Re: Patch to mitigate CVE-2014-3566 ("POODLE")
On Thu, Oct 16, 2014 at 02:50:58PM +0200, Bodo Moeller wrote: > This is not quite the same discussion as in the TLS Working Group, but > I certainly think that the claim that "new SCSV does not help with > [the SSL 3.0 protocol issue related to CBC padding] at all" is wrong, > and that my statement that TLS_FALLBACK_SCSV can be used to counter > CVE-2014-3566 is right. The point is more nuanced and boils down to there being a difference between CVE-2014-3566 (SSLv3's vulnerability to padding oracle attacks on CBC-mode ciphers) and POODLE (an attack that exploits CVE-2014-3566 by leveraging protocol fallback implementations to force peers into SSLv3 communication). TLS_FALLBACK_SCSV does not fix or mitigate CVE-2014-3566. With or without 0x5600, SSLv3 CBC-mode cipher usage is broken. Chrome, Firefox, etc. intentionally implement protocol fallback (which I presume is why there are no MITRE CVE designations for the behavior per se). However, one can make a strong case protocol fallback implementations that are MITM-triggerable deserve CVE designations. TLS_FALLBACK_SCSV could then be accurately described as partially mitigating those CVEs. --mancha pgpLCPRz8jV7G.pgp Description: PGP signature
[openssl.org #3568] Bug: Compiling openssl-1.0.1j on AIX 7.1
Resolved - please see #3567 for details. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3567] compile error with constant_time_locl.h with openssl 0.9.8zc, multiple os's
This is now fixed in development branches and will be addressed in the next release. For 0.9.8, the commits are af32df0a8e662914f78c93736466c746f83dfe84 and 9880f63038a5b9bb8bf5becc18360378cfe7806d We received multiple reports for this issue - thank you all who reported! Emilia __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #3568] Bug: Compiling openssl-1.0.1j on AIX 7.1
I've now pushed the missing commits to stable branches as well. For 0.9.8, they are af32df0a8e662914f78c93736466c746f83dfe84 and 9880f63038a5b9bb8bf5becc18360378cfe7806d Emilia On Fri, Oct 17, 2014 at 9:30 PM, Kyle Chapman wrote: > You can either patch e_os.h or when configuring on aix do: > [ ./Configure | ./config ]-qkeyword=inline > > So as a workaround, add the -qkeyword. -qlanglvl=extc99 works as well > I use: ./config shared threads -qkeyword=inline > Until I patched e_os.h > > Refer to this for the changed to e_os.h > > http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=40155f408985aff2e9f1b61b7cb04a3e518633a1 > > thanks to emilia for pointing to that commit. > > -Original Message- > From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] > On Behalf Of Peter Bruderer via RT > Sent: Friday, October 17, 2014 3:17 PM > Cc: openssl-dev@openssl.org > Subject: [openssl.org #3568] Bug: Compiling openssl-1.0.1j on AIX 7.1 > > Hi there > > > when I compile openssl-1.0.1j on AIX 7.1 I the the following error: > > cc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include > -DOPENSSL_THREADS -qthreaded -D_THREAD_SAFE -DDSO_DLFCN -DHAVE_DLFCN_H -q64 > -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst -DOPENSSL_BN_ASM_MONT > -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -c rsa_pk1.c > "../constant_time_locl.h", line 84.15: 1506-277 (S) Syntax error: possible > missing ';' or ','? > make: 1254-004 The error code from the last command is 1. > > > > have fun ... > Peter Bruderer > -- > Bruderer Research GmbH > CH-8200 Schaffhausen > +41 52 620 26 53 > peter.brude...@brg.ch > > > > > >
RE: [openssl.org #3568] Bug: Compiling openssl-1.0.1j on AIX 7.1
