[openssl.org #2443] mkdef.pl cannot handle FIPS related functions
The mingw cross-build of current HEAD(2011-01-31) fail : WARNING: mkdef.pl doesn't know the following algorithms: NEXTPROTONEG Creating library file: libcrypto.dll.a Cannot export FIPS_dh_free: symbol not defined . Cannot export RSA_X931_generate_key_ex: symbol not defined collect2: ld returned 1 exit status make[4]: *** [link_a.cygwin] Error 1 make[4]: Leaving directory `SRCDIR' make[3]: *** [do_cygwin-shared] Error 2 make[3]: Leaving directory `SRCDIR' make[2]: *** [libcrypto.dll.a] Error 2 make[2]: Leaving directory `SRCDIR' make[1]: *** [shared] Error 2 make[1]: Leaving directory `SRCDIR' make: *** [build_crypto] Error 1 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2444] Failure in build of the test programs (1.0.0c on MinGW)
Hello, I failed to build 1.0.0c on MinGW with the default config settings. The make command stopped at the test program build phase, because of empty source files: md2test.c, rc5test.c, and jpaketest.c. To work around this problem, the config arguments enable-md2 enable-rc5 experimental-jpake were required. -- Arihiro Yoshida __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2445] openssl-1.0.0c loses base64 data if newline missing
Description of problem: I'm testing smtp auth login using the command line. One step is to encode the username and password with /bin/echo -ne myusername | openssl enc -base64. The opposite step would be /bin/echo -ne bXl1c2VybmFtZQ== | openssl enc -d -base64, but this fails, until the -ne is removed. Version-Release number of selected component (if applicable): openssl-1.0.0c-1.fc14.i686.rpm (Fedora 14 openssl package) How reproducible: Every time Steps to Reproduce: 1. /bin/echo -ne bXl1c2VybmFtZQ== | openssl enc -d -base64 2. 3. Actual results: No output Expected results: The string 'myusername' should be printed, with no newline. Additional info: I got the recipe from http://goodingredients.org/recipe/articles/email3/smtp-testing.rst Side note: the built-in echo in tcsh doesn't recognize the '-ne', and sends it to stdout. That caused some frustration until I tried decoding it and the base64 spelled out -ne myusername. For testing, use /bin/echo or bash's echo, not tcsh echo. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2443] mkdef.pl cannot handle FIPS related functions
[open...@roumenpetrov.info - Thu Feb 03 16:36:58 2011]: The mingw cross-build of current HEAD(2011-01-31) fail : WARNING: mkdef.pl doesn't know the following algorithms: NEXTPROTONEG Creating library file: libcrypto.dll.a Cannot export FIPS_dh_free: symbol not defined . I'm currently updating the Windows build system for FIPS. It may end up being broken for a while until I can get all the pieces working properly: it's a bit messy. I *think* the above may be fixed in the next snapshot: I've added support to mkdef.pl for the FIPS symbol so it should now exclude things like FIPS_dh_free for non-FIPS builds. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
RE: [openssl.org #2445] openssl-1.0.0c loses base64 data if newline missing
From: owner-openssl-...@openssl.org On Behalf Of P Fudd via RT Sent: Thursday, 03 February, 2011 10:42 I'm testing smtp auth login using the command line. One step is to encode the username and password with /bin/echo -ne myusername | openssl enc -base64. The opposite step would be /bin/echo -ne bXl1c2VybmFtZQ== | openssl enc -d -base64, but this fails, until the -ne is removed. PEM-standard base64 requires a terminating linebreak, plus intermediate linebreaks if the encoding is longer than a 'normal' line length (about 70 or so, has varied over time), so that's what openssl does by default. The standards allow additional whitespace, as needed for RFC[2]822-folded headers, and AFAICS openssl accepts but doesn't generate that. Note whitespace isn't in the 64+1-character set, so added or changed whitespace doesn't alter the encoded data; this was deliberate and necessary for its original purpose. b64BIO, and commandline enc -base64/-a, adds newline(s) on encode (at 64 to be on the safe side) or expects and removes newline(s) on decode. As you note, if there is no newline on decode, it silently returns no data, which can be confusing; also if the/an input line is too long (80 I believe). In a program you can call BIO_set_flags(,_BASE64_NO_NL) and on commandline enc specify -A (uppercase). Latter is documented on the man page but not in the usage message. Then you get continuous data output (possibly inconveniently long) or it accepts continuous data input (no newlines). Version-Release number of selected component (if applicable): openssl-1.0.0c-1.fc14.i686.rpm (Fedora 14 openssl package) This particular point hasn't changed in yonks, but thanks for specifying because sometimes it does matter. Side note: the built-in echo in tcsh doesn't recognize the '-ne', and sends it to stdout. That caused some frustration until I tried decoding it and the base64 spelled out -ne myusername. For testing, use /bin/echo or bash's echo, not tcsh echo. /bin/echo *on Linux*; on other Unices maybe not. There have been several different echo *programs* in history, as well as the also different builtins of various shells. Some have used -n, some have used \c in the data instead, and the GNU version does both. Or pipe through tr -d '\n', or use perl (overkill but works): perl -e 'print foo.$/' # newline perl -e 'print foo\n' # also (but in more complicated cases # have to worry about re-escaping) perl -e 'print foo' # not (You can enable identifiers and have something like $EOL instead of $/, but I don't bother and don't even remember the details. And you can use \012 or \12 instead of \n to be el33t.) __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2444] Failure in build of the test programs (1.0.0c on MinGW)
Am 03.02.2011 16:39, schrieb via RT: Hello, I failed to build 1.0.0c on MinGW with the default config settings. The make command stopped at the test program build phase, because of empty source files: md2test.c, rc5test.c, and jpaketest.c. To work around this problem, the config arguments enable-md2 enable-rc5 experimental-jpake were required. duplicate - see #2377: http://rt.openssl.org/Ticket/Display.html?user=guestpass=guestid=2377 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2444] Failure in build of the test programs (1.0.0c on MinGW)
Am 03.02.2011 16:39, schrieb via RT: Hello, I failed to build 1.0.0c on MinGW with the default config settings. The make command stopped at the test program build phase, because of empty source files: md2test.c, rc5test.c, and jpaketest.c. To work around this problem, the config arguments enable-md2 enable-rc5 experimental-jpake were required. duplicate - see #2377: http://rt.openssl.org/Ticket/Display.html?user=guestpass=guestid=2377 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2443] mkdef.pl cannot handle FIPS related functions
Stephen Henson via RT wrote: [open...@roumenpetrov.info - Thu Feb 03 16:36:58 2011]: The mingw cross-build of current HEAD(2011-01-31) fail : WARNING: mkdef.pl doesn't know the following algorithms: NEXTPROTONEG Creating library file: libcrypto.dll.a Cannot export FIPS_dh_free: symbol not defined . I'm currently updating the Windows build system for FIPS. It may end up being broken for a while until I can get all the pieces working properly: it's a bit messy. I *think* the above may be fixed in the next snapshot: I've added support to mkdef.pl for the FIPS symbol so it should now exclude things like FIPS_dh_free for non-FIPS builds. Steve. 10x Functions RSA_X931_derive_ex and RSA_X931_generate_key_ex are not available in non-fips mode (see attached openssl-cvs-mingw-NOFIPS.patch plus minor cleanup in .cvsignore files for generated asm-files). Roumen Index: crypto/rsa/rsa.h === RCS file: /work/repo/mirror/openssl/openssl/crypto/rsa/rsa.h,v retrieving revision 1.87 diff -u -r1.87 rsa.h --- crypto/rsa/rsa.h 3 Feb 2011 10:03:22 - 1.87 +++ crypto/rsa/rsa.h 3 Feb 2011 22:40:07 - @@ -293,11 +293,13 @@ /* New version */ int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +#ifdef OPENSSL_FIPS int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb); int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb); +#endif /*def OPENSSL_FIPS*/ int RSA_check_key(const RSA *); /* next 4 return -1 on error */ Index: util/libeay.num === RCS file: /work/repo/mirror/openssl/openssl/util/libeay.num,v retrieving revision 1.317 diff -u -r1.317 libeay.num --- util/libeay.num 3 Feb 2011 12:59:00 - 1.317 +++ util/libeay.num 3 Feb 2011 22:52:24 - @@ -3664,7 +3664,7 @@ FIPS_rand_status4051 EXIST:OPENSSL_FIPS:FUNCTION: FIPS_rand_set_key 4052 EXIST:OPENSSL_FIPS:FUNCTION: CRYPTO_set_mem_info_functions 4053 NOEXIST::FUNCTION: -RSA_X931_generate_key_ex4054 