Re: [openssl.org #3375] Patch: Off-by-one errors in ssl_cipher_get_evp()
On Thu, Jun 12, 2014 at 11:15:18PM +0100, Matt Caswell wrote: On 12/06/14 22:43, Otto Moerbeek wrote: On Thu, Jun 12, 2014 at 10:26:56PM +0200, Matt Caswell via RT wrote: Patch applied: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=abfb989fe0b749ad61f1aa4cdb0ea4f952fc13e0 Many thanks for your contribution. Matt http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/ssl/ssl_ciph.c.diff?r1=1.38;r2=1.39 Again no attribution in problem report and commit. Claiming independent discovery is not going to be credible. The commit *is* attributed. The author is listed as Kurt Cancemi - this is as it is attributed in the patch supplied in the problem report. I cannot say how Kurt found this defect - that is for him to answer. All I can go on is the information supplied to me in the problem report and patch. I had no idea that openbsd had also discovered and fixed this defect until you sent the above link. OK, let's hope Kurt shares his story and the attribution can be retrofitted if needed. -Otto __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
RE: [openssl.org #3395] Can’t Compile 0.9.8za FIPS on Win 7 32 Bit w/ Visual Studio 2010.
You should be using the FIPS Object Module 1.2.x and its associated User Guide. From: Swenson, Ken_S. (IS) [mailto:ken.swen...@ngc.com] Sent: Thursday, June 12, 2014 2:14 PM Thanks for replying. I am using the instructions from section 4.3.1 of UserGuide-2.0.pdf that I found at http://www.openssl.org/docs/fips/. That appears to be the latest one dated September 2013. If I should be using something else, please let me know; thanks! From: Stephen Henson via RT [mailto:r...@openssl.org] Sent: Wednesday, June 11, 2014 8:14 PM On Tue Jun 10 20:53:31 2014, ken.swen...@ngc.com wrote: I issued the command ms\do_fips (also tried w/ ‘no-ec’ option,) it compiles for about 5 minutes, and then throws this error… That's not the correct build procedure. You only call ms\do_fips from the validated module source. Calling it from 0.9.8 tarballs does not produce a validated module. You need to link OpenSSL 0.9.8 to the validate module. See the user guide for details. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3403] Null dereference and memory leak reports for openssl-1.0.1h from Facebook's Infer static analyzer
Hello, these 15 null dereference and memory leak reports, included with comments below, were found by running Facebook¹s Infer static analyzer on openssl-1.0.1h. regards, Peter O¹Hearn Facebook Static Analysis Tools Team 1. File: apps/apps.c REPORT: Null Dereference in apps.c at line 395 pointer arg-data last assigned on line 392 could be null and is dereferenced at line 395 REMARKS: ‹ The call to openssl_malloc on 392 could return NULL. openssl_malloc is a wrapper for malloc. - Note that on line 202 of same file the return value of openssl_malloc is checked for NULL before dereferencing. This true many other places in the codebase - 2. File: apps/apps.c REPORT: Null Dereference in apps/apps.c at line 1545 pointer p last assigned on line 1544 could be null and is dereferenced by call to BUF_strlcpy() at line 1545 REMARKS: ‹ The call to openssl_malloc on 1544 might return NULL. ‹ The call BUF_strlcpy(p,t,len)on 1545 dereferences p: BUF_strlcpy() derefereces its first argument on line 105 of crypto/buffer/buf_str.c, where its definition resides. ‹ There are similar issues with the calls to BUF_strlcat on lines 1547 and 1549 - 3. File: apps/ca.c REPORT: Null Dereference in apps/ca.c at line 2780 pointer revtm last assigned on line 2778 could be null and is dereferenced at line 2780 REMARKS: - The definition of X509_gmtime_adj is in crypto/x509/x509_vfy.c. It calls X509_time_ad which calls X509_time_adj_ex which calls several other things which can return NULL. ‹ The conditions under which X509_gmtime_adj(NULL, 0) returns null are somewhat complex. Calls to X509_gmtime_adj(NULL, 0) are checked for NULL before dereference elsewhere in the codebase; for example, in crypto/cms/cms_sd.c at line 471. -- 4. File: apps/crl2p7.c REPORT: Null Dereference in apps/crl2p7.c at line 144 pointer certflst last assigned on line 143 could be null and is dereferenced by call to sk_push() at line 144 REMARKS - sk_OPENSSL_STRING_new_null() used on line 143 is a wrapper for malloc which can return NULL - sk_OPENSSL_STRING_push(certflst,*(++argv)) on line 144 calls sk_push which dereferences its first argument through st-num on line 246 of crypto/stack/stack.c ‹ sk_OPENSSL_STRING_new_null() is checked for NULL before dereference at other places in the codebase, such as in (app_locks=sk_OPENSSL_STRING_new_null()) == NULL) in crypto/cryptlib.c. --- 5. File: crypto/asn1/a_utctm.c REPORT: Null Dereference in crypto/asn1/a_utctm.c at line 269 pointer tm last assigned on line 263 could be null and is dereferenced at line 269 REMARKS - similar to the gmtime example above in apps/ca.c, time OPENSSL_gmtime - other calls to OPENSSL_gmtime are checked for NULL before dereferencing, such as on line 113 of crypto/asn1/a_time.c -- 6. File: crypto/asn1/asn_mime.c REPORT: Null Dereference in crypto/asn1/asn_mime.c at line 697 pointer headers last assigned on line 669 could be null and is dereferenced by call to sk_push() at line 697 REMARKS: ‹ sk_MIME_HEADER_new(mime_hdr_cmp) at line 669 is a wrapper for malloc which can return NULL ‹ sk_MIME_HEADER_push calls sk_push() in crypto/stack/stack.c, which immediately dereferences its first argument through st-num on line 246 of crypto/stack/stack.c -- 7. File: crypto/asn1/t_x509.c REPORT: Null Dereference in crypto/asn1/t_x509.c at line 478 pointer b last assigned on line 477 could be null and is dereferenced at line 478 REMARKS - The test !*b on line 478 will be anull pointer dereference if b itself it NULL ‹ Calls to X509_NAME_oneline are checked for NULL before dereference elsewhere in the codebase; for example, in crypto/threads/mttest.c, line 707 -- 8. File: ssl/d1_both.c REPORT: Null Dereference in ssl/d1_both.c at line 1184 pointer frag last assigned on line 1182 could be null and is dereferenced at line 1175 REMARKS ‹ dtls1_hm_fragment_new used on line 1182, and defined in this file, is a wrapper for malloc which could return NULL --- 9. File: crypto/asn1/a_gentm.c REPORT: Memory Leak in crypto/asn1/a_gentm.c at line 232 Memory dynamically allocated to s by call to ASN1_STRING_type_new() at line 226 is not reachable after line 232 REMARKS ‹ if allocation succeeds at line 226 and fails at line 230 then s will be leaked at line 232 ‹ Infer also reports leaks at lines 237 and 248 stemming from this same allocation site. 10. File: crypto/asn1/a_utctm.c REPORT: Memory Leak in crypto/asn1/a_utctm.c at line 207 Memory dynamically allocated to s by call to ASN1_STRING_type_new() at line 201 is not reachable after line 207 REMARKS Infer also reports leaks at lines 212, 216, and 224 stemming from this same allocation site. - 11. File: crypto/asn1/ameth_lib.c REPORT: Memory Leak in
[openssl.org #3404] Bug report
Title : SSL_get_error returns SSL_ERROR_SYSCALL but errno is set to 0. How to reproduce? Set up a DTLSconnection. Then send fake DTLS (application data) as the server at high rate (400pps). Mix of fake packets make the problem reproduce more easily. Issue: The ssl_read reports SSL_ERROR_SYSCALL but the errno is set to 0. Please let me know if you need more details. Thanks -Praveen __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #3402] spurios change in perl NET_SSLeay module
On Thu, Jun 12, 2014 at 07:11:24PM +0200, Stephen Henson via RT wrote: On Thu Jun 12 18:16:55 2014, meiss...@suse.de wrote: Hi, The Net-SSLeay perl module failed its testsuite after 1.0.1g - 1.0.1h update. The code looks like this: ... create more X509 certificate stuff ... is(Net::SSLeay::X509_NAME_print_ex($name), O=Company Name,C=UK,CN=Common name text X509, X509_NAME_print_ex); is(unpack(H*,Net::SSLeay::X509_NAME_digest($name, $sha1_digest)), 044d7ea7fddced7b9b63799600b9989a63b36819, X509_NAME_digest); The sha1 sum of the ASN.1 encoding changed. The reason for this is commit git show 3009244da47b989c4cc59ba commit 3009244da47b989c4cc59ba02cf81a4e9d8f8431 Author: Dr. Stephen Henson st...@openssl.org Date: Sun Jun 1 15:03:00 2014 +0100 Set default global mask to UTF8 only. diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c index dedc488..8993264 100644 --- a/crypto/asn1/a_strnid.c +++ b/crypto/asn1/a_strnid.c @@ -74,7 +74,7 @@ static int sk_table_cmp(const ASN1_STRING_TABLE * const *a, * certain software (e.g. Netscape) has problems with them. */ -static unsigned long global_mask = 0xL; +static unsigned long global_mask = B_ASN1_UTF8STRING; void ASN1_STRING_set_default_mask(unsigned long mask) { Should this change the above behaviour? Yes it would change that behaviour. When OpenSSL is asked to construct a DN it uses various criteria to determine what string types to use. for DirectoryString. Before that change it was using some ancient rules which would use long obsolete type. After that change it is brought up to date. Because the string types change that means the encoding and hence the hash will change. Sounds sensible. The ticket could be closed again ;) Ciao, Marcus __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #3402] spurios change in perl NET_SSLeay module