You can either patch e_os.h or when configuring on aix do: [ ./Configure | ./config ]-qkeyword=inline So as a workaround, add the -qkeyword. -qlanglvl=extc99 works as well I use: ./config shared threads -qkeyword=inline Until I patched e_os.h Refer to this for the changed to e_os.h http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=40155f408985aff2e9f1b61b7cb04a3e518633a1 thanks to emilia for pointing to that commit. -Original Message- From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On Behalf Of Peter Bruderer via RT Sent: Friday, October 17, 2014 3:17 PM Cc: openssl-dev@openssl.org Subject: [openssl.org #3568] Bug: Compiling openssl-1.0.1j on AIX 7.1 Hi there when I compile openssl-1.0.1j on AIX 7.1 I the the following error: cc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREADS -qthreaded -D_THREAD_SAFE -DDSO_DLFCN -DHAVE_DLFCN_H -q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -c rsa_pk1.c "../constant_time_locl.h", line 84.15: 1506-277 (S) Syntax error: possible missing ';' or ','? make: 1254-004 The error code from the last command is 1. have fun ... Peter Bruderer -- Bruderer Research GmbH CH-8200 Schaffhausen +41 52 620 26 53 peter.brude...@brg.ch :��I"Ϯ��r�m (Z+�7�zZ)���1���x��hW^��^��%�� ��&jם.+-1�ځ��j:+v���h�
[openssl.org #3571] Re: [PATCH] Segfault in 1.0.1j BIO_reset() compiled with no-ssl2 no-ssl3
On Thu, 16 Oct 2014 16:33:28 +0200, Frank Schmirler wrote > I get the following segfault when trying to send an SSLv3 request to > the reverse proxy "pound", running on openssl-1.0.1j with SSLv2/3 disabled: > > Program received signal SIGSEGV, Segmentation fault. > 0xb77498fa in ssl_ctrl (b=0xb7001010, cmd=1, num=0, ptr=0x0) at bio_ssl.c:312 > 312 if (ssl->handshake_func == ssl->method->ssl_connect) Problem is that ssl23_get_server_method(SSL3_VERSION) returns NULL when compiled with "no-ssl3", setting ssl->method to NULL. The attached patch adds a define to ssl23_get_client_hello(...) to treat the "no-ssl3" just like the "SSL_OP_NO_SSLv3" flag. Regards, Frank openssl-1.0.1j-no_ssl3.patch Description: application/download
[openssl.org #3570] [DOC] ciphers(1) documentation
On https://www.openssl.org/docs/apps/ciphers.html it lists "Pre shared keying (PSK) cipheruites" It should say "cipher suites." __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3569] [PATCH] fix NetWare compilation with branch 1.0.1 / 1.0.2
Attached patch adds: - a recursive "ssl" include since NetWare CodeWarrior compiler doesnt properly lookup includes when in same directory as the C file which includes it. --- util/pl/netware.pl.orig Tue Jul 22 21:41:23 2014 +++ util/pl/netware.pl Fri Aug 08 13:52:43 2014 @@ -212,7 +212,7 @@ #Turned off the "possible" warnings ( -w nopossible ). Metrowerks #complained a lot about various stuff. May want to turn back #on for further development. - $cflags.=" -nostdinc -ir crypto -ir engines -ir apps -I$include_path \\ + $cflags.=" -nostdinc -ir crypto -ir ssl -ir engines -ir apps -I$include_path \\ -msgstyle gcc -align 4 -processor pentium -char unsigned \\ -w on -w nolargeargs -w nopossible -w nounusedarg -w nounusedexpr \\ -w noimplicitconv -relax_pointers -nosyspath -maxerrors 20"; please apply to OpenSSL 1.0.1 and 1.0.2 branch. Thanks! --- util/pl/netware.pl.orig Tue Jul 22 21:41:23 2014 +++ util/pl/netware.pl Fri Aug 08 13:52:43 2014 @@ -212,7 +212,7 @@ #Turned off the "possible" warnings ( -w nopossible ). Metrowerks #complained a lot about various stuff. May want to turn back #on for further development. - $cflags.=" -nostdinc -ir crypto -ir engines -ir apps -I$include_path \\ + $cflags.=" -nostdinc -ir crypto -ir ssl -ir engines -ir apps -I$include_path \\ -msgstyle gcc -align 4 -processor pentium -char unsigned \\ -w on -w nolargeargs -w nopossible -w nounusedarg -w nounusedexpr \\ -w noimplicitconv -relax_pointers -nosyspath -maxerrors 20";
[openssl.org #3568] Bug: Compiling openssl-1.0.1j on AIX 7.1
