[openssl-dev] [openssl.org #3622] bug: crypto, valgrind reports improper memory access with AES128 cbc and longer plaintext
Tomas Mraz via RT
rt at openssl.org
Thu Dec 11 13:52:32 UTC 2014
On St, 2014-12-10 at 18:35 +0100, Andy Polyakov via RT wrote:
> > Excellent. My summary is:
> > - valgrind complaints about 1.0.1 OpenSLL are extremely unlikely to affect my program in operation (you will probably say "will not affect")
>
> Well, as there is suggestion of what I would say, I would only say that
> it's false positive.
>
> > - when OpenSLL 1.0.2 eventually percolates through to Ubuntu and Fedora valgrind will stop complaining.
>
> Another alternative is that they recognize it as bug worthy fixing,
> valgrind or OpenSSL. Even though I argue that it's valgrind bug, I'm
> ready to assist in addressing the issue on OpenSSL side. In other words
> try to report it to your favorite distro vendor. Refer to this ticket.
> But for now, I'm dismissing the case.
As the Fedora OpenSSL maintainer I would say it is not worth fixing in
OpenSSL. We will rebase to 1.0.2 final in Fedora Rawhide once it is
released.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
(You'll never know whether the road is wrong though.)
More information about the openssl-dev
mailing list