Re: [openssl.org #2519] crash when using newly-defined ASN1_SEQUENCE macros in Windows with elements that are also newly-defined SEQUENCEs...
I suggest you remove all files in include/openssl/, then rebuild. The reason for your problem is that the distribution contains a bunch of symlinks, like this: lrwxrwxrwx openssl/openssl 0 2011-02-08 18:13 openssl-1.0.0d/include/openssl/opensslconf.h - ../../crypto/opensslconf.h On Unix, that works with no problems. On environments that don't implement symlinks in a similar way, there may be problems, because it's not certain they will be recreated. Removing include/openssl/*.h makes sure these will be. Cheers, Richard In message rt-3.4.5-52058-1305706213-1353.2519-2...@openssl.org on Wed, 18 May 2011 10:10:13 +0200 (CEST), dave via RT r...@openssl.org said: configuration: * openssl 1.0.0.d * Win32, VC6 * static library (I don't know if the problem is confined to that configuration, but it's what I'm using). There appear to be two versions of opensslconf.h that are generated from the Configure script. One is placed in ./include/openssl, and one is placed in ./crypto. However, they are different; in particular with respect to the definition of OPENSSL_EXPORT_VAR_AS_FUNCTION. In the 'public' one placed in ./include/openssl, this is #undef'ed at line 79. In the 'internal' one placed in ./crypto, this is #undef'ed but then immediately #defined'ed at lines 84..85 The result is that, if the caller defines their own ASN1_SEQUENCE, and uses that as a member of another ASN1_SEQUENCE, then the resulting code for the _new() method will crash in tasn_new.c:51. The reason is that the internal 'item' member of the template record points to the template structure of the member sequence directly, rather than to a function which returns the template of that member sequence. Example of failing code: //begin failing code= //defs== typedef struct { ASN1_OBJECT* type; } INSIDE_SEQ; ASN1_SEQUENCE(INSIDE_SEQ) = { ASN1_SIMPLE(INSIDE_SEQ, type, ASN1_OBJECT), } ASN1_SEQUENCE_END(INSIDE_SEQ) DECLARE_ASN1_FUNCTIONS(INSIDE_SEQ) IMPLEMENT_ASN1_FUNCTIONS(INSIDE_SEQ) typedef struct { ASN1_OBJECT* type; INSIDE_SEQ* member; } OUTSIDE_SEQ; ASN1_SEQUENCE(OUTSIDE_SEQ) = { ASN1_SIMPLE(OUTSIDE_SEQ, type, ASN1_OBJECT), ASN1_SIMPLE(OUTSIDE_SEQ, member, INSIDE_SEQ) } ASN1_SEQUENCE_END(OUTSIDE_SEQ) DECLARE_ASN1_FUNCTIONS(OUTSIDE_SEQ) IMPLEMENT_ASN1_FUNCTIONS(OUTSIDE_SEQ) //code== OUTSIDE_SEQ* pos = OUTSIDE_SEQ_new();//crashes with access vioation ... //end failing code Complications: * since opensslconf.h #undef's the controlling constant, it isn't possible to modify the behaviour with compiler defs, etc. * I didn't want to tamper with the generated opensslconf.h in case that made things worse in an unexpected way. I have made example code work by 'fixing up' the template record definition manually, first by defining a function: const ASN1_ITEM* INSIDE_SEQ_it_haquery(void) { return INSIDE_SEQ_it; } and then changing the 'const' data segment (where the template defs are placed) to be writeable, and then fixing up the template record this way: { ASN1_TEMPLATE* p = (ASN1_TEMPLATE*)OUTSIDE_SEQ_seq_tt[1]; p-item = (void*) INSIDE_SEQ_it_haquery; } After dong that, then the call to: OUTSIDE_SEQ* pos = OUTSIDE_SEQ_new(); will work as expected. Of course, this is not really a good general solution. -dave __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #1572] Info required: OpenSSL 9.8.e
In message [EMAIL PROTECTED] on Mon, 20 Aug 2007 13:17:00 +0200 (CEST), Dhaval Rao via RT [EMAIL PROTECTED] said: rt Platform: OpenVMS rt Query: I can see that OpenSSL could be built on rt OpenVMS Alpha VAX. rt Is OpenSSL supported on OpenVMS Itanium (IA64) rt platform. If not, could you please share with me what rt is the issue ? The issue is that I don't have an Itanium running VMS to do regular tests on. Cheers, Richard - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up. -- C.S. Lewis __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
[openssl.org #1212] chil engine no longer works with static locks in 0.9.8
[Originally sent by John, all I'm doing is forwarding it to our ticket database to make sure it gets included. -- Richard Levitte] [And I did it wrong the first time. Appologies for the dupliactes] Hi Richard, Thanks for taking a look at this. [guest - Thu Oct 6 11:55:10 2005]: This stops our engine working with the openssl application (as it registers a lock debugging callback) and Apache 2.x (and other apps too no doubt) That's because those applications don't set up callbacks for the dynamic locks. The correct thing to do is to talk with the application authors and tell them that there are new requirements to make engines work. Unfortunately we do not have relationships with all of the application developers for the applications that our customers use, so this is not possible. We shall certainly apply pressure in this direction where we can. On that note, is there a plan to update the apps/openssl application to not use the static lock callback for lock debugging? or is there something else that we could do instead to allow our engine to work with static locks? It seems that the dynamic locks are rarely used. Yes, it's true, they are rarely use... currently. However, I really would encourage people to use them more, as they are a bit more flexible than the static locks. Ideally, OpenSSL should probably move to dynamic locks entirely, which would make maintainance quite a bit easier. The dynamic locks are clearly a much better solution and removing them from openssl will force all applications to move , which would be a good thing in the long run. Is there a plan to do this for any specific future release? Why is it that the static locks have not been removed completely for 0.9.8? If it is to keep some backward compatibility with older apps, or ones that see no reason to change, would it not be preferable if the whole of openssl was compatible in this way, including the engines? It seems a bit unfair on the end users who need hardware support for openssl to keep the interface, so the apps don't realise that they need to change, but to remove the engine support from these apps. I appreciate that the hack for our static lock was not pleasant, but it is no less pleasant than all the other static locks. Are you sure we can't persuade you to put it back in until all static locks are removed? By the way, do you have an nCipher HSM for interop testing? Thanks again -john -- John Hartley nCipher Ltd http://www.ncipher.com __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #1222] Please introduce versioned symbols
[Additional note to get the proposal itself into this ticket's history] From: Christoph Martin [EMAIL PROTECTED] Date: Thu, 13 Oct 2005 23:24:58 +0200 Subject: Proposal for symbol versioning of openssl Hi folks, openssl has evolved to a very important library in Linux distribution. A lot of cryptographic applications link to it including system libraries like pam modules and apache modules. Now it becomes more and more difficult to get all the binaries and libraries to link to the same version of openssl. This leads to situations where an application uses some libraries where on links to openssl 0.9.7 and another one to version 0.9.8. Since the symbols of the libraries are not yet versioned this leads to severe segfaults. For the Debian project we want to introduce symbol versioning like it is done not only in glibc. Since we want to maintain binary compatibility with as much other distributions we want to coordinate this work with you. At this time I only have contact addresses to a few maintainers. We propose that we version all exported symbols for openssl 0.9.8 with with the label OPENSSL_0.9.8, like glibc has the label GLIBC_2.0 etc. For that to happen I introduced a version script openssl.ld with the following contents: OPENSSL_0.9.8 { global: *; }; It has to be in the toplevel directory and in the engines directory. The SHARED_LDFLAGS get the additional options -Wl,--version-script=openssl.ld I will come with a proper patch soon. Please lets discuss this proposal and some detailed questions. What do you think of it? Would you include this change in you distribution? Does upstream include it too? Is it ok to tag all (*) symbols with this version or should there be a more complex version script? What about symbol versioning of openssl 0.9.7? (Debian includes both versions for compatibility reasons in the current unstable distro.) Christoph __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #1183] Building openssl-0.9.7e in Windows Visual Studio 2005 Environment
Kamalesh Nandi via RT writes: I was trying to build openssl-0.9.7e in Windows Visual Studio 2005 Beta2 Environment. I was getting an error. But the same openssl-0.9.7e builds fine in Windows Visual Studio 2003 Environment. Is there any additional steps to be performed specific to Visual Studio 2005? Well, you could start by giving us the build log in both cases. Just telling that you get an error is like telling us there are cars roaming in London. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #1105] DTLS HelloVerifyRequest PATCH
In message [EMAIL PROTECTED] on Sat, 25 Jun 2005 02:30:40 -0700, nagendra modadugu [EMAIL PROTECTED] said: nagendra It turns out that the Version field was omitted from the nagendra HelloVerify message in the internet draft. The document nagendra will be corrected. So the bug report can be removed, right? (and *please* keep [EMAIL PROTECTED] among the recipients. It's quite hard to follow history in the database when people keep skipping that address) Cheers, Richard - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up. -- C.S. Lewis __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #970] build error 0.9.7e
In message [EMAIL PROTECTED] on Tue, 9 Nov 2004 09:32:46 +0100 (MET), [EMAIL PROTECTED] via RT [EMAIL PROTECTED] said: rt I tried to compile openssl-0.9.7e as usual, however since version e rt it fails with: rt rt .. rt + gcc -shared -o libfips.so.0.9.7 -Wl,-soname=libfips.so.0.9.7 -Wl,-Bsymbolic -Wl,--whole-archive libfips.a -Wl,--no-whole-archive -L. -L/export/scratch/build/root4build/usr/lib -ldl -lc rt gcc: libfips.a: No such file or directory rt make: *** [do_gnu-shared] Error 1 Know error. In Makefile.org, change the value of SHLIBDIRS from fips crypto ssl to just crypto ssl. Thanks. Cheers, Richard - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up. -- C.S. Lewis __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #970] build error 0.9.7e
In message [EMAIL PROTECTED] on Wed, 10 Nov 2004 01:51:46 +0100 (MET), Jens Elkner via RT [EMAIL PROTECTED] said: rt 'Richard Levitte - VMS Whacker via RT wrote:' rt rt rt In message [EMAIL PROTECTED] on Tue, 9 Nov 2004 09:32:46 +0100 (MET), [EMAIL PROTECTED] via RT [EMAIL PROTECTED] said: rt rt rt I tried to compile openssl-0.9.7e as usual, however since version e rt rt it fails with: rt rt rt rt .. rt rt + gcc -shared -o libfips.so.0.9.7 -Wl,-soname=libfips.so.0.9.7 -Wl,-Bsymbolic -Wl,--whole-archive libfips.a -Wl,--no-whole-archive -L. -L/export/scratch/build/root4build/usr/lib -ldl -lc rt rt gcc: libfips.a: No such file or directory rt rt make: *** [do_gnu-shared] Error 1 rt rt Know error. In Makefile.org, change the value of SHLIBDIRS from fips rt crypto ssl to just crypto ssl. rt rt Ahh - ok. That worked :-) rt rt I guess, than you probably know the errors occuring when doing an rt 'make install', too? Yes. The best you can do right now is to download the latest 0.9.7 snapshot. You will find that the build and install works much more smoothly, and that's basically all the difference between the release and the snapshot. rt rt .. rt make[2]: Entering directory `/develop/scratch/build/openssl-0.9.7e/fips/sha1' rt /bin/sh: -c: line 1: syntax error near unexpected token `;' rt /bin/sh: -c: line 1: `if test -n ; then for i in ; do (cp $i /export/scratch/_root/opt/openssl/include/openssl/$i; chmod 644 /export/scratch/_root/opt/openssl/include/openssl/$i ); done; fi' rt make[2]: *** [install] Error 2 rt make[2]: Leaving directory `/develop/scratch/build/openssl-0.9.7e/fips/sha1' rt .. rt rt Probably everywhere, where EXHEADER is undefined. - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up. -- C.S. Lewis __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #960] OpenSSL 0.9.7e fails on Linux
In message [EMAIL PROTECTED] on Wed, 27 Oct 2004 17:18:35 +0200 (METDST), Andreas M. Kirchwitz via RT [EMAIL PROTECTED] said: Hi, I just found an email discussion that seems to cover what's happening to you: http://sources.redhat.com/ml/bug-glibc/2000-01/msg00046.html rt On Solaris, LD_LIBRARY_PATH seems to be searched _before_ any library rt pathes compiled into the binary. That's the usual way (as I know it). It seems like this wouldn't be the correct according to some specs, according to the email conversation I'm pointing at. rt On Linux (or at least Fedora), LD_LIBRARY_PATH is searched _after_ rt any library pathes compiled into the binary. If I remove /usr/local/ssl, rt then env LD_LIBRARY_PATH=/usr/local/src/openssl-0.9.7e ldd test/evp_test rt finds /usr/local/src/openssl-0.9.7e/libcrypto.so.0.9.7. rt rt That's strange. Yup, I've been bitten by the same for another project just recently, but didn't bother with it at the time. The question I have to you is if you have LD_RUN_PATH set in some way, or if you did something that sets -rpath when linking the libraries and applications. As I understand it, directories given with -rpath can't (and shouldn't, which makes sense) be overriden with LD_LIBRARY_PATH. rt Maybe the use of LD_PRELOAD is worth a thought to be put into the rt OpenSSL test procedures (make test). I'm thinking you're right. Cheers, Richard -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up. -- C.S. Lewis __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #961] typo in openssl.cnf
In message [EMAIL PROTECTED] on Wed, 27 Oct 2004 22:44:56 +0200 (METDST), [EMAIL PROTECTED] via RT [EMAIL PROTECTED] said: rt This may be old news, but there is a typo in openssl.cnf included with rt the latest version of openssl that will error out the cert creation. rt rt line 46 is: rt private_key = $dir/private/cakey.pem# The private key rt rt should be: rt private_key = $dir/private/cakey.pem # The private key rt rt I have seen quite a few posts regarding the error that openssl throws if rt this isn't corrected. Eh, are you sure about this? On what platform? The reason I ask is that 1) the tests (make test) run well, at least on the machines where I have tested, and they do use apps/openssl.cnf, and 2) in the source, there's nothing that I can see that requires the comment starter to be preceeded with a whitespace. Cheers, Richard - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up. -- C.S. Lewis __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #897] Bug Report -- PEM_read and PEM_write functions cause application errors.
