[STATUS] OpenSSL (Sun 29-Sep-2002)
OpenSSL STATUS Last modified at __ $Date: 2002/08/14 11:07:29 $ DEVELOPMENT STATE o OpenSSL 0.9.8: Under development... o OpenSSL 0.9.7-beta3: Released on July 30th, 2002 o OpenSSL 0.9.7-beta2: Released on June 16th, 2002 o OpenSSL 0.9.7-beta1: Released on June 1st, 2002 o OpenSSL 0.9.6g: Released on August 9th, 2002 o OpenSSL 0.9.6f: Released on August 8th, 2002 o OpenSSL 0.9.6e: Released on July 30th, 2002 o OpenSSL 0.9.6d: Released on May9th, 2002 o OpenSSL 0.9.6c: Released on December 21st, 2001 o OpenSSL 0.9.6b: Released on July 9th, 2001 o OpenSSL 0.9.6a: Released on April 5th, 2001 o OpenSSL 0.9.6: Released on September 24th, 2000 o OpenSSL 0.9.5a: Released on April 1st, 2000 o OpenSSL 0.9.5: Released on February 28th, 2000 o OpenSSL 0.9.4: Released on August09th, 1999 o OpenSSL 0.9.3a: Released on May 29th, 1999 o OpenSSL 0.9.3: Released on May 25th, 1999 o OpenSSL 0.9.2b: Released on March 22th, 1999 o OpenSSL 0.9.1c: Released on December 23th, 1998 [See also http://www.openssl.org/support/rt2.html] RELEASE SHOWSTOPPERS o BN_mod_mul verification fails for mips3-sgi-irix unless configured with no-asm AVAILABLE PATCHES o IN PROGRESS o Steve is currently working on (in no particular order): ASN1 code redesign, butchery, replacement. OCSP EVP cipher enhancement. Enhanced certificate chain verification. Private key, certificate and CRL API and implementation. Developing and bugfixing PKCS#7 (S/MIME code). Various X509 issues: character sets, certificate request extensions. o Geoff and Richard are currently working on: ENGINE (the new code that gives hardware support among others). o Richard is currently working on: UI (User Interface) UTIL (a new set of library functions to support some higher level functionality that is currently missing). Shared library support for VMS. Kerberos 5 authentication Constification OCSP NEEDS PATCH o 0.9.8-dev: COMPLEMENTOFALL and COMPLEMENTOFDEFAULT do not handle ECCdraft cipher suites correctly. o apps/ca.c: Sign the certificate? - n creates empty certificate file o OpenSSL STATUS is never up-to-date. OPEN ISSUES o The Makefile hierarchy and build mechanism is still not a round thing: 1. The config vs. Configure scripts It's the same nasty situation as for Apache with APACI vs. src/Configure. It confuses. Suggestion: Merge Configure and config into a single configure script with a Autoconf style interface ;-) and remove Configure and config. Or even let us use GNU Autoconf itself. Then we can avoid a lot of those platform checks which are currently in Configure. o Support for Shared Libraries has to be added at least for the major Unix platforms. The details we can rip from the stuff Ralf has done for the Apache src/Configure script. Ben wants the solution to be really simple. Status: Ralf will look how we can easily incorporate the compiler PIC and linker DSO flags from Apache into the OpenSSL Configure script. Ulf: +1 for using GNU autoconf and libtool (but not automake, which apparently is not flexible enough to generate libcrypto) WISHES o Add variants of DH_generate_parameters() and BN_generate_prime() [etc?] where the callback function can request that the function be aborted. [Gregory Stark [EMAIL PROTECTED], [EMAIL PROTECTED]] o SRP in TLS. [wished by: Dj [EMAIL PROTECTED], Tom Wu [EMAIL PROTECTED], Tom Holroyd [EMAIL PROTECTED]] See http://search.ietf.org/internet-drafts/draft-ietf-tls-srp-00.txt as well as http://www-cs-students.stanford.edu/~tjw/srp/. Tom Holroyd tells us there is a SRP patch for OpenSSH at http://members.tripod.com/professor_tom/archives/, that could be useful. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #293] Openssl-0.9.6g on Solaris, broken shared libraries
Bug description: Make and make test succeed, but the test programs are linked against the static libraries, never against the shared libraries, so if there is a problem with the shared libraries (and there is in my system, all applications linked against them core dump) it's not detected. The problem is probably not with the openssl shared libraries but they fail to work when used. I haven't found where exactly is the problem, but for reference here's the complete information. make report returns: OpenSSL self-test report: OpenSSL version: 0.9.6h-dev Last change: Don't impose a 16-byte length minimum on session IDs in... Options: --prefix=/usr/local/ssl threads shared no-asm OS (uname): SunOS legosoft 5.8 Generic_108528-14 sun4m sparc SUNW,SPARCstation-5 OS (config): sun4m-whatever-solaris2 Target (default): solaris-sparcv8-gcc Target: solaris-sparcv8-gcc Compiler: Configured with: ../gcc-3.2/configure --prefix=/opt/gnu --with-gnu-as --with-gnu-ld --disable-multilib --enable-threads --enable-languages=c,c++,objc,java --enable-libgcj --disable-nls Thread model: posix gcc version 3.2 Test passed. Note: This is the last recompile I did, I started with version 0.9.6g, then downloaded the last snapshot and tried again, then disabled use of assembler, then disabled optimization. Also tested the recommendation from bug report #29: re-linked without the -Wl,-Bsymbolic parameter, same result. To test the shared libraries I took a small program (adapted and corrected from the configure script of openSsh): #include string.h #include openssl/crypto.h int main(void) { return(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); } And compiled with: gcc -o test -pipe -g -Wall -Wpointer-arith -Wno-uninitialized -I../include -L.. -R.. test.c -lpam -ldl -lz -lsocket -lnsl -lcrypto Running it, in all tested variations, results in Segmentation Fault (core dumped) The stack traceback is: GNU gdb 5.0 [snip] This GDB was configured as sparc-sun-solaris2.8... (gdb) r Starting program: /home/rberber/openssl-0.9.6-stable-SNAP-20020925/test/test Program received signal SIGSEGV, Segmentation fault. 0xef4a6224 in __register_frame_info_bases (begin=0xef4c, ob=0xef4c, tbase=0x0, dbase=0x0) at ../../gcc-3.0.3/gcc/unwind-pe.h:211 211 ../../gcc-3.0.3/gcc/unwind-pe.h: No such file or directory. (gdb) where #0 0xef4a6224 in __register_frame_info_bases (begin=0xef4c, ob=0xef4c, tbase=0x0, dbase=0x0) at ../../gcc-3.0.3/gcc/unwind-pe.h:211 #1 0xef4a62a0 in __register_frame_info (begin=0xef4c, ob=0xef4c) at ../../gcc-3.0.3/gcc/unwind-pe.h:211 #2 0xef4e3f18 in frame_dummy () from /home/rberber/openssl-0.9.6-stable-SNAP-20020925/test/../libcrypto.so.0.9.6 #3 0xef4e3e00 in _init () from /home/rberber/openssl-0.9.6-stable-SNAP-20020925/test/../libcrypto.so.0.9.6 #4 0xef7cc1ec in ?? () #5 0xef7cbae4 in ?? () #6 0xef7d6fdc in ?? () #7 0xef7c2a50 in ?? () I think only #2 abd #3 are significant, gdb is reporting bogus information which include a path with gcc-3.0.3 which never has existed on this machine. Perhaps all the information is bogus since I haven't been able to put a breakpoint at the _init() or frame_dummy() routines, one is not found, the later is in another library not libcrypto. -- René Berber __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #295] Errors installing openssl 0.96g on windows 2000 using microsoft VC++ 6.0
Hi, I am having problems installing openssl 0.96g on windows 2000 when using microsoft visual C++ 6.0 .I will be really thankful if someone can help me out with this. I have followed the instructions given in the install file. When I used the nmake command below at the dos command prompt: nmake -f ms\ntdll.mak I am getting the following errors: Building OpenSSL cl /Fotmp32dll\cryptlib.obj -Iinc32 -Itmp32dll /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 / Fdout32dll /GD -D_WINDLL -D_DLL -c .\crypto\cryptlib.c cryptlib.c .\crypto\cryptlib.c(59) : fatal error C1083: Cannot open include file: 'stdio.h' : No such file or directory NMAKE : fatal error U1077: 'cl' : return code '0x2' Stop. will be awaiting for ur reply, thank you, Manjula __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #294] May be bug in apps/rand.c?
Openssl - version 0.9.6g engine OS - Solaris 2.8 Compiler - gcc 2.95.2 Machine - Sun Ultra 10. The command 'openssl rand -out foobar 1024' fails. An else seems to be missing in apps/rand.c. Patching with the diff -ur rand.c rand.c_mod where rand.c_mod is the modified file corrects the issue. === --- rand.c 2000-09-20 20:14:16.0 +0530 +++ rand.c_mod 2002-09-28 20:10:09.0 +0530 @@ -51,7 +51,7 @@ else badopt = 1; } - if (strcmp(argv[i], -engine) == 0) + else if (strcmp(argv[i], -engine) == 0) { if ((argv[i+1] != NULL) (engine == NULL)) engine = argv[++i]; === -ramki _ Send and receive Hotmail on your mobile device: http://mobile.msn.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [STATUS] OpenSSL (Sun 29-Sep-2002)
On Sun, 29 Sep 2002, OpenSSL Project wrote: RELEASE SHOWSTOPPERS o BN_mod_mul verification fails for mips3-sgi-irix unless configured with no-asm Eh, is this it? Are we waiting 0.9.7 release for ages just because some shitty, obsolete and unsecure OS/arch fails with assembly optimized routines? No? It would be nice to hear some real facts then.. What really needs to be done to get 0.9.7 out, is there something that I or anyone else could fix etc. -Antti __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]