[openssl.org #3425] Potential padding oracle in evp_enc.c

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[openssl.org #3425] Potential padding oracle in evp_enc.c

Rich Salz via RT
Not sure what you're pointing out. That there are different return values? This
is a local API, so warning users to not expose detail errors would address
this, right?

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: [openssl.org #3425] Potential padding oracle in evp_enc.c

Billy Brumley

Its timing too. Not just return values. Early exit.

BBB

Not sure what you're pointing out. That there are different return values? This
is a local API, so warning users to not expose detail errors would address
this, right?

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]