In message [EMAIL PROTECTED] on Thu, 17 Jun 2004 23:30:44 -0700, Lev Walkin [EMAIL PROTECTED] said: vlm Marcus Carey via RT wrote: vlm Windows 2000 vlm MS VC++ .NET vlm OpenSSL 0.9.7d 17 Mar 2004 vlm vlm vlm FILE *fp; vlm X509 *cert; vlm vlm vlm fp = fopen(SomefFile,r); vlm cert = PEM_read_X509(fp,NULL,NULL,NULL); vlm fclose(fp); vlm vlm vlm I have narrowed it down to the BIO_gets() function. vlm vlm int BIO_get(BIO *b, char *in, int inl) vlm { vlm i=b-method-bgets(b,in,inl); /* This causes an application error - The memory could not be writting */ vlm vlm return(i); vlm } vlm vlm vlm This error also occures with PEM_write functions. vlm vlm vlm Please use the API correctly: vlm vlmFILE *fp = fopen(...); vlmX509 *cert = NULL; /* Do not forget NULL!!! */ vlm vlmcert = PEM_read_X509(fp, cert, NULL, NULL); Uhmm, I was under the impression that if PEM_read_X509() and friends got a NULL as a second argument, it would create a X509 to contain the information... I suspect this is a problem on Windows, because I just tried the above test program (with NULL as second argument to PEM_read_X509()) on Linux, and it worked like a charm (I checked with gdb that I really did get a value back, and that it contained sensible data). - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte \ Tunnlandsvägen 52 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-708-26 53 44 \ SWEDEN \ Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #904] Re: Segfault in speed measurements with aes ecb decrypt
In message [EMAIL PROTECTED] on Mon, 28 Jun 2004 22:46:35 +0200 (METDST), Roman Pletka via RT [EMAIL PROTECTED] said: rt | Your patch is flawed. At that point, there has been a test to check if rt | ctx-buf_len is non-zero already, and an error is generated if it is. rt | At the point of your patch, ctx-buf_len will *always* be zero. rt rt Not quite, the test on ctx-buf_len is only done if no-padding is rt set. Incorrect, you have the test for ctx-buf_len in evp_enc.c, lines 441--445. rt ctx-buf_len is always zero only if the length is a multiple of rt ctx-the block size. In the case padding is used, it still has to. If it's not zero, the error EVP_R_WRONG_FINAL_BLOCK_LENGTH will be signalled. rt | I think the real problem lies in apps/speed.c, which should set rt | the EVP_CIPH_NO_PADDING flag for the decrypt tests (at the very rt | least). The speed difference will be very small. rt rt This looks fine as long as the message is exactly a multiple of rt the block size, which is actually the case for speed as the values rt are hard-coded in speed.c. However, handling of not-aligned rt message sizes still remains broken in the speed test. This is rt currently not used, but somebody might use it once... Well, in the decryption case, the input has to be an exact multiple of block size. For encryption, it's of course a different matter, but as you noticed, the input is a multiple of block size anyway... If that changes, we're definitely bound to notice :-). - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte \ Tunnlandsvägen 52 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-708-26 53 44 \ SWEDEN \ Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #900] non portable additions to OpenSSL_0_9_7-stable
In message [EMAIL PROTECTED] on Mon, 21 Jun 2004 08:49:26 +0200 (METDST), Tim Rice via RT [EMAIL PROTECTED] said: rt The FIPS stuff needs a little tune up. rt rt Makefile.org rt - if ! egrep 'define OPENSSL_FIPS' ..; then \ rt + if egrep 'define OPENSSL_FIPS' ...; then \ rt + : \ rt + else \ I'm sorry, but exactly what does that change? rt The install: section should be commented out in rt fips/aes/Makefile, fips/des/Makefile, and fips/sha1/Makefile rt as it was done in fips/dsa/Makefile. OK, but I'll do it another way, so we don't have to think about uncommenting later on, if EXHEADER would change. - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte \ Tunnlandsvägen 52 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-708-26 53 44 \ SWEDEN \ Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #896] [PATCH] Clearing wrong variable in crypto/engine/eng_cryptodev.c
In message [EMAIL PROTECTED] on Tue, 15 Jun 2004 08:56:12 +0200 (METDST), Stefan Farfeleder via RT [EMAIL PROTECTED] said: rt the functions get_cryptodev_ciphers() and get_cryptodev_digests() should rt set the pointer *cnids to NULL rather than the first member of the array rt nids. Why? - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte \ Tunnlandsvägen 52 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-708-26 53 44 \ SWEDEN \ Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #895] AEP engine breaks on Linux with pthreads
In message [EMAIL PROTECTED] on Fri, 11 Jun 2004 14:58:00 +0200 (METDST), [EMAIL PROTECTED] via RT [EMAIL PROTECTED] said: rt rt On June 11, 2004 03:00 am, Jack Lloyd via RT wrote: rt Summary: Threaded applications using the AEP engine break badly rt on Linux. rt rt I see. The problem seems more about the model used by AEP though. rt Ie. we could use CRYPTO_thread_id() instead of getpid() (because rt unless CRYPTO_set_id_callback() is called, this devolves into rt getpid() anyway). And that will not help one bit, as far as I can tell, since CRYPTO_thread_id() should return the thread id (which is the same as the pid with Linux Threads), so basically that solves the problem by reiterating the exact same problem... Using pthread_atfork() would be an option, and we would need to add an interface for that possibility, of course making sure we don't use it on architectures that don't fork. [ We should really use pthread_atfork() ourselves anyhow when available, considering there's always a risk for deadlocks otherwise (at least on Solaris, only the thread that calls fork() is reproduced in the child, which means a whole lot of locks may be left locked in the child with noone to unlock them, if other threads in the parent were doing something protected by a lock of some sort). But that's a different issue... ] - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte \ Tunnlandsvägen 52 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-708-26 53 44 \ SWEDEN \ Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #499] Patches to OpenSSL for Stratus VOS
If you could please send the new patch as an update to this ticket (for example by replying to this message and making sure it reaches [EMAIL PROTECTED]), that would be the best way. In message [EMAIL PROTECTED] on Mon, 7 Jun 2004 21:33:49 +0200 (METDST), Green, Paul via RT [EMAIL PROTECTED] said: rt rt The patches described in request-tracker entry #499 are now rt obsolete. As far as I am concerned, request #499 can be closed. rt rt Please see the email thread starting at rt http://marc.theaimsgroup.com/?l=openssl-devm=108008359106412w=2 rt for the updated patch. This is a letter I originally sent to rt openssl-dev on March 23, 2004, and which has some follow-ups from rt Richard Levitte and myself. rt rt I neglected to send in this newer patch to the request tracker; rt please let me know if you would like me to do this. rt rt I don't need the patch applied to the 0.9.7 branch; I'd be rt satisified to see it applied to the 0.9.8-dev branch. - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte \ Tunnlandsvägen 52 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-708-26 53 44 \ SWEDEN \ Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #866] BUG REPORT: openssl-0.9.7d, ca command, null pointer exception, Visual Studio .NET 2003
OK, Fiel, what's up with this? The last post in ticket 862 shows that you acknowledged the bug has been fixed, and now you send in the *exact* same bug report again? I'm killing this ticket, as I assume it was a mistake... - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte \ Tunnlandsvägen 52 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-708-26 53 44 \ SWEDEN \ Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #9] Re: [patch] Sign certs that aren't self signed for x509 -CA
In message [EMAIL PROTECTED] on Wed, 31 Mar 2004 11:23:29 +0200 (METDST), Simon Josefsson via RT [EMAIL PROTECTED] said: rt rt Richard Levitte via RT [EMAIL PROTECTED] writes: rt rt I'm honestly very unsure about this one. After all, openssl ca rt already covers this, so I wonder why there's a need to create another rt way to do the same thing, and add to the confusion on how to do things.. rt . rt rt How would you use openssl ca to do the same? Wouldn't it change rt fields in signed certificate, or at least require that the CA key used rt to sign correspond to the issuer in the certificate to be signed? As rt far as I understood, the RT thread only indicate openssl ca has the rt same poor security as -noselfsign imply (in that it makes it possible rt for the user to sign certificates without POP), not that openssl ca rt can do the same operation. What I understood was that you wanted to be able to sign a certificate (I call i A from now on) using a CA that doesn't have a root certificate. That is perfectly possible to do with openssl ca, provided you give it that CA's certificate and key. Of course, in preparation, you should create a certificate request (called reqA) from certificate A. And yes, of course the newly signed signed certificate (A') will have new and possibly changed extensions. That's within normal CA operations, I believe. rt That said, I'm not using OpenSSL today, so I don't have a real rt interest in the patch. If you believe it doesn't add value, I won't rt pursue the matter further. OK. Well, if you can comment on what I said above, I'll ponder it a little more and decide on my own from there. Sounds like a deal? - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte \ Tunnlandsvägen 52 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-708-26 53 44 \ SWEDEN \ Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #9] Re: [patch] Sign certs that aren't self signed for x509 -CA
In message [EMAIL PROTECTED] on Wed, 31 Mar 2004 11:51:13 +0200 (CEST), Richard Levitte - VMS Whacker [EMAIL PROTECTED] said: levitte In message [EMAIL PROTECTED] on Wed, 31 Mar 2004 11:23:29 +0200 (METDST), Simon Josefsson via RT [EMAIL PROTECTED] said: levitte levitte rt levitte rt Richard Levitte via RT [EMAIL PROTECTED] writes: levitte rt levitte rt I'm honestly very unsure about this one. After all, openssl ca levitte rt already covers this, so I wonder why there's a need to create another levitte rt way to do the same thing, and add to the confusion on how to do things.. levitte rt . levitte rt levitte rt How would you use openssl ca to do the same? Wouldn't it change levitte rt fields in signed certificate, or at least require that the CA key used levitte rt to sign correspond to the issuer in the certificate to be signed? As levitte rt far as I understood, the RT thread only indicate openssl ca has the levitte rt same poor security as -noselfsign imply (in that it makes it possible levitte rt for the user to sign certificates without POP), not that openssl ca levitte rt can do the same operation. levitte levitte What I understood was that you wanted to be able to sign a certificate levitte (I call i A from now on) using a CA that doesn't have a root levitte certificate. That is perfectly possible to do with openssl ca, levitte provided you give it that CA's certificate and key. Of course, in levitte preparation, you should create a certificate request (called reqA) levitte from certificate A. levitte levitte And yes, of course the newly signed signed certificate (A') will have levitte new and possibly changed extensions. That's within normal CA levitte operations, I believe. *Ahem* *cough* *blush* Maybe I should actually reread that thread first... *blush* - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte \ Tunnlandsvägen 52 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-708-26 53 44 \ SWEDEN \ Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #849] WIN32 compile problems
In message [EMAIL PROTECTED] on Mon, 22 Mar 2004 14:33:59 +0100 (MET), [EMAIL PROTECTED] via RT [EMAIL PROTECTED] said: rt Libeay32 linked fine. I got the problems when linking ssleay32. It rt complained about 2 unresolved symbols. I ended up copying the rt asn1_lib.obj line from the CRYPTOOBJ dependency section and pasting it rt into the SSLOBJ dependency section. That seemed to solve the problem. That is weird. When linking ssleay32, there should really be no problems, as it's just about putting together all the object files that belong there. When linking *an application* against ssleay32, you must not forget to also link against libeay32. Maybe that's what's missing? Could you say which two symbols are missing? - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte \ Tunnlandsvägen 52 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-708-26 53 44 \ SWEDEN \ Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #832] ocsp and dsa key+socket option SO_REUSEADDR for responder
