[STATUS] OpenSSL (Sun 19-Nov-2000)

[OpenSSL Project]

  OpenSSL STATUS   Last modified at
  __   $Date: 2000/11/19 14:11:03 $

  DEVELOPMENT STATE

o  OpenSSL 0.9.7:  Under development...
o  OpenSSL 0.9.6:  Released on September 24th, 2000
o  OpenSSL 0.9.5a: Released on April  1st, 2000
o  OpenSSL 0.9.5:  Released on February  28th, 2000
o  OpenSSL 0.9.4:  Released on August09th, 1999
o  OpenSSL 0.9.3a: Released on May   29th, 1999
o  OpenSSL 0.9.3:  Released on May   25th, 1999
o  OpenSSL 0.9.2b: Released on March 22th, 1999
o  OpenSSL 0.9.1c: Released on December  23th, 1998

  RELEASE SHOWSTOPPERS

  AVAILABLE PATCHES

o CA.pl patch (Damien Miller)

  IN PROGRESS

o Steve is currently working on (in no particular order):
ASN1 code redesign, butchery, replacement.
EVP cipher enhancement.
 /* Proper (or at least usable) certificate chain verification. */
Private key, certificate and CRL API and implementation.
Developing and bugfixing PKCS#7 (S/MIME code).
Various X509 issues: character sets, certificate request extensions.
o Geoff and Richard are currently working on:
ENGINE (the new code that gives hardware support among others).
o Richard is currently working on:
UTIL (a new set of library functions to support some higher level
  functionality that is currently missing).
Shared library support for VMS.
OCSP
Kerberos 5 authentication
Constification

  NEEDS PATCH

o  non-blocking socket on AIX
o  $(PERL) in */Makefile.ssl
o  "Sign the certificate?" - "n" creates empty certificate file

  OPEN ISSUES

o  The Makefile hierarchy and build mechanism is still not a round thing:

   1. The config vs. Configure scripts
  It's the same nasty situation as for Apache with APACI vs.
  src/Configure. It confuses.
  Suggestion: Merge Configure and config into a single configure
  script with a Autoconf style interface ;-) and remove
  Configure and config. Or even let us use GNU Autoconf
  itself. Then we can avoid a lot of those platform checks
  which are currently in Configure.

o  Support for Shared Libraries has to be added at least
   for the major Unix platforms. The details we can rip from the stuff
   Ralf has done for the Apache src/Configure script. Ben wants the
   solution to be really simple.

   Status: Ralf will look how we can easily incorporate the
   compiler PIC and linker DSO flags from Apache
   into the OpenSSL Configure script.

   Ulf: +1 for using GNU autoconf and libtool (but not automake,
which apparently is not flexible enough to generate
libcrypto)


o  The perl/ stuff needs a major overhaul. Currently it's
   totally obsolete. Either we clean it up and enhance it to be up-to-date
   with the C code or we also could replace it with the really nice
   Net::SSLeay package we can find under
   http://www.neuronio.pt/SSLeay.pm.html.  Ralf uses this package for a
   longer time and it works fine and is a nice Perl module. Best would be
   to convince the author to work for the OpenSSL project and create a
   Net::OpenSSL or Crypt::OpenSSL package out of it and maintains it for
   us.

   Status: Ralf thinks we should both contact the author of Net::SSLeay
   and look how much effort it is to bring Eric's perl/ stuff up
   to date.
   Paul +1

  WISHES

o 
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

S/MIME in openssl

[Maxim Masiutin]

Hello openssl-dev!

  I wrote on Fri, 10 Nov 2000 to Mark J . Cox [EMAIL PROTECTED] and
  [EMAIL PROTECTED] but didn't get a reply unfortunately.

  My question is: who is currently in charge of S/MIME implementation
  in openssl?

  I'm the author of The Bat! e-mail client that supports S/MIME. I've
  just added IDEA-CBC support to our e-mail client as per
  draft-ietf-smime-idea, thanks to Francois Zeller for his aid. The
  Bat! with IDEA support can be obtained at
  http://www.ritlabs.com/the_bat/beta.html (1.48 Beta/7).

  I would also like to implement such neat additions as
  draft-ietf-smime-compression, it would be great if we had two
  implementations from different codebases to test their compatibility
  with each other. AES and appropriate hash functions would also be
  great.

  Thank you in advance!
  

-- 
Maxim Masiutin,
Software Engineer
RIT Research Labs  http://www.ritlabs.com/


__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: S/MIME in openssl

[Dr S N Henson]

Maxim Masiutin wrote:
 
 Hello openssl-dev!
 
 
   My question is: who is currently in charge of S/MIME implementation
   in openssl?
 

Me probably.

 
   I would also like to implement such neat additions as
   draft-ietf-smime-compression, it would be great if we had two
   implementations from different codebases to test their compatibility
   with each other. AES and appropriate hash functions would also be
   great.
 

Yes I wouldn't mind conducting such tests at some point in the future.
Unfortunately OpenSSLs ASN1 code is being completely rewritten at
present (also by me) so until the stuff is finished and fairly stable
that wont be really possible.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: S/MIME in openssl

[Ben Laurie]

Maxim Masiutin wrote:
   I would also like to implement such neat additions as
   draft-ietf-smime-compression, it would be great if we had two
   implementations from different codebases to test their compatibility
   with each other. AES and appropriate hash functions would also be
   great.

AES is on its way in to OpenSSL. The hash functions come next.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

DOS (DJGPP) port [PATCH]

[Doug Kaufman]

I have just finished porting the 0.9.6 version of openssl to DOS via
the DJGPP compiling environment. I know that Gisle Vanem had commented
on the ability to compile openssl under DJGPP in February and April
of this year, but I didn't see a patch to make this go smoothly. The
main obstacle to the port was the assumption in several places that
symbolic links are available in the operating system, an assumption
not true in DOS. This problem starts with the tar.gz archive. The DJTAR
program tries to convert symbolic links into hard links (by copying the
file), but only 0 byte files are created, because the symbolic links are
unpacked before the file itself.

With this patch openssl compiles without problem. The only warnings
are of unused parameters, missing initializers, and comparisons
between signed and unsigned. Make test has no errors. Make install
seems to work properly also. The DJGPP port of the lynx browser
compiled with the openssl library works well, connecting to secure
sites.

Please note that I am not a programmer and have never worked with
perl before. Nonetheless, I have checked the patch and it seems to
work properly. The changes in regard to handling of symbolic links
shouldn't break other platforms. Compiling instructions are in the
file install.djgpp, included in the patch file. Any suggestions for
improving this would be appreciated.
   Doug

--- openssl-0.9.6/Configure Sun Sep 24 07:27:36 2000
+++ openssl-0.9.6/Configure.new Sat Nov 18 14:13:08 2000
@@ -390,6 +390,9 @@
 # CygWin32
 "CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 
-WallBN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::win32",
 
+# DJGPP
+"DJGPP", "gcc:-I/dev/env/DJDIR/watt/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 
+-Wall -W:::-L/dev/env/DJDIR/watt/lib -lwatt:BN_LLONG ${x86_gcc_des} 
+${x86_gcc_opts}::",
+
 # Ultrix from Bernhard Simon [EMAIL PROTECTED]
 "ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::",
 "ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown)::",
--- openssl-0.9.6/crypto/bio/bss_file.c Mon Sep 11 04:42:16 2000
+++ openssl-0.9.6/crypto/bio/bss_file.c.new Sat Oct 28 14:11:40 2000
@@ -205,11 +205,19 @@
b-ptr=(char *)ptr;
b-init=1;
 #if defined(MSDOS) || defined(WINDOWS)
+#ifdef __DJGPP__
+   /* Set correct text/binary mode */
+   if (num  BIO_FP_TEXT)
+   setmode(fileno((FILE *)ptr),O_TEXT);
+   else
+   setmode(fileno((FILE *)ptr),O_BINARY);
+#else
/* Set correct text/binary mode */
if (num  BIO_FP_TEXT)
_setmode(fileno((FILE *)ptr),_O_TEXT);
else
_setmode(fileno((FILE *)ptr),_O_BINARY);
+#endif /* __DJGPP__ */
 #endif
break;
case BIO_C_SET_FILENAME:
--- openssl-0.9.6/tools/c_rehash.in Mon Sep 11 04:43:06 2000
+++ openssl-0.9.6/tools/c_rehash.in.new Sat Nov 18 00:49:56 2000
@@ -117,7 +117,13 @@
}
$hash .= ".$suffix";
print "$fname = $hash\n";
+   $symlink_exists=eval {symlink("",""); 1};
+   if ($symlink_exists eq '1') {
symlink $fname, $hash;
+   } else {
+   @args= ("cp", "$fname", "$hash");
+   system {$args[0]} @args;
+   }
$hashlist{$hash} = $fprint;
 }
 
