In HEAD, FULL_UNROLL is #undef-ed in aes_locl.h, which means that it's never
defined in either of the two files that use it (aes_misc.c and aes_core.c).
Is there any reason that it was left in the code base?
Thanks,
Paul
__
Hi. openssl 1.0.1c and its man pages don't tell the full story about
support for secure hash algorithms, especially the SHA family. The
attached patch fixes this. Though it's a bit clunky.
FWIW "openssl dss1" seems to be an alias for sha1 and the output is
reported as DSA. But we can't have
This is almost identical to an issue we found with openssl 1.0.1b and
Juniper SBR version v6.13.4949
In our case we traced it to the heartbeat extension. When the extension is
sent in the ClientHello PEAP negotiation fails with fatal bad certificate
alert.
By adding # define OPENSSL_NO_HEARTBEATS t