In message [EMAIL PROTECTED] on Fri, 27 Feb 2004 14:00:24 +0100 (MET), Stephen Henson via RT [EMAIL PROTECTED] said: rt rt [levitte - Fri Feb 27 00:04:45 2004]: rt rt I noticed the EVP_dss1() hack, and am pondering about something a bit rt mkore generic. Could you test if the following line works? rt rtevp_md = EVP_get_digestbynid(EVP_MD_nid(rkey)); rt rt [guest - Mon Feb 23 18:13:00 2004]: rt rt Attached file extend OCSP responder with: rt - add support for dsa keys; rt - set SO_REUSEADDR when system support it. rt rt What about attached patch ? rt It is against 0.9.7b, but same fixes can be applied for 0.9.7c. rt rt rt Its only because both EVP_PKEY and EVP_MD structures both have a field rt called type and that EVP_MD_nid() is a macro that it works. rt rt If ever EVP_MD_nid() was changed to a function bad things could happen. [...] rt The applications currently access pkey-type directly for this kind of rt thing. So basically, you're saying that the following would be the right thing to do: evp_md = EVP_get_digestbynid(rkey-type); - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte \ Tunnlandsvägen 52 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-708-26 53 44 \ SWEDEN \ Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #833] PEM_read_bio_PrivateKey unencrypted read bug
In message [EMAIL PROTECTED] on Fri, 27 Feb 2004 14:09:07 +0100 (MET), Stephen Henson via RT [EMAIL PROTECTED] said: rt The workaround we use is to #undef these first in the relevant header rt file but as the OP reports this only works if you #include windows.h rt (which includes wincrypt.h) first. Uhmm, I was under the impression that #undef'ing an undefined macro basically is a no-op and should not be a problem. Is that incorrect? Or perhaps that's just incorrect in the Microsoft world? :-) - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte \ Tunnlandsvägen 52 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-708-26 53 44 \ SWEDEN \ Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #833] PEM_read_bio_PrivateKey unencrypted read bug
In message [EMAIL PROTECTED] on Fri, 27 Feb 2004 15:42:51 +0100 (CET), Richard Levitte - VMS Whacker [EMAIL PROTECTED] said: levitte In message [EMAIL PROTECTED] on Fri, 27 Feb 2004 15:32:26 +0100 (MET), Stephen Henson via RT [EMAIL PROTECTED] said: levitte levitte rt If windows.h is not included first then the #undef X509_NAME has no levitte rt effect but the structure still gets defined. When windows.h is included levitte rt X509_NAME gets #defined to whatever Windows wants it to be and any levitte rt OpenSSL source bombs with a compilation error. levitte levitte Ah, now I understand. For some reason, I mixed up not included levitte first with not included at all... levitte levitte Hmm, I'm not sure what we can do about that... Oh wait, we could actually include windows.h just before #undef'ing X509_NAME. It's a hack, of course, but it *would* work, at least as long as the usual protection against multiple inclusions is present. - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte \ Tunnlandsvägen 52 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-708-26 53 44 \ SWEDEN \ Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #829] PATCH: Checking issuer cert w/ self-signed certs
In message [EMAIL PROTECTED] on Wed, 18 Feb 2004 10:40:26 +0100 (MET), Dave Roberts via RT [EMAIL PROTECTED] said: rt It also copes if they have the same Serial Number as well. The only way to cope with that situation is to return an error. The serial number must be unique for each certificate issued by one CA. This includes self-signed ones. - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #823] openssl 0.9.7c build fails
In message [EMAIL PROTECTED] on Sun, 8 Feb 2004 18:31:16 +0100 (MET), [EMAIL PROTECTED] via RT [EMAIL PROTECTED] said: rt fixed it by adding #include e_os.h to crypto/des/des_locl.h rt and adding a link ../../e_os.h in include/openssl/ It's better if you add a '#include ../e_os.h' - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #796] bug fix: compatibility_version incorrect in 0.9.7c on OSX 10.3.1
In message [EMAIL PROTECTED] on Fri, 12 Dec 2003 10:20:47 +0100 (MET), OpenMacNews via RT [EMAIL PROTECTED] said: rt the following changes seem to cure the problem ... rt rt (EDITOR) Makefile.org rt @ 304 rt --- -compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \ rt +++ -compatibility_version 0.9.7 \ I assume, then, that having the following would be correct: -compatibility_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \ That would be very practical, since that's one less place where we need to remember to update the version number... - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. You don't have to be rich, a $10 donation is appreciated! -- Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #767] Openssl time bugs
In message [EMAIL PROTECTED] on Sat, 29 Nov 2003 13:17:26 +0100 (MET), Stephen Henson via RT [EMAIL PROTECTED] said: rt Unless you feel some compulsion to look into this I'd rather rt handle it myself. Go ahead, my compulsions lie somewhere else right now :-). - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. You don't have to be rich, a $10 donation is appreciated! -- Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #772] 32/64-bit detection on HPUX 11.11
In message [EMAIL PROTECTED] on Wed, 19 Nov 2003 09:38:04 +0100 (MET), Andy Polyakov via RT [EMAIL PROTECTED] said: rt rt Now, the really cool thing would be if someone (you?) could provide us rt with some sh code that identifies 64bit HP/UX so we could set that up rt in the script 'config'. rt rt ??? 'config' tells apart 32- and 64-bit HP/UX kernels since long time rt ago. Look for 'getconf KERNEL_BITS'. Oh? So how come 64-bit people get a build that tries to go for 32-bit? What have we missed? I haven't looked yet, but I might tonight, if I remember... - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. You don't have to be rich, a $10 donation is appreciated! -- Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #753] 0.9.6l does not compile on Windows
In message [EMAIL PROTECTED] on Wed, 5 Nov 2003 08:42:39 +0100 (MET), Jeffrey Altman via RT [EMAIL PROTECTED] said: rt rt The inclusion of e_os.h in crypto\des\cfb_enc.c must be specified as rt either rt rt #include openssl/e_os.h Absolutely not! rt or rt rt #include ../e_os.h I'd rather say either: #ifdef FLAT_INC # include e_os.h #else # include ../../e_os.h #endif or: #include e_os.h I prefer the latter. rt This is not performed in a consistent manner in OpenSSL 0.9.6. Uhmm, why does cbc_enc.c need e_os.h? But you're right, the consistency is a bit lacking there... - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #754] Downgrade to Lower Version
In message [EMAIL PROTECTED] on Wed, 5 Nov 2003 09:46:42 +0100 (MET), ho k via RT [EMAIL PROTECTED] said: rt rt Dear rt rt I would like to ask may it possible to downgrade to rt lower version of openssl if my system has already been rt install openssl-0.9.7c There's no problem with downgrading in itself. However, you will need to take care of every application that links to libcrypto.so and libssl.so, if you have shared library support at all enabled with OpenSSL. Can I ask why the downgrade? - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #754] Downgrade to Lower Version
In message [EMAIL PROTECTED] on Wed, 5 Nov 2003 10:34:49 +0100 (MET), ho k via RT [EMAIL PROTECTED] said: rt It is because of compability problem with existing rt program. May I delete libcrypto.so and libssl.so, then rt restore the lower verion for downgrade clearly. If your programs require libcrypto.so and libssl.so to come from OpenSSL 0.9.6x (x being any patch level), then by all means, downgrade. - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #754] Downgrade to Lower Version
In message [EMAIL PROTECTED] on Wed, 5 Nov 2003 10:59:47 +0100 (MET), ho k via RT [EMAIL PROTECTED] said: rt I have concern that just as MS-windows, the newer rt version file can be overwrited by the elder verion rt ones. Is it true for program running on unix The Unixly installation does it in such a way that the installed files become new files instead of overwriting old ones. The old ones are removed in the process, but may still hang in there until no process uses them (this depends on the Unix you use). - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #709] AutoReply: OpenSSL-0.9.7c on Solaris
In message [EMAIL PROTECTED] on Wed, 1 Oct 2003 16:36:20 +0200 (METDST), [EMAIL PROTECTED] via RT [EMAIL PROTECTED] said: rt Also, line 8 of ui.pod needs a comma on the end, I keep finding them. rt Also, this is kind of cosmetic and makes it easier, but in des_modes.pod rt could you change the spaces in the name (line 5) to underscores? Spaces rt break the package making process on Solaris quite quickly. I think I'd rather detect if a name has spaces in it, and then simply skip over it. There will still be the file des_modes.7, which is what all the other pages are refering to anyway. -- Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #709] AutoReply: OpenSSL-0.9.7c on Solaris
In message [EMAIL PROTECTED] on Wed, 1 Oct 2003 17:01:19 +0200 (METDST), [EMAIL PROTECTED] via RT [EMAIL PROTECTED] said: rt That's an OK solution, but what are the feelings towards those rt commas? Are those left out on purpose or were they typos? They were typos, and have already been corrected. -- Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #669] select patches for DOS
In message [EMAIL PROTECTED] on Sun, 28 Sep 2003 04:44:29 +0200 (METDST), [EMAIL PROTECTED] via RT [EMAIL PROTECTED] said: rt rt On Sat, 27 Sep 2003, Richard Levitte via RT wrote: rt rt I applied your changes to 0.9.8-dev and 0.9.7-stable. Thank you. rt rt Ticket resolved. rt rt [EMAIL PROTECTED] - Tue Jul 29 09:10:37 2003]: rt rt These are my patches to get openssl s_client working on rt MSDOS / djgpp / Watt-32. rt rt The patch was revised by Gisle on August 19th. I know it was sent to rt openssl-dev, but I'm not sure it went to rt. Please use the revised rt patch. Thanks. It seems like I entirely forgot to include the affected file in my commit anyway... -- Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #665] Missing header file
What's the *real* problem here? krb5.h should only be included of OpenSSL has been configured to build with Kerberos, something you currently have to configure explicitely. If you get inclusion problems in spite of not having configured OpenSSL to use Kerberos, please send us a log of your building session. If you have configured OpenSSL to use kerberos, make sure krb5.h is available. -- Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. In message [EMAIL PROTECTED] on Thu, 24 Jul 2003 15:08:42 +0200 (METDST), Ron Whiteside via RT [EMAIL PROTECTED] said: rt rt I understand that. I think you could include a dummy header file: rt #define OpenSSL_NO_KRB5 rt rt RW rt rt -Original Message- rt From: [EMAIL PROTECTED] rt [mailto:[EMAIL PROTECTED] Behalf Of Lutz Jaenicke via rt RT rt Sent: Thursday, July 24, 2003 1:58 AM rt To: [EMAIL PROTECTED] rt Cc: [EMAIL PROTECTED] rt Subject: Re: [openssl.org #665] Missing header file rt rt rt rt On Thu, Jul 24, 2003 at 08:40:10AM +0200, Ron Whiteside via RT wrote: rt rt The krb5.h header file is missing from the tar ball openssl-0.9.7b. rt rt The krb5.h header file is part of the Kerberos suite. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #629] Custom error handling
In message [EMAIL PROTECTED] on Sat, 5 Jul 2003 08:24:45 +0200 (CEST), Frédéric Giudicelli [EMAIL PROTECTED] said: groups That's pretty much what I asked from the beginning, the groups possibility to use ERR_set_implementation and to have ERR_FNS groups public. But because of (if (!err_fns)) on groups ERR_set_implementation:304, that's just not possible. I'm sorry, but how exactly does that conditional stop you from giving ERR_set_implementation() a non-NULL pointer and have that accepted? -- Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #629] Custom error handling
In message [EMAIL PROTECTED] on Fri, 4 Jul 2003 00:12:24 +0200, Frédéric Giudicelli [EMAIL PROTECTED] said: groups The problem is the following, yes your code (ERR_pop_to_mark/ERR_set_mark) groups is fine when a child function is adding a new error, however, what happends groups when it calls ERR_clear_error ? In my implementation I need the error stack groups to be preserved even if a child function calls ERR_clear_error. groups groups That's why if you happended to remove the if (!err_fns) test in groups ERR_set_implementation, I would be more than happy. I'm sorry, but in what way does that prevent the error stack to be cleared? Maybe a better thing would be to have a flag that inhibits clearing the error stack... I'll ponder over this issue. -- Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #629] Custom error handling