@@ -142,7 +148,13 @@
}
$hash .= ".r$suffix";
print "$fname = $hash\n";
+   $symlink_exists=eval {symlink("",""); 1};
+   if ($symlink_exists eq '1') {
symlink $fname, $hash;
+   } else {
+   @args= ("cp", "$fname", "$hash");
+   system {$args[0]} @args;
+   }
$hashlist{$hash} = $fprint;
 }
 
--- openssl-0.9.6/e_os.hThu Sep 21 01:23:14 2000
+++ openssl-0.9.6/e_os.h.newSun Nov 19 09:40:58 2000
@@ -172,6 +172,11 @@
 
 #if (defined(WINDOWS) || defined(MSDOS))  !defined(__CYGWIN32__)
 
+#  ifdef __DJGPP__
+#  include unistd.h
+#  include sys/stat.h
+#  endif /* __DJGPP__ */
+
 #  ifndef S_IFDIR
 #define S_IFDIR_S_IFDIR
 #  endif
@@ -317,7 +322,7 @@
 /*/
 
 #ifdef USE_SOCKETS
-#  if defined(WINDOWS) || defined(MSDOS)
+#  if (defined(WINDOWS) || defined(MSDOS))  !defined(__DJGPP__)
   /* windows world */
 
 #ifdef NO_SOCK
@@ -400,7 +405,9 @@
 #define SSLeay_Write(a,b,c)write((a),(b),(c))
 #define SHUTDOWN(fd){ shutdown((fd),0); closesocket((fd)); }
 #define SHUTDOWN2(fd)   { shutdown((fd),2); closesocket((fd)); }
+#ifndef INVALID_SOCKET
 #define INVALID_SOCKET (-1)
+#endif /* INVALID_SOCKET */
 #  endif
 #endif
 
--- openssl-0.9.6/util/mklink.plMon Sep 11 04:43:08 2000
+++ openssl-0.9.6/util/mklink.pl.newSat Nov 18 18:12:38 2000
@@ -48,8 +48,18 @@
 my $to = 

Increase your portfolio size !

[portfolio_builder]

THE DOUBLER  -  
NEW BUY OPINION: European American Resources, Inc. 
Symbol: EPAR (OTCBB)
Recent Price - $.375 52 Week Range - $.21875 - $1.6875 
Estimated Float - 5.9 Million Shares Outstanding -
16.2 Million Shares 

Gold mining stocks have been a neglected group during
this great Bull Market.  Many financial advisors
suggest putting a small percentage of a portfolio
(3-10%) into precious metals as a hedge against
inflation.  With oil prices hitting multi-year highs,
we are advising purchase of European American
Resources (EPAR), currently trading near the low for
the year.

EPAR'S largest property in Nevada is located
right between two successful gold mines operated by
Homestake Mining (HM-NYSE-5 5/8), one of the top gold
companies in North America.  EPAR recently agreed to a
joint venture with HM, where Homestake is financing
100% of the drilling costs.  If the digging is
promising, European American could be a takeover
candidate at a high multiple to the current price.  In
fact, HM has acquired three of the last five companies
that they entered into similar joint ventures with. 
Also, Nevada is known as one of the lowest-cost areas
to mine gold, and EPAR'S Prospect Mountain property is
right next door to HM'S Ruby Hill, which runs at a
rock bottom cost of $64 per ounce to mine gold.

Our philosophy is to buy stocks with the potential of
doubling over a short-term period.  After they reach
the doubling point, we advise selling half of your
position, so the remaining shares are in your
portfolio on a "FREE" basis.  We recommend buying EPAR
at any price up to $1.50 per share.

DISCLAIMER: 
The Doubler has received a fee of 5000 shares of
European American Resources, Inc. 
common stock for the writing and distribution of this
report. The Doubler and/or 
its affiliates currently own shares of EPAR, and may
buy or sell shares at any 
time after the dissemination of this report. Because
the publisher owns this stock, there may be a conflict
of interest in The Doubler's statements and opinions. The 
Doubler is not a registered investment advisor,
broker or dealer. Purchase of this 
stock may be considered speculative, and may result in
the loss of some or all of any investment made. 


If you would like to be included in our mailing list to receive information regarding 
possible stock possibilites, e-mail us at [EMAIL PROTECTED] or print out this 
letter, fill in the blanks and fax us at (727) 942-0341.


Name_

E-mail Address 

Telephone Number: ( )___ - _

If you would like to be removed from our mailing list, please e-mail us at 
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]