[openssl-dev] Forthcoming OpenSSL releases

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Forthcoming OpenSSL releases The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf. These releases will be made available on 19th March. They will

[openssl-dev] [openssl.org #3751] Undefined behavior invoked in aes_core.c

On Mon Mar 16 15:21:24 2015, bernd.edlin...@softing.com wrote: > Hi, > > This gets reported by GCC-5.0.0 with -fsanitize=undefined in OpenSSL > 1.0.0m 5 Jun 2014: > > aes_core.c:1144:30: runtime error: left shift of 136 by 24 places > cannot be represented in type 'int' > aes_core.c:1151:30: runtim

Re: [openssl-dev] [openssl.org #3621] Support legacy CA removal, ignore unnecessary intermediate CAs in SSL/TLS handshake by default

On 16/03/15 09:45, Kai Engert via RT wrote: > Thank you very much for your work on this issue! > In my testing so far, it works as requested. > > I noticed the code changes in x509_vfy.c apply fine on top of the 1.0.2 > stable branch, and the test suite succeeeds. > > Will you consider to add t

[openssl-dev] [openssl.org #3752] Patch to fix thread ID support from FIPS module

The following patch allows CRYPTO_thread_id() to be invoked from the FIPS module. Without this patch the thread ID can not be retrieved properly, leading to thread synchronization issues in the FIPS module. Currently there's no way to exploit this problem since CRYPTO_thread_id() isn't used withi

Re: [openssl-dev] [openssl.org #3711] [RFC PATCH] 1.0.2 regresssion: Wrong SSL version in DTLS_BAD_VER ClientHello

On Mon, 2015-03-09 at 12:11 +0100, Matt Caswell via RT wrote: > Fixed in this commit: > > https://github.com/openssl/openssl/commit/f7683aaf36341dc65672ac2ccdbfd4a232e3626d Thanks. I can confirm that OpenConnect is now working with OpenSSL HEAD again, both with DTLS1_BAD_VER talking to 'legacy' C

Re: [openssl-dev] [openssl.org #3711] [RFC PATCH] 1.0.2 regresssion: Wrong SSL version in DTLS_BAD_VER ClientHello

On Mon, 2015-03-09 at 12:11 +0100, Matt Caswell via RT wrote: > Fixed in this commit: > > https://github.com/openssl/openssl/commit/f7683aaf36341dc65672ac2ccdbfd4a232e3626d Thanks. I can confirm that OpenConnect is now working with OpenSSL HEAD again, both with DTLS1_BAD_VER talking to 'legacy' C

Re: [openssl-dev] Usage of assembler code on ARM architectures

My mistake, it looks like my memory was wrong on two accounts. First, it was AES, not SHA, where I observed the no-asm was faster. Second, it was on the PowerPC cross-compiled target, not ARM. The results from "openssl speed aes-128-cbc" are: type 16 bytes 64 bytes256 bytes

[openssl-dev] [openssl.org #3751] Undefined behavior invoked in aes_core.c

Hi, This gets reported by GCC-5.0.0 with -fsanitize=undefined in OpenSSL 1.0.0m 5 Jun 2014: aes_core.c:1144:30: runtime error: left shift of 136 by 24 places cannot be represented in type 'int' aes_core.c:1151:30: runtime error: left shift of 158 by 24 places cannot be represented in type 'int

[openssl-dev] [openssl.org #3750] Compile 1.0.2 with RC4: rc4_md5_enc not found

Hello, I run ./Configure threads zlib-dynamic linux-x86_64:"gcc -O3 -flto -Wl,-S" && make and then get: make[1]: Entering directory '/home/dilyan/src/openssl-1.0.2/apps' rm -f openssl shlib_target=; if [ -n "" ]; then \ shlib_target=""; \ elif [ -n "" ]; then \ FIPSLD_CC="gcc -O3 -

Re: [openssl-dev] [openssl.org #3621] Support legacy CA removal, ignore unnecessary intermediate CAs in SSL/TLS handshake by default

Thank you very much for your work on this issue! In my testing so far, it works as requested. I noticed the code changes in x509_vfy.c apply fine on top of the 1.0.2 stable branch, and the test suite succeeeds. Will you consider to add this enhancement in a feature release on the 1.0.2 branch? R