On Thu, Jun 12, 2014 at 07:11:24PM +0200, Stephen Henson via RT wrote: On Thu Jun 12 18:16:55 2014, meiss...@suse.de wrote: Hi, The Net-SSLeay perl module failed its testsuite after 1.0.1g - 1.0.1h update. The code looks like this: ... create more X509 certificate stuff ... is(Net::SSLeay::X509_NAME_print_ex($name), O=Company Name,C=UK,CN=Common name text X509, X509_NAME_print_ex); is(unpack(H*,Net::SSLeay::X509_NAME_digest($name, $sha1_digest)), 044d7ea7fddced7b9b63799600b9989a63b36819, X509_NAME_digest); The sha1 sum of the ASN.1 encoding changed. The reason for this is commit git show 3009244da47b989c4cc59ba commit 3009244da47b989c4cc59ba02cf81a4e9d8f8431 Author: Dr. Stephen Henson st...@openssl.org Date: Sun Jun 1 15:03:00 2014 +0100 Set default global mask to UTF8 only. diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c index dedc488..8993264 100644 --- a/crypto/asn1/a_strnid.c +++ b/crypto/asn1/a_strnid.c @@ -74,7 +74,7 @@ static int sk_table_cmp(const ASN1_STRING_TABLE * const *a, * certain software (e.g. Netscape) has problems with them. */ -static unsigned long global_mask = 0xL; +static unsigned long global_mask = B_ASN1_UTF8STRING; void ASN1_STRING_set_default_mask(unsigned long mask) { Should this change the above behaviour? Yes it would change that behaviour. When OpenSSL is asked to construct a DN it uses various criteria to determine what string types to use. for DirectoryString. Before that change it was using some ancient rules which would use long obsolete type. After that change it is brought up to date. Because the string types change that means the encoding and hence the hash will change. Sounds sensible. The ticket could be closed again ;) Ciao, Marcus __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Minor fixes to openssl ocsp
- Original Message - From: Richard Moore richmoor...@gmail.com To: openssl-dev@openssl.org Sent: Thursday, June 12, 2014 11:13:09 PM Subject: Re: Minor fixes to openssl ocsp On 12 June 2014 17:34, Hubert Kario hka...@redhat.com wrote: - Original Message - I put a couple of fixes as pull requests into github, but haven't seen any movement (eg. reviews). In case it's simply because no one noticed here's a link: https://github.com/openssl/openssl/pulls/richmoore Both look good. Could you also add description of -header to man page? I think that's a good idea, but I'd rather do it as a commit that resolved that by syncing up the man page properly. I've not checked the code but I doubt that -header is the only undocumented option. If fixing the man page is a requirement to get this merged is a requirement then yes, I'll do it, but I'd rather minimise the amount of times I have to mess around with pod files. I know that the man pages are missing description of many options. The point is that at least we can keep them from getting worse. Then the occasional additional fix will be able to bring them closer to the 100% documented, not bring them back to the 90% documented. -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Email: hka...@redhat.com Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
Re: Minor fixes to openssl ocsp
On 13 June 2014 11:12, Hubert Kario hka...@redhat.com wrote: -- *From: *Richard Moore richmoor...@gmail.com *To: *openssl-dev@openssl.org *Sent: *Thursday, June 12, 2014 11:13:09 PM *Subject: *Re: Minor fixes to openssl ocsp On 12 June 2014 17:34, Hubert Kario hka...@redhat.com wrote: - Original Message - I put a couple of fixes as pull requests into github, but haven't seen any movement (eg. reviews). In case it's simply because no one noticed here's a link: https://github.com/openssl/openssl/pulls/richmoore Both look good. Could you also add description of -header to man page? I think that's a good idea, but I'd rather do it as a commit that resolved that by syncing up the man page properly. I've not checked the code but I doubt that -header is the only undocumented option. If fixing the man page is a requirement to get this merged is a requirement then yes, I'll do it, but I'd rather minimise the amount of times I have to mess around with pod files. I know that the man pages are missing description of many options. The point is that at least we can keep them from getting worse. Then the occasional additional fix will be able to bring them closer to the 100% documented, not bring them back to the 90% documented. Perhaps I wasn't clear. I'm saying that once these have gone through, *I* will spend the time to make sure the ocsp man page covers 100% of the available options as a follow up commit. Rich.
