Re: cvs commit: openssl CHANGES
In message [EMAIL PROTECTED] on Sun, 8 Dec 2002 10:31:46 +0100 (MET), [EMAIL PROTECTED] said: levitte Log: levitte Since it's defined in draft-ietf-tls-compression-04.txt, let's make levitte ZLIB a known compression method, with the identity 1. Quite honestly, I'm wondering if I should move this to 0.9.7-stable... -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Building openssh-3.5p1 with new DES functions
Hi, I've seen that openssh will have different function names for des, I think thats great. As kerberos4 nor kerbero5 from KTH in Sweden support those new calls yet, I thought it would be best for me to switch back to the old behaviour, i.e. have kerberized libkrb and other libs with disabled support for openssl (which means libdes is compiled). Then, compile openssh-3.5p1 with kerberos4 and afs support. That properly picks up -lkrb -ldes etc. Unfortunately, with this untested setup I got (i'm not sure if this is a openssh or openssl problem): Manpage format: man PAM support: no KerberosIV support: yes KerberosV support: no Smartcard support: no AFS support: yes S/KEY support: no TCP Wrappers support: yes MD5 password support: no IP address in $DISPLAY hack: no Use IPv4 by default hack: no Translate v4 in v6 hack: no BSD Auth support: no Random number source: OpenSSL internal ONLY Host: alphaev67-dec-osf5.1 Compiler: cc Compiler flags: -I/software/@sys/usr/include -I/usr/local/include Preprocessor flags: -I/usr/local/openssl/include -Iyes -I/software/@sys/usr/include -I/usr/local/include -I/usr/athena-1.2.1-no-openssl/include -I/usr/afsws/include Linker flags: -L/usr/local/openssl/lib -Lyes -L/usr/local/lib -L/software/@sys/usr/lib -L/usr/athena-1.2.1-no-openssl/lib -L/usr/afsws/lib Libraries: -lwrap -lkafs -lresolv -ldes -lkrb -lz -L/usr/local/lib -L/software/@sys/usr/lib -L/usr/local/openssl/lib -L/usr/lib -lsecurity -ldb -lm -laud -lcrypto -ldes I hope, that there will be no symbol clashes between ldes and lcrypto anymore. ;-) $ CC=cc CFLAGS=-I/software/@sys/usr/include -I/usr/local/include CPPFLAGS=-I/software/@sys/usr/include -I/usr/local/include LDFLAGS=-L/usr/local/lib -L/software/@sys/usr/lib ./configure --prefix=/usr/local --with-tcp-wrappers --with-ssl-dir=/usr/local/openssl --with-prngd-socket=/var/run/egd-pool --with-default-path=/usr/bin:/bin:/sbin:/usr/local/bin:/usr/local/sbin:/software/@sys/usr/bin:/software/@sys/usr/sbin:/usr/bin/X11:/usr/afs/bin:/usr/athena/bin:/usr/local/openssl/bin:/usr/opt/svr4/bin:/usr/opt/svr4/sbin --with-xauth=/usr/bin/X11/xauth --with-zlib --with-osfsia --with-login=/usr/bin/login --without-privsep --with-afs=/usr/afsws --with-kerberos4=/usr/athena-1.2.1-no-openssl [...] cc -I/software/@sys/usr/include -I/usr/local/include -I. -I. -I/usr/local/openssl/include -Iyes -I/software/@sys/usr/include -I/usr/local/include -I/usr/athena-1.2.1-no-openssl/include -I/usr/afsws/include -DSSHDIR=\/usr/local/etc\ -D_PATH_SSH_PROGRAM=\/usr/local/bin/ssh\ -D_PATH_SSH_ASKPASS_DEFAULT=\/usr/local/libexec/ssh-askpass\ -D_PATH_SFTP_SERVER=\/usr/local/libexec/sftp-server\ -D_PATH_SSH_KEY_SIGN=\/usr/local/libexec/ssh-keysign\ -D_PATH_SSH_PIDDIR=\/var/run\ -D_PATH_PRIVSEP_CHROOT_DIR=\/var/empty\ -DSSH_RAND_HELPER=\/usr/local/libexec/ssh-rand-helper\ -DHAVE_CONFIG_H -c sshconnect1.c cc: Error: /usr/local/openssl/include/openssl/mdc2.h, line 79: Missing type specifier or type qualifier. (missingtype) DES_cblock h,hh; ^ make: *** [sshconnect1.o] Error 1 -- Martin Mokrejs [EMAIL PROTECTED], [EMAIL PROTECTED] PGP5.0i key is at http://www.natur.cuni.cz/~mmokrejs MIPS / Institute for Bioinformatics http://mips.gsf.de GSF - National Research Center for Environment and Health Ingolstaedter Landstrasse 1, D-85764 Neuherberg, Germany tel.: +49-89-3187 3683 , fax:+49-89-3187 3585 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: cvs commit: openssl/ssl ssltest.c
