[STATUS] OpenSSL (Sun 29-Sep-2002)

[OpenSSL Project]

  OpenSSL STATUS   Last modified at
  __   $Date: 2002/08/14 11:07:29 $

  DEVELOPMENT STATE

o  OpenSSL 0.9.8:  Under development...
o  OpenSSL 0.9.7-beta3: Released on July 30th, 2002
o  OpenSSL 0.9.7-beta2: Released on June 16th, 2002
o  OpenSSL 0.9.7-beta1: Released on June  1st, 2002
o  OpenSSL 0.9.6g: Released on August 9th, 2002
o  OpenSSL 0.9.6f: Released on August 8th, 2002
o  OpenSSL 0.9.6e: Released on July  30th, 2002
o  OpenSSL 0.9.6d: Released on May9th, 2002
o  OpenSSL 0.9.6c: Released on December  21st, 2001
o  OpenSSL 0.9.6b: Released on July   9th, 2001
o  OpenSSL 0.9.6a: Released on April  5th, 2001
o  OpenSSL 0.9.6:  Released on September 24th, 2000
o  OpenSSL 0.9.5a: Released on April  1st, 2000
o  OpenSSL 0.9.5:  Released on February  28th, 2000
o  OpenSSL 0.9.4:  Released on August09th, 1999
o  OpenSSL 0.9.3a: Released on May   29th, 1999
o  OpenSSL 0.9.3:  Released on May   25th, 1999
o  OpenSSL 0.9.2b: Released on March 22th, 1999
o  OpenSSL 0.9.1c: Released on December  23th, 1998

  [See also http://www.openssl.org/support/rt2.html]

  RELEASE SHOWSTOPPERS

o BN_mod_mul verification fails for mips3-sgi-irix
  unless configured with no-asm

  AVAILABLE PATCHES

o 

  IN PROGRESS

o Steve is currently working on (in no particular order):
ASN1 code redesign, butchery, replacement.
OCSP
EVP cipher enhancement.
Enhanced certificate chain verification.
Private key, certificate and CRL API and implementation.
Developing and bugfixing PKCS#7 (S/MIME code).
Various X509 issues: character sets, certificate request extensions.
o Geoff and Richard are currently working on:
ENGINE (the new code that gives hardware support among others).
o Richard is currently working on:
UI (User Interface)
UTIL (a new set of library functions to support some higher level
  functionality that is currently missing).
Shared library support for VMS.
Kerberos 5 authentication
Constification
OCSP

  NEEDS PATCH

o  0.9.8-dev: COMPLEMENTOFALL and COMPLEMENTOFDEFAULT do not
   handle ECCdraft cipher suites correctly.

o  apps/ca.c: Sign the certificate? - n creates empty certificate file

o  OpenSSL STATUS is never up-to-date.

  OPEN ISSUES

o  The Makefile hierarchy and build mechanism is still not a round thing:

   1. The config vs. Configure scripts
  It's the same nasty situation as for Apache with APACI vs.
  src/Configure. It confuses.
  Suggestion: Merge Configure and config into a single configure
  script with a Autoconf style interface ;-) and remove
  Configure and config. Or even let us use GNU Autoconf
  itself. Then we can avoid a lot of those platform checks
  which are currently in Configure.

o  Support for Shared Libraries has to be added at least
   for the major Unix platforms. The details we can rip from the stuff
   Ralf has done for the Apache src/Configure script. Ben wants the
   solution to be really simple.

   Status: Ralf will look how we can easily incorporate the
   compiler PIC and linker DSO flags from Apache
   into the OpenSSL Configure script.

   Ulf: +1 for using GNU autoconf and libtool (but not automake,
which apparently is not flexible enough to generate
libcrypto)

  WISHES

o  Add variants of DH_generate_parameters() and BN_generate_prime() [etc?]
   where the callback function can request that the function be aborted.
   [Gregory Stark [EMAIL PROTECTED], [EMAIL PROTECTED]]

o  SRP in TLS.
   [wished by:
Dj [EMAIL PROTECTED], Tom Wu [EMAIL PROTECTED],
Tom Holroyd [EMAIL PROTECTED]]

   See http://search.ietf.org/internet-drafts/draft-ietf-tls-srp-00.txt
   as well as http://www-cs-students.stanford.edu/~tjw/srp/.

   Tom Holroyd tells us there is a SRP patch for OpenSSH at
   http://members.tripod.com/professor_tom/archives/, that could
   be useful.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #293] Openssl-0.9.6g on Solaris, broken shared libraries

[René Berber via RT]

Bug description:

Make and make test succeed, but the test programs are linked against the static 
libraries, never against the shared libraries, so if there is a problem with the 
shared libraries (and there is in my system, all applications linked against them core 
dump) it's not detected.

The problem is probably not with the openssl shared libraries but they fail to work 
when used.  I haven't found where exactly is the problem, but for reference here's the 
complete information.

make report returns:

OpenSSL self-test report:

OpenSSL version:  0.9.6h-dev
Last change:  Don't impose a 16-byte length minimum on session IDs in...
Options:  --prefix=/usr/local/ssl threads shared no-asm
OS (uname):   SunOS legosoft 5.8 Generic_108528-14 sun4m sparc SUNW,SPARCstation-5
OS (config):  sun4m-whatever-solaris2
Target (default): solaris-sparcv8-gcc
Target:   solaris-sparcv8-gcc
Compiler: Configured with: ../gcc-3.2/configure --prefix=/opt/gnu 
--with-gnu-as --with-gnu-ld --disable-multilib --enable-threads 
--enable-languages=c,c++,objc,java --enable-libgcj --disable-nls
Thread model: posix
gcc version 3.2

Test passed.

