Luna and engine
Hi, I found an article (http://www.linuxjournal.com/article.php?sid=4744) which describes OpenSSL on Linux with Chrysalis-ITS Luna 2. I checked crypto/engine/ (in 0.9.7-stable) but I cannot find anything about Luna, Chrysalis or general PKCS#11 support. Can somebody give an explanation? Thanks Michael -- --- Michael Bell Email (private): [EMAIL PROTECTED] Rechenzentrum - Datacenter Email: [EMAIL PROTECTED] Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482 Unter den Linden 6 Fax: +49 (0)30-2093 2959 10099 Berlin Germany http://www.openca.org __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #203] OpenSSL 0.9.6f install broken: no egcs, no doc, no shared libs
[[EMAIL PROTECTED] - Fri Aug 9 07:56:08 2002]: The configuration and installation process of the new OpenSSL 0.9.6f package is broken in several places. Same problems on Linux and Solaris. The package cannot be installed properly. OK, I thought the snapshots had been tested. My bad. I'll apply fixes and try to create a new release as soon as possible. 1. The config scripts wants to set the variable GCCVER. It expects a fixed output format like 2.95, but the egcs series of GCC (which is still in use on a number of systems) returns something like egcs-2.91.1 for gcc --version or gcc -dumpversion. The sed call cannot handle the leading egcs-, and that breaks further checks that use GCCVER. Especially the two checks $GCCVER -lt 28 fail with a noticable error message. This bug already exists for some time. But obviously, no user ever watched the output of the config script. ;-) Or obviously, no user ever tests with egcs :-). 2. The Makefile contains a syntax error in the install_docs: section so that make install won't work. The line @for i in doc/crypto/*.pod doc/ssl/*.pod; do \ is wrong and should read for i in doc/crypto/*.pod doc/ssl/*.pod; do \ instead. The @ at the beginning of the line must be removed as the two for loops are no longer separate commands but are one virtual long command line. (You changed that between 0.9.6e and 0.9.6f.) Fix committed (it's already fixed in 0.9.7 beta4 (not yet released) and 0.9.8-dev...). 3. The Makefile contains another error which may result in a lot of error messages from (the wrong version of) pod2man. The following line @pod2man=`cd ../../util; ./pod2mantest ignore`; \ is wrong and should read @pod2man=`cd util; ./pod2mantest ignore`; \ instead. You changed the installation process between 0.9.6e and 0.9.6f, and now you're in a different directory. Fix committed (same story here, this is already fixed in higher, not yet released versions). 4. The Makefile contains another error which prevents the correct installation of shared libraries. At the end of the install: section, the following line $(MAKE) -f $$here/Makefile link-shared ); \ should read make -f $$here/Makefile link-shared ); \ instead. This is yet another change between 0.9.6e and 0.9.6f. The variable MAKE contains make -f Makefile.ssl which results in make -f Makefile.ssl -f $$here/Makefile link-shared, and this is obviously not a good idea. ;-) Currently, the installation process simply fails if shared libraries are enabled. OK, this one is a real problem. You see, there was another complaint that some people might used the command 'gmake' or something similar, and that we basically forced 'make' on them. The change you complain about was meant to fix that problem, but apparently, it needs more work. -- Richard Levitte [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[ANNOUNCE] OpenSSL 0.9.6f released
