[STATUS] OpenSSL (Sun 19-Nov-2000)
OpenSSL STATUS Last modified at __ $Date: 2000/11/19 14:11:03 $ DEVELOPMENT STATE o OpenSSL 0.9.7: Under development... o OpenSSL 0.9.6: Released on September 24th, 2000 o OpenSSL 0.9.5a: Released on April 1st, 2000 o OpenSSL 0.9.5: Released on February 28th, 2000 o OpenSSL 0.9.4: Released on August09th, 1999 o OpenSSL 0.9.3a: Released on May 29th, 1999 o OpenSSL 0.9.3: Released on May 25th, 1999 o OpenSSL 0.9.2b: Released on March 22th, 1999 o OpenSSL 0.9.1c: Released on December 23th, 1998 RELEASE SHOWSTOPPERS AVAILABLE PATCHES o CA.pl patch (Damien Miller) IN PROGRESS o Steve is currently working on (in no particular order): ASN1 code redesign, butchery, replacement. EVP cipher enhancement. /* Proper (or at least usable) certificate chain verification. */ Private key, certificate and CRL API and implementation. Developing and bugfixing PKCS#7 (S/MIME code). Various X509 issues: character sets, certificate request extensions. o Geoff and Richard are currently working on: ENGINE (the new code that gives hardware support among others). o Richard is currently working on: UTIL (a new set of library functions to support some higher level functionality that is currently missing). Shared library support for VMS. OCSP Kerberos 5 authentication Constification NEEDS PATCH o non-blocking socket on AIX o $(PERL) in */Makefile.ssl o "Sign the certificate?" - "n" creates empty certificate file OPEN ISSUES o The Makefile hierarchy and build mechanism is still not a round thing: 1. The config vs. Configure scripts It's the same nasty situation as for Apache with APACI vs. src/Configure. It confuses. Suggestion: Merge Configure and config into a single configure script with a Autoconf style interface ;-) and remove Configure and config. Or even let us use GNU Autoconf itself. Then we can avoid a lot of those platform checks which are currently in Configure. o Support for Shared Libraries has to be added at least for the major Unix platforms. The details we can rip from the stuff Ralf has done for the Apache src/Configure script. Ben wants the solution to be really simple. Status: Ralf will look how we can easily incorporate the compiler PIC and linker DSO flags from Apache into the OpenSSL Configure script. Ulf: +1 for using GNU autoconf and libtool (but not automake, which apparently is not flexible enough to generate libcrypto) o The perl/ stuff needs a major overhaul. Currently it's totally obsolete. Either we clean it up and enhance it to be up-to-date with the C code or we also could replace it with the really nice Net::SSLeay package we can find under http://www.neuronio.pt/SSLeay.pm.html. Ralf uses this package for a longer time and it works fine and is a nice Perl module. Best would be to convince the author to work for the OpenSSL project and create a Net::OpenSSL or Crypt::OpenSSL package out of it and maintains it for us. Status: Ralf thinks we should both contact the author of Net::SSLeay and look how much effort it is to bring Eric's perl/ stuff up to date. Paul +1 WISHES o __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
S/MIME in openssl
Hello openssl-dev! I wrote on Fri, 10 Nov 2000 to Mark J . Cox [EMAIL PROTECTED] and [EMAIL PROTECTED] but didn't get a reply unfortunately. My question is: who is currently in charge of S/MIME implementation in openssl? I'm the author of The Bat! e-mail client that supports S/MIME. I've just added IDEA-CBC support to our e-mail client as per draft-ietf-smime-idea, thanks to Francois Zeller for his aid. The Bat! with IDEA support can be obtained at http://www.ritlabs.com/the_bat/beta.html (1.48 Beta/7). I would also like to implement such neat additions as draft-ietf-smime-compression, it would be great if we had two implementations from different codebases to test their compatibility with each other. AES and appropriate hash functions would also be great. Thank you in advance! -- Maxim Masiutin, Software Engineer RIT Research Labs http://www.ritlabs.com/ __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: S/MIME in openssl