Note: This is the last recompile I did, I started with version 0.9.6g, then downloaded 
the last snapshot and tried again, then disabled use of assembler, then disabled 
optimization.  Also tested the recommendation from bug report #29: re-linked without 
the -Wl,-Bsymbolic parameter, same result.

To test the shared libraries I took a small program (adapted and corrected from the 
configure script of openSsh):

#include string.h
#include openssl/crypto.h

int main(void) { return(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }

And compiled with:

gcc -o test -pipe -g -Wall -Wpointer-arith -Wno-uninitialized -I../include -L.. -R.. 
test.c -lpam -ldl -lz -lsocket -lnsl -lcrypto

Running it, in all tested variations, results in Segmentation Fault (core dumped)

The stack traceback is:

GNU gdb 5.0
[snip]
This GDB was configured as sparc-sun-solaris2.8...
(gdb) r
Starting program: /home/rberber/openssl-0.9.6-stable-SNAP-20020925/test/test 

Program received signal SIGSEGV, Segmentation fault.
0xef4a6224 in __register_frame_info_bases (begin=0xef4c, ob=0xef4c, 
tbase=0x0, dbase=0x0) at ../../gcc-3.0.3/gcc/unwind-pe.h:211
211 ../../gcc-3.0.3/gcc/unwind-pe.h: No such file or directory.
(gdb) where
#0  0xef4a6224 in __register_frame_info_bases (begin=0xef4c, 
ob=0xef4c, tbase=0x0, dbase=0x0) at ../../gcc-3.0.3/gcc/unwind-pe.h:211
#1  0xef4a62a0 in __register_frame_info (begin=0xef4c, ob=0xef4c)
at ../../gcc-3.0.3/gcc/unwind-pe.h:211
#2  0xef4e3f18 in frame_dummy ()
   from /home/rberber/openssl-0.9.6-stable-SNAP-20020925/test/../libcrypto.so.0.9.6
#3  0xef4e3e00 in _init ()
   from /home/rberber/openssl-0.9.6-stable-SNAP-20020925/test/../libcrypto.so.0.9.6
#4  0xef7cc1ec in ?? ()
#5  0xef7cbae4 in ?? ()
#6  0xef7d6fdc in ?? ()
#7  0xef7c2a50 in ?? ()

I think only #2 abd #3 are significant, gdb is reporting bogus information which 
include a path with gcc-3.0.3 which never has existed on this machine.  Perhaps all 
the information is bogus since I haven't been able to put a breakpoint at the _init() 
or frame_dummy() routines, one is not found, the later is in another library not 
libcrypto.

-- 
René Berber

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #295] Errors installing openssl 0.96g on windows 2000 using microsoft VC++ 6.0

Hi,

I am having problems installing openssl 0.96g on windows 2000 when using microsoft 
visual C++ 6.0 .I will be really thankful if someone can help me out with this. I have 
followed the instructions given in the install file. When I used the nmake command 
below  at the dos command prompt:
 nmake -f ms\ntdll.mak

I am getting the following errors:

Building OpenSSL
cl /Fotmp32dll\cryptlib.obj  -Iinc32 -Itmp32dll /MD /W3 /WX /G5 /Ox /O2
/Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 /
Fdout32dll /GD -D_WINDLL -D_DLL  -c .\crypto\cryptlib.c
cryptlib.c
.\crypto\cryptlib.c(59) : fatal error C1083: Cannot open include file: 'stdio.h'
: No such file or directory
NMAKE : fatal error U1077: 'cl' : return code '0x2'
Stop.

will be awaiting for ur reply,
thank you,
Manjula

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #294] May be bug in apps/rand.c?

Openssl - version 0.9.6g engine
OS - Solaris 2.8
Compiler - gcc 2.95.2
Machine - Sun Ultra 10.

The command 'openssl rand -out foobar 1024' fails.

An else seems to be missing in apps/rand.c.

Patching with the diff -ur rand.c rand.c_mod where rand.c_mod is the 
modified file corrects the issue.

===
--- rand.c  2000-09-20 20:14:16.0 +0530
+++ rand.c_mod  2002-09-28 20:10:09.0 +0530
@@ -51,7 +51,7 @@
else
badopt = 1;
}
-   if (strcmp(argv[i], -engine) == 0)
+   else if (strcmp(argv[i], -engine) == 0)
{
if ((argv[i+1] != NULL)  (engine == NULL))
engine = argv[++i];
===

-ramki

_
Send and receive Hotmail on your mobile device: http://mobile.msn.com

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [STATUS] OpenSSL (Sun 29-Sep-2002)

[Antti Tapaninen]

On Sun, 29 Sep 2002, OpenSSL Project wrote:

   RELEASE SHOWSTOPPERS

 o BN_mod_mul verification fails for mips3-sgi-irix
   unless configured with no-asm

Eh, is this it? Are we waiting 0.9.7 release for ages just because some
shitty, obsolete and unsecure OS/arch fails with assembly optimized
routines?

No? It would be nice to hear some real facts then..

What really needs to be done to get 0.9.7 out, is there
something that I or anyone else could fix etc.

-Antti

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]