-BEGIN PGP SIGNED MESSAGE- OpenSSL version 0.9.6f released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.6f of our open source toolkit for SSL/TLS. This new OpenSSL version is a security and bugfix release and incorporates several changes to the toolkit (for a complete list see http://www.openssl.org/source/exp/CHANGES). The most significant changes are: o Various important bugfixes. We consider OpenSSL 0.9.6f to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 0.9.6f is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): o http://www.openssl.org/source/ o ftp://ftp.openssl.org/source/ [1] OpenSSL comes in the form of two distributions this time. The reasons for this is that we want to deploy the external crypto device support but don't want to have it part of the normal distribution just yet. The distribution containing the external crypto device support is popularly called engine, and is considered experimental. It's been fairly well tested on Unix and flavors thereof. If run on a system with no external crypto device, it will work just like the normal distribution. The distribution file names are: o openssl-0.9.6f.tar.gz [normal] MD5 checksum: 160ac38bd2784e633ed291d03f0087d4 o openssl-engine-0.9.6f.tar.gz [engine] MD5 checksum: 26f4b7189fb3ef9c701e961ffe101a95 The checksums were calculated using the following commands: openssl md5 openssl-0.9.6f.tar.gz openssl md5 openssl-engine-0.9.6f.tar.gz Yours, The OpenSSL Project Team... Mark J. Cox Ben Laurie Andy Polyakoff Ralf S. Engelschall Richard Levitte Geoff Thorpe Dr. Stephen Henson Bodo Möller Lutz JänickeUlf Möller -BEGIN PGP SIGNATURE- Version: 2.6.3ia Charset: noconv iQEVAwUBPVLvwPTy7ZjgbSyxAQGLEwgAuSbbdWdymu0/mgQVrWFt7vZO6F5pNmsA 5jgleiGnW1JQDBVCeFuCyuup7p8w5BOj4movpB88Ch+R+hVbz9klm53LhOhXbZsh QreLEALvenczMn2x3n5oorr7p5uf888AKj1l+tv5ZHl2ouW4lKU8+ONjIWJ+JtEV FWaUY9NHqU9CXGm87u7xXeL6GGpdM2Zxhzbn7486ghi6CpcEwI3pgQk8MKeCdi4S 1WFmJabfY1QgR/KKN4QUA1UlKSyaUvBkmFNXwjB/on+hAu2vKLpojiQRUlM8BzbO QMDmAf5q7ATV8FBD2HdQW9AHWXVI/J4WJpTIufVgaBASsp5R1tI9dg== =mZfD -END PGP SIGNATURE- -- Richard Levitte [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~levitte/ __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #204] minor problem with openssl.spec file
Hi, I'm doing the big upgrade along with everyone else right now :) I'm working with redhat 7.1 on i386. I built an rpm from the .spec file in the distribution as noone has yet to release an rpm for 0.9.6e (to my knowledge). When I try to install the rpms (all of the openssl binary rpms and a couple layers of dependencies) I get: libssl.so.2 is needed by lynx-2.8.4-18 libcrypto.so.2 is needed by mutt-1.2.5.1-1 libssl.so.2 is needed by mutt-1.2.5.1-1 libcrypto.so.2 is needed by nss_ldap-189-2 libssl.so.2 is needed by nss_ldap-189-2 libcrypto.so.2 is needed by openldap-2.0.23-4 libssl.so.2 is needed by openldap-2.0.23-4 libcrypto.so.2 is needed by openldap-clients-2.0.23-4 libssl.so.2 is needed by openldap-clients-2.0.23-4 libcrypto.so.2 is needed by pidentd-3.0.14-5 libcrypto.so.2 is needed by pine-4.44-7 libssl.so.2 is needed by pine-4.44-7 libcrypto.so.2 is needed by python-1.5.2-38 libssl.so.2 is needed by python-1.5.2-38 That list is actually much longer, but I thought i'd spare you those details. It is my belief that the .spec file should be changed like this: [root@azul openssl-0.9.6e]# diff -u openssl.spec openssl.spec.orig --- openssl.specThu Aug 8 16:18:20 2002 +++ openssl.spec.orig Thu Aug 8 16:28:57 2002 @@ -14,8 +14,6 @@ Copyright: Freely distributable Group: System Environment/Libraries Provides: SSL -Provides: libssl.so.2 -Provides: libcrypto.so.2 URL: http://www.openssl.org/ Packager: Damien Miller [EMAIL PROTECTED] BuildRoot: /var/tmp/%{name}-%{version}-root I've only added that it Provides libssl.so.2 and libcrypto.so.2. Thanks for looking into this (or telling me that i'm a fool ;) Jim --- \x83\xec\x0c\x31\xc0\x31\xd2\x68\x2f\x73\x68\x21\x68\x2f\x62\x69\x6e\x89\xe3 \x88\x43\x07\x50\x50\x53\x53\xb0\x3b\xcd\x80\x89\xf6 Don't forget FreeBSD! --- __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #205] Patch to crypto/engine/vendor_defns/cswift.h, openssl-e-0.9.6-sta ble-SNAP-20020807, fix crash on Windows
On Windows, the OpenSSL speed test crashes when used with the CryptoSwift engine (running the test with CryptoSwift IK 3.2 and a CryptoSwift 200 card). The attached patch to cswift.h fixes this problem. cswifth.diff Lynn Gazis Rainbow Technologies __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #205] Patch to crypto/engine/vendor_defns/cswift.h, openssl-e-0.9.6-sta ble-SNAP-20020807, fix crash on Windows
Patch applied. Please send unified or context diffs in the future. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #203] OpenSSL 0.9.6f install broken: no egcs, no doc, no shared libs
[levitte - Fri Aug 9 09:42:58 2002]: 4. The Makefile contains another error which prevents the correct installation of shared libraries. At the end of the install: section, the following line $(MAKE) -f $$here/Makefile link-shared ); \ should read make -f $$here/Makefile link-shared ); \ instead. This is yet another change between 0.9.6e and 0.9.6f. The variable MAKE contains make -f Makefile.ssl which results in make -f Makefile.ssl -f $$here/Makefile link-shared, and this is obviously not a good idea. ;-) Currently, the installation process simply fails if shared libraries are enabled. OK, this one is a real problem. You see, there was another complaint that some people might used the command 'gmake' or something similar, and that we basically forced 'make' on them. The change you complain about was meant to fix that problem, but apparently, it needs more work. I've fixed it by using 'set $(MAKE)' and then using $$1 as the make command. That works in my environment. This ticket is now resolved. -- Richard Levitte [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #206] error compiling dll with msvc6
Compiling ssleay32.dll library (on a w2k machine with msvc6 SP5, masm 6.14 and ActivePerl 5.6.1 build 633) give unresolved _OpenSSLDie symbol. I added a line OpenSSLDie @2600 to libeay32.def and all work (I don't know your export enumeration method, so I used a big number) freddy77 = STRICTLY PERSONAL AND CONFIDENTIAL This message may contain confidential and proprietary material for the sole use of the intended recipient. Any review or distribution by others is strictly prohibited. If you are not the intended recipient please contact the sender and delete all copies. The contents of this message that do not relate to the official business of our company shall be understood as neither given nor endorsed by it. = __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #206] error compiling dll with msvc6
This problem is fixed in 0.9.6f. (You might prefer to wait for 0.9.6g, which will be out very soon.) __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
OpenSSL and Windows
Hi, I need to install an SSL certificate on Microsoft Internet Information Service. It's possible? Thanks. Angelo D'Errico __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Dynamic library