[EMAIL PROTECTED] wrote: ... Index: rsa_gen.c === RCS file: /e/openssl/cvs/openssl/crypto/rsa/rsa_gen.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 ... + /* We need the RSA components non-NULL */ + if(!rsa-n ((rsa-n=BN_new()) == NULL)) goto err; + if(!rsa-d ((rsa-d=BN_new()) == NULL)) goto err; + if(!rsa-e ((rsa-e=BN_new()) == NULL)) goto err; + if(!rsa-p ((rsa-p=BN_new()) == NULL)) goto err; + if(!rsa-q ((rsa-q=BN_new()) == NULL)) goto err; + if(!rsa-dmp1 ((rsa-dmp1=BN_new()) == NULL)) goto err; + if(!rsa-dmq1 ((rsa-dmq1=BN_new()) == NULL)) goto err; + if(!rsa-iqmp ((rsa-iqmp=BN_new()) == NULL)) goto err; Hi Geoff, there is small memory leak in rsa_gen.c (see attached patch). Regards, Nils Index: crypto/rsa/rsa_gen.c === RCS file: /home/nils/openssl-cvs/openssl/crypto/rsa/rsa_gen.c,v retrieving revision 1.9 diff -u -r1.9 rsa_gen.c --- crypto/rsa/rsa_gen.c 2002/12/08 05:24:25 1.9 +++ crypto/rsa/rsa_gen.c 2002/12/08 14:54:26 @@ -166,22 +166,16 @@ goto err; } */ - rsa-d=BN_mod_inverse(NULL,rsa-e,r0,ctx2); /* d */ - if (rsa-d == NULL) goto err; + if (!BN_mod_inverse(rsa-d,rsa-e,r0,ctx2)) goto err; /* d */ /* calculate d mod (p-1) */ - rsa-dmp1=BN_new(); - if (rsa-dmp1 == NULL) goto err; if (!BN_mod(rsa-dmp1,rsa-d,r1,ctx)) goto err; /* calculate d mod (q-1) */ - rsa-dmq1=BN_new(); - if (rsa-dmq1 == NULL) goto err; if (!BN_mod(rsa-dmq1,rsa-d,r2,ctx)) goto err; /* calculate inverse of q mod p */ - rsa-iqmp=BN_mod_inverse(NULL,rsa-q,rsa-p,ctx2); - if (rsa-iqmp == NULL) goto err; + if (!BN_mod_inverse(rsa-iqmp,rsa-q,rsa-p,ctx2)) goto err; ok=1; err:
Re: cvs commit: openssl/ssl ssltest.c
On December 8, 2002 10:02 am, Nils Larsch wrote: there is small memory leak in rsa_gen.c (see attached patch). Ah cool, thanks for casting an eye over this :-) Cheers, Geoff -- Geoff Thorpe [EMAIL PROTECTED] http://www.geoffthorpe.net/ The bastards have beaten off rationalism for now, but haven't eliminated our capacity for reason - to do that they'd have to make us forget how to both think and fear at the same time. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: cvs commit: openssl CHANGES
In message [EMAIL PROTECTED] on Sun, 08 Dec 2002 10:24:49 -0500, Geoff Thorpe [EMAIL PROTECTED] said: geoff Hmm ... I'd say that was probably not a wise idea given how geoff long 0.9.7 has been in beta already. Building of Good point... -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: cvs commit: openssl STATUS
In message [EMAIL PROTECTED] on Sun, 8 Dec 2002 18:34:44 +0100, Dr. Stephen Henson [EMAIL PROTECTED] said: steve I've got an ASN1 module that handles attribute certificates but steve hasn't been made publically available yet. Want a copy? Uhmm, sure, but why not just commit it? If nothing else, it'll simply sit there, like the small certificatePair thingy I made not long ago. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: cvs commit: openssl-play/steve/x509ac - New directory
