Re: [ANNOUNCE] OpenSSL 0.9.7 released
On Mon, Dec 30, 2002 at 10:45:30PM -0800, Kris Kennaway wrote: > On Tue, Dec 31, 2002 at 01:34:07AM +0100, Richard Levitte - VMS Whacker wrote: > > > o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit, > > Linux x86_64, Linux 64-bit on Sparc v9 > > OpenSSL does not compile out of the box on FreeBSD/SPARC (see > attached) - it tries to use the x86 FreeBSD-elf target. The > linux/sparc configuration is probably a base for fixing this. > > Kris This patch appears to fix it (I stole the OpenBSD-sparc64 config target). OpenSSL builds and passes 'make test'. Kris --- config.orig Fri Dec 6 08:45:11 2002 +++ config Mon Dec 30 23:24:03 2002 @@ -206,6 +206,7 @@ Pentium\ II*) MACH="i686" ;; Pentium*) MACH="i586" ;; Alpha* ) MACH="alpha";; + *Sparc* ) MACH="sparc64" ;; * ) MACH="$MACHINE" ;; esac case ${MACH} in @@ -640,6 +641,7 @@ *86*-*-solaris2) OUT="solaris-x86-$CC" ;; *-*-sunos4) OUT="sunos-$CC" ;; alpha*-*-freebsd*) OUT="FreeBSD-alpha" ;; + sparc64-*-freebsd*) OUT="FreeBSD-sparc64" ;; *-freebsd[3-9]*) OUT="FreeBSD-elf" ;; *-freebsd[1-2]*) OUT="FreeBSD" ;; *86*-*-netbsd) OUT="NetBSD-x86" ;; --- Configure.orig Fri Dec 27 17:35:11 2002 +++ Configure Mon Dec 30 23:24:03 2002 @@ -396,6 +396,7 @@ "NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "NetBSD-x86", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "FreeBSD-elf", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"FreeBSD-sparc64","gcc:-DB_ENDIAN -DTERMIOS -O3 +-fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 +BF_PTR::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", "bsdi-gcc", "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown):::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}", "bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", msg14674/pgp0.pgp Description: PGP signature
Re: [ANNOUNCE] OpenSSL 0.9.7 released
On Tue, Dec 31, 2002 at 01:34:07AM +0100, Richard Levitte - VMS Whacker wrote: > o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit, > Linux x86_64, Linux 64-bit on Sparc v9 OpenSSL does not compile out of the box on FreeBSD/SPARC (see attached) - it tries to use the x86 FreeBSD-elf target. The linux/sparc configuration is probably a base for fixing this. Kris Script started on Mon Dec 30 22:42:00 2002 You have mail. enigma# ./config Operating system: sparc64-whatever-freebsd5.0 Configuring for FreeBSD-elf Configuring for FreeBSD-elf IsWindows=0 CC=gcc CFLAG =-DOPENSSL_THREADS -pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM EX_LIBS = BN_ASM=asm/bn86-elf.o asm/co86-elf.o DES_ENC =asm/dx86-elf.o asm/yx86-elf.o BF_ENC=asm/bx86-elf.o CAST_ENC =asm/cx86-elf.o RC4_ENC =asm/rx86-elf.o RC5_ENC =asm/r586-elf.o MD5_OBJ_ASM =asm/mx86-elf.o SHA1_OBJ_ASM =asm/sx86-elf.o RMD160_OBJ_ASM=asm/rm86-elf.o PROCESSOR = RANLIB=/usr/bin/ranlib ARFLAGS = PERL =/usr/bin/perl5 THIRTY_TWO_BIT mode DES_PTR used DES_RISC1 used DES_UNROLL used BN_LLONG mode RC4_INDEX mode RC4_CHUNK is undefined Makefile => Makefile.ssl e_os2.h => include/openssl/e_os2.h [File exists] making links in crypto... Makefile => Makefile.ssl crypto.h => ../include/openssl/crypto.h [File exists] tmdiff.h => ../include/openssl/tmdiff.h [File exists] opensslv.h => ../include/openssl/opensslv.h [File exists] opensslconf.h => ../include/openssl/opensslconf.h [File exists] ebcdic.h => ../include/openssl/ebcdic.h [File exists] symhacks.h => ../include/openssl/symhacks.h [File exists] ossl_typ.h => ../include/openssl/ossl_typ.h [File exists] Makefile => Makefile.ssl making links in crypto/md2... Makefile => Makefile.ssl md2.h => ../../include/openssl/md2.h [File exists] md2test.c => ../../test/md2test.c [File exists] making links in crypto/md4... Makefile => Makefile.ssl md4.h => ../../include/openssl/md4.h [File exists] md4test.c => ../../test/md4test.c [File exists] md4.c => ../../apps/md4.c [File exists] making links in crypto/md5... Makefile => Makefile.ssl md5.h => ../../include/openssl/md5.h [File exists] md5test.c => ../../test/md5test.c [File exists] making links in crypto/sha... Makefile => Makefile.ssl sha.h => ../../include/openssl/sha.h [File exists] shatest.c => ../../test/shatest.c [File exists] sha1test.c => ../../test/sha1test.c [File exists] making links in crypto/mdc2... Makefile => Makefile.ssl mdc2.h => ../../include/openssl/mdc2.h [File exists] mdc2test.c => ../../test/mdc2test.c [File exists] making links in crypto/hmac... Makefile => Makefile.ssl hmac.h => ../../include/openssl/hmac.h [File exists] hmactest.c => ../../test/hmactest.c [File exists] making links in crypto/ripemd... Makefile => Makefile.ssl ripemd.h => ../../include/openssl/ripemd.h [File exists] rmdtest.c => ../../test/rmdtest.c [File exists] making links in crypto/des... Makefile => Makefile.ssl des.h => ../../include/openssl/des.h [File exists] des_old.h => ../../include/openssl/des_old.h [File exists] destest.c => ../../test/destest.c [File exists] making links in crypto/rc2... Makefile => Makefile.ssl rc2.h => ../../include/openssl/rc2.h [File exists] rc2test.c => ../../test/rc2test.c [File exists] making links in crypto/rc4... Makefile => Makefile.ssl rc4.h => ../../include/openssl/rc4.h [File exists] rc4test.c => ../../test/rc4test.c [File exists] making links in crypto/rc5... Makefile => Makefile.ssl rc5.h => ../../include/openssl/rc5.h [File exists] rc5test.c => ../../test/rc5test.c [File exists] making links in crypto/idea... Makefile => Makefile.ssl idea.h => ../../include/openssl/idea.h [File exists] ideatest.c => ../../test/ideatest.c [File exists] making links in crypto/bf... Makefile => Makefile.ssl blowfish.h => ../../include/openssl/blowfish.h [File exists] bftest.c => ../../test/bftest.c [File exists] making links in crypto/cast... Makefile => Makefile.ssl cast.h => ../../include/openssl/cast.h [File exists] casttest.c => ../../test/casttest.c [File exists] making links in crypto/bn... Makefile => Makefile.ssl bn.h => ../../include/openssl/bn.h [File exists] bntest.c => ../../test/bntest.c [File exists] exptest.c => ../../test/exptest.c [File exists] making links in crypto/ec... Makefile => Makefile.ssl ec.h => ../../include/openssl/ec.h [File exists] ectest.c => ../../test/ectest.c [File exists] making links in crypto/rsa... Makefile => Makefile.ssl rsa.h => ../../include/openssl/rsa.h [File exists] rsa_test.c => ../../test/rsa_test.c [File exists] making links in crypto/dsa... Makefile => Makefile.ssl dsa.h => ../../include/openssl/dsa.h [File exists] dsatest.c => ../../test/ds
[ANNOUNCE] OpenSSL 0.9.7 released
-BEGIN PGP SIGNED MESSAGE- OpenSSL version 0.9.7 released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.7 of our open source toolkit for SSL/TLS. This new OpenSSL version is a major release and incorporates at least 262 changes and bugfixes to the toolkit (for a complete list see http://www.openssl.org/source/exp/CHANGES. The most significant changes are: o New library section OCSP. o Complete rewrite of ASN1 code. o CRL checking in verify code and openssl utility. o Extension copying in 'ca' utility. o Flexible display options in 'ca' utility. o Provisional support for international characters with UTF8. o Support for external crypto devices ('engine') is no longer a separate distribution. o New elliptic curve library section. o New AES (Rijndael) library section. o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit, Linux x86_64, Linux 64-bit on Sparc v9 o Extended support for some platforms: VxWorks o Enhanced support