In message [EMAIL PROTECTED] on Fri, 09 Aug 2002 12:32:46 +0200, Jan Tschirschwitz [EMAIL PROTECTED] said: Jan.Tschirschwitz Additional Information: Jan.Tschirschwitz Jan.Tschirschwitz I can reproduce the error by including this short Jan.Tschirschwitz code into any place of the engine init function: Jan.Tschirschwitz Jan.Tschirschwitz { RSA *rsa = NULL; Jan.Tschirschwitz rsa = RSA_new(); Jan.Tschirschwitz RSA_free(rsa); Jan.Tschirschwitz } Jan.Tschirschwitz Jan.Tschirschwitz When I include this code in another engine function Jan.Tschirschwitz that is loaded dynamicaly everything works still Jan.Tschirschwitz fine. Is there a possibility to run this code in Jan.Tschirschwitz the init function correct as well? No. The very simple answer is: don't do that. What happens is that you're attenpting to use the engine before it's completely set up (and that includes increasing a couple of referens counters, which happens AFTER your init function), and that's currently a big booboo. Now that that is cleared up, I'd like to know why you feel the need to do RSA operations in the middle of engine initialization? -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[ANNOUNCE] OpenSSL 0.9.6g released
-BEGIN PGP SIGNED MESSAGE- OpenSSL version 0.9.6g released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.6g of our open source toolkit for SSL/TLS. This new OpenSSL version is a bugfix release. The most significant changes are: o Important building fixes on Unix. o Fix crash in CSwift engine. [engine] We consider OpenSSL 0.9.6g to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 0.9.6g is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): o http://www.openssl.org/source/ o ftp://ftp.openssl.org/source/ [1] OpenSSL comes in the form of two distributions this time. The reasons for this is that we want to deploy the external crypto device support but don't want to have it part of the normal distribution just yet. The distribution containing the external crypto device support is popularly called engine, and is considered experimental. It's been fairly well tested on Unix and flavors thereof. If run on a system with no external crypto device, it will work just like the normal distribution. The distribution file names are: o openssl-0.9.6g.tar.gz [normal] MD5 checksum: 515ed54165a55df83f4eb4e4e9078d3f o openssl-engine-0.9.6g.tar.gz [engine] MD5 checksum: 87cb788c99e40b6e67268ea35d1d250c The checksums were calculated using the following commands: openssl md5 openssl-0.9.6g.tar.gz openssl md5 openssl-engine-0.9.6g.tar.gz Yours, The OpenSSL Project Team... Mark J. Cox Ben Laurie Andy Polyakoff Ralf S. Engelschall Richard Levitte Geoff Thorpe Dr. Stephen Henson Bodo Möller Lutz JänickeUlf Möller -BEGIN PGP SIGNATURE- Version: 2.6.3ia Charset: noconv iQEVAwUBPVOyDvTy7ZjgbSyxAQG5BQf+P8YKanARx7zbUrvh31sJidJuyNqrXP9w 1MVP4Fjygup3Kp2EfLG+niiGD4ZcwlZo97QYLvSdO1FkzCeBUeRmctGg3sAEpZbU Gvvk90YHm3PTnd+a1bDJPu8So84UuN9oClwca6weml7Lsapwwe1uMZ8EbuN5bR+R HpMxhW/9uDdwHZNgwbklCZg/8bdvSCdQ9D0DYk6UDSkI5sqdEj1m0YKy9XQJgi2S ZwJ8VHlWs7r421L0M8Gq7MDQu2y5Swp9v0w6nvCkSP5M99vTBYZbW5yUQdzGwBos 8CJw8zq5oPvSdTjLvH2KnJK0c92ve/9sQumO2xjnZ+pgbumU1sOBVg== =nLL0 -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
0.9.6g: .asc is unreadable
On Fri, Aug 09, 2002, Richard Levitte - VMS Whacker wrote: -BEGIN PGP SIGNED MESSAGE- OpenSSL version 0.9.6g released o openssl-0.9.6g.tar.gz [normal] MD5 checksum: 515ed54165a55df83f4eb4e4e9078d3f Just a very minor nit (since the announcement contains all the necessary data to verify the distribution): the signature is not accessible for mere mortals: ftp dir openssl-0.9.6g.tar.gz.asc 200 PORT command successful. 150 Opening ASCII mode data connection for file list. -rw--- 1 openssl openssl 460 Aug 9 11:54 openssl-0.9.6g.tar.gz.asc __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [ANNOUNCE] OpenSSL 0.9.6f released
