OpenSSL vulnerability...

[Markus Friedl]

On Tue, Sep 30, 2003 at 12:06:30PM -0500, hayward at slothmud.org wrote:
> Does OpenSSH use OpenSSL in a way in which it would be vulnerable to the 
> OpenSSL vulnerabilities announced today?    Namely the ASN.1 parsing 
> problem and the malformed key bugs?

no, we avoid the OpenSSL ASN.1 code for signature verification
and we don't support x509.

only reading of _private_ keys triggers the ASN.1 code
in OpenSSH.