Hi there when I compile openssl-1.0.1j on AIX 7.1 I the the following error: cc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREADS -qthreaded -D_THREAD_SAFE -DDSO_DLFCN -DHAVE_DLFCN_H -q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -c rsa_pk1.c "../constant_time_locl.h", line 84.15: 1506-277 (S) Syntax error: possible missing ';' or ','? make: 1254-004 The error code from the last command is 1. have fun ... Peter Bruderer -- Bruderer Research GmbH CH-8200 Schaffhausen +41 52 620 26 53 peter.brude...@brg.ch smime.p7s Description: S/MIME cryptographic signature
[openssl.org #3567] compile error with constant_time_locl.h with openssl 0.9.8zc, multiple os's
Openssl version: 0.9.8zc Platforms/os: hpux parisc 11iv1, 11iv2 and hpux ia64 11iv3 and aix 6.1, 7.1 Aix compiler versions: aix 6.1 -- xlc 9, aix 7.1 -- xlc 11.1 Hpux compiler versions: parisc 11iv1 -- B.11.11.20, parisc 11iv2 -- C.11.23.09, ia64 11iv3 -- C.11.31.04.2 ./config shared threads Resulting config options for: aix-cc, hpux-parisc2-cc, hpux-ia64-cc AIX compile failure: (same on both versions) making all in crypto/rsa... gmake[2]: Entering directory `/san/dev/ssl/0.9.8/crypto/rsa' cc -I.. -I../.. -I../../include -DOPENSSL_THREADS -qthreaded -D_THREAD_SAFE -DDSO_DLFCN -DHAVE_DLFCN_H -q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst -I/usr/local/include -I/usr/local/ssl/include -c -o rsa_eay.o rsa_eay.c cc -I.. -I../.. -I../../include -DOPENSSL_THREADS -qthreaded -D_THREAD_SAFE -DDSO_DLFCN -DHAVE_DLFCN_H -q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst -I/usr/local/include -I/usr/local/ssl/include -c -o rsa_gen.o rsa_gen.c cc -I.. -I../.. -I../../include -DOPENSSL_THREADS -qthreaded -D_THREAD_SAFE -DDSO_DLFCN -DHAVE_DLFCN_H -q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst -I/usr/local/include -I/usr/local/ssl/include -c -o rsa_lib.o rsa_lib.c cc -I.. -I../.. -I../../include -DOPENSSL_THREADS -qthreaded -D_THREAD_SAFE -DDSO_DLFCN -DHAVE_DLFCN_H -q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst -I/usr/local/include -I/usr/local/ssl/include -c -o rsa_sign.o rsa_sign.c cc -I.. -I../.. -I../../include -DOPENSSL_THREADS -qthreaded -D_THREAD_SAFE -DDSO_DLFCN -DHAVE_D LFCN_H -q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst -I/usr/local/include -I/usr/local/ssl/include -c -o rsa_saos.o rsa_saos.c cc -I.. -I../.. -I../../include -DOPENSSL_THREADS -qthreaded -D_THREAD_SAFE -DDSO_DLFCN -DHAVE_DLFCN_H -q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst -I/usr/local/include -I/usr/local/ssl/include -c -o rsa_err.o rsa_err.c cc -I.. -I../.. -I../../include -DOPENSSL_THREADS -qthreaded -D_THREAD_SAFE -DDSO_DLFCN -DHAVE_DLFCN_H -q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst -I/usr/local/include -I/usr/local/ssl/include -c -o rsa_pk1.o rsa_pk1.c "../constant_time_locl.h", line 84.15: 1506-277 (S) Syntax error: possible missing ';' or ','? gmake[2]: *** [rsa_pk1.o] Error 1 gmake[2]: Leaving directory `/san/dev/ssl/0.9.8/crypto/rsa' gmake[1]: *** [subdirs] Error 1 gmake[1]: Leaving directory `/san/dev/ssl/0.9.8/crypto' gmake: *** [build_crypto] Error 1 gmake error HPUX parisc compile failure: making all in crypto/rsa... gmake[2]: Entering directory `/san/dev/ssl/0.9.8/crypto/rsa' /opt/ansic/bin/cc -I.. -I../.. -I../../include +Z -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DL +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -I/usr/local/include -I/usr/local/ssl/include -c -o rsa_eay.o rsa_eay.c /opt/ansic/bin/cc -I.. -I../.. -I../../include +Z -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DL +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -I/usr/local/include -I/usr/local/ssl/include -c -o rsa_gen.o rsa_gen.c /opt/ansic/bin/cc -I.. -I../.. -I../../include +Z -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DL +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -I/usr/local/include -I/usr/local/ssl/include -c -o rsa_lib.o rsa_lib.c /opt/ansic/bin/cc -I.. -I../.. -I../../include +Z -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DL +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -I/usr/local/include -I/usr/local/ssl/include -c -o rsa_sign.o rsa_sign.c /opt/ansic/bin/cc -I.. -I../.. -I../../include +Z -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DL +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -I/usr/local/include -I/usr/local/ssl/include -c -o rsa_saos.o rsa_saos.c /opt/ansic/bin/cc -I.. -I../.. -I../../include +Z -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DL +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -I/usr/local/include -I/usr/local/ssl/include -c -o rsa_err.o rsa_err.c /opt/ansic/bin/cc -I.. -I../.. -I../../include +Z -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DL +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -I/usr/local/include -I/usr/local/ssl/include -c -o rsa_pk1.o rsa_pk1.c cc: "../constant_time_locl.h", line 79: error 1000: Unexpected symbol: "unsigned". cc: "../constant_time_locl.h", line 84: error 1000: Unexpected symbol: "unsigned". cc: "../constant_time_locl.h", line 86: error 1000: Unexpected symbol: "unsigned". cc: "../constant_time_locl.h", line 91: error 1000: Unexpected symbol: "unsigned". cc: "../constant_time_locl.h", line 93: error 1000: Unexpected symbol: "unsigned". cc: "../constant_time_locl.h", line 98: error 1000: Unexpected symbol: "unsigned". cc: "../constant_time_locl.h", line 100: error 1000: Unexpected symbol: "unsigned". cc: "../constant_time_locl.h", line 106: error 1000: Unexpected symbol: "unsigned". cc:
Building win64 openssl static library with no-ssl3 option fails on 1.0.1j
Hello, I want to disable SSLv3 for a tomcat / tcnative deployment on Windows. Tomcat lacks the ability to disable SSLv3 while retaining TLSv1.1 and TLSv1.2, so I'm attempting to disable SSLv3 at build time with no-ssl3. This was successful on Linux, but not on Windows. I was able to build on Windows with the following procedure. 1. Install Strawbery perl 2. Open Visual Studio x64 Cross Tools Command prompt %comspec% /k "C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\vcvarsall.bat" x86_amd64 3. Change to the directory containing openssl sources cd C:\openssl-1.0.1j 4. Configure the openssl build perl Configure VC-WIN64A no-ssl2 5. Prepare the target environment ms\do_win64a 6. Clean up previous compliation nmake -f ms\nt.mak clean 7. Build nmake -f ms\nt.mak 8. Test the build nmake -f ms\nt.mak test Once I add the no-ssl3 option, compilation of the 64-bit static library fails with the following. Building OpenSSL lib /nologo /out:out32\ssleay32.lib @C:\Users\arthurr\AppData\Local\Temp\nm96B5.tmp link /nologo /subsystem:console /opt:ref /debug /out:out32\constant_time_test.exe @C:\Users\arthurr\AppData\Local\Temp\nm96D5.tmp LINK : fatal error LNK1181: cannot open input file 'out32\ssleay32.lib' NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\BIN\x86_amd64\link.EXE"' : return code '0x49d' Stop. I see there was a fix for no-ssl3 in 1.0.1j, but it may still be an issue with Windows builds? The error isn't descriptive, but perhaps a openssl-dev could try reproducing the issue. I feel pretty confident this a issue with the build scripts for Windows. I initially tried the openssl-users list, but didn't get any responses. -- Arthur Ramsey Systems Administrator Mediture arthur_ram...@mediture.com 952.400.0323 This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer atprivacyoffi...@mediture.com.
SSL_get_peer_certificate giving empty certificate on Yosemite.