for shared libraries. o Now only builds PIC code when shared library support is requested. o Support for pkg-config. o Lots of new manuals. o Makes symbolic links to or copies of manuals to cover all described functions. o Change DES API to clean up the namespace (some applications link also against libdes providing similar functions having the same name). Provide macros for backward compatibility (will be removed in the future). o Unify handling of cryptographic algorithms (software and engine) to be available via EVP routines for asymmetric and symmetric ciphers. o NCONF: new configuration handling routines. o Change API to use more 'const' modifiers to improve error checking and help optimizers. o Finally remove references to RSAref. o Reworked parts of the BIGNUM code. o Support for new engines: Broadcom ubsec, Accelerated Encryption Processing, IBM 4758. o A few new engines added in the demos area. o Extended and corrected OID (object identifier) table. o PRNG: query at more locations for a random device, automatic query for EGD style random sources at several locations. o SSL/TLS: allow optional cipher choice according to server's preference. o SSL/TLS: allow server to explicitly set new session ids. o SSL/TLS: support Kerberos cipher suites (RFC2712). Only supports MIT Kerberos for now. o SSL/TLS: allow more precise control of renegotiations and sessions. o SSL/TLS: add callback to retrieve SSL/TLS messages. o SSL/TLS: support AES cipher suites (RFC3268). We consider OpenSSL 0.9.7 to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 0.9.7 is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): o http://www.openssl.org/source/ o ftp://ftp.openssl.org/source/ OpenSSL 0.9.6 (all patch levels) came in the form of two distributions, a "normal" one and an "engine" variant that included support for external crypto devices. In 0.9.7, the "engine" framework is part of the "normal" distribution, so there are no variants of 0.9.7. The distribution file name is: o openssl-0.9.7.tar.gz [normal] MD5 checksum: ef376d14205afcfb831cd3720f705d79 The checksum was calculated using the following command: openssl md5 < openssl-0.9.7.tar.gz Yours, The OpenSSL Project Team... Mark J. Cox Ben Laurie Andy Polyakov Ralf S. Engelschall Richard Levitte Geoff Thorpe Dr. Stephen Henson Bodo Möller Lutz JänickeUlf Möller -BEGIN PGP SIGNATURE- Version: 2.6.3ia Charset: noconv iQEVAwUBPhDlY/Ty7ZjgbSyxAQEFlAgAktqLFxipUJnd64x/jShkBmgz+0hhhlfM 6bwMmNYYL8kMgsgvTdoqDgVD8gW3DoIv4xXKsamle9KCZY1aA6KFiU8NQMIzmr6U e5FUvwkoaw+X2buF7B5oCGLFOrvgrvNiVjGRzOSp0l+CLXC0/DP9tuzJ/0RJZeko YqDQVGAu+FhkZ5veIYTbo1vyuL4Vp6ZG+QMsHcEKfItV2rzCB9EPng7qQIU781a7 6kmLgMzNPsqWNW3Z6Ie6YpzVWVUxkiRBPCEEXlvc+jNdEbvG76ax8+Wje6PEsy78 KtRLbe9BAbBY0sMYB+0HEOZVeSZgqvLwhYm0aRg0VG/x3mTsSgSzxw== =NTIE -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Re: Compiling Failed
FYI, I compiled this version successfully by setting -no-asm flag. > > Got error when compiling 0.9.7 beta 6:> >> > --> >> > gcc -E -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o> > des-586.s: Assembler messages:> > des-586.s:2458: Error: Unimplemented segment type 135296 in> > parse_operand(.L009cbc_enc_jmp_table-.L008PIC_point(%edx))> >> > --> >> > Any comments?> > 4. Document this case and advise to either use no-asm or upgrade> assembler.A new entry is being added to FAQ list which reads as following:* Why does OpenBSD-i386 build fail on des-586.s with "Unimplementedsegment type"?As of 0.9.7 assembler routines were overhauled for position independencyof the machine code, which is essential for shared library support. Nowfor some reason OpenBSD is equipped with out-of-date GNU assembler whichfinds the new code offending. To work the problem around configure withno-asm (and sacrifice a great deal of performance) or upgrade /usr/bin/as.For your convenience a pre-compiled replacement binary is provided ashttp://www.openssl.org/~appro/i386-openbsd3-as, which is compiled frombinutils-2.8 released in 1997.Cheers. A.__OpenSSL Project http://www.openssl.orgDevelopment Mailing List [EMAIL PROTECTED]Automated List Manager [EMAIL PROTECTED]
