Re: [openssl.org #2975] [BUG] Regression in Openssl 1.0.1d x86_64: Corrupted data stream
Stephen Henson via RT wrote: Please see if commit 32cc247 fixes this: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=32cc247 Confirmed! Works for me. (But, see P.S., below.) I re-confirmed the error was repeatably reproducible. Applied the patch, and was no longer able to reproduce the error. Reverse-applied the patch, and the error instantly returned. The patch does indeed do the right thing in this case. Thank you! Kris P.S. Was supposed to work from home today due to potentially worst snow in Boston in 35 years. But I could not reproduce the error in this report on my server at home, despite many recompiles of related things into the wee hours. I'm perplexed as to what the difference could be. Same OS, same libraries, at least for Apache and related. Work system is Core-i7 and home is Athlon-II. Did a diff between the output of Configure of both systems and it is identical. (Certificates?) I'll try pushing the binary package at work to home and see if that makes any difference. Ergo, by virtue of the difficulty in reproducing this bug, it might not affect as many people as I first thought.
Re: [openssl.org #2975] [BUG] Regression in Openssl 1.0.1d x86_64: Corrupted data stream
On Thu, Feb 07, 2013 at 10:22:24PM +0100, Stephen Henson via RT wrote: On Thu Feb 07 00:43:10 2013, steve wrote: On Wed Feb 06 23:01:25 2013, bugs-...@moonlit-rail.com wrote: I haven't had a chance (yet?) to bisect the code to find the culprit, but I can take a stab at it if a developer doesn't know off the top of their head just where it might be. Stop gap measure for now is to revert commit 125093b59f3c Please see if commit 32cc247 fixes this: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=32cc247 It will also appear in the next snapshot of OpenSSL 1.0.1. If it does and there are no more reports of serious problems in 1.0.1d we'll roll another release. I don't see any report of issues, anymore. When will you make a new release? Kurt __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2975] [BUG] Regression in Openssl 1.0.1d x86_64: Corrupted data stream
Stephen Henson via RT wrote: Please see if commit 32cc247 fixes this: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=32cc247 Confirmed! Works for me. (But, see P.S., below.) I re-confirmed the error was repeatably reproducible. Applied the patch, and was no longer able to reproduce the error. Reverse-applied the patch, and the error instantly returned. The patch does indeed do the right thing in this case. Thank you! Kris P.S. Was supposed to work from home today due to potentially worst snow in Boston in 35 years. But I could not reproduce the error in this report on my server at home, despite many recompiles of related things into the wee hours. I'm perplexed as to what the difference could be. Same OS, same libraries, at least for Apache and related. Work system is Core-i7 and home is Athlon-II. Did a diff between the output of Configure of both systems and it is identical. (Certificates?) I'll try pushing the binary package at work to home and see if that makes any difference. Ergo, by virtue of the difficulty in reproducing this bug, it might not affect as many people as I first thought. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2975] [BUG] Regression in Openssl 1.0.1d x86_64: Corrupted data stream
On Fri, Feb 08, 2013, Kris Karas via RT wrote: Stephen Henson via RT wrote: Please see if commit 32cc247 fixes this: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=32cc247 Confirmed! Works for me. (But, see P.S., below.) I re-confirmed the error was repeatably reproducible. Applied the patch, and was no longer able to reproduce the error. Reverse-applied the patch, and the error instantly returned. The patch does indeed do the right thing in this case. Thank you! Kris P.S. Was supposed to work from home today due to potentially worst snow in Boston in 35 years. But I could not reproduce the error in this report on my server at home, despite many recompiles of related things into the wee hours. I'm perplexed as to what the difference could be. Same OS, same libraries, at least for Apache and related. Work system is Core-i7 and home is Athlon-II. Did a diff between the output of Configure of both systems and it is identical. (Certificates?) I'll try pushing the binary package at work to home and see if that makes any difference. Ergo, by virtue of the difficulty in reproducing this bug, it might not affect as many people as I first thought. There are two separate cases. One requires AES-NI (e.g. i7) which will get invalid data for any record, but the connection will appear OK. The second affects any platform when short records are transferred: e.g. sending a single character with s_client/s_server. If that happens the connection terminates with a fatal alert. If you transfer larger records (e.g. web server) you'd only see that problem occasionally. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2975] [BUG] Regression in Openssl 1.0.1d x86_64: Corrupted data stream
On 02/07/2013 04:22 PM, Stephen Henson via RT wrote: On Thu Feb 07 00:43:10 2013, steve wrote: On Wed Feb 06 23:01:25 2013, bugs-...@moonlit-rail.com wrote: I haven't had a chance (yet?) to bisect the code to find the culprit, but I can take a stab at it if a developer doesn't know off the top of their head just where it might be. Stop gap measure for now is to revert commit 125093b59f3c Please see if commit 32cc247 fixes this: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=32cc247 It will also appear in the next snapshot of OpenSSL 1.0.1. If it does and there are no more reports of serious problems in 1.0.1d we'll roll another release. Steve. I can confirm, at least from initial testing, the issue is resolved. Thanks for the quick turn around guys! -Brad __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