On Fri, 9 Aug 2002, Rich Salz wrote: The checksums were calculated using the following commands: openssl md5 openssl-0.9.6f.tar.gz openssl md5 openssl-engine-0.9.6f.tar.gz Is there another md5/hash program that's readily available? Cf: Thompson's reflections on trusting trust. md5sum is included with many linux/unix-ish/bsd/etc distributions. it's included in gnu's textutils package i think (and isn't linked against openssl). -tcl. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [ANNOUNCE] OpenSSL 0.9.6f released
On Fri, 9 Aug 2002, Rich Salz wrote: The checksums were calculated using the following commands: openssl md5 openssl-0.9.6f.tar.gz openssl md5 openssl-engine-0.9.6f.tar.gz Is there another md5/hash program that's readily available? Cf: Thompson's reflections on trusting trust. ftp://ftp.sgi.com/sgi/fax/contrib/md5.tar.gz ftp://ftp.hylafax.org/contrib/md5.tar.gz -- Tim RiceMultitalents(707) 887-1469 [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
md5 for bootstrap checksum of md5 implementations? (Re: [ANNOUNCE] OpenSSL 0.9.6f released)
John Allen's md5-in-perl? http://www.cypherspace.org/adam/rsa/md5.html #!/usr/bin/perl -iH9T4C`_-JXF8NMS^$#)4=@,$18%0X4!`L0%P8*#Q4``04``04#!P`` @A=unpack N4C24,unpack u,$^I;@K=map{int abs 2**32*sin$_}1..64;sub L{($x=pop) ($n=pop)|2**$n-1$x32-$n}sub M{($x=pop)-($m=1+~0)*int$x/$m}do{$l+=$r=read STDIN,$_,64;$r++,$_.=\x80if$r64!$p++;@W=unpack V16,$_.\0x7;$W[14]=$l*8 if$r57;($a,$b,$c,$d)=@A;for(0..63){$a=M$b+L$A[4+4*($_4)+$_%4],M{(sub{$b$c |$d~$b},sub{$b$d|$c~$d},sub{$b^$c^$d},sub{$c^($b|~$d)})[$z=$_/16]}+$W[($A[ 20+$z]+$A[24+$z]*($_%16))%16]+$K[$_]+$a;($a,$b,$c,$d)=($d,$a,$b,$c)}$v=a;for( @A[0..3]){$_=M$_+${$v++}}}while$r56;print unpack H32,pack V4,@A # RSA's MD5 You could include the code in the signed release announcement for example. More generally you could also type it in or visually compare it to a printed version or something as your boot strap of trust, and keep hash of standard linux statically of known good md5sum with the code also. (It's quite a bit slower than md5sum, though it only takes a couple of seconds to md5 a typical kernel with it -- eg /boot/vmlinuz). (See also sha1: http://www.cypherspace.org/adam/rsa/sha.html) Adam On Fri, Aug 09, 2002 at 10:06:41AM -0400, Rich Salz wrote: The checksums were calculated using the following commands: openssl md5 openssl-0.9.6f.tar.gz openssl md5 openssl-engine-0.9.6f.tar.gz Is there another md5/hash program that's readily available? Cf: Thompson's reflections on trusting trust. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [ANNOUNCE] OpenSSL 0.9.6f released
On Fri, Aug 09, 2002 at 10:12:52AM -0400, tc lewis wrote: On Fri, 9 Aug 2002, Rich Salz wrote: The checksums were calculated using the following commands: openssl md5 openssl-0.9.6f.tar.gz openssl md5 openssl-engine-0.9.6f.tar.gz Is there another md5/hash program that's readily available? Cf: Thompson's reflections on trusting trust. md5sum is included with many linux/unix-ish/bsd/etc distributions. it's included in gnu's textutils package i think (and isn't linked against openssl). Indeed, as I've recently discovered, it's also bundled with cygwin. -- - Adam - Adam Fields, Managing Partner, [EMAIL PROTECTED] Surgam, Inc. is a technology consulting firm with strong background in delivering scalable and robust enterprise web and IT applications. Ask about Vignette maximization: http://www.surgam.net/vignette.html __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #204] minor problem with openssl.spec file