Maxim Masiutin wrote: Hello openssl-dev! My question is: who is currently in charge of S/MIME implementation in openssl? Me probably. I would also like to implement such neat additions as draft-ietf-smime-compression, it would be great if we had two implementations from different codebases to test their compatibility with each other. AES and appropriate hash functions would also be great. Yes I wouldn't mind conducting such tests at some point in the future. Unfortunately OpenSSLs ASN1 code is being completely rewritten at present (also by me) so until the stuff is finished and fairly stable that wont be really possible. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: S/MIME in openssl
Maxim Masiutin wrote: I would also like to implement such neat additions as draft-ietf-smime-compression, it would be great if we had two implementations from different codebases to test their compatibility with each other. AES and appropriate hash functions would also be great. AES is on its way in to OpenSSL. The hash functions come next. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
DOS (DJGPP) port [PATCH]
I have just finished porting the 0.9.6 version of openssl to DOS via the DJGPP compiling environment. I know that Gisle Vanem had commented on the ability to compile openssl under DJGPP in February and April of this year, but I didn't see a patch to make this go smoothly. The main obstacle to the port was the assumption in several places that symbolic links are available in the operating system, an assumption not true in DOS. This problem starts with the tar.gz archive. The DJTAR program tries to convert symbolic links into hard links (by copying the file), but only 0 byte files are created, because the symbolic links are unpacked before the file itself. With this patch openssl compiles without problem. The only warnings are of unused parameters, missing initializers, and comparisons between signed and unsigned. Make test has no errors. Make install seems to work properly also. The DJGPP port of the lynx browser compiled with the openssl library works well, connecting to secure sites. Please note that I am not a programmer and have never worked with perl before. Nonetheless, I have checked the patch and it seems to work properly. The changes in regard to handling of symbolic links shouldn't break other platforms. Compiling instructions are in the file install.djgpp, included in the patch file. Any suggestions for improving this would be appreciated. Doug --- openssl-0.9.6/Configure Sun Sep 24 07:27:36 2000 +++ openssl-0.9.6/Configure.new Sat Nov 18 14:13:08 2000 @@ -390,6 +390,9 @@ # CygWin32 "CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -WallBN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::win32", +# DJGPP +"DJGPP", "gcc:-I/dev/env/DJDIR/watt/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 +-Wall -W:::-L/dev/env/DJDIR/watt/lib -lwatt:BN_LLONG ${x86_gcc_des} +${x86_gcc_opts}::", + # Ultrix from Bernhard Simon [EMAIL PROTECTED] "ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::", "ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown)::", --- openssl-0.9.6/crypto/bio/bss_file.c Mon Sep 11 04:42:16 2000 +++ openssl-0.9.6/crypto/bio/bss_file.c.new Sat Oct 28 14:11:40 2000 @@ -205,11 +205,19 @@ b-ptr=(char *)ptr; b-init=1; #if defined(MSDOS) || defined(WINDOWS) +#ifdef __DJGPP__ + /* Set correct text/binary mode */ + if (num BIO_FP_TEXT) + setmode(fileno((FILE *)ptr),O_TEXT); + else + setmode(fileno((FILE *)ptr),O_BINARY); +#else /* Set correct text/binary mode */ if (num BIO_FP_TEXT) _setmode(fileno((FILE *)ptr),_O_TEXT); else _setmode(fileno((FILE *)ptr),_O_BINARY); +#endif /* __DJGPP__ */ #endif break; case BIO_C_SET_FILENAME: --- openssl-0.9.6/tools/c_rehash.in Mon Sep 11 04:43:06 2000 +++ openssl-0.9.6/tools/c_rehash.in.new Sat Nov 18 00:49:56 2000 @@ -117,7 +117,13 @@ } $hash .= ".