On Tue, Feb 18, 2014, Varma Dantuluri wrote:
> Thanks Steve for the response. Given the current way it is done in
> OpenSSL-1.0.1f, what is the right thing for the application to do? Should
> the application be using a static EC_KEY for each of the curves that are
> supported?
>
For 1.0.1f the c
Thanks Steve for the response. Given the current way it is done in
OpenSSL-1.0.1f, what is the right thing for the application to do? Should
the application be using a static EC_KEY for each of the curves that are
supported?
Thanks
Varma
On Sat, Feb 15, 2014 at 6:36 AM, Dr. Stephen Henson wrote:
On Thu, Feb 13, 2014, Varma Dantuluri wrote:
> In OpenSSL-1.0.1f, in 'ssl3_send_server_key_exchange' function, when all
> the below conditions are true, there is a potential memory leak.
>
> 1) 'type & SSL_kEECDH' is true, (ie the key exchange is ephemeral ecdh)
> 2) 'ecdhp == NULL' && 's->cert->
In OpenSSL-1.0.1f, in 'ssl3_send_server_key_exchange' function, when all
the below conditions are true, there is a potential memory leak.
1) 'type & SSL_kEECDH' is true, (ie the key exchange is ephemeral ecdh)
2) 'ecdhp == NULL' && 's->cert->ecdh_tmp_cb != NULL'
3) 's->cert->ecdh_tmp_cb' mallocs a