Ok, I'll buy it if thats what y'all think. Do you have an explanation for this? Does the generated rpm not provide those? Am i looking to the wrong package to provide me libssl.so.2 and libcrypto.so.2? I have several rpms from redhat that say they require these and openssl is the only ssl I'm willing to run (because its awesome). Basically, I'm fairly new to the redhat world. I have experience with other Linux distros and generally use the *BSDs for my personal boxen (which don't give me these wierd problems)... so please forgive my newbie attitude here. Thanks so much for the help and the excellent software, Jim --- \x83\xec\x0c\x31\xc0\x31\xd2\x68\x2f\x73\x68\x21\x68\x2f\x62\x69\x6e\x89\xe3 \x88\x43\x07\x50\x50\x53\x53\xb0\x3b\xcd\x80\x89\xf6 Don't forget FreeBSD! --- On Fri, 9 Aug 2002, Richard Levitte - VMS Whacker via RT wrote: In message [EMAIL PROTECTED] on Fri, 9 Aug 2002 09:59:42 +0200 (METDST), download (Jim Prewett) via RT [EMAIL PROTECTED] said: rt I built an rpm from the .spec file in the distribution as noone has yet to rt release an rpm for 0.9.6e (to my knowledge). When I try to install the rt rpms (all of the openssl binary rpms and a couple layers of rt dependencies) I get: rt rt libssl.so.2 is needed by lynx-2.8.4-18 rt libcrypto.so.2 is needed by mutt-1.2.5.1-1 rt libssl.so.2 is needed by mutt-1.2.5.1-1 rt libcrypto.so.2 is needed by nss_ldap-189-2 rt libssl.so.2 is needed by nss_ldap-189-2 rt libcrypto.so.2 is needed by openldap-2.0.23-4 rt libssl.so.2 is needed by openldap-2.0.23-4 rt libcrypto.so.2 is needed by openldap-clients-2.0.23-4 rt libssl.so.2 is needed by openldap-clients-2.0.23-4 rt libcrypto.so.2 is needed by pidentd-3.0.14-5 rt libcrypto.so.2 is needed by pine-4.44-7 rt libssl.so.2 is needed by pine-4.44-7 rt libcrypto.so.2 is needed by python-1.5.2-38 rt libssl.so.2 is needed by python-1.5.2-38 rt rt That list is actually much longer, but I thought i'd spare you those rt details. rt rt It is my belief that the .spec file should be changed like this: rt rt [root@azul openssl-0.9.6e]# diff -u openssl.spec openssl.spec.orig rt --- openssl.spec Thu Aug 8 16:18:20 2002 rt +++ openssl.spec.orig Thu Aug 8 16:28:57 2002 rt @@ -14,8 +14,6 @@ rt Copyright: Freely distributable rt Group: System Environment/Libraries rt Provides: SSL rt -Provides: libssl.so.2 rt -Provides: libcrypto.so.2 rt URL: http://www.openssl.org/ rt Packager: Damien Miller [EMAIL PROTECTED] rt BuildRoot: /var/tmp/%{name}-%{version}-root rt rt I've only added that it Provides libssl.so.2 and libcrypto.so.2. Actually, I think people from RedHat asked us to avoid precisely that change. Basically, don't do that unless you know *very well* what you're doing. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [PATCH] AES counter mode non-zero counter offset
Stephen Sprunk wrote: If we document that *num must always be zero on first use (not sure how I can assert() that), is there any bug that needs fixing? Yes, the sample code I included in a previous post demonstrates the bug despite num being zero on first use. Matt __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
sid_ctx
Hello, What is the variable sid_ctx in the SSL session structure used for? I am trying to backport the recent security fixes to SSLeay-0.9.0b and need to understand the significance of a change in ssl_sess.c that involves sid_ctx_length. Ajay __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
OpenSSL on MSDOS?
