On 11 February 2013 13:19, David Woodhouse dw...@infradead.org wrote:
On Mon, 2013-02-11 at 20:59 +, David Woodhouse wrote:
From 32cc2479b473c49ce869e57fded7e9a77b695c0d Mon Sep 17 00:00:00 2001
From: Dr. Stephen Henson st...@openssl.org
Date: Thu, 7 Feb 2013 21:06:37 +
Subject:
Hi,
Mac OS X 10.8.2, Xcode 4.6, clang
leom:openssl-1.0.1e.test leo$ uname -a
Darwin leom-3.local 12.2.0 Darwin Kernel Version 12.2.0: Sat Aug 25 00:48:52
PDT 2012; root:xnu-2050.18.24~1/RELEASE_X86_64 x86_64
leom:openssl-1.0.1e.test leo$ xcodebuild -version
Xcode 4.6
Build version 4H127
http://www.openssl.org/news/secadv_20130205.txt says in the latest section:
Affected users should upgrade to OpenSSL 1.0.1d, 1.0.0k or 0.9.8y
It should say
Affected users should upgrade to OpenSSL 1.0.1e, 1.0.0k or 0.9.8y
Otherwise the Advisory does not make sense.
Regards,
Ernst.
--
Ernst
Hi,
I'm analyzing different versions of OpenSSL for type errors. To do so,
I analyze different configuration options of OpenSSL provided by the
configure scripts and #ifdefs in the source code. I may found some
configurations in which type errors occur, but I'm not sure whether
this configurations
P.S.
64-bit test elliptic curves fail for openssl-SNAP-20130212.test-x86_64 with
no-asm flag.
$ ./Configure darwin64-x86_64-cc no-asm
$ make depend
$ make
$ make test
...
test elliptic curves
../util/shlib_wrap.sh ./ectest
Curve defined by Weierstrass equation
y^2 = x^3 + a*x + b (mod
/ectest OK: gcc-apple-4.2 gcc-mp-4.7 gcc-mp-4.8
[gcc-mp-4.8 (MacPorts gcc48 4.8-20130203_0+universal) 4.8.0 20130203
(experimental)] clang-mp-2.9 clang-mp-3.3 [clang version 3.3 (trunk 173279)]
After patch:
$ diff -u ../openssl-SNAP-20130212/crypto/bn/bn_nist.c crypto/bn/bn_nist.c
--- ../openssl
Since commit a693ead6 in HEAD, 820988a0 in 1.0.2, 014265eb in 1.0.1 and
f852b6079 in 1.0.0, DTLS_BAD_VER (needed for Cisco AnyConnect
compatibility) has been broken.
The check 's-version = TLS1_1_VERSION || s-version == DTLS1_VERSION'
is redundant anyway since DTLS1_VERSION (0xfeff) is greater
On Tue Feb 12 15:20:48 2013, dw...@infradead.org wrote:
Since commit a693ead6 in HEAD, 820988a0 in 1.0.2, 014265eb in 1.0.1 and
f852b6079 in 1.0.0, DTLS_BAD_VER (needed for Cisco AnyConnect
compatibility) has been broken.
Applied now. Thanks for the report.
Steve.
--
Dr Stephen N. Henson.
Hi,
I accidentally entered a section header with double open square brackets in
openssl.cfg and the ca program hangs on start up with 100% CPU (e.g. type [[
ca ]).
The culprit seems to be line 322 of crypto/conf/conf_def.c:
again:
end=eat_alpha_numeric(conf, ss);
What do you think about adding a counter (or two) to the SSL structure, to
count every time an alert is sent, and/or every time a crypto operation fails?
Wouldn't this help make it easier to detect (and then prevent)
multi-message-timing attacks?
--
Principal Security Engineer
Akamai
Hi
I am installing openssl-1.0.1e on a pair of AIX systems and am having
two problems.
one system is running AIX 5.2 in 32 bit mode, a model 44P model 170 It
has 16GB of memory.
the second system is a AIX 7.1 model P7 in 64 bit mode with a lot of memory
when running the config I have been
11 matches
Mail list logo