$suffix"; print "$fname = $hash\n"; + $symlink_exists=eval {symlink("",""); 1}; + if ($symlink_exists eq '1') { symlink $fname, $hash; + } else { + @args= ("cp", "$fname", "$hash"); + system {$args[0]} @args; + } $hashlist{$hash} = $fprint; } @@ -142,7 +148,13 @@ } $hash .= ".r$suffix"; print "$fname = $hash\n"; + $symlink_exists=eval {symlink("",""); 1}; + if ($symlink_exists eq '1') { symlink $fname, $hash; + } else { + @args= ("cp", "$fname", "$hash"); + system {$args[0]} @args; + } $hashlist{$hash} = $fprint; } --- openssl-0.9.6/e_os.hThu Sep 21 01:23:14 2000 +++ openssl-0.9.6/e_os.h.newSun Nov 19 09:40:58 2000 @@ -172,6 +172,11 @@ #if (defined(WINDOWS) || defined(MSDOS)) !defined(__CYGWIN32__) +# ifdef __DJGPP__ +# include unistd.h +# include sys/stat.h +# endif /* __DJGPP__ */ + # ifndef S_IFDIR #define S_IFDIR_S_IFDIR # endif @@ -317,7 +322,7 @@ /*/ #ifdef USE_SOCKETS -# if defined(WINDOWS) || defined(MSDOS) +# if (defined(WINDOWS) || defined(MSDOS)) !defined(__DJGPP__) /* windows world */ #ifdef NO_SOCK @@ -400,7 +405,9 @@ #define SSLeay_Write(a,b,c)write((a),(b),(c)) #define SHUTDOWN(fd){ shutdown((fd),0); closesocket((fd)); } #define SHUTDOWN2(fd) { shutdown((fd),2); closesocket((fd)); } +#ifndef INVALID_SOCKET #define INVALID_SOCKET (-1) +#endif /* INVALID_SOCKET */ # endif #endif --- openssl-0.9.6/util/mklink.plMon Sep 11 04:43:08 2000 +++ openssl-0.9.6/util/mklink.pl.newSat Nov 18 18:12:38 2000 @@ -48,8 +48,18 @@ my $to =
Increase your portfolio size !
THE DOUBLER - NEW BUY OPINION: European American Resources, Inc. Symbol: EPAR (OTCBB) Recent Price - $.375 52 Week Range - $.21875 - $1.6875 Estimated Float - 5.9 Million Shares Outstanding - 16.2 Million Shares Gold mining stocks have been a neglected group during this great Bull Market. Many financial advisors suggest putting a small percentage of a portfolio (3-10%) into precious metals as a hedge against inflation. With oil prices hitting multi-year highs, we are advising purchase of European American Resources (EPAR), currently trading near the low for the year. EPAR'S largest property in Nevada is located right between two successful gold mines operated by Homestake Mining (HM-NYSE-5 5/8), one of the top gold companies in North America. EPAR recently agreed to a joint venture with HM, where Homestake is financing 100% of the drilling costs. If the digging is promising, European American could be a takeover candidate at a high multiple to the current price. In fact, HM has acquired three of the last five companies that they entered into similar joint ventures with. Also, Nevada is known as one of the lowest-cost areas to mine gold, and EPAR'S Prospect Mountain property is right next door to HM'S Ruby Hill, which runs at a rock bottom cost of $64 per ounce to mine gold. Our philosophy is to buy stocks with the potential of doubling over a short-term period. After they reach the doubling point, we advise selling half of your position, so the remaining shares are in your portfolio on a "FREE" basis. We recommend buying EPAR at any price up to $1.50 per share. DISCLAIMER: The Doubler has received a fee of 5000 shares of European American Resources, Inc. common stock for the writing and distribution of this report. The Doubler and/or its affiliates currently own shares of EPAR, and may buy or sell shares at any time after the dissemination of this report. Because the publisher owns this stock, there may be a conflict of interest in The Doubler's statements and opinions. The Doubler is not a registered investment advisor, broker or dealer. Purchase of this stock may be considered speculative, and may result in the loss of some or all of any investment made. If you would like to be included in our mailing list to receive information regarding possible stock possibilites, e-mail us at [EMAIL PROTECTED] or print out this letter, fill in the blanks and fax us at (727) 942-0341. Name_ E-mail Address Telephone Number: ( )___ - _ If you would like to be removed from our mailing list, please e-mail us at [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]