On Fri, Feb 08, 2013, Kris Karas via RT wrote: > Stephen Henson via RT wrote: > > Please see if commit 32cc247 fixes this: > > > > http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=32cc247 > > Confirmed! "Works for me." (But, see P.S., below.) > > I re-confirmed the error was repeatably reproducible. > Applied the patch, and was no longer able to reproduce the error. > Reverse-applied the patch, and the error instantly returned. > > The patch does indeed do the right thing in this case. > Thank you! > > Kris > > P.S. Was supposed to work from home today due to potentially worst snow > in Boston in 35 years. But I could not reproduce the error in this > report on my server at home, despite many recompiles of related things > into the wee hours. I'm perplexed as to what the difference could be. > Same OS, same libraries, at least for Apache and related. Work system > is Core-i7 and home is Athlon-II. Did a diff between the output of > "Configure" of both systems and it is identical. (Certificates?) I'll > try pushing the binary package at work to home and see if that makes any > difference. Ergo, by virtue of the difficulty in reproducing this bug, > it might not affect as many people as I first thought. >
There are two separate cases. One requires AES-NI (e.g. i7) which will get invalid data for any record, but the connection will appear OK. The second affects any platform when short records are transferred: e.g. sending a single character with s_client/s_server. If that happens the connection terminates with a fatal alert. If you transfer larger records (e.g. web server) you'd only see that problem occasionally. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