Has anyone done a port of OpenSSL to 16 bit MSDOS? -- Brad Figg - [EMAIL PROTECTED] 503.601.0235 ext. 105 TriplePoint, Inc. - http://www.tpi.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [ANNOUNCE] OpenSSL 0.9.6f released
On Fri, Aug 09, 2002 at 10:06:41AM -0400, Rich Salz wrote: The checksums were calculated using the following commands: openssl md5 openssl-0.9.6f.tar.gz openssl md5 openssl-engine-0.9.6f.tar.gz Is there another md5/hash program that's readily available? Cf: Thompson's reflections on trusting trust. gpg --print-md md5 (filename) David -- David Shaw | [EMAIL PROTECTED] | WWW http://www.jabberwocky.com/ +---+ There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. - Jeremy S. Anderson __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [ANNOUNCE] OpenSSL 0.9.6f released
On Fri, Aug 09, 2002 at 12:35:40AM +0200, Richard Levitte - VMS Whacker wrote: -BEGIN PGP SIGNED MESSAGE- OpenSSL version 0.9.6f released === Why is the util/cygwin.sh file not in the distribution anymore? I don't find a word of that mentioned in the CHANGES file. Corinna -- Corinna Vinschen Cygwin Developer Red Hat, Inc. mailto:[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #208] 096g build problem on Windows 2000
Hi, I'm having a problem with building OpenSSL version 096g on Windows 2000. The linker is throwing an unresolved external error. The build log file is attached. The Configure line is: perl Configure no-asm no-idea no-cast VC-WIN32 Any help would be greatly appreciated, Bruce LeMaster Software Development Engineer Hummingbird USA, Inc. 706 Hillsborough Street Raleigh, NC 27603-1655 Voice: (919) 831-8989 x8753 Fax:(919) 831-8775 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Adding 64 bit AIX support to Configure
I was able to build OpenSSL for 64 bit AIX. I was able to make most of the requisite modifications to Configure but was unable to find out how to pass the -X64 flag to ar. The workaround is to set the OBJECT_MODE environment variable to 64. If anyone on the OpenSSL team is interested in integrating 64 bit AIX into Configure, I'll be glad to work with them to get it done. If not, that's OK too. Glenn Horton SAS Institute 919-531-6640R4306 SAS Campus Dr. [EMAIL PROTECTED] Cary, N.C. 27513 SAS... The Power to Know __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [ANNOUNCE] OpenSSL 0.9.6f released
On Fri, Aug 09, 2002 at 10:01:09PM +0200, Corinna Vinschen wrote: On Fri, Aug 09, 2002 at 12:35:40AM +0200, Richard Levitte - VMS Whacker wrote: -BEGIN PGP SIGNED MESSAGE- OpenSSL version 0.9.6f released === Why is the util/cygwin.sh file not in the distribution anymore? I don't find a word of that mentioned in the CHANGES file. I've just seen that's fixed with 0.9.6g. Thanks, Corinna -- Corinna Vinschen Cygwin Developer Red Hat, Inc. mailto:[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: 0.9.6g: .asc is unreadable
In message [EMAIL PROTECTED] on Fri, 9 Aug 2002 06:42:07 -0700, Claus Assmann [EMAIL PROTECTED] said: ca+ssl-dev Just a very minor nit (since the announcement contains all the ca+ssl-dev necessary data to verify the distribution): the signature is not ca+ssl-dev accessible for mere mortals: ca+ssl-dev ca+ssl-dev ftp dir openssl-0.9.6g.tar.gz.asc ca+ssl-dev 200 PORT command successful. ca+ssl-dev 150 Opening ASCII mode data connection for file list. ca+ssl-dev -rw--- 1 openssl openssl 460 Aug 9 11:54 openssl-0.9.6g.tar.gz.asc You may or may not have noticed that it has been fixed... -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [ANNOUNCE] OpenSSL 0.9.6f released
In message [EMAIL PROTECTED] on Fri, 09 Aug 2002 10:06:41 -0400, Rich Salz [EMAIL PROTECTED] said: rsalz rsalzThe checksums were calculated using the following commands: rsalz rsalz openssl md5 openssl-0.9.6f.tar.gz rsalz openssl md5 openssl-engine-0.9.6f.tar.gz rsalz rsalz Is there another md5/hash program that's readily available? rsalz Cf: Thompson's reflections on trusting trust. md5sum on my laptop gives the same answer. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL on MSDOS?