EXIST::FUNCTION:RSA +RSA_X931_generate_key_ex4054 EXIST:OPENSSL_FIPS:FUNCTION:RSA int_ERR_set_state_func 4055 NOEXIST::FUNCTION: int_EVP_MD_set_engine_callbacks 4056 NOEXIST::FUNCTION: int_CRYPTO_set_do_dynlock_callback 4057 NOEXIST::FUNCTION: @@ -3675,7 +3675,7 @@ FIPS_rand_set_dt4062 EXIST:OPENSSL_FIPS:FUNCTION: CRYPTO_dbg_pop_info 4063 NOEXIST::FUNCTION: FIPS_dsa_free 4064 EXIST:OPENSSL_FIPS:FUNCTION:DSA -RSA_X931_derive_ex 4065 EXIST::FUNCTION:RSA +RSA_X931_derive_ex 4065 EXIST:OPENSSL_FIPS:FUNCTION:RSA FIPS_rsa_new4066 EXIST:OPENSSL_FIPS:FUNCTION:RSA FIPS_rand_bytes 4067 EXIST:OPENSSL_FIPS:FUNCTION: fips_cipher_test4068 EXIST:OPENSSL_FIPS:FUNCTION: Index: .cvsignore === RCS file: /work/repo/mirror/openssl/openssl/.cvsignore,v retrieving revision 1.14 diff -u -r1.14 .cvsignore --- .cvsignore 28 Oct 2008 15:29:25 - 1.14 +++ .cvsignore 31 Jan 2011 21:05:33 - @@ -16,6 +16,7 @@ *.flc semantic.cache Makefile +*.def* *.dll* *.so* *.sl* Index: crypto/.cvsignore === RCS file: /work/repo/mirror/openssl/openssl/crypto/.cvsignore,v retrieving revision 1.12 diff -u -r1.12 .cvsignore --- crypto/.cvsignore 17 Apr 2008 10:19:05 - 1.12 +++ crypto/.cvsignore 31 Jan 2011 21:04:53 - @@ -5,4 +5,4 @@ *.flc semantic.cache *cpuid.s -uplink-cof.s +uplink-*.s Index: crypto/aes/.cvsignore === RCS file: /work/repo/mirror/openssl/openssl/crypto/aes/.cvsignore,v retrieving revision 1.5 diff -u -r1.5 .cvsignore --- crypto/aes/.cvsignore 17 Apr 2008 10:19:05 - 1.5 +++ crypto/aes/.cvsignore 3 Aug 2009 22:10:14 - @@ -3,3 +3,4 @@ *.flc semantic.cache aes-*.s +aesni-*.s Index: crypto/modes/.cvsignore === RCS file: /work/repo/mirror/openssl/openssl/crypto/modes/.cvsignore,v retrieving revision 1.1 diff -u -r1.1 .cvsignore --- crypto/modes/.cvsignore 29 Dec 2008 00:27:06 - 1.1 +++ crypto/modes/.cvsignore 2 Feb 2011 21:38:33 - @@ -2,3 +2,4 @@ Makefile.save *.flc semantic.cache +ghash-*.s
RE: [openssl.org #2444] Failure in build of the test programs (1.0.0c on MinGW)
unsubscribe Timothy Cloud MSPRC Database Manager Chickasaw Nation Industries (405) 869-3358 (Office) (405) 568-9752 (Cell) Catch the V2IBE... -Original Message- From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On Behalf Of Guenter Sent: Thursday, February 03, 2011 4:08 PM To: openssl-dev@openssl.org Cc: via RT Subject: Re: [openssl.org #2444] Failure in build of the test programs (1.0.0c on MinGW) Am 03.02.2011 16:39, schrieb via RT: Hello, I failed to build 1.0.0c on MinGW with the default config settings. The make command stopped at the test program build phase, because of empty source files: md2test.c, rc5test.c, and jpaketest.c. To work around this problem, the config arguments enable-md2 enable-rc5 experimental-jpake were required. duplicate - see #2377: http://rt.openssl.org/Ticket/Display.html?user=guestpass=guestid=2377 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org - CONFIDENTIALITY NOTICE This e-mail is intended for the sole use of the individual(s) to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. You are hereby notified that any dissemination, duplication, or distribution of this transmission by someone other than the intended addressee or its designated agent is strictly prohibited. If you receive this e-mail in error, please notify me immediately by replying to this e-mail. -
Re: [openssl.org #2443] mkdef.pl cannot handle FIPS related functions
On Fri, Feb 04, 2011, Roumen Petrov wrote: Stephen Henson via RT wrote: [open...@roumenpetrov.info - Thu Feb 03 16:36:58 2011]: The mingw cross-build of current HEAD(2011-01-31) fail : WARNING: mkdef.pl doesn't know the following algorithms: NEXTPROTONEG Creating library file: libcrypto.dll.a Cannot export FIPS_dh_free: symbol not defined . I'm currently updating the Windows build system for FIPS. It may end up being broken for a while until I can get all the pieces working properly: it's a bit messy. I *think* the above may be fixed in the next snapshot: I've added support to mkdef.pl for the FIPS symbol so it should now exclude things like FIPS_dh_free for non-FIPS builds. Steve. 10x Functions RSA_X931_derive_ex and RSA_X931_generate_key_ex are not available in non-fips mode (see attached openssl-cvs-mingw-NOFIPS.patch plus minor cleanup in .cvsignore files for generated asm-files). I've updated the sources so they are now avaiable outside FIPS mode. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