In message [EMAIL PROTECTED] on Sun, 8 Dec 2002 19:21:00 +0100 (MET), [EMAIL PROTECTED] said: steve steve 08-Dec-2002 19:21:00 steve steve openssl-play/steve/x509ac - New directory Ah, you did :-). -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[STATUS] OpenSSL (Sun 8-Dec-2002)
OpenSSL STATUS Last modified at __ $Date: 2002/12/07 20:03:42 $ DEVELOPMENT STATE o OpenSSL 0.9.8: Under development... o OpenSSL 0.9.7-beta5: Released on December 5th, 2002 o OpenSSL 0.9.7-beta4: Released on November 19th, 2002 Debian GNU/Linux (kernel version 2.4.19, gcc 2.95.4) - PASSED o OpenSSL 0.9.7-beta3: Released on July 30th, 2002 o OpenSSL 0.9.7-beta2: Released on June 16th, 2002 o OpenSSL 0.9.7-beta1: Released on June 1st, 2002 o OpenSSL 0.9.6h: Released on December 5th, 2002 o OpenSSL 0.9.6g: Released on August 9th, 2002 o OpenSSL 0.9.6f: Released on August 8th, 2002 o OpenSSL 0.9.6e: Released on July 30th, 2002 o OpenSSL 0.9.6d: Released on May9th, 2002 o OpenSSL 0.9.6c: Released on December 21st, 2001 o OpenSSL 0.9.6b: Released on July 9th, 2001 o OpenSSL 0.9.6a: Released on April 5th, 2001 o OpenSSL 0.9.6: Released on September 24th, 2000 o OpenSSL 0.9.5a: Released on April 1st, 2000 o OpenSSL 0.9.5: Released on February 28th, 2000 o OpenSSL 0.9.4: Released on August09th, 1999 o OpenSSL 0.9.3a: Released on May 29th, 1999 o OpenSSL 0.9.3: Released on May 25th, 1999 o OpenSSL 0.9.2b: Released on March 22th, 1999 o OpenSSL 0.9.1c: Released on December 23th, 1998 [See also http://www.openssl.org/support/rt2.html] RELEASE SHOWSTOPPERS o BN_mod_mul verification fails for mips3-sgi-irix unless configured with no-asm o [2002-11-21] PR 343 mentions that scrubbing memory with 'memset(ptr, 0, n)' may be optimized away in modern compilers. This is definitely not good and needs to be fixed immediately. The formula to use is presented in: http://online.securityfocus.com/archive/82/297918/2002-10-27/2002-11-02/0 The problem report that mentions this is: https://www.aet.TU-Cottbus.DE/rt2/Ticket/Display.html?id=343 AVAILABLE PATCHES o IN PROGRESS o Steve is currently working on (in no particular order): ASN1 code redesign, butchery, replacement. OCSP EVP cipher enhancement. Enhanced certificate chain verification. Private key, certificate and CRL API and implementation. Developing and bugfixing PKCS#7 (S/MIME code). Various X509 issues: character sets, certificate request extensions. o Geoff and Richard are currently working on: ENGINE (the new code that gives hardware support among others). o Richard is currently working on: UI (User Interface) UTIL (a new set of library functions to support some higher level functionality that is currently missing). Shared library support for VMS. Kerberos 5 authentication (Heimdal) Constification Compression Attribute Certificate support Certificate Pair support Storage Engines (primarly an LDAP storage engine) NEEDS PATCH o 0.9.8-dev: COMPLEMENTOFALL and COMPLEMENTOFDEFAULT do not handle ECCdraft cipher suites correctly. o apps/ca.c: Sign the certificate? - n creates empty certificate file o OpenSSL STATUS is never up-to-date. OPEN ISSUES o The Makefile hierarchy and build mechanism is still not a round thing: 1. The config vs. Configure scripts It's the same nasty situation as for Apache with APACI vs. src/Configure. It confuses. Suggestion: Merge Configure and config into a single configure script with a Autoconf style interface ;-) and remove Configure and config. Or even let us use GNU Autoconf itself. Then we can avoid a lot of those