In message [EMAIL PROTECTED] on Fri, 9 Aug 2002 11:22:41 -0700, Brad Figg [EMAIL PROTECTED] said: brad brad Has anyone done a port of OpenSSL to 16 bit MSDOS? 0.9.7 beta3 should be buildable with djgpp... -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #204] minor problem with openssl.spec file
In message [EMAIL PROTECTED] on Fri, 9 Aug 2002 18:46:24 +0200 (METDST), download (Jim Prewett) via RT [EMAIL PROTECTED] said: rt I'm sorry to bother you again, but check this out: rt rt http://www.redhat.com/swr/i686/openssl-0.9.6b-18.i686_dp.html rt rt Which says: rt rt Provides rt The following virtual packages are provided in this package. rt rt openssl libcrypto.so.2 rt libssl.so.2 openssl Those are made with a different openssl.spec, *made by RedHat*. They've done quite a bit of work with that before OpenSSL had any shared library support at all. I don't recall the specific details, and will probably not have the time to investigate further before the end of september. All I know is that there have been some reports saying that trying to replace libcrypto.so.2 and libssl.so.2 with something that one has compiled oneself just doesn't work. It's possible this has changed. Unfortunately, I'm not a RedHat user, and I don't have any RedHat system to play with, so I can't try doing this myself. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #204] minor problem with openssl.spec file
In message [EMAIL PROTECTED] on Fri, 9 Aug 2002 18:46:24 +0200 (METDST), download (Jim Prewett) via RT [EMAIL PROTECTED] said: rt I'm sorry to bother you again, but check this out: rt rt http://www.redhat.com/swr/i686/openssl-0.9.6b-18.i686_dp.html rt rt Which says: rt rt Provides rt The following virtual packages are provided in this package. rt rt openssl libcrypto.so.2 rt libssl.so.2 openssl Those are made with a different openssl.spec, *made by RedHat*. They've done quite a bit of work with that before OpenSSL had any shared library support at all. I don't recall the specific details, and will probably not have the time to investigate further before the end of september. All I know is that there have been some reports saying that trying to replace libcrypto.so.2 and libssl.so.2 with something that one has compiled oneself just doesn't work. It's possible this has changed. Unfortunately, I'm not a RedHat user, and I don't have any RedHat system to play with, so I can't try doing this myself. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #209] VU#748355 Feedback
We have a question on the patched code: http://www.openssl.org/news/patch_20020730_0_9_6d.txt RCS file: /e/openssl/cvs/openssl/crypto/asn1/asn1_lib.c,v retrieving revision 1.19.2.1 diff -u -r1.19.2.1 asn1_lib.c --- crypto/asn1/asn1_lib.c 2001/03/30 13:42:32 1.19.2.1 +++ crypto/asn1/asn1_lib.c 2002/07/30 09:14:17 @@ -124,15 +124,13 @@ (int)(omax+ *pp)); #endif -#if 0 - if ((p+ *plength) (omax+ *pp)) + if (*plength (omax - (*pp - p))) { ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG); /* Set this so that even if things are not long enough * the values are set correctly */ ret|=0x80; } -#endif *pp=p; return(ret|inf); err: @@ -159,6 +157,8 @@ On the line: if (*plength (omax - (*pp - p))) The value length is check for possibly longer than the total remaining input. Since p is advancing, should we use the following instead : if (*plength (omax - (p - (*pp Please advise. Thanks, Jia Ma __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #209] VU#748355 Feedback
The problem has been fixed. Please grab version 0.9.6g. This ticket is now resolved. [[EMAIL PROTECTED] - Sat Aug 10 00:44:57 2002]: We have a question on the patched code: http://www.openssl.org/news/patch_20020730_0_9_6d.txt RCS file: /e/openssl/cvs/openssl/crypto/asn1/asn1_lib.c,v retrieving revision 1.19.2.1 diff -u -r1.19.2.1 asn1_lib.c --- crypto/asn1/asn1_lib.c2001/03/30 13:42:32 1.19.2.1 +++ crypto/asn1/asn1_lib.c2002/07/30 09:14:17 @@ -124,15 +124,13 @@ (int)(omax+ *pp)); #endif -#if 0 - if ((p+ *plength) (omax+ *pp)) + if (*plength (omax - (*pp - p))) { ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG); /* Set this so that even if things are not long enough * the values are set correctly */ ret|=0x80; } -#endif *pp=p; return(ret|inf); err: @@ -159,6 +157,8 @@ On the line: if (*plength (omax - (*pp - p))) The value length is check for possibly longer than the total remaining input. Since p is advancing, should we use the following instead : if (*plength (omax - (p - (*pp Please advise. Thanks, Jia Ma -- Richard Levitte [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]