OK, what stops you from creating your own implementation table and fill that with whatever you want, and give that as an argument to ERR_set_implementation(). I know, it means you have to look in crypto/err/err.c for each version to see if there's been a change to ERR_FNS. Guess what? It sounds like you must fiddle with that file eaither way... -- Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. In message [EMAIL PROTECTED] on Fri, 4 Jul 2003 20:02:15 +0200 (METDST), Frédéric Giudicelli via RT [EMAIL PROTECTED] said: rt Because, I could stub the default implementation, and if the error rt handling has been disabled, then I just don't call the default rt implementation function. rt rt Frédéric Giudicelli rt http://www.newpki.org rt rt rt - Original Message - rt From: Richard Levitte - VMS Whacker [EMAIL PROTECTED] rt To: [EMAIL PROTECTED]; [EMAIL PROTECTED] rt Cc: [EMAIL PROTECTED] rt Sent: Friday, July 04, 2003 1:52 PM rt Subject: Re: [openssl.org #629] Custom error handling rt rt rt In message [EMAIL PROTECTED] on Fri, 4 Jul 2003 rt 00:12:24 +0200, Frédéric Giudicelli [EMAIL PROTECTED] said: rt rt groups The problem is the following, yes your code rt (ERR_pop_to_mark/ERR_set_mark) rt groups is fine when a child function is adding a new error, however, what rt happends rt groups when it calls ERR_clear_error ? In my implementation I need the rt error stack rt groups to be preserved even if a child function calls ERR_clear_error. rt groups rt groups That's why if you happended to remove the if (!err_fns) test in rt groups ERR_set_implementation, I would be more than happy. rt rt I'm sorry, but in what way does that prevent the error stack to be rt cleared? Maybe a better thing would be to have a flag that inhibits rt clearing the error stack... I'll ponder over this issue. rt rt -- rt Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED] rt [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 rt \ SWEDEN \ or +46-708-26 53 44 rt Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] rt Member of the OpenSSL development team: http://www.openssl.org/ rt rt Unsolicited commercial email is subject to an archival fee of $400. rt See http://www.stacken.kth.se/~levitte/mail/ for more info. rt __ rt OpenSSL Project http://www.openssl.org rt Development Mailing List [EMAIL PROTECTED] rt Automated List Manager [EMAIL PROTECTED] rt rt rt __ rt OpenSSL Project http://www.openssl.org rt Development Mailing List [EMAIL PROTECTED] rt Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #629] Custom error handling
In message [EMAIL PROTECTED] on Thu, 3 Jul 2003 23:09:05 +0200, Frédéric Giudicelli [EMAIL PROTECTED] said: groups As I said earlier, you don't have to implement it, however groups that would be nice if you could make the cutsom error handling groups code work, which would allow me to implement it. I must have missed something. Is there some error in what I implemented that hasn't been corrected yet? I may have missed some mail... -- Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #646] Fix for Linux problems using TERMIOS
In message [EMAIL PROTECTED] on Thu, 19 Jun 2003 08:51:58 +0200 (METDST), Bob Hepple via RT [EMAIL PROTECTED] said: rt I am busy porting OpenSSL to the Eracom hardware engine and have run into rt a problem when entering PINS (ie using fgets() without echo). Thought I'd rt share the workaround and invite comment ... rt rt Normally, openssl does not need to access this function so I imagine it rt has not been much debugged. But with this hardware engine I need to be rt able to input a PIN without echo and since there is a mechanism in openssl rt to do just that, naturally I prefer to use it rather than write more code. Uhmm, you're doing the prompting through a UI_METHOD, I assume (more precisely, the one returned by UI_OpenSSL()). All OpenSSL application prompting for pass phrases ('openssl genrsa' and lots of other commands) use that same mechanism, so I'm quite surprised this hasn't been heard of before. Have you tested if 'openssl genrsa' works? If it does, perhaps you should figure out what you do differently from the OpenSSL application. You probably want to check out the function setup_ui_method() and related static functions in apps/apps.c, or check out the nCipher engine, which I'm pretty sure does things properly (at least last time I tested). rt Normally, Linux is configured with -DTERMIO set. This causes fgets() to rt return an error (it returns NULL and feof() is set) when NOECHO is used in rt crypto/ui/ui_openssl:read_string_inner() rt rt If I compile with -DTERMIOS instead, there is no error. So my question is rt in 3 parts: rt rt 1. what is the 'correct' way to specify TERMIOS instead of TERMIO? I have rt tried setting the TERMIOS parameter in util/pl/linux.pl to no avail. I am rt currently changing all the linux configurations in the 'Configure' script rt and this seems to work, but it's messy. There's some preprocessor code in crypto/ui/ui_openssl.c that forces TERMIO for Linux. You might want to disable that, or make it force TERMIOS instead. rt 2. Since this fixes the problem, can this setting please be used as the rt default in future? Will it work on all Linux variants, including somewhat aged Linux systems? rt 3. Why use TERMIO when TERMIOS is available on Linux? Because once upon a time, when the original code was constructed, there was only TERMIO, I assume. Noone has complained since, so... rt ... and yes, the current stat of the port is available as a source code rt patch at http://www.eracom-tech.com/downloads/downloads.php I think available depends on who you are. I just tried, and was redirected to http://www.eracom-tech.com/login/userlogin.php... Anyhow, whenever it really becomes available, I think I can take a look and see if I can spot something. -- Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #643] Possible bug in -passin[out] fd:int argument form to openssl rsa
In message [EMAIL PROTECTED] on Wed, 11 Jun 2003 09:21:49 +0200 (METDST), Charles B Cranston via RT [EMAIL PROTECTED] said: rt rt Possible bug in OpenSSL 0.9.6h on Solaris 2.8 with /dev/urandom rt rt The rsa command fails strangely when attempting to use rt both -passin fd:int and -passout fd:int together. My code was rt rt openssl rsa -passin fd:5 -des3 -passout fd:7 rt rt and it was reencoding the key with a bad passphrase. Changing to rt use the /dev/fd syntax like this: rt rt openssl rsa -passin file:/dev/fd/5 -des3 -passout file:/dev/fd/7 [...] rt This seems to fail on the read of the input key, that is, trying rt to decrypt the input with even though I expected it rt to fail when doing the reincryption. It gets: rt rt read RSA key rt unable to load key rt 1628:error:06065064:digital envelope routines:EVP_DecryptFinal:bad rt decrypt:evp_enc.c:277: rt 1628:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:455: rt The pass phrase is b rt tpk.pem: No such file or directory I'm surprised that you don't get an error like this: Error reading password from BIO The reason is that fds can't really work, because BIO_gets() is used, and is not implemented for fds (which is a bug in our code). -- Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #561] bug report
In message [EMAIL PROTECTED] on Wed, 2 Apr 2003 09:23:17 +0200 (METDST), Matthew Fleming via RT [EMAIL PROTECTED] said: rt I am using openssl v. 0.9.7a. I have compiled static libraries and am rt trying to create an application that links to those libraries. I am rt developing with Visual Studio .NET on Windows 2000. rt rt I have found that just the single line rt rt SSL_library_init(); rt rt produces a list of memory leaks from the compiler: That's normal. What happens is that a table of error information, an object database and a few other things are being built up. Since you're not calling any cleanup stuff, you end up with a leak. This is not a bug, at least not in OpenSSL. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #546] Open SSL 9.7 make failure
In message [EMAIL PROTECTED] on Tue, 25 Mar 2003 20:15:51 +0100 (MET), via RT [EMAIL PROTECTED] said: rt ld: error: libc.so.6, needed by /usr/lib/libdl.so, conflicts with rt libc.so.5 Eeeep, looks like you have a dirty installation... -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #528]
In message [EMAIL PROTECTED] on Tue, 25 Mar 2003 14:46:04 +0100 (MET), [EMAIL PROTECTED] via RT [EMAIL PROTECTED] said: rt All the tests run fine until the final apps/openssl version -a rt rt rt make[1]: Leaving directory rt `/usr/local/src/openssl/openssl-0.9.7-stable-SNAP-20030323/test' rt ld.so.1: apps/openssl: fatal: libgcc_s.so.1: open failed: No such rt file or directory rt Killed rt make: *** [tests] Error 137 Yup, I apparently forgot a few dollar signs. Just committed a fix. Please try tomorrows snapshot. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #515] 0.9.7a
In message [EMAIL PROTECTED] on Thu, 20 Mar 2003 11:51:20 +0100 (MET), Alexey Semenov via RT [EMAIL PROTECTED] said: rt I'll try as soon as fix will be available with new release - rt 0.9.7b I suppose. I'd like to ask you to please consider fetching ftp://ftp.openssl.org/snapshot/openssl-0.9.7-stable-SNAP-20030319.tar.gz and test it, to determine if we need to do more fixing *before* release of 0.9.7b (if possible). Otherwise, you just delay the fix (if one is needed) to 0.9.7c. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #528]
In message [EMAIL PROTECTED] on Thu, 6 Mar 2003 15:34:52 +0100 (MET), via RT [EMAIL PROTECTED] said: rt ./config shared rt rt make test fails as we use LD_LIBRARY_PATH rt rt The Makefiles in ./ and ./tests set LD_LIBRARY_PATH to `pwd` rt rather than `pwd`:$$LD_LIBRARY_PATH rt rt Is this a bug or an error on my part That's clearly a bug... -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #515] 0.9.7a
In message [EMAIL PROTECTED] on Thu, 20 Feb 2003 11:16:25 +0100 (MET), Alexey Semenov via RT [EMAIL PROTECTED] said: rt try ./config shared no-engine, then compile. rt Apache 1.3.27/mod_ssl crashes with segmentation fault. rt if i remove 'no-engine' - all ok, rt linux 2.4.19/gcc 2.95.3/glibc 2.1.3 It's possible mod_ssl expects the engine framework to be present, and is basically pissed off... Do you have any log to show us? Do you have the possibility to run under a debugger and get us a traceback? -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #504] DES CBC Initial Vector Parameter Problem
In message [EMAIL PROTECTED] on Fri, 14 Feb 2003 21:18:45 +0100 (MET), via RT [EMAIL PROTECTED] said: rt rt Hi, rt rt I'm using the latest (0.9.7) Crypto lib to encrypt a string of clear rt text, by using CBC mode with IV preset to 8 bytes of 0x00. rt When the encrypted text was decrypted back to plain text, the first 8 rt bytes are bad text. I believe there are something to do with the IV rt parameter, or I call the functions incorrectly. Please help!! rt rt Here are the source code and the output: rt = rt rt #include iostream.h rt #include stdio.h rt #include openssl/des.h rt rt #include HubUtil.h rt rt int main() { rt rt char mKey[8]; rt mKey[0] = 0xb1; rt mKey[1] = 0xa5; rt mKey[2] = 0x38; rt mKey[3] = 0x58; rt mKey[4] = 0xb2; rt mKey[5] = 0x60; rt mKey[6] = 0xd7; rt mKey[7] = 0x38; rt rt char myIV[8]; rt myIV[0] = 0x00; rt myIV[1] = 0x00; rt myIV[2] = 0x00; rt myIV[3] = 0x00; rt myIV[4] = 0x00; rt myIV[5] = 0x00; rt myIV[6] = 0x00; rt myIV[7] = 0x00; rt rt DES_cblock cbKey; rt DES_cblock cbIV; rt DES_key_schedule kSchedule; rt rt char inS[] = Hello c++ World; rt unsigned char input[19]; rt rt int i; rt for(i=0; istrlen(inS); i++) { rt input[i] = (unsigned) inS[i]; rt } rt rt char inHex[39]; rt HubUtil::bytesToHex(input, inHex, 19); rt rt cout Input hex: inHex endl; rt rt unsigned char output[24]; rt rt DES_string_to_key(mKey, cbKey); rt DES_string_to_key(myIV, cbIV); rt DES_set_key_unchecked(cbKey, kSchedule); rt DES_ncbc_encrypt(input, output, 19, kSchedule, cbIV, 1); rt rt cout In : input endl; rt You need to do this here: DES_string_to_key(myIV, cbIV); rt unsigned char output2[19]; rt DES_ncbc_encrypt(output, output2, 24, kSchedule, cbIV, 0); rt rt char outHex[39]; rt HubUtil::bytesToHex(output2, outHex, 19); rt rt cout Decrypted hex: outHex endl; rt rt return 0; You problem was that you didn't reinitialise the IV. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #151] S/MIME implemementation doesn't follow MIME spec. Patch included.
