Re: [Bitcoin-development] OpenSSL 1.0.0p / 1.0.1k incompatible, causes blockchain rejection.

2015-01-12 Thread Wladimir
On Sat, Jan 10, 2015 at 12:18 PM, Ivan Jelincic para...@archlinux.info wrote: Is openssl1.0.1j unaffected? Yes. It concerns CVE-2014-8275. Which in https://www.openssl.org/news/openssl-1.0.1-notes.html is under: Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015] Wladimir

Re: [Bitcoin-development] OpenSSL 1.0.0p / 1.0.1k incompatible, causes blockchain rejection.

2015-01-10 Thread Wladimir
On Sat, Jan 10, 2015 at 4:26 AM, Gregory Maxwell gmaxw...@gmail.com wrote: https://github.com/bitcoin/bitcoin/commit/488ed32f2ada1d1dd108fc245d025c4d5f252783 (versions of this will be backported to other stable branches soon) For those that build from source, patches to cope with the new

Re: [Bitcoin-development] OpenSSL 1.0.0p / 1.0.1k incompatible, causes blockchain rejection.

2015-01-10 Thread Ivan Jelincic
Is openssl1.0.1j unaffected? On 01/10/2015 09:35 AM, Wladimir wrote: On Sat, Jan 10, 2015 at 4:26 AM, Gregory Maxwell gmaxw...@gmail.com wrote: https://github.com/bitcoin/bitcoin/commit/488ed32f2ada1d1dd108fc245d025c4d5f252783 (versions of this will be backported to other stable branches soon)

[Bitcoin-development] OpenSSL 1.0.0p / 1.0.1k incompatible, causes blockchain rejection.

2015-01-09 Thread Gregory Maxwell
OpenSSL 1.0.0p / 1.0.1k was recently released and is being pushed out by various operating system maintainers. My review determined that this update is incompatible with the Bitcoin system and could lead to consensus forks. Bitcoin Core released binaries from Bitcoin.org are unaffected, as are

Re: [Bitcoin-development] OpenSSL 1.0.0p / 1.0.1k incompatible, causes blockchain rejection.

2015-01-09 Thread Peter Todd
On Sat, Jan 10, 2015 at 04:26:23AM +, Gregory Maxwell wrote: The incompatibility is due to the OpenSSL update changing the behavior of ECDSA validation to reject any signature which is not encoded in a very rigid manner. This was a result of OpenSSL's change for CVE-2014-8275 Certificate