Hi, I am using below code to get domain name/server name from IP address on Mac OS X. But SSL_get_peer_certificateis returning empty certificate for twitter and some of the https sites. This problem I am facing from Yesterday. After Yosemite release. Log: 22:33:44 SSLUtil::ConnectToServerAsync in progress 23.52.67.194 22:33:45 successfully connected and got file descriptor 1 22:33:45 SSLUtil::ConnectToServerAsync connect success 36 22:33:45 SSL_ERROR_WANT_READ 22:33:45 sockstate read 4 22:33:45 SOCKET_OPERATION_OK 22:33:45 SSLUtil::RetrieveNameUsingSSL certificate empty --- Source code: bool SSLUtil::RetrieveNameUsingSSL(int &sock , std::string &serverName) { serverName=""; SSL_library_init(); SSL_METHOD *meth=SSLv3_method(); SSL_CTX *sslctx=SSL_CTX_new(meth); if(!sslctx) { //printf("SSL_CTX_new failed"); MCLOG("SSLUtil::RetrieveNameUsingSSL SSL_CTX_new failed "); //close(sock); return false; } SSL_CTX_set_verify(sslctx,SSL_VERIFY_NONE,NULL); SSL *ssl =SSL_new(sslctx); if(!ssl) { //printf("SSL_new failed\n"); close(sock); MCLOG("SSLUtil::RetrieveNameUsingSSL SSL_new failed "); //exit(4); return false; } int status=SSL_set_fd(ssl,sock); if(!status) { //printf("SSL_set_fd failed\n"); close(sock); //exit(5); MCLOG("SSLUtil::RetrieveNameUsingSSL SSL_set_fd failed "); return false; } status = SSL_connect(ssl); int error=SSL_get_error(ssl,status); //printf("Error %d\n",error); switch(error) { case SSL_ERROR_NONE: //printf("connect successful\n"); break; case SSL_ERROR_ZERO_RETURN: //printf("peer close ssl connection \n"); break; case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_WRITE: { time_t seconds; time_t future; time_t now; seconds = time(NULL); future = seconds + 2; MCLOG("SSLUtil::RetrieveNameUsingSSL Before SSL_ERROR_WANT_READ & SSL_ERROR_WANT_WRITE"); while(error == SSL_ERROR_WANT_READ || error == SSL_ERROR_WANT_WRITE) { status = SSL_connect(ssl); if(!WaitOnSocket(sock,TIMEOUT_SERVER)) { MCLOG("WaitOnSocket func failed"); break; } now = time(NULL); if(now > future) { MCLOG("*** break"); break; } error=SSL_get_error(ssl,status); if(error == SSL_ERROR_NONE) { MCLOG("SSL_ERROR_NONE"); break; } } } break; default: MCLOG("SSLUtil::RetrieveNameUsingSSL failed ",error); //printf("connect error is %d\n",error); break; } X509* server_cert = SSL_get_peer_certificate (ssl); if (server_cert != NULL) { //MessageLog.Write("Server certificate"); //str = X509_NAME_oneline(X509_get_subject_name(server_cert),0,0); X509_NAME * name = X509_get_subject_name(server_cert); charstr[512] = {} ; X509_NAME_get_text_by_NID(name, NID_commonName, str, 512); if(str != NULL) { serverName = str; //MessageLog.Write("Domain name :", str); //MessageLog.Write("Successfully fetched the certificate"); } else { MCLOG("SSLUtil::RetrieveNameUsingSSL server name empty "); } X509_free (server_cert); } else { MCLOG("SSLUtil::RetrieveNameUsingSSL certificate empty "); } if(ssl) { error = SSL_shutdown(ssl); if(error == -1) { //MessageLog.Write("Failed to do SSLShutdown"); MCLOG("SSLUtil::RetrieveNameUsingSSL SSLShutdown failed "); } // Free the SSL structure //MessageLog.Write("free SSL structure"); SSL_free(ssl); } // Free the SSL_CTX structure if(sslctx) { SSL_CTX_free(sslctx); } return (!serverName.empty()); } Why I am getting empty certificate?? I tried adding cipher "SSL_set_cipher_list(ssl,"SSL_RSA_WITH_RC4_128_SHA); Thanks and Regards, Madhavi G.
[openssl.org #3547] [PATCH] Add missing static qualifier
Applied to all branches, thanks! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [PATCH] Two typos in the 'enc' man page
On 17 October 2014 04:44, Alex Weber wrote: > Not much else to say about this. :) Hi Alex Please can you submit patches to "r...@openssl.org"? They automatically get copied to this list too. That way we can track them properly. Patches sent directly to this list will have a tendency to be lost/forgotten about. Thanks Matt __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: In the scope of a sub-subversion maintenance bump...
On 17/10/14 06:15, wr...@rowe-clan.net wrote: > How did C 'inline' become a mandatory feature, particularly as a > security release? It isn't - there is no change in policy here, just a known issue with the release. "inline" is (supposed to be) used only if the compiler supports it. See: http://marc.info/?l=openssl-users&m=141349050628983&w=2 The code in question was introduced as part of security hardening work to improve the constant time behaviour of certain sections of code. Matt __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org