In message [EMAIL PROTECTED] on Thu, 13 Feb 2003 14:36:54 +0100 (MET), Holger Sesterhenn via RT [EMAIL PROTECTED] said: rt PKCS7_sign() uses SMIME_crlf_copy() to assure '\r\n' at EOL before signing. rt BIO_write() is used. Does BIO_write() use the C library? If it does, we rt have the same problems as with SMIME_write_PKCS7() because '\n' is rt interpreted diferent between the systems. rt rt I don't like to analyze the whole BIO stuff so could somebody please show rt me where BIO_printf() converts '\n' to '\r\n' on windows? The BIO stuff uses the C library when possible. If the BIO used has FILE* as underlying type, it's up to the user to specify if text mode is used or not. Since a piece of mail is essencially text, I'd expect text mode to be used. I believe the SMIME functions expect that as well. You can guess what happens with \r\n when sent to a file in text mode on windows... And you will probably not even know what happens on VMS (a very simple answer is: you get a lot of empty lines). rt Richard said: Bodo is correct, it's not OpenSSL's rt responsability to do the various conversions that may be done by the rt C run-time library anyway. rt rt Of course it is not OpenSSL's responsability but there are clear rules rt (RFC2046) how a multipart mail has to look like and why don't stick to rt these rules? That RFC tells you what a message should look like when sent over the line. It has nothing to do with storage on file or anything else like that (on VMS, mails are normally stored in files in variable length record format. The line ends (\n or \r\n) aren't even stored in there). I won't try to guess what database-driven systems like Microsoft Exchange does... rt Isn't it possible to use some #defines and/or ./configure options rt to detect how the underlying system library interprets '\n'? I'm afraid not. As soon as you start looking at all the possible outputs, you're just digging yourself deeper trying to do that. rt Sed is not the solution in all cirumstances and you can't count on rt the client to handle the EOL relaxed. Then we're talking about a difference of philosophy. I'm assuming those clients see the mails as a binary blob. rt BTW: There are at least some versions of LotusNotes which put rt '\r\r\n' at the end of lines. Ep. All I can say about this is that there doesn't seem to be any easy solution. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #359] Calling SSL_read and SSL_write with non-empty error stack may cause an error
In message [EMAIL PROTECTED] on Fri, 31 Jan 2003 15:50:06 +0100 (MET), Bodo Moeller via RT [EMAIL PROTECTED] said: rt A second theory is that OpenSSL should always clear the error queue by rt calling ERR_clear_error() if stuff left in the error queue might cause rt confusion later. The problem is finding out what it's appropriate. Let's not forget that some OpenSSL functions are called from other OpenSSL functions, so this might be tricky. Besides, I'm not sure I agree with that theory in any case. Would libc functions clear errno all the time? -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #484] openssl question
In message [EMAIL PROTECTED] on Fri, 31 Jan 2003 04:59:36 +0100 (MET), via RT [EMAIL PROTECTED] said: rt rt [steve - Thu Jan 30 20:44:34 2003]: rt rt However no version of OpenSSL will currently display that correctly. rt rt This isn't very friendly and proper IPv6 support will be added at some rt stage. rt rt Do you have any ideia when? 0.9.8 at the earliest. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #479] support version independent upgrade
In message [EMAIL PROTECTED] on Mon, 27 Jan 2003 23:33:24 +0100 (MET), [EMAIL PROTECTED] via RT [EMAIL PROTECTED] said: rt Actually, I'd prefer that I wouldn't have to relink and rt redistribute my application every time a security patch comes out rt for OpenSSL. I haven't seen any issues in our application rt upgrading from 0.9.6 to 0.9.7 using this non version technique on rt our local development nodes. If all you wanted was security patches, you upgrad to the next patch level of 0.9.6. 0.9.7 contains a lot more changes than just security patches. Also, as a very simple test, I built 0.9.6h and 0.9.7 with shared support, but made sure I linked the 0.9.7 test suite against the 0.9.6h libraries. Then I ran them. Kaboom (I don't recall exactly where, I did it some time ago...). So if *you* haven't had any issues, count your blessings and don't make any changes to your applications. Unfortunately, since it's easily proven that there's a risk of mysterious crashes, we can't support your claim. Sorry. rt The version technique doesn't just prevent backward compatibility rt but it prevents users from getting potential security upgrades rt that *may* work just fine. It's definitely not a desirable rt distribution scenario as it sits now. It forces developers to do rt relinks and redistribute whether they're needed or not. I agree that the current situation isn't optimal for shared libraries. What would you do in our place (and please look outside your particular sandbox, and think of all the reports of mysterious crashes that will flow in to us (which they sometimes do for systems like Windows, where there is no versioning). Basically, place yourself in our shoes). -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #479] support version independent upgrade
In message [EMAIL PROTECTED] on Mon, 27 Jan 2003 22:40:24 +0100 (MET), via RT [EMAIL PROTECTED] said: rt Currently, on many Unix platforms I link my application against rt libssl.so and libcrypto.so. Typically, these are links set to resolve rt down to the versioned types of these files, like libssl.so.0.9.7 and rt libcrypto.so.0.9.7. The internal names of these shared objects rt include the major and minor version so even though I link against the rt shared objects without the version, such as libssl.so, my application rt becomes tied to the versioned shared objects at link time, for rt instance libssl.so.0.9.7. There's a reason: until OpenSSL 1, we don't guarantee backward binary compatibility. There are technical reasons for this, like the need to make changes to published structures (it may be argued that it shouldn't be needed, but to achieve such flexibility, we either need to hide them (which would require huge changes for everyone) or redo them in such a way that they become rather generic) and other stuff. Because of this, we're forced to do what we currently do with shared libraries. Perhaps you'd prefer that your applications crash mysteriously and in an unrecoverable manner? -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #463] PATCH
In message [EMAIL PROTECTED] on Fri, 17 Jan 2003 23:26:40 +0100 (MET), Andy Polyakov via RT [EMAIL PROTECTED] said: rt Current version, rt openssl-0.9.7, does not support shared libraries on AIX platform. rt rt To openssl-dev mainly. How come did do_aix-shared deserve so special rt treatment? I mean SHAREDFLAGS being hardcoded directly in Makefile.org? rt Just wondering... Well, that one is an experiment. Someone suggested it for AIX and everything else, and I wrote comments on how I thought the different variables should be defined on different platforms, and intended to do more experiments with that later. Well, I eventually did experiment, resulting in Makefile.shared in 0.9.8-dev. I haven't touched the stuff in 0.9.7 because it supposedly worked... rt I am sending you the changes rt which allow to generate shared libraries for some cc compilers on AIX, namely, aix-cc rt rt What's the idea behind aix-cc? It's a safety net for out-of-date AIX rt releases, which noone cared to test for a long time and probably never rt will. If you just tested both aix-cc and aix43-cc on the same machine, rt then we should refrain from modifying the aix-cc. Alternative is to rt rename aix-cc to aix-old-cc and aix43-cc to aix-cc and leave aix-old-cc rt alone... aix-cc is a minimum safety net, that's correct. rt and aix43-cc. rt rt Could you test following? In a tree with proposed patch applied! Open rt Makefile.ssl with text editor, seek to do_aix-shared rule, modify rt SHAREDFLAGS=${SHARED_LDFLAGS} -G -bE:lib$$i.exp -bM:SRE above the rule rt as SHAREDFLAGS=${SHARED_LDFLAGS} -G -bautoexp -bM:SRE. Finaly 'make rt clean' and 'make'. Does it build? I want to see if it's possible to get rt rid of that extra step which generates .exp file... -bautoexp? How long has that thing existed? And we can't get rid of it for the sake of older AIX that don't have autoexp... -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #463] PATCH
In message [EMAIL PROTECTED] on Sat, 18 Jan 2003 00:01:39 +0100 (MET), Andy Polyakov via RT [EMAIL PROTECTED] said: rt rt To openssl-dev mainly. How come did do_aix-shared deserve so special rt rt treatment? I mean SHAREDFLAGS being hardcoded directly in Makefile.org? rt rt Just wondering... rt rt Well, that one is an experiment. rt rt Then why AIX specific flags like -bnogc, -bE:lib$$i.exp, -bM:SRE? Because do_aix-shared was proposed for AIX (obvious from the name of the target, I thought). The involved variables have only been used for AIX. Look, we can talk history as much as you want, but I suggest we drop that matter, leave do_aix-shared in 0.9.7 as it is (except for variable values that need to be tweaked) and work on Makefile.shared for 0.9.8, yes? rt -bautoexp? How long has that thing existed? rt rt Manual says since 4.2. aix43-cc implies 4.3, doesn't it? Ah, good, I must have missed it back when I had access to an AIX system and it's manuals... rt And we can't get rid of rt it for the sake of older AIX that don't have autoexp... rt rt But shared build is not defined for elder AIX and what are the odd rt that it will ever be? None, so I have no more objections. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #458] 'openssl x509' not quite working...
I just test, with OpenSSL 0.9.7a-dev (fresh checkout), the command to generate a self-signed cerificate according to the example in x509.pod: openssl x509 -in cert.pem -addtrust sslclient \ -alias Steve's Class 1 CA -out trust.pem I expected it to fail because it wouldn't find those files. However, the error was more of an unexpected one: Invalid trust object value sslclient And I can't quite blame it, I can't really see where that object would find itself into the object database. What am I missing? I'm filing this as a bug, as I suspect that's exactly what it is. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #433] 0.9.7 compilation problem with Borland C++ 5.5
In message [EMAIL PROTECTED] on Tue, 14 Jan 2003 14:49:31 +0100 (MET), Stephen Henson via RT [EMAIL PROTECTED] said: rt I've analysed this further and the cause seems to be that it bcc 5.5 rt complains about taking the address of a structure that doesn't have a rt complete definition. rt rt For example the following wont compile: rt rt typedef struct FOO_st FOO; rt rt extern FOO bar; rt rt FOO *pbar; rt rt pbar = bar; rt rt but it has no problems on other compilers. I believe this is a compiler bug, which should be reported back to Borland (unless they have a newer version of bcc that works correctly). rt If you add EXPORT_VAR_AS_FN in the BCC-32 entry in Configure as in the rt VC-WIN32 entry it seems to compile OK and passes all the tests. rt rt I'll check in this fix soon. Sounds reasonable. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #452] AutoReply: OpenSSL error
In message [EMAIL PROTECTED] on Mon, 13 Jan 2003 00:43:26 +0100 (MET), Jimmy Cheng Sze Ngee via RT [EMAIL PROTECTED] said: rt Problem had been resolved. Thanks. OK. Thanks. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #423] openssl-0.9.7-stable-SNAP-20021229: ldd problems