platform checks which are currently in Configure. o Support for Shared Libraries has to be added at least for the major Unix platforms. The details we can rip from the stuff Ralf has done for the Apache src/Configure script. Ben wants the solution to be really simple. Status: Ralf will look how we can easily incorporate the compiler PIC and linker DSO flags from Apache into the OpenSSL Configure script. Ulf: +1 for using GNU autoconf and libtool (but not automake, which apparently is not flexible enough to generate libcrypto) WISHES o Add variants of DH_generate_parameters() and BN_generate_prime() [etc?] where the callback function can request that the function be aborted. [Gregory Stark [EMAIL PROTECTED], [EMAIL PROTECTED]] o SRP in TLS. [wished by: Dj [EMAIL PROTECTED], Tom Wu [EMAIL PROTECTED], Tom Holroyd [EMAIL PROTECTED]] See
Re: [ANNOUNCE] OpenSSL 0.9.6h released
On Fri, Dec 06, 2002 at 01:32:50AM +0100, Richard Levitte - VMS Whacker wrote: -BEGIN PGP SIGNED MESSAGE- OpenSSL version 0.9.6h released === Hi, I just found that the openssl-0.9.6h.tar.gz archive has the following version definition in include/openssl/opensslv.h: #define OPENSSL_VERSION_NUMBER 0x00906080L This disallows usage of the new openssl version with e. g. an ssh linked against 0.9.6g. Shouldn't that be #define OPENSSL_VERSION_NUMBER 0x0090608fL ? Corinna -- Corinna Vinschen Cygwin Developer Red Hat, Inc. mailto:[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [ANNOUNCE] OpenSSL 0.9.6h released
In message [EMAIL PROTECTED] on Sun, 8 Dec 2002 20:47:54 +0100, Corinna Vinschen [EMAIL PROTECTED] said: vinschen On Fri, Dec 06, 2002 at 01:32:50AM +0100, Richard Levitte - VMS Whacker wrote: vinschen -BEGIN PGP SIGNED MESSAGE- vinschen vinschen vinschenOpenSSL version 0.9.6h released vinschen=== vinschen vinschen Hi, vinschen vinschen I just found that the openssl-0.9.6h.tar.gz archive has the following vinschen version definition in include/openssl/opensslv.h: vinschen vinschen #define OPENSSL_VERSION_NUMBER 0x00906080L vinschen vinschen This disallows usage of the new openssl version with e. g. an ssh vinschen linked against 0.9.6g. Shouldn't that be vinschen vinschen #define OPENSSL_VERSION_NUMBER 0x0090608fL I thought I had caught this BEFORE making the distributions. I'll check that immediately. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [ANNOUNCE] OpenSSL 0.9.6h released
In message [EMAIL PROTECTED] on Sun, 8 Dec 2002 20:47:54 +0100, Corinna Vinschen [EMAIL PROTECTED] said: vinschen I just found that the openssl-0.9.6h.tar.gz archive has the following vinschen version definition in include/openssl/opensslv.h: vinschen vinschen #define OPENSSL_VERSION_NUMBER 0x00906080L vinschen vinschen This disallows usage of the new openssl version with e. g. an ssh vinschen linked against 0.9.6g. Shouldn't that be vinschen vinschen #define OPENSSL_VERSION_NUMBER 0x0090608fL OK, I found what it was, I had misspelled the tag when I retagged crypto/opensslv.h after correcting exactly that number. I will therefore repackage 0.9.6h with that small correction. It's entirely up to you if you want to download a new 0.9.6h or just make that little change yourself. Everything else will stay exactly the same. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [ANNOUNCE] OpenSSL 0.9.6h released
