Blog

An old quirky libksba bug

The libksba library, used by GnuPG, provides functions for parsing X.509 cryptographic certificates. I was testing libksba with TIS Interpreter a little over a year

Auditing zlib

zlib is a venerable multi-purpose compression library, first released in May 1995. The first time I installed GNU/Linux was in late 1995, so to me

Trap representations and padding bits

The C programming language does not hide from you how the values you manipulate are represented. One consequence is that when padding happens, its presence

Fiddly buffer overrun in OpenSSL

John’s blog is hosting a post, co-authored by me, about one of the more entertaining “bugs” reported by TrustInSoft in OpenSSL. In this case the