RE: [openssl.org #3403] Null dereference and memory leak reports for openssl-1.0.1h from Facebook's Infer static analyzer
Hey, that's very neat. The REPORT part looks automated; are the REMARKS your commentary or does the tool do that too? /r$ -- Principal Security Engineer Akamai Technologies, Cambridge, MA IM: rs...@jabber.me; Twitter: RichSalz
[openssl.org #3402] spurios change in perl NET_SSLeay module
TIcket resolved. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
RE: Broken Pipe / Conn Reset error with OpenSSL on Linux
Another update here is .. We also tried upgrading it to 0.9.8y, but still we had the same issues. Can someone please provide a solution for this ? Thanks Regards Karthikeyan Thirumal From: Thirumal, Karthikeyan Sent: Thursday, June 12, 2014 10:52 PM To: openssl-dev@openssl.org Subject: Broken Pipe / Conn Reset error with OpenSSL on Linux Dear Team, I have a Client (C# .Net) connects to Server (C++ application), a running process using OpenSSL. All these days, we were running the server on a Unix platform - we were receiving few Broken Pipe and Conn Reset by Peer error - But in a very small number. Now we have moved this server to Linux platform RHEL 5.6 and we found that these EPIPE and CONNRESET increased almost by 100 times. FYI, The no. of request to this server is really huge, and there are no reports from the customer (May be they are not reporting). Version of OpenSSL - 0.9.8a Errors : BROKEN PIPE (32) and CONN RESET BY PEER (104). FYI, Checked with my infra-structure guys that the network adapter and the cables of the new server are good. But ideally, we are not facing any problems with the HTTPS (Secure Web transactions), which is again using the OpenSSL on the same Linux host. I also read in some forum that IP tables could be causing some issue. But am not really sure how to narrow down this issue ? Any help is appreciated !!. Thanks in advance. Thanks Regards Karthikeyan Thirumal ** This message and any files or attachments sent with this message contain confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute, copy or use any part of this email. If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return Email. Email transmission cannot be guaranteed to be secure or error-free as information can be intercepted, corrupted, lost, destroyed, late, incomplete or may contain viruses. The sender, therefore, does not accept liability for any errors or omissions in the contents of this message, which arise as a result of email transmission. **
Re: Broken Pipe / Conn Reset error with OpenSSL on Linux
On Fri, Jun 13, 2014 at 10:12 AM, Thirumal, Karthikeyan kthiru...@inautix.co.in wrote: Another update here is .. We also tried upgrading it to 0.9.8y, but still we had the same issues. Can someone please provide a solution for this ? openssl-users mailing list instead of openssl-dev At the TCP layer, the issue is that one peer (or some device in-between that isn't configured properly) is closing the connection before the other side is through reading or writing. I suggest posting to openssl-users list with information about how the connection is terminated (socket APIs and OpenSSL/.Net APIs). Thanks Regards Karthikeyan Thirumal *From:* Thirumal, Karthikeyan *Sent:* Thursday, June 12, 2014 10:52 PM *To:* openssl-dev@openssl.org *Subject:* Broken Pipe / Conn Reset error with OpenSSL on Linux Dear Team, I have a Client (C# .Net) connects to Server (C++ application), a running process using OpenSSL. All these days, we were running the server on a Unix platform – we were receiving few Broken Pipe and Conn Reset by Peer error – But in a very small number. Now we have moved this server to Linux platform RHEL 5.6 and we found that these EPIPE and CONNRESET increased almost by 100 times. FYI, The no. of request to this server is really huge, and there are no reports from the customer (May be they are not reporting). Version of OpenSSL – 0.9.8a Errors : BROKEN PIPE (32) and CONN RESET BY PEER (104). FYI, Checked with my infra-structure guys that the network adapter and the cables of the new server are good. But ideally, we are not facing any problems with the HTTPS (Secure Web transactions), which is again using the OpenSSL on the same Linux host. I also read in some forum that IP tables could be causing some issue. But am not really sure how to narrow down this issue ? Any help is appreciated !!. Thanks in advance. Thanks Regards Karthikeyan Thirumal ** This message and any files or attachments sent with this message contain confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute, copy or use any part of this email. If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return Email. Email transmission cannot be guaranteed to be secure or error-free as information can be intercepted, corrupted, lost, destroyed, late, incomplete or may contain viruses. The sender, therefore, does not accept liability for any errors or omissions in the contents of this message, which arise as a result of email transmission. ** -- Born in Roswell... married an alien... http://emptyhammock.com/ http://edjective.org/
Re: Another security bug, this time in MAC verification...