OK, I've hacked a little. Please try the following patch on a 0.9.7 snapshot, and put the attached openssl-shared.txt in doc/: Index: Makefile.org === RCS file: /e/openssl/cvs/openssl/Makefile.org,v retrieving revision 1.154.2.49 diff -u -u -r1.154.2.49 Makefile.org --- Makefile.org9 Jan 2003 16:15:06 - 1.154.2.49 +++ Makefile.org10 Jan 2003 12:03:15 - @@ -763,6 +763,12 @@ cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ set $(MAKE); \ $$1 -f $$here/Makefile link-shared ); \ + if [ $(INSTALLTOP) != /usr ]; then \ + echo 'OpenSSL shared libraries have been installed in:'; \ + echo ' $(INSTALLTOP)'; \ + echo ''; \ + sed -e '1,/^$/d doc/openssl-shared.txt; \ + fi; \ fi cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #421] bug: 097snap don't include krb5 inc dir in pkgconfig
In message [EMAIL PROTECTED] on Sun, 29 Dec 2002 21:57:59 +0100 (MET), Ricardo Ariel Gorosito via RT [EMAIL PROTECTED] said: rt [openssl-097-snap 2002-12-28 build on RedHat8 with MIT's krb5 libs] rt rt When I try to build packages that include ssl.h, it fail on: rt rt ---START rt In file included from /usr/include/openssl/ssl.h:179, rt from configure:6400: rt /usr/include/openssl/kssl.h:72:18: krb5.h: No such file or directory rt ---END rt rt openssl.pc is: rt rt ---START rt prefix=/usr rt exec_prefix=${prefix} rt libdir=${exec_prefix}/lib rt includedir=${prefix}/include rt rt Name: OpenSSL rt Description: Secure Sockets Layer and cryptography libraries and tools rt Version: 0.9.7-beta7-dev rt Requires: rt Libs: -L${libdir} -lssl -lcrypto -L/usr/kerberos/lib -lgssapi_krb5 rt -lkrb5 -lcom_err -lk5crypto -lresolv -ldl rt Cflags: -I${includedir} rt ---END rt rt includedir don't has /usr/kerberos/include Thanks for the report. You're right, I didn't realise the KRB5 includes would be needed in openssl.pc. I'll apply the following patch in a minute. Ricardo, Could you please test it as soon as possible to make sure I got it right? Tomorrow is the last day in the range of release dates I submitted before Christmas, and I'd really like to stick to it if I can. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #412] openssl-0.9.7-beta6: lib directory fails to install
In message [EMAIL PROTECTED] on Fri, 27 Dec 2002 13:26:48 +0100 (MET), Jeff A. Earickson via RT [EMAIL PROTECTED] said: rt No, you can assume that I've been on vacation for the week. OK, my appologies, and I hope you had a good vacation. Can you do a test run on the latest snapshot, please? -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #417] make test fails in BN_sqr under Solaris 8
In message [EMAIL PROTECTED] on Thu, 26 Dec 2002 22:38:42 +0100 (MET), Andy Polyakov via RT [EMAIL PROTECTED] said: rt Richard! How come this ticket made to 0.9.[78] STATUS? The question was rt originally about 0.9.6h[-engine] and the issue is not relevant in rt 0.9.[78] context. Because I make mistakes sometimes. Thanks for telling me, I just removed that line. It's possible it was prompted by my very recent experience with failures of BN_sqr() tests because of bugs in vms.mar... rt As for 0.9.6. There're two ways to solve this problem: rt rt - ./Configure solaris-sparcv9-gcc -m32 rt - ./Configure solaris64-sparcv9-gcc rt rt The question is what do we do to resolve this ticket? I see two options: rt rt - complement FAQ with 0.9.6 specific clause; rt - backport relevant ./config and ./Configure code; I suggest extending the FAQ. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #415] [PATCH] NetWare support for OpenSSL 0.9.6h
In message [EMAIL PROTECTED] on Tue, 24 Dec 2002 16:59:34 +0100 (MET), Verdon Walker via RT [EMAIL PROTECTED] said: rt This does not seem to have shown up in the contributions area. Are we rt still waiting for an update or did something go wrong? Something went wrong, index.html wasn't regenerated... I fixed the problem. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #404] maketest.log
In message [EMAIL PROTECTED] on Tue, 24 Dec 2002 18:46:47 +0100 (MET), via RT [EMAIL PROTECTED] said: rt rt $ ./tx509 rt testing X509 conversions rt p - d rt p - n rt p - p rt d - d rt n - d rt p - d rt d - n rt n - n rt p - n rt d - p rt n - p rt p - p No error, eh? Can you try to download a new snapshot, build it and test it? -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #417] make test fails in BN_sqr under Solaris 8
In message [EMAIL PROTECTED] on Tue, 24 Dec 2002 21:57:42 +0100 (MET), Mohler, Bruce via RT [EMAIL PROTECTED] said: rt test BN_sqr rt Square test failed! rt rt In the test sub-directory, there is an output file called tmp.bntest. The rt very end of that file contains: rt rt print test BN_sqr\n rt -FF8537 * -FF8537 - FE0101096392455231D1 rt 3003D * 3003D - 801E8FF860E89 rt 1 If you run those lines through bc (after setting obase and ibase to 16 (do obase first, or you'll be surprised :-)), you'll see they both result in 0, which is correct, so those are unfortunately the good result *before* the failing one. The way to find the error is to run ./test/bntest and see what it says directly to your console (or redirected to a file, and don't forget to redirect stderr as well). Please do that and tell us what it said. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #414] openssl-0.9.7-beta6: pine4.50 w/SSL cores
In message [EMAIL PROTECTED] on Fri, 20 Dec 2002 22:09:03 +0100 (MET), Jeff A. Earickson via RT [EMAIL PROTECTED] said: rt Program received signal SIGABRT, Aborted. rt 0xc002ea68 in kill () rt (gdb) backtrace rt #0 0xc002ea68 in kill () rt #1 0xc002de2c in raise () rt #2 0xc00282a8 in fatal_error () rt #3 0xc0021bdc in _shl_bor () rt #4 0xc002cc1c in sp_ok () rt #5 0xc002de2c in raise () rt #6 0xc0021b74 in _shl_bor () rt #7 0x7f5d418c in BN_nnmod (r=0xc3ff800, m=0x0, d=0x0, ctx=0x0) at bn_mod.c:132 rt #8 0x7f5d7cf8 in BN_mod_inverse (in=0x21, a=0x401a8b94, n=0x0, ctx=0x401a87d0) rt at bn_gcd.c:237 rt #9 0xc002de2c in raise () rt #10 0x80 in ?? () rt #11 0xc002de2c in raise () It looks to me like there's a bug in the function (raise()?) that calls BN_mod_inverse(). If you look at frame #8, you'll see that BN_mod_inverse() is called with 0 as 3rd argument (n). That's an error which needs to be corrected. This is NOT an OpenSSL error, unless you can show us that the erroneous argument in frame #8 is generated by OpenSSL. Please investigate further and come back with a new report if you found such a fault in OpenSSL. Thanks. I'll resolve this ticket in a minute. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #410] Re: HP-UX build problems with 0.9.6h
In message [EMAIL PROTECTED] on Mon, 23 Dec 2002 15:14:46 +0100 (MET), Andy Polyakov via RT [EMAIL PROTECTED] said: rt Danm! The very same thing happened to me earlier! You have to 'find . rt -name lib -size 0 -exec rm {} \;' if you delete libcrypto.a. Sorry:-) rt Alternative is to start from scratch, i.e. unpack into another rt directory, etc. A. Ahem, may I suggest a 'make clean' as long as things are cleaned up? :-) Oh, and the reason libcrypto.a doesn't get rebuilt automatically is that there are no such targets. We *should* have them, but that requires a much larger Makefile cleanup than you'd think... -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #410] Re: HP-UX build problems with 0.9.6h
In message [EMAIL PROTECTED] on Fri, 20 Dec 2002 09:01:40 +0100 (MET), Lutz Jaenicke via RT [EMAIL PROTECTED] said: rt * lots of messages during 'make depend' apparently from the pre-processor: rt ../util/domd .. -MD makedepend -- -DOPENSSL_THREADS -D_REENTRANT -DDSO_DL -DOPENSSL_NO_KRB5 -DOPENSSL_NO_IDEA -DOPENSSL_NO_ASM +DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -I. -I.. -I../include -DOPENSSL_NO_IDEA -- cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c rt cryptlib.c:433: !defined(_POSIX_C_SOURCE) || (_POSIX_C_SOURCE 199309L) rt rt Don't know about this one... Do you have makedepend on your system, rt otherwise gcc is being used. Maybe some flag is missing. Small correction: gcc is used instead of makedepend only if the compiler is exactly gcc. The following line in Configure sets that up: s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq gcc; -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #413] bn_div_words() in assembler on VAX fails
The problem is when an EDIV will produce a negative quotient from the division of two positive numbers. An example is the following call: q = bn_div_words(0xC0171716, 0xAB9A, 0xC0171717); q is supposed to get the result 0x. Unfortunately, the way the numbers are handled to avoid negative numbers (I've been bending backwards to get that to work), EDIV is asked to perform the following operation: 3005C5C5BFFFEAE6 / 600B8B8B The result of such an operation is 8000, which is a negative number according to EDIV, and since that's the result of dividing two positive numbers, this is an integer overflow, and the result becomes incorrect. For the arguments (n0, n1, d) to bn_div_words(), I've found out that the problem occurs under the following condition: ((n0 0x8000) (d 0x8000) (d 2) = (n0 2) (d = 0x8000)) I'm trying to find a method to handle this case, currently involving subtracting 0x8000 from n0 and trying to adjust the result accordingly, but I haven't come very far. This is a showstopper on VAX. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #407] OpenSSL 0.9.7 beta 6 doesn't build on VMS
Return-Path: [EMAIL PROTECTED] Received: from slim.vsm.com.au (slim.vsm.com.au [150.101.13.2]) by brev.stacken.kth.se (8.9.3/8.9.3) with ESMTP id AAA25429 for [EMAIL PROTECTED]; Wed, 18 Dec 2002 00:57:05 +0100 (MET) From: [EMAIL PROTECTED] Received: from vsm.com.au by vsm.com.au (PMDF V6.1-1 #39212) id [EMAIL PROTECTED] for [EMAIL PROTECTED]; Wed, 18 Dec 2002 10:26:51 +1030 Date: Wed, 18 Dec 2002 10:26:51 +1030 Subject: RE: [ANNOUNCE] OpenSSL 0.9.7 beta 6 released To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Message-id: [EMAIL PROTECTED] X-yahMAIL: YAHMAIL AXP-1.6.3 (MIME) (PMDF) (CGILIB AXP-1.6.3/OBJ) Hi Richard, Compaq TCP/IP Services for OpenVMS Alpha Version V5.3 on a AlphaServer 1200 5/533 4MB running OpenVMS V7.3-1 Compaq C V6.5-001 on OpenVMS Alpha V7.3-1 with USER_CCDEFS=_VMS_V6_SOURCE=1,__VMS_VER=6000,__CRTL_VER=6000 Building The CASTTEST Test Program. Building The SSLTEST Test Program. u_short rhdr_offset; /* data offset in IPv6 packet */ ^ %CC-E-MISSINGTYPE, Missing type specifier or type qualifier. at line number 457 in module IN6 of text library SYS$COMMON:[SYSLIB]DECC$RTLDEF. TLB;4 u_char rhdr_proto; /* The protocol type */ ^ %CC-E-MISSINGTYPE, Missing type specifier or type qualifier. at line number 458 in module IN6 of text library SYS$COMMON:[SYSLIB]DECC$RTLDEF. TLB;4 u_char rhdr_authOK; /* TRUE if the pkt was authenticated */ ^ %CC-E-MISSINGTYPE, Missing type specifier or type qualifier. at line number 459 in module IN6 of text library SYS$COMMON:[SYSLIB]DECC$RTLDEF. TLB;4 Building The EXPTEST Test Program. Building The DSATEST Test Program. Once I commented out the SSL test all other tests went through fine. Links and works with WASD OK. I'll give it a go on my VAXstation tonight. Regards, Mark. ++ Mark Daniel http://wasd.vsm.com.au/adelaide mailto:[EMAIL PROTECTED] ([EMAIL PROTECTED]) ++ __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #403] open ssl error . urgent help needed
In message [EMAIL PROTECTED] on Tue, 17 Dec 2002 13:03:14 +0100 (MET), amjad qurum via RT [EMAIL PROTECTED] said: rt rt dear sir rt i had the following error while trying to run the rt OPENSSL on my sun solaries 8 server . The error shown means you don't have a C compiler installed. I'll resolve this ticket. [...] rt cc -I. -I../include -KPIC -DTHREADS -D_REENTRANT rt -DDSO_DLFCN -DHAVE_DLFCN_H -xta rt rget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa rt -DB_ENDIAN -DBN_DIV2W -DUL rt TRASPARC -DMD5_ASM -c cryptlib.c rt /usr/ucb/cc: language optional software package not rt installed -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #272] BN gives wrong result for mod_exp (all forms)
In message [EMAIL PROTECTED] on Thu, 12 Dec 2002 20:17:52 +0100 (MET), David Asher via RT [EMAIL PROTECTED] said: rt ummm... I think you sent this to the wrong person... I reported the bug. Don't worry about it. You're the registered requestor, that's why you got a copy directly. Andy is a member of openssl-dev, so he'll see the mail as well. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #373] Fw: is SSL_CTX_new() thread safe (on win32) ?
