Update to PKCS#11 engine patch for 0.9.7m and 0.9.8e OpenSSL versions

I have updated the PKCS#11 engine patch for the latest OpenSSL 0.9.7m version, and what's more important, I finally made a patch for 0.9.8 branch. Both patches incorporate two important fixes for the engine that were fixed recently:

  • 6540060 race in pkcs#11 engine in multithreaded environment
  • 6554248 OpenSSL pkcs#11 engine doesn't strip leading zeros from a computed Diffie-Hellman shared secret

Again, I tested on my laptop (i386, snv_62 that time) and on amd64 Gentoo identifing itself as Gentoo Base System version 1.12.6. It should work probably anywhere where working PKCS#11 backend is installed. If you successfully test it on other systems I'd be very glad to hear from you. Both patches make the engine static, I haven't had time to change it to a dynamic one yet. We must do some more work yet in OpenSolaris about this so that we don't ship crypto-with-a-hole.

I will ask OpenSSL team to put these patches into the project contrib section but in the meantime you can find them here - pkcs11_engine-0.9.7m.patch.2007-05-19 (README as part of the patch) and pkcs11_engine-0.9.8e.patch.2007-05-19 (README).

Please let me know about any problems with those patches.

Comments:

Unable to access links for patches. Is there a new location?

Posted by Steve on June 08, 2007 at 07:51 PM CEST #

Strange, it works for me. Anyway, please use latest patches since they include other fixes.

Posted by Jan on June 09, 2007 at 04:21 AM CEST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Jan Pechanec

Search

Categories
Archives
« February 2015
SunMonTueWedThuFriSat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
       
       
Today