Re: openssl 3.2.0

2023-11-29 Thread Theo Buehler
On Wed, Nov 29, 2023 at 05:37:18AM +, Claus Assmann wrote:
> Please note that there is a double-free bug in 3.2.0
> related to DANE - maybe wait until this is fixed?
> See the openssl-users mailing list or
> https://github.com/openssl/openssl/pull/22821
> 

Ah great, thanks. I'll pull in the one line fix unless they release a
new version before I can import.



Re: openssl 3.2.0

2023-11-28 Thread Claus Assmann
Please note that there is a double-free bug in 3.2.0
related to DANE - maybe wait until this is fixed?
See the openssl-users mailing list or
https://github.com/openssl/openssl/pull/22821



Re: openssl 3.2.0

2023-11-28 Thread Theo Buehler
On Thu, Nov 23, 2023 at 08:03:13PM +0100, Theo Buehler wrote:
> The latest iteration of our favorite library clocks in with += 170 kLoC.
> This time with multistream client-side QUIC and many other features:
> 
> https://www.openssl.org/news/openssl-3.2-notes.html
> 
> This port is a copy of the 3.1 directory with Makefile tweaked and
> patches rebased. The %n thing in rehash was fixed upstream, so that
> patch could be removed.
> 
> I left the EPOCH present since otherwise it would be considered older
> than 1.1.1vv0 and 3.1.4v0 by pkg_add, which is confusing. Also, I will
> have to bump EPOCH anyway once I merge the 3.1 path into it (which will
> happen at some point).
> 
> Please pay attention to the PLIST. I wonder if it wouldn't be worth it
> to use a variable to avoid all the eopenssl31 -> openssl32 churn in
> PLIST and Makefile.
> 
> If you care about PORTROACH please fix the entry in the 3.1/Makefile.
> 
> Thus, I disabled the aarch64 assembly for SM4. Regress passes on amd64
> and arm64. 

I discussed this with kettenis and it turns out that SM4 assembly
depends on us advertising hardware support for this cipher. We do not
do so and it's not clear if we even support CPUs with such support. So
removed the workarounds for SM4 and left the assembly untouched.

> riscv64 might need some xonly love.

jca tested on riscv64 and things look good.

> Tests & oks welcome.

This still stands :)


3.2.tgz
Description: application/tar-gz