On 02/06/2013 01:37 PM, Dr. Stephen Henson wrote:
A possibility is the AESNI+SHA1 stitched code which is handled as a special case. You'd only see that with AES+SHA1 ciphersuites on AES-NI supporting processors.
DHE-RSA-CAMELLIA256-SHA also has the same issue. I'm thinking it may be a -SHA issue as the only -SHA cipher I've gotten to work so far is RC4-SHA. Note though the TLSv1.2+HIGH ciphers that use SHA256 and greater look fine.
Try disabling AES-NI with OPENSSL_ia32cap=~0x200000200000000 also try entering FIPS mode for a FIPS build with OPENSSL_FIPS=1.
The OPENSSL_ia32cap appears to make it return the error message instead of corruption all the time even when not under valgrind. OPENSSL_FIPS=1 doesn't appear to do anything different (except if I try to use the DHE-RSA-CAMELLIA256-SHA as the ciphersuite it doesn't let me in FIPS mode ... guess that's expected).
Finally you could try reverting the last changes to e_aes_cbc_hmac_sha1.c for test purposes: note this will also make you vulnerable to CVE-2013-0169
I copied that file over from OpenSSL 1.0.1c's tarball and just overwrote the 1.0.1d version and rebuilt. No change. Have you not been able to reproduce this issue? I've seen it on more than one machine. Thanks. -Brad ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org