[openssl.org #406] OpenSSL on Sparc64
[[EMAIL PROTECTED] - Wed Dec 18 08:58:59 2002]: > starting big number library test, could take a while... > test BN_add > test BN_sub > test BN_lshift1 > test BN_lshift (fixed) > test BN_lshift > test BN_rshift1 > test BN_rshift > test BN_sqr > Square test failed! > *** Error code 1 > > Stop in /root/downloads/openssl-0.9.6h/test (line 194 of >Makefile.ssl). > *** Error code 1 > > Stop in /root/downloads/openssl-0.9.6h (line 554 of Makefile). > > > > Platform: OpenBSD 3.2 on Sparc64 (Netra X1) > OpenSSL: openssl-0.9.6h > ModSSL: mod_ssl-2.8.12 > Apache: apache_1.3.27 OpenSSL 0.9.7 will be released in the next hours. Does this problem still appear with this new release (or a recent 0.9.7-snapshot)? Best regards, Lutz __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #272] BN gives wrong result for mod_exp (all forms)
> If I understand you correctly, the 0.9.7 related part of the problem is > resolved. Yes. > Therefore the Milestone should be moved to 0.9.8, shouldn't > it? Done. A. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #384] bug-report
[jaenicke - Fri Dec 13 10:43:35 2002]: > [[EMAIL PROTECTED] - Thu Dec 5 09:05:47 2002]: > > > Hi > > I have a bug-report. when I compile the openssl-0.9.6g on AIX5L,I > found > > some problem. > > my compile envirement is > > OS: AIX5L > > specfile: (See attached file: opensslg.spec) > > This report is similar to report #115. > > http://www.aet.tu-cottbus.de/rt2/Ticket/Display.html?id=115 > > Can you please check out ticket #115 and report, whether this covers > your > problem? No more information. Either the reference to #115 helped to solve the problem or the problem is no longer around. The ticket is therefore resolved. Best regards, Lutz __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #272] BN gives wrong result for mod_exp (all forms)
[appro - Fri Dec 20 10:50:43 2002]: > The bugexptest.c problem is already addressed in 0.9.7-beta6. As for > HEAD/0.9.8 it will be addressed next year. Therefore the ticken remains > open. If I understand you correctly, the 0.9.7 related part of the problem is resolved. Therefore the Milestone should be moved to 0.9.8, shouldn't it? Best regards, Lutz __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #359] Calling SSL_read and SSL_write with non-empty error stack may cause an error
There was no time to solve this problem before the release of 0.9.7. The ticket is therefore moved forward to 0.9.7a. Best regards, Lutz __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #387] Difference between SSL.H and SYMHACKS.H
[levitte - Tue Dec 10 09:03:57 2002]: > This has been resolved in 0.9.7, where there are easier mechanisms to > include platform information than has ever been available on 0.9.6. > > I don't know how to solve this elegantly in 0.9.6, which is apparently > the development branch you're talking about. With the release of 0.9.7 within the next hours this issue should therefore be closed, shouldn't it? Best regards, __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #364] Fw: BUG ?: ssl_bio.c increase reference count (BIO_push), but doesn't remove it (BIO_pop)
The problem was not tackled in time for the 0.9.7 release. I therefore move it forward to 0.9.7a! Best regards, Lutz __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #342] Linking with libeay32.a and libssl32.a