I can see that happening. Would the following patch help? Index: ssl/ssl_ciph.c === RCS file: /e/openssl/cvs/openssl/ssl/ssl_ciph.c,v retrieving revision 1.33.2.3 diff -u -u -r1.33.2.3 ssl_ciph.c --- ssl/ssl_ciph.c 19 Jul 2002 19:53:02 - 1.33.2.3 +++ ssl/ssl_ciph.c 12 Dec 2002 22:32:30 - @@ -751,7 +751,9 @@ */ if (rule_str == NULL) return(NULL); + CRYPTO_w_lock(CRYPTO_LOCK_SSL); if (init_ciphers) load_ciphers(); + CRYPTO_w_unlock(CRYPTO_LOCK_SSL); /* * To reduce the work to do we only want to process the compiled In message [EMAIL PROTECTED] on Mon, 2 Dec 2002 09:09:25 +0100 (MET), Louis Solomon [SteelBytes] via RT [EMAIL PROTECTED] said: rt ok, rt here's the cause I think ... rt rt SSL_CTX_new(...) rt { rt ... rt ssl_create_cipher_list(...) rt ... rt } rt rt static int init_ciphers=1; rt rt ssl_create_cipher_list(...) rt { rt ... rt if (init_ciphers) load_ciphers(); rt ... rt ssl_cipher_get_disabled() rt ... rt } rt rt load_ciphers() rt { rt init_ciphers = 0; rt ... // mark_1 rt init ssl_cipher_methods[] rt ... rt } rt rt ssl_cipher_get_disabled() rt { rt ... rt use ssl_cipher_methods[] // mark_2 rt ... rt } rt rt consider this: rt thread_1 calls SSL_CTX_new() and reaches mark_1 rt a context switch happens (thread_1 stalls, and thread_2 becomes rt active) rt thread_2 calls SSL_CTX_new() and reaches mark_2 rt rt thread_2 will be trying to read from ssl_cipher_methods which is rt uninitialised !! rt rt any one care to fix the 0.9.7 beta ? (or 0.9.6g) rt rt Louis Solomon rt www.SteelBytes.com -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #394] Restrictions using SSL
In message [EMAIL PROTECTED] on Tue, 10 Dec 2002 08:24:09 +0100 (MET), Jeyalakshmi via RT [EMAIL PROTECTED] said: Please resend those questions to [EMAIL PROTECTED] This kind of post does not belong in our request tracker (the intention of the request tracker is to track down bugs in OpenSSL, and I'm sure you must have seen OpenSSL-bugs *somewhere* when you submitted this), nor does it belong on the list [EMAIL PROTECTED] This ticket will be killed immediately. rt rt hi rt we would like to apply SSL to our Web site. Now most of our pages are using Request.Querystring object. I feel it would create pblm ie we can't user GET method in ASP while applying SSL. rt rt I would like to know what are the other issues will come. Can you help me to get a list of do's and don'ts. rt rt Thanks rt rt cheers rt jeya rt __ rt OpenSSL Project http://www.openssl.org rt Development Mailing List [EMAIL PROTECTED] rt Automated List Manager [EMAIL PROTECTED] rt __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #385] 0.9.7-stable build fails on OpenBSD 2.9
In message [EMAIL PROTECTED] on Thu, 5 Dec 2002 10:03:20 +0100 (MET), via RT [EMAIL PROTECTED] said: rt gcc -I.. -I../.. -I../../include -fPIC -DDSO_DLFCN -DHAVE_DLFCN_H rt -DOPENSSL_NO_KRB5 -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer rt -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c hw_cryptodev.c rt hw_cryptodev.c:49: crypto/cryptodev.h: No such file or directory rt rt (I think that header is only available in OpenBSD 3.0 and later) Is there any way to detect this with built-in C macros? -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #385] 0.9.7-stable build fails on OpenBSD 2.9
In message [EMAIL PROTECTED] on Thu, 5 Dec 2002 09:36:15 +, Joe Orton [EMAIL PROTECTED] said: jorton Ah, I've found this in sys/param.h: jorton jorton #define OpenBSD 200105 /* OpenBSD version (year month). */ jorton #define OpenBSD2_9 1/* OpenBSD 2.9 */ jorton jorton so if we can work out what yearmonth is used in the first release with jorton this crypto/cryptodev.h header this can probably be used. According to http://www.openbsd.org/30.html, it was december 2001. So, checking OpenBSD = 200112 should do the trick. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #376] Possible SSL_CERT_FILE bug in 0.9.7 and 0.9.6
In message [EMAIL PROTECTED] on Thu, 05 Dec 2002 15:36:56 -0500, Rich Salz [EMAIL PROTECTED] said: rsalz If the file pointed at with SSL_CERT_FILE is faulty in any way, the rsalz code will fall back to the built-in default. If that fails, an error rsalz is generated. How much does that differ from what you said? rsalz rsalz Because you are saying: if there are any errors in the file named by rsalz $SSL_CERT_FILE, then I'll pretend $SSL_CERT_FILE wasn't set. rsalz rsalz I think that's bad. Hmm... OK, I can see that point (the rule of least surprise, basically?). Actually, you're right. I'll implement a change accordingly. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #376] Possible SSL_CERT_FILE bug in 0.9.7 and 0.9.6
In message [EMAIL PROTECTED] on Wed, 4 Dec 2002 09:24:39 +0100 (MET), [EMAIL PROTECTED] via RT [EMAIL PROTECTED] said: rt Could someone verify independently that SSL_CERT_FILE doesn't rt allow reading certificates in non-default locations? I can verify, by looking at the code, that SSL_CERT_FILE should work, but only if the default cert file (/usr/local/ssl/cer.pem?) doesn't exist or is faulty. Basically, the system default seems to have precedence... -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #201] OpenSSL 0.9.6e failing make test
In message [EMAIL PROTECTED] on Wed, 4 Dec 2002 18:08:25 +0100 (MET), [EMAIL PROTECTED] via RT [EMAIL PROTECTED] said: rt I can go and cripple the engine.pod documentation if absolutely necessary, rt but it simply seems a somewhat shortsighted solution (even if rt alliterative :-). IIRC there was some discussion a while back about rt bundled implementations of pod2man or something like that? Could we rt simply use a 5.8-compatible bundled implementation if the host system's rt version is too old? I've no problem with bundling a newer version. After all, we have something bundled in right now! -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #356] Bug in CRLF translation in PKCS7_sign
In message [EMAIL PROTECTED] on Wed, 4 Dec 2002 20:24:30 +0100 (MET), Stephen Henson via RT [EMAIL PROTECTED] said: rt The existing code could be fixed to handle other cases, for example by rt dumping that BIO_gets() replacing with a BIO_read() loop and converting rt the buffer in place. Alternatively a filter BIO that can handle EOL rt conversion could be written. Hmm, BIO_f_linebuffer() seems to be something to build from. Right now, it's an output-only buffering filter, but can easily be made an input filter as well. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #356] Bug in CRLF translation in PKCS7_sign
In message [EMAIL PROTECTED] on Mon, 2 Dec 2002 22:30:20 +0100 (MET), [EMAIL PROTECTED] via RT [EMAIL PROTECTED] said: rt Ah, that is a good point in the case where we saw rt this, the source bio was a bio_s_mem, i.e. a memory rt bio, so it was not doing r text-mode eol rt translation. In other instances we do use the r rt mode with file bios, and I guess that might explain rt why we never saw it happen in those functions... rt although it could also be that we never had a line of rt text that was exactly 1022 characters long. :) rt rt In any case, I don't believe that memory bios can be rt set to text-mode... can they? No they can't. However, if CRLF are showing up in them, it means you have put it in there some way, perhaps from transfering a file in binary mode to it? Text mode vs. binary mode is tricky business... -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #366] OpenVMS openssl-0.9.7-beta4.tar.gz
In message [EMAIL PROTECTED] on Sun, 1 Dec 2002 11:48:27 +0100 (MET), [EMAIL PROTECTED] via RT [EMAIL PROTECTED] said: rt happy to try the attached file ... as soon as you attach it! Don't use any of them. It still doesn't work for all numbers. EDIV is very hard to use for divisors that it perceives as negative, except for 0x8000. The new implementation of bn_div_words works well for all positive divisors, it seems. I'm honestly cursing some CPU creators for not putting in an extended DIV for unsigned numbers... -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #366] OpenVMS openssl-0.9.7-beta4.tar.gz
In message [EMAIL PROTECTED] on Sun, 1 Dec 2002 01:02:16 +0100 (MET), [EMAIL PROTECTED] via RT [EMAIL PROTECTED] said: rt It seems as if you have answered your own earlier suggestion to me. I rt can confirm this. With OPSNSSL_NO_ASM defined true BETA 4 builds, tests rt and works with WASD OK for me too. And I've just rewritten the bn_div_words routine. I don't know what I smoked when I rewrote it last time, but this time, I've done some pretty thorough tests. Also, the new routine makes sense mathematically! It's nice when theory and practice work together... rt I was working my way back down the BETAs, 4 - 3 - 2 ..., looking for rt one that would work, when I read you ASM email. I went back to 4 and rt the above is the result. One of the issues with my tired old VAXstation rt 4000/60 is that each build and test run takes many hours. Heh, I also run a 4000/60 for my tests, so I definitely know what you're talking about. However, I'd love it if you could try replacing your [.crypto/bn/asm]vms.mar with the attached file. And recompiling partially should be easy: $ @makevms crypto/bn ... the rest of your arguments ... $ @makevms ssl_task ... the rest of your arguments ... $ @makevms test ... the rest of your arguments ... $ @makevms apps ... the rest of your arguments ... That will take substancially less time. And oh, before you recompile as shown above, don't forget to deassign OPENSSL_NO_ASM :-). -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #366] OpenVMS openssl-0.9.7-beta4.tar.gz
The vms.mar I sent you had a small but important bug. Please try this one instead. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #370] Duplicate manuals in 0.9.7-stable
I just started working on making symlinks for all names in the NAME section of every .pod file we're converting into manpages. The benefit is that the manuals are available by function name, and users won't have to try to guess the name of the manpage any more. Applying some changes on 0.9.7-stable, I get messages like this: installing man3/BIO_s_bio.3 ln: /home/levitte/cvswork/dev.openssl.org/installs/OpenSSL-0.9.7-stable/usr/local/ssl/man/man3/BIO_new_bio_pair.3: Filen finns installing man3/BIO_s_connect.3 ln: /home/levitte/cvswork/dev.openssl.org/installs/OpenSSL-0.9.7-stable/usr/local/ssl/man/man3/BIO_set_nbio.3: Filen finns installing man3/BIO_set_callback.3 Filen finns is swedish and means file exists. The explanation is that the functions that make each of those already existing file names are mentioned twice. For some of them, it's just a duplication of names within the same manual, those are easy to fix (I'm doing it as I write). Some of them are a little more problematic, however, and I don't know right now how to best handle them: grep -n -e BIO_new_bio_pair doc/crypto/*.pod /dev/null doc/crypto/BIO_new_bio_pair.pod:5:BIO_new_bio_pair - create a new BIO pair doc/crypto/BIO_new_bio_pair.pod:11: int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2); doc/crypto/BIO_new_bio_pair.pod:15:BIO_new_bio_pair() creates a buffering BIO pair based on the doc/crypto/BIO_new_bio_pair.pod:25:BIO_new_bio_pair() does not check whether Bbio1 or Bbio2 do point to doc/crypto/BIO_new_bio_pair.pod:41: BIO_new_bio_pair(internal_bio, 0, network_bio, 0); doc/crypto/BIO_s_bio.pod:6:BIO_set_write_buf_size, BIO_get_write_buf_size, BIO_new_bio_pair, doc/crypto/BIO_s_bio.pod:24: int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2); doc/crypto/BIO_s_bio.pod:76:BIO_new_bio_pair() combines the calls to BIO_new(), BIO_make_bio_pair() and doc/crypto/bio.pod:47:LBIO_new_bio_pair(3)|BIO_new_bio_pair(3), grep -n -e BIO_set_nbio doc/crypto/*.pod /dev/null doc/crypto/BIO_s_accept.pod:5:BIO_s_accept, BIO_set_nbio, BIO_set_accept_port, BIO_get_accept_port, doc/crypto/BIO_s_accept.pod:6:BIO_set_nbio_accept, BIO_set_accept_bios, BIO_set_bind_mode, doc/crypto/BIO_s_accept.pod:20: long BIO_set_nbio_accept(BIO *b, int n); doc/crypto/BIO_s_accept.pod:72:BIO_set_nbio_accept() sets the accept socket to blocking mode doc/crypto/BIO_s_accept.pod:140:BIO_set_accept_port(), BIO_get_accept_port(), BIO_set_nbio_accept(), doc/crypto/BIO_s_connect.pod:8:BIO_set_nbio, BIO_do_connect - connect BIO doc/crypto/BIO_s_connect.pod:27: long BIO_set_nbio(BIO *b, long n); doc/crypto/BIO_s_connect.pod:86:BIO_set_nbio() sets the non blocking I/O flag to Bn. If Bn is doc/crypto/BIO_s_connect.pod:88:is set. Blocking I/O is the default. The call to BIO_set_nbio() doc/crypto/BIO_s_connect.pod:133:BIO_get_conn_ip(), BIO_get_conn_int_port(), BIO_set_nbio() and doc/crypto/BIO_s_connect.pod:158:BIO_set_nbio() always returns 1. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #370] Duplicate manuals in 0.9.7-stable