On 11/06/14 08:23, Matt Caswell wrote: On 11 June 2014 06:47, Otto Moerbeek o...@drijf.net wrote: On Tue, Jun 10, 2014 at 11:35:06PM +0100, Matt Caswell wrote: I can't see a way that this could be exploited. It is a bug though. I've just pushed a fix: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2f1dffa88e1b120add4f0b3a794fbca65aa7768d Matt __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org It's common courtecy to attribute fixes to the original author or at least the project. Well the fix itself was mine, although admittedly it is very similar to the original fix (there are only so many ways you can write that), and differs only in variable names etc. My apologies. I probably should have at least acknowledged the original source. Sorry Didn't think this was left in a particularly acceptable position, so I've done some research into how best to rewrite history. Obviously that's a bad idea for technical reasons so instead I have added a new commit to revert the original one: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=043fd6468986e61f7379bc7e989507f639de8d14 And then reapplied the commit (this time with appropriate attribution): https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=687721a7dcfe2b819cbf913b134eb7682555d8ff Hopefully that is sufficient. My apologies once again. Matt __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3405] 1.0.2 trunk doesn't build on 64-bit linux
The following error occurs using the 20140613 snapshot on the 1.0.2 trunk. The host is a 64-bit CentOS system. This problem does not occur on 32-bit CentOS. gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c -o sha1-x86_64.o sha1-x86_64.s sha1-x86_64.s: Assembler messages: sha1-x86_64.s:1393: Error: no such instruction: `sha1nexte %xmm9,%xmm1' make[2]: *** [sha1-x86_64.o] Error 1 make[2]: Leaving directory `/nobackup/foleyj/102/openssl-1.0.2-stable-SNAP-20140612/crypto/sha' make[1]: *** [subdirs] Error 1 make[1]: Leaving directory `/nobackup/foleyj/102/openssl-1.0.2-stable-SNAP-20140612/crypto' make: *** [build_crypto] Error 1 Here's the gcc version... [foleyj@buildserver1 openssl-1.0.2-stable-SNAP-20140612]$ gcc --version gcc (GCC) 4.4.7 20120313 (Red Hat 4.4.7-4) Copyright (C) 2010 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. /proc/cpuinfo shows... processor: 0 vendor_id: GenuineIntel cpu family: 6 model: 45 model name: Intel(R) Xeon(R) CPU E5-2450 0 @ 2.10GHz stepping: 7 cpu MHz: 1200.000 cache size: 20480 KB physical id: 0 siblings: 16 core id: 0 cpu cores: 8 apicid: 0 initial apicid: 0 fpu: yes fpu_exception: yes cpuid level: 13 wp: yes flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht t m pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good xtopology nonstop_tsc aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid dca sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx lahf_lm i da arat epb xsaveopt pln pts dts tpr_shadow vnmi flexpriority ept vpid bogomips: 4199.54 clflush size: 64 cache_alignment: 64 address sizes: 46 bits physical, 48 bits virtual power management: __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: NPE on malloc in ssl/d1_both.c, ssl/s3_enc.c, ssl/sll_ciph.c, ssl/ssl_sess.c, ssl/t1_lib.c
On Thu, Jun 12, 2014 at 08:05:52PM +0200, dcrue...@qualitesys.com wrote: Thanks Kurt I found ssl/t1_lib.c but not ssl/d1_both.c, ssl/s3_enc.c, ssl/sll_ciph.c, ssl/ssl_sess.c in pull request #131 So can you make patches for those issues and then open a bug in RT about it? Kurt __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org