

--

-- 
"Learning curve encryption is much more powerful than
eliptical curve encryption." -- Alan Olsen

Nalin Dahyabhai | 9 Apr 20:32

Re: openssl blinding and threads?

On Wed, Apr 09, 2003 at 09:38:11AM -0700, Seth Arnold wrote:
> Yesterday, I saw someone on IRC mention that Red Hat's OpenSSL update
> (either to turn on blinding, or the oracle fix) broke threading, backed up
> with the idea that recompiling stunnel to use fork() instead of whatever
> thread library it had been using, caused some problems of his to go away.
> 
> I wasn't able to drag out better information from him before he
> dissapeared, but I thought I'd mention it as a heads-up, in case any of
> you run into similar problems.

There's been some traffic about this on the openssl development list as
well.  Apparently the blinding changes aren't safe for threaded apps,
and fixes are coming in 0.9.6j and 0.9.7b (and should be in the current
snapshots, too), probably Thursday.

Nalin

Ryan W. Maple | 10 Apr 22:33

Re: openssl blinding and threads?


On Wed, 9 Apr 2003, Nalin Dahyabhai wrote:

> On Wed, Apr 09, 2003 at 09:38:11AM -0700, Seth Arnold wrote:
> > Yesterday, I saw someone on IRC mention that Red Hat's OpenSSL update
> > (either to turn on blinding, or the oracle fix) broke threading, backed up
> > with the idea that recompiling stunnel to use fork() instead of whatever
> > thread library it had been using, caused some problems of his to go away.
> >
> > I wasn't able to drag out better information from him before he
> > dissapeared, but I thought I'd mention it as a heads-up, in case any of
> > you run into similar problems.
>
> There's been some traffic about this on the openssl development list as
> well.  Apparently the blinding changes aren't safe for threaded apps,
> and fixes are coming in 0.9.6j and 0.9.7b (and should be in the current
> snapshots, too), probably Thursday.

This looks like it here:

  http://marc.theaimsgroup.com/?l=openssl-cvs&m=104927702431768&w=2

-r

Martin Schulze | 11 Apr 12:23

Re: openssl blinding and threads?

Ryan W. Maple wrote:
> > On Wed, Apr 09, 2003 at 09:38:11AM -0700, Seth Arnold wrote:
> > > Yesterday, I saw someone on IRC mention that Red Hat's OpenSSL update
> > > (either to turn on blinding, or the oracle fix) broke threading, backed up
> > > with the idea that recompiling stunnel to use fork() instead of whatever
> > > thread library it had been using, caused some problems of his to go away.
> > >
> > > I wasn't able to drag out better information from him before he
> > > dissapeared, but I thought I'd mention it as a heads-up, in case any of
> > > you run into similar problems.
> >
> > There's been some traffic about this on the openssl development list as
> > well.  Apparently the blinding changes aren't safe for threaded apps,
> > and fixes are coming in 0.9.6j and 0.9.7b (and should be in the current
> > snapshots, too), probably Thursday.
> 
> This looks like it here:
> 
>   http://marc.theaimsgroup.com/?l=openssl-cvs&m=104927702431768&w=2

If you use it, use the 'Download message RAW' link since the url above
contains a broken patch, the raw message contains the correct one (or
at least one without that showstopper).

Regards,

	Joey

--

-- 
The only stupid question is the unasked one.

(Continue reading)

Martin Schulze | 11 Apr 12:37

Re: openssl blinding and threads?

Martin Schulze wrote:
> Ryan W. Maple wrote:
> > > On Wed, Apr 09, 2003 at 09:38:11AM -0700, Seth Arnold wrote:
> > > > Yesterday, I saw someone on IRC mention that Red Hat's OpenSSL update
> > > > (either to turn on blinding, or the oracle fix) broke threading, backed up
> > > > with the idea that recompiling stunnel to use fork() instead of whatever
> > > > thread library it had been using, caused some problems of his to go away.
> > > >
> > > > I wasn't able to drag out better information from him before he
> > > > dissapeared, but I thought I'd mention it as a heads-up, in case any of
> > > > you run into similar problems.
> > >
> > > There's been some traffic about this on the openssl development list as
> > > well.  Apparently the blinding changes aren't safe for threaded apps,
> > > and fixes are coming in 0.9.6j and 0.9.7b (and should be in the current
> > > snapshots, too), probably Thursday.
> > 
> > This looks like it here:
> > 
> >   http://marc.theaimsgroup.com/?l=openssl-cvs&m=104927702431768&w=2
> 
> If you use it, use the 'Download message RAW' link since the url above
> contains a broken patch, the raw message contains the correct one (or
> at least one without that showstopper).

Sorry, I guess I made a fool out of myself.  The superflous [8] is a
numbered link which was inserted for [0] arbitrarily and lynx displayed
links numbered.  However, still very confusing if lynx with numbered
links is your main browser.

(Continue reading)

Return

Return to gmane.comp.misc.xvendor.

Advertisement

Project Web Page

Information exchange between OS distribution vendors (mostly Linux)

Search Archive

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane