 fox
II/IDEC networks :: obsd.info.14 :: / http://marc.info/?l=openbsd-cvs&m=140652141600559&w=2
|
Login |
[#]
http://marc.info/?l=openbsd-cvs&m=140652141600559&w=2
openbsd-cvs(obsdave,2) — All
2014-07-28 08:55:08
Module name: src
Changes by: guenther@cvs.openbsd.org 2014/07/27 22:23:12
Modified files:
lib/libssl/src/ssl: d1_srvr.c s3_srvr.c ssl_locl.h
Log message:
The RSA, DH, and ECDH temporary key callbacks expect the number of keybits
for the key (expressed in RSA key bits, which makes *no sense* for ECDH) as
their second argument, not zero.
(jsing@ notes that the RSA callback is only invoked for 'export' ciphers,
which have been removed from LibreSSL, and for the SSL_OP_EPHEMERAL_RSA
option, which is makes the application non-compliant. More fuel for the
tedu fire...)
jasper@ noted the breakage and bisected it down to the diff that broke this
ok jsing@ miod@
openbsd-cvs(obsdave,2) — All
2014-07-28 08:55:08
Module name: src
Changes by: guenther@cvs.openbsd.org 2014/07/27 22:23:12
Modified files:
lib/libssl/src/ssl: d1_srvr.c s3_srvr.c ssl_locl.h
Log message:
The RSA, DH, and ECDH temporary key callbacks expect the number of keybits
for the key (expressed in RSA key bits, which makes *no sense* for ECDH) as
their second argument, not zero.
(jsing@ notes that the RSA callback is only invoked for 'export' ciphers,
which have been removed from LibreSSL, and for the SSL_OP_EPHEMERAL_RSA
option, which is makes the application non-compliant. More fuel for the
tedu fire...)
jasper@ noted the breakage and bisected it down to the diff that broke this
ok jsing@ miod@