Re: openssl-0.9.7-beta1 Win32 build error

2002-06-07 Thread Lutz Jaenicke 

On Fri, Jun 07, 2002 at 11:02:19AM +0530, Bhavin Shah wrote:
 I was trying to build the OpenSSL 0.9.7 beta1 source.
 
 Finally, changed evp_test.c. On line 361 of crypto\evp\evp_test.c changed
 the function call from strsep() to sstrsep() which is an existing function.
 The code compiled this time. Also, ran ms\test.bat and it passed all the
 tests.
 Is this the right fix though ?

Yes,
Lutz
-- 
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Bug in RSA_check_key

2002-06-07 Thread Giudicelli Frédéric 

If the key is loaded via an ENGINE, openssl crashes
because of a segfault (function BN_num_bits
crypto/bn/bn_lib.c:252).

Explanation: When loading a key from an engine the p q
and d members of the RSA struct are never set.

However RSA_check_key never checked to make sure those
members a present before calling the functions to test
it.

Call stack:

BN_num_bits
BN_is_prime_fasttest
BN_is_prime
RSA_check_key


___
Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
Yahoo! Mail : http://fr.mail.yahoo.com
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #86] Bug in RSA_check_key

2002-06-07 Thread Giudicelli Frédéric via RT 


If the key is loaded via an ENGINE, openssl crashes
because of a segfault (function BN_num_bits
crypto/bn/bn_lib.c:252).

Explanation: When loading a key from an engine the p q
and d members of the RSA struct are never set.

However RSA_check_key never checked to make sure those
members a present before calling the functions to test
it.

Call stack:

BN_num_bits
BN_is_prime_fasttest
BN_is_prime
RSA_check_key


___
Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
Yahoo! Mail : http://fr.mail.yahoo.com
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #87] openssl 0.9.6b to 0.9.6d with IE5.5 and IE6 and 3DES-CBC-SHA hangs

2002-06-07 Thread \\ E.I.Sarmas \ via RT\ 



Hello,

I want to report that with IE5.5 and IE6 (but not Netscape)

when using as web server: apache 1.3.14 + modssl 2.7.1 + openssl 0.9.6b

and restrict the Ciphersuite to DES3-CBC-SHA all is working fine

but with web server: apache 1.3.24 + modssl  2.8.8 + openssl 0.9.6d

and again restrict the Ciphersuite to DES3-CBC-SHA
then Explorer hangs forever when loading any page
(apache logs indicate a single successful connection and that's all)

clearly this has to do a lot with the openssl change from 0.9.6b to 0.9.6d

[

I am not versed in the modssl/openssl technology but I suspect it
must be something related to the following CHANGE notice

  *) Implement a countermeasure against a vulnerability recently found
 in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment
 before application data chunks to avoid the use of known IVs
 with data potentially chosen by the attacker.
 [Bodo Moeller]

]

even though Netscape still works, this should be considered a bug since
IE is now broken when in the past it worked fine

Can someone comment on this behavior and PLEASE recommend
a workaround (enabling us to keep the same Ciphersuite)?

Thanks in advance,

E.I.Sarmas
email: [EMAIL PROTECTED]


__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #88] Encrypted alert 25.

2002-06-07 Thread Fabrice Mougin via RT 


 Hello, 

 My user agent is using  the openssl library.   I noticed some trouble
 in  asecure  connection   when   it  connects   to   the   domain
 www.sharenet-workspace.com.

 At the end of the connection, there is a weird packet ; After a 3 sec
 silence,  the server  answer  with aEncrypted  Alert packet.  The
 connection close just after.

 The user agent uses the openssl-0.9.6d library.  The concerned URL is
 https://www.sharenet-workspace.com/witbe.asp.   I am  using  the  v32
 connection  method  (meth=SSLv23_client_method()).   The  socket I am
 using is non blocking.

 The tcpdump dump file is linked to the e-mail.

 If the problem is known, could you tell  me if the problem comes from
 me, the server or the library ?

 Thanks in advance,

 Best regards,

 Fabrice.

-- 
  Fabrice Mougin - Witbe.net The Net screener 
 Work  email:  [EMAIL PROTECTED] 
   Phone: +331 42 91 5000
 When  there is  no  
  solution,   there  
is no pbs ...

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

missing prototypes for functions

2002-06-07 Thread Gtz Babin-Ebell 

Hello folks,

Building openssl (openssl-0.9.7-stable-SNAP-20020528) with debug
for linux, I get some warnings (that turned into errors)
about some missing prototypes.