[levitte - Tue Nov 19 09:41:32 2002]: > I'll admit I don't know anything about Mingw32. And I know just a > little bit about Windows. In Windows, there's the concept of import > libraries, and if I understand the Mingw32 building procedures > properly, libeay32.a and libssl32.a are import libraries that map to > libeay32.dll and libssl32.dll > > Note that this *pure* guesswork, but might help to explain that > particular sentence in INSTALL.W32. Admitadly, it could be written > better. Do you have a suggestion? No more conversation about this issue. I therefore consider the problem to be resolved. Best regards, Lutz __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #341] problems with "make" on jaguar mac os x 10.2
[[EMAIL PROTECTED] - Thu Nov 14 10:08:34 2002]: (Error report from requestor deleted)... > The same errors or different ones? No more information could be obtained. I therefore consider this issue to be resolved. Best regards, Lutz __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #422] HOWTO Contribution (forgot to name my attachment)
Hi there, I just send the file with the last email, but I forgot to name the HOWTO when I sent it. Many apologies for cluttering the mail lists like this. William Michael Grim Student, Southern Illinois University at Edwardsville Unix System Administrator, SIUE, Computer Science dept. Phone: (217) 341-6552 Email: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #410] Re: HP-UX build problems with 0.9.6h
I'm resolving this ticket in sincere faith that BN_kronecker issue is a user environmental problem, i.e. either dependency rules inconsistency or a compiler bug, and other problems were already addressed. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #404] maketest.log
Make sure the directory you're compiling the toolkit in is "mounted" with binmode option. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Compiling Failed
> > Got error when compiling 0.9.7 beta 6: > > > > -- > > > > gcc -E -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o > > des-586.s: Assembler messages: > > des-586.s:2458: Error: Unimplemented segment type 135296 in > > parse_operand(.L009cbc_enc_jmp_table-.L008PIC_point(%edx)) > > > > -- > > > > Any comments? > > 4. Document this case and advise to either use no-asm or upgrade > assembler. A new entry is being added to FAQ list which reads as following: * Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"? As of 0.9.7 assembler routines were overhauled for position independency of the machine code, which is essential for shared library support. Now for some reason OpenBSD is equipped with out-of-date GNU assembler which finds the new code offending. To work the problem around configure with no-asm (and sacrifice a great deal of performance) or upgrade /usr/bin/as. For your convenience a pre-compiled replacement binary is provided as http://www.openssl.org/~appro/i386-openbsd3-as, which is compiled from binutils-2.8 released in 1997. Cheers. A. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: crypto/perlasm/x86unix.pl
> It looks like the PIC changes to crypto/perlasm/x86unix.pl break > on non gcc compilers. First of all it's an assembler issue, not compiler. And I don't think it's GNU vs. vendor assembler issue, ... > UX:acomp: ERROR: "asm/dx86unix.cpp", line 122: invalid input token: 1f > UX:acomp: ERROR: "asm/dx86unix.cpp", line 124: invalid input token: 1b > 122:call1f > 124:addl$_GLOBAL_OFFSET_TABLE_+[.-1b],%ebp ... because dynamic labels is not somthing GNU people thought of, it's AT&T syntax. And it does work with Solaris WorkShop assembler. But yes, it will be compensated for once 0.9.7 is out. A. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]