In message [EMAIL PROTECTED] on Sun, 8 Dec 2002 20:47:54 +0100, Corinna Vinschen [EMAIL PROTECTED] said: vinschen I just found that the openssl-0.9.6h.tar.gz archive has the following vinschen version definition in include/openssl/opensslv.h: vinschen vinschen #define OPENSSL_VERSION_NUMBER 0x00906080L vinschen vinschen This disallows usage of the new openssl version with e. g. an ssh vinschen linked against 0.9.6g. Shouldn't that be vinschen vinschen #define OPENSSL_VERSION_NUMBER 0x0090608fL I've now rebuild the dist and sent out a correction announcement. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Concerns about the use of OPENSSL_cleanse()
I think we need to take a very close look at the situations when it is safe to replace memset(buf,0,sizeof(buf)) with OPENSSL_cleanse(buf,sizeof(buf)). It is clearly safe to make this replacement when the buffer is a stack allocation because there can be no future use of the data can take place. So there is no functional difference between a buffer filled with zeros and a buffer filled with garbage data. However, this is not true for data structures that are located on the heap. In many cases OpenSSL provides functions that allow a buffer to be reused: XXX_init(), XXX_cleanup(), XXX_free(). This is true for several data structures. By replacing memset() with OPENSSL_cleanse() in the XXX_cleanup() function we have a problem when the data structure contains pointers to additional heap allocations. One case that I found a problem with is: . application allocates X509_STORE_CTX and initializes it with X509_STORE_CTX_init(). . application calls X509_STORE_CTX_cleanup() which in turn calls OPENSSL_cleanse() . application calls X509_STORE_CTX_free() which in turn calls X509_STORE_CTX_cleanup(). This results in an exception because the ex_data field is a struct that contains pointers to memory allocations. Due to the OPENSSL_cleanse() call the pointer values are garbage non-NULL values. An attempt is made to free the memory. This causes an exception. This is going to require careful examination to find all of the places where pointers need to be set to NULL after or during a cleanse operation. - Jeff __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Concerns about the use of OPENSSL_cleanse()
Good morning great OpenSSL developpers! Just a humble opinnion on that problem. How about adding a normal memset to be the last action that OPENSSL_cleanse() does? Would that make any kind of sence or improvement? That way the compiler would have to make sure OpenSSL can safely expect to find a NULL from a memset:ed pointer field? There may or may not actually be NULL values, but that doesn't matter because OPENSSL_cleanse() has already put some random data in there. ...Or is this too simple idea to ever work? :-) T: VW -Original Message- From: Jeffrey Altman [mailto:[EMAIL PROTECTED]] Sent: Monday, December 09, 2002 7:04 AM To: [EMAIL PROTECTED] Subject: Concerns about the use of OPENSSL_cleanse() I think we need to take a very close look at the situations when it is safe to replace memset(buf,0,sizeof(buf)) with OPENSSL_cleanse(buf,sizeof(buf)). It is clearly safe to make this replacement when the buffer is a stack allocation because there can be no future use of the data can take place. So there is no functional difference between a buffer filled with zeros and a buffer filled with garbage data. However, this is not true for data structures that are located on the heap. In many cases OpenSSL provides functions that allow a buffer to be reused: XXX_init(), XXX_cleanup(), XXX_free(). This