Bye

Goetz

-- 
Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0,  Fax: +49-(0)40 80 80 26 -126


Index: apps/apps.c
===
RCS file: /usr/cvsroot/openssl/apps/apps.c,v
retrieving revision 1.5
diff -c -r1.5 apps.c
*** apps/apps.c 2002/05/29 15:59:54 1.5
--- apps/apps.c 2002/06/07 14:49:37
***
*** 1256,1262 
  }
  
  /* Try to load an engine in a shareable library */
! ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
{
ENGINE *e = ENGINE_by_id(dynamic);
if (e)
--- 1256,1262 
  }
  
  /* Try to load an engine in a shareable library */
! static ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
{
ENGINE *e = ENGINE_by_id(dynamic);
if (e)
Index: apps/apps.h
===
RCS file: /usr/cvsroot/openssl/apps/apps.h,v
retrieving revision 1.5
diff -c -r1.5 apps.h
*** apps/apps.h 2002/05/29 15:59:54 1.5
--- apps/apps.h 2002/06/07 14:49:37
***
*** 135,141 
 * destroyed! */
  
  #ifdef OPENSSL_NO_STDIO
! BIO_METHOD *BIO_s_file();
  #endif
  
  #ifdef OPENSSL_SYS_WIN32
--- 135,141 
 * destroyed! */
  
  #ifdef OPENSSL_NO_STDIO
! BIO_METHOD *BIO_s_file(void);
  #endif
  
  #ifdef OPENSSL_SYS_WIN32
***
*** 217,224 
  int password_callback(char *buf, int bufsiz, int verify,
PW_CB_DATA *cb_data);
  
! int setup_ui_method();
! void destroy_ui_method();
  
  int should_retry(int i);
  int args_from_file(char *file, int *argc, char **argv[]);
--- 217,224 
  int password_callback(char *buf, int bufsiz, int verify,
PW_CB_DATA *cb_data);
  
! int setup_ui_method(void);
! void destroy_ui_method(void);
  
  int should_retry(int i);
  int args_from_file(char *file, int *argc, char **argv[]);
Index: apps/enc.c
===
RCS file: /usr/cvsroot/openssl/apps/enc.c,v
retrieving revision 1.5
diff -c -r1.5 enc.c
*** apps/enc.c  2002/05/29 15:59:54 1.5
--- apps/enc.c  2002/06/07 14:49:37
***
*** 78,84 
  #define BSIZE (8*1024)
  #define   PROGenc_main
  
! void show_ciphers(const OBJ_NAME *name,void *bio_)
{
BIO *bio=bio_;
static int n;
--- 78,84 
  #define BSIZE (8*1024)
  #define   PROGenc_main
  
! static void show_ciphers(const OBJ_NAME *name,void *bio_)
{
BIO *bio=bio_;
static int n;
Index: crypto/asn1/a_strex.c
===
RCS file: /usr/cvsroot/openssl/crypto/asn1/a_strex.c,v
retrieving revision 1.2
diff -c -r1.2 a_strex.c
*** crypto/asn1/a_strex.c   2002/05/29 15:59:55 1.2
--- crypto/asn1/a_strex.c   2002/06/07 14:49:37
***
*** 77,84 
  /* Three IO functions for sending data to memory, a BIO and
   * and a FILE pointer.
   */
! 
! int send_mem_chars(void *arg, const void *buf, int len)
  {
unsigned char **out = arg;
if(!out) return 1;
--- 77,84 
  /* Three IO functions for sending data to memory, a BIO and
   * and a FILE pointer.
   */
! #if 0 /* never used */
! static int send_mem_chars(void *arg, const void *buf, int len)
  {
unsigned char **out = arg;
if(!out) return 1;
***
*** 86,100 
*out += len;
return 1;
  }
  
! int send_bio_chars(void *arg, const void *buf, int len)
  {
if(!arg) return 1;
if(BIO_write(arg, buf, len) != len) return 0;
return 1;
  }
  
! int send_fp_chars(void *arg, const void *buf, int len)
  {
if(!arg) return 1;
if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0;
--- 86,101 
*out += len;
return 1;
  }
+ #endif
  
! static int send_bio_chars(void *arg, const void *buf, int len)
  {
if(!arg) return 1;
if(BIO_write(arg, buf, len) != len) return 0;
return 1;
  }
  
! static int send_fp_chars(void *arg, const void *buf, int len)
  {
if(!arg) return 1;
if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0;
***
*** 240,246 
   * #01234 format.
   */
  
! int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str)
  {
/* Placing the ASN1_STRING in a temp ASN1_TYPE allows
 * the DER encoding to readily obtained
--- 241,247 
   * #01234 format.
   */
  
! static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str)
  {
/* Placing the ASN1_STRING in a temp ASN1_TYPE allows
 * the DER encoding to

[openssl.org #89] missing prototypes for functions

2002-06-07 Thread Götz Babin-Ebell via RT 


__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]