is true for several data structures. By replacing memset() with OPENSSL_cleanse() in the XXX_cleanup() function we have a problem when the data structure contains pointers to additional heap allocations. One case that I found a problem with is: . application allocates X509_STORE_CTX and initializes it with X509_STORE_CTX_init(). . application calls X509_STORE_CTX_cleanup() which in turn calls OPENSSL_cleanse() . application calls X509_STORE_CTX_free() which in turn calls X509_STORE_CTX_cleanup(). This results in an exception because the ex_data field is a struct that contains pointers to memory allocations. Due to the OPENSSL_cleanse() call the pointer values are garbage non-NULL values. An attempt is made to free the memory. This causes an exception. This is going to require careful examination to find all of the places where pointers need to be set to NULL after or during a cleanse operation. - Jeff __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #201] OpenSSL 0.9.6e failing make test
On Monday, December 2, 2002 at 10:55:26 AM +0100, Alain Guibert via RT wrote: Tried OpenSSL 0.9.7 beta4 and it seems to work. Both make test and make install passes. Great! Thanks. I'll confirm with 0.9.7 when it's released, but please feel free to close the bug. Confirmation for the just released 0.9.6h (not engine): Everything is OK, test and install pass. Thanks again! :-) Side note: I sent on 1 Dec 2002 at 21:42:47 a mail (uninteresting: basically a question I answered myself in next mail) that got lost. Not received back from Request Tracker, no delivery bounce, and not reached URL:http://www.aet.TU-Cottbus.DE/rt2/Ticket/Display.html?id=201. It was id [EMAIL PROTECTED]. Bye!Alain. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[ANNOUNCE] OpenSSL 0.9.6h released
-BEGIN PGP SIGNED MESSAGE- OpenSSL version 0.9.6h release correction = A small packaging fault was just discovered. In crypto/opensslv.h, the macro OPENSSL_VERSION_NUMBER has the value 0x00906080L when it should really be 0x0090608fL. The cause of this fault was a tagging error in our CVS repository. To solve this issue, the faulty has been corrected, and we have rebuilt the 0.9.6h distribution. The 0.9.6h [engine] distribution is unaffected by this. The corrected distribution is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): o http://www.openssl.org/source/ o ftp://ftp.openssl.org/source/ The distributed file name is: o openssl-0.9.6h.tar.gz MD5 checksum: 1a0c2bee9f6b0af95ce65106462411f5 The checksum was calculated using the following commands: openssl md5 openssl-0.9.6h.tar.gz Additionally, for those who don't really want to reload a full distribution, the following very small patch file is available: o openssl-0.9.6h.BOGUS-0.9.6h.patch Yours, The OpenSSL Project Team... Mark J. Cox Ben Laurie Andy Polyakov Ralf S. Engelschall Richard Levitte Geoff Thorpe Dr. Stephen Henson Bodo Möller Lutz JänickeUlf Möller -BEGIN PGP SIGNATURE- Version: 2.6.3ia Charset: noconv iQEVAwUBPfOxX/Ty7ZjgbSyxAQGcjAf8CZdNuDkbM7IO/PDT5HYTJVwGDdIhFmV2 znAu91zD/zrMICyQC0xjQSOs+j8/5bUzT8NTDjGlkc2DTIYZB/PAhyt5cEtMh8qz Q5h82tFmeHAmFr6xedJbbVNV5vjzA3Y/En97By1fl0aCMxnrW3NeIQmDAu5JZ9tg PQOXI47sBWV2YvaVjlQ87kjm8GyQkbtPFb3WYhNpWXi3//5FAz+6Mj4NEITw64Fs XM5M66jhoaIoGVt3i7w8LEokxE1x4SPbCNAQ24+UnudbCYeg/aB8Y309a4lorsVB npToQW+LTuQXst9jTHec9pDWD51CwVbviAKKXWLCl0KWxoay6OcUvA== =Jm+M -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]