In message [EMAIL PROTECTED] on Fri, 29 Nov 2002 15:35:29 +0100 (MET), Lutz Jaenicke via RT [EMAIL PROTECTED] said: rt rt On Fri, Nov 29, 2002 at 03:23:02PM +0100, Richard Levitte - VMS Whacker via RT wrote: rt rt I just started working on making symlinks for all names in the NAME rt section of every .pod file we're converting into manpages. The rt benefit is that the manuals are available by function name, and users rt won't have to try to guess the name of the manpage any more. rt rt Applying some changes on 0.9.7-stable, I get messages like this: rt rt installing man3/BIO_s_bio.3 rt ln: /home/levitte/cvswork/dev.openssl.org/installs/OpenSSL-0.9.7-stable/usr/local/ssl/man/man3/BIO_new_bio_pair.3: Filen finns rt installing man3/BIO_s_connect.3 rt ln: /home/levitte/cvswork/dev.openssl.org/installs/OpenSSL-0.9.7-stable/usr/local/ssl/man/man3/BIO_set_nbio.3: Filen finns rt installing man3/BIO_set_callback.3 rt rt rt Filen finns is swedish and means file exists. rt rt The explanation is that the functions that make each of those already rt existing file names are mentioned twice. For some of them, it's just rt a duplication of names within the same manual, those are easy to fix rt (I'm doing it as I write). Some of them are a little more rt problematic, however, and I don't know right now how to best handle rt them: rt rt grep -n -e BIO_new_bio_pair doc/crypto/*.pod /dev/null rt doc/crypto/BIO_new_bio_pair.pod:5:BIO_new_bio_pair - create a new BIO pair rt doc/crypto/BIO_new_bio_pair.pod:11: int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2); rt doc/crypto/BIO_new_bio_pair.pod:15:BIO_new_bio_pair() creates a buffering BIO pair based on the rt doc/crypto/BIO_new_bio_pair.pod:25:BIO_new_bio_pair() does not check whether Bbio1 or Bbio2 do point to rt doc/crypto/BIO_new_bio_pair.pod:41: BIO_new_bio_pair(internal_bio, 0, network_bio, 0); rt doc/crypto/BIO_s_bio.pod:6:BIO_set_write_buf_size, BIO_get_write_buf_size, BIO_new_bio_pair, rt doc/crypto/BIO_s_bio.pod:24: int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2); rt doc/crypto/BIO_s_bio.pod:76:BIO_new_bio_pair() combines the calls to BIO_new(), BIO_make_bio_pair() and rt doc/crypto/bio.pod:47:LBIO_new_bio_pair(3)|BIO_new_bio_pair(3), rt rt grep -n -e BIO_set_nbio doc/crypto/*.pod /dev/null rt doc/crypto/BIO_s_accept.pod:5:BIO_s_accept, BIO_set_nbio, BIO_set_accept_port, BIO_get_accept_port, rt doc/crypto/BIO_s_accept.pod:6:BIO_set_nbio_accept, BIO_set_accept_bios, BIO_set_bind_mode, rt doc/crypto/BIO_s_accept.pod:20: long BIO_set_nbio_accept(BIO *b, int n); rt doc/crypto/BIO_s_accept.pod:72:BIO_set_nbio_accept() sets the accept socket to blocking mode rt doc/crypto/BIO_s_accept.pod:140:BIO_set_accept_port(), BIO_get_accept_port(), BIO_set_nbio_accept(), rt doc/crypto/BIO_s_connect.pod:8:BIO_set_nbio, BIO_do_connect - connect BIO rt doc/crypto/BIO_s_connect.pod:27: long BIO_set_nbio(BIO *b, long n); rt doc/crypto/BIO_s_connect.pod:86:BIO_set_nbio() sets the non blocking I/O flag to Bn. If Bn is rt doc/crypto/BIO_s_connect.pod:88:is set. Blocking I/O is the default. The call to BIO_set_nbio() rt doc/crypto/BIO_s_connect.pod:133:BIO_get_conn_ip(), BIO_get_conn_int_port(), BIO_set_nbio() and rt doc/crypto/BIO_s_connect.pod:158:BIO_set_nbio() always returns 1. rt rt Hmm. The entries in the NAME sections should be authoritative. rt Do we have more than one or two entries that accidently made it into rt the NAME sections of more than one .pod file? Uhmm, did you look at the grep output? BIO_new_bio_pair is described (and mentioned in the NAME section, which is the crucial culprit here) in both BIO_new_bio_pair.pod and BIO_s_bio.pod. The same goes for BIO_set_nbio, which is described both in BIO_s_accept.pod and BIO_s_connect.pod. rt PS. While you are at it: some user proposed to create the man pages from rt pod during make instead of the make install. Would it make sense rt to integrate such new behaviour with the processing you are currently rt doing? I will look at it, but since it's a bit more complex, I think it's too late for 0.9.7. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #366] OpenVMS openssl-0.9.7-beta4.tar.gz
In message [EMAIL PROTECTED] on Wed, 27 Nov 2002 12:56:16 +0100 (MET), [EMAIL PROTECTED] via RT [EMAIL PROTECTED] said: rt Builds OK on rt rt Compaq C V6.4-005 on OpenVMS VAX V7.3 rt Compaq TCP/IP Services for OpenVMS VAX Version V5.3 rt on a VAXstation 4000-60 running OpenVMS V7.3 rt rt but fails (actually never seems to complete) one of the tests. Here's the relevant portion (hope it's not too distorted). rt rt rt Generate and verify a certificate request rt generating certificate request rt There should be a 2 sequences of .'s and some +'s. rt There should not be more that at most 80 per line rt This could take some time. rt Generating a 512 bit RSA private key rt [...] Did this work with beta 3? -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #361] OpenSSL and compression using ZLIB
In message 001601c2940a$deed1b60$06a8a8c0@dell8200 on Sun, 24 Nov 2002 16:43:12 -0600, pobox [EMAIL PROTECTED] said: ghstark What will the current implementation of thedecompressor in ghstark OpenSSL do in each of these cases? Unless this can be determined, it can be tested by having several OpenSSLs with different behavior and test them against each other. In any case, now that I know the numbers (yeah, I know, draft numbers, but that's better than nothing), I can always put them in 0.9.8-dev and try several algorithms (as was suggested, there's a private range, and I see no harm in using them for tests, at least temporarly). -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #360] crypto/dsa/dsa_lib.c DSA_size()
In message [EMAIL PROTECTED] on Mon, 25 Nov 2002 09:32:30 +0100 (MET), Jeffrey Altman via RT [EMAIL PROTECTED] said: rt rt What is the appropriate size for 'buf' in DSA_size()? rt rt 4 bytes is certainly not correct. My guess is that we want to support at rt least 256 bits and so it needs to be at least 32 bytes. Does anyone rt have a better recommendation? Which version of OpenSSL? -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #346] 0.9.7-beta4: can't compile with kerberos support
Heimdal support is not, unfortunately. I once tried to do a port, and what you see is the result as far as I came. Unfortunately, I didn't get all the way, there are some things I wasn't able to map. MIT KRB5 and Heimdal differ more than one might expect. So, perfectly honestly, Heimdal support is currently half-ass at best. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #345] openssl 0.9.6g
In message [EMAIL PROTECTED] on Tue, 19 Nov 2002 10:23:17 +0100 (MET), Wieckowski, Tom via RT [EMAIL PROTECTED] said: rt Can't locate strict.pm in @INC (@INC contains: rt /usr/lib/perl-5.6.0/lib/5.6.0/alp rt ha-dec_osf /usr/lib/perl-5.6.0/lib/5.6.0 rt /usr/lib/perl-5.6.0/lib/site_perl/5.6.0 rt /alpha-dec_osf /usr/lib/perl-5.6.0/lib/site_perl/5.6.0 rt /usr/lib/perl-5.6.0/lib/s rt ite_perl .) at ./Configure line 9. rt BEGIN failed--compilation aborted at ./Configure line 9. rt rt I've tried a number of options and variations, including specifiying rt alpha-dec-osf rt but to no success. Would appreciate any thoughts/recommendations you may rt have. rt Thank you very much, That seems to be an error in your Perl installation. Where do you have strict.pm? -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #184] OpenVMS openssl-0.9.7-beta3.tar.gz
In message [EMAIL PROTECTED] on Mon, 18 Nov 2002 23:40:15 +0100 (MET), [EMAIL PROTECTED] via RT [EMAIL PROTECTED] said: rt Currently using ... rt rtCompaq TCP/IP Services for OpenVMS Alpha Version V5.3 rton a AlphaServer 1200 5/533 4MB running OpenVMS V7.3-1 rtCompaq C V6.5-001 on OpenVMS Alpha V7.3-1 rt rt One issue ... rt rt rt Compiling The SPEED.C File. rt rt printf(HZ=%g, (double)HZ); rt ^ rt %CC-I-IMPLICITFUNC, In this statement, the identifier sysconf is rt implicitly de rt clared as a function. rt at line number 1630 in file rt HT_ROOT:[SRC.OPENSSL-0_9_7-STABLE-SNAP-20021117.APPS rt ]SPEED.C;1 rt Compiling The S_TIME.C File. rt This is weird. speed.c include unistd.h, and if one looks in SYS$COMMON:[DECC$LIB.REFERENCE.DECC$RTLDEF]UNISTD.H, sysconf() is declared there... if __CTRL_VER = 7000. Ah, that probably explains it, you're playing with USER_CCDEFS, aren't you? Fair enough, I'll see if I can craft something... -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #29] -Wl,-Bsymbolic in 0.9.6d broke shared builds
In message [EMAIL PROTECTED] on Fri, 15 Nov 2002 07:55:26 +0100 (MET), Solar Designer via RT [EMAIL PROTECTED] said: rt * Wed Sep 25 2002 Solar Designer [EMAIL PROTECTED] rt - Don't do an explicit make build-shared, it's not needed and could only rt cause harm (link libssl against libcrypto statically), but luckily didn't; rt pointed out by Dmitry V. Levin of ALT Linux. Oh, you ran build-shared directly? OK, I can't exactly say what the results should have been, but I can't see anything good coming out of that. That target was never meant to be called directly. Perhaps I should have written some kind of warning to that effect. rt Basically, with 0.9.6d we used to do: rt rt # Check these against the DIRS= line and all target in top-level Makefile rt # when updating to a new version of OpenSSL; with 0.9.6d the Makefile says: rt # DIRS= crypto ssl rsaref $(SHLIB_MARK) apps test tools rt # all: clean-shared Makefile.ssl sub_all rt make Makefile.ssl rt make sub_all DIRS=crypto ssl rsaref rt make build-shared rt LD_LIBRARY_PATH=`pwd` make sub_all DIRS=apps test tools rt rt Now this has changed to: rt rt # Check these against the DIRS= line and all target in top-level Makefile rt # when updating to a new version of OpenSSL; with 0.9.6g the Makefile says: rt # DIRS= crypto ssl rsaref $(SHLIB_MARK) apps test tools rt # all: clean-shared Makefile.ssl sub_all rt make Makefile.ssl rt make sub_all DIRS=crypto ssl rsaref rt LD_LIBRARY_PATH=`pwd` make sub_all DIRS=apps test tools You do know, don't you, that you really have no need for rsaref any more? Anyhow, I will now consider this ticket resolved. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #29] -Wl,-Bsymbolic in 0.9.6d broke shared builds
In message [EMAIL PROTECTED] on Fri, 15 Nov 2002 09:54:31 +0300, Solar Designer [EMAIL PROTECTED] said: solar I've now tried removing the patch from our 0.9.6g package and what I solar get is: solar solar 1. Both versions appear to produce a working library now, however: solar solar 2. The sizes and symbol offsets in them differ: solar solar With -Wl,-Bsymbolic (original): solar -rwxr-xr-x root root 827429 Nov 15 09:28 /usr/lib/libcrypto.so.0.9.6 solar solar Without -Wl,-Bsymbolic (patched): solar -rwxr-xr-x root root 858309 Nov 15 09:40 /usr/lib/libcrypto.so.0.9.6 Oh, about that, I'm not too surprised. Since -Bsymbolic gets the linker to resolve calls between modules within the shared library, the final relocation table will of course get smaller. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #29] -Wl,-Bsymbolic in 0.9.6d broke shared builds
In message [EMAIL PROTECTED] on Fri, 15 Nov 2002 10:26:26 +0100 (MET), Solar Designer via RT [EMAIL PROTECTED] said: rt Well, I left it in because the original Makefile would build it too. rt Is that just to support Configure rsaref? Yes. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #344] Re: Patch for Win2000 Smartcardlogin
In message [EMAIL PROTECTED] on Fri, 15 Nov 2002 10:33:29 +0100 (MET), Michael Bell via RT [EMAIL PROTECTED] said: rt Thanks a lot. It looks great. One question - I checked rt crypto/objects/objects.txt and see that the OIDs for Microsoft's rt smartcardlogin are still not present. Can somebody add these OIDs to rt objects.txt? rt rt !Cname ms-smartcard-login rt 1 3 6 1 4 1 311 20 2 2: msSmartcardLogin : Microsoft rt Smartcardlogin rt rt !Cname ms-upn rt 1 3 6 1 4 1 311 20 2 3: msUPN : Microsoft rt Universal Principal Name Done. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #325] Open SSL on Bug on Win32
In message [EMAIL PROTECTED] on Tue, 5 Nov 2002 08:57:10 +0100 (MET), Richard Levitte - VMS Whacker via RT [EMAIL PROTECTED] said: rt What about trying to do the following before running nmake: rt rt C:\Program Files\Microsoft Visual Studio .Net\VC7\bin\VCVARS32 rt rt If this doesn't work, look in C:\Program Files\Microsoft Visual Studio .Net\VC7\bin rt for any .BAT file that sets up an environment for you. You need that rt for CMD to be able to find the compiler (cl.exe). rt rt Please tell us if that solved it for you, and if the correct .BAT file rt was something else than VCVARS32.BAT, please tell us so we can mention rt that in our documentation. Any result? -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #333] x509.pod
In message [EMAIL PROTECTED] on Thu, 14 Nov 2002 11:24:16 +0100 (MET), Ernst G Giessmann via RT [EMAIL PROTECTED] said: rt Run in your doc/apps directory rt rt fgrep =head1 NAME *.pod rt rt you'll get rt rt CA.pl.pod:=head1 NAME rt asn1parse.pod:=head1 NAME rt ...more files rt spkac.pod:=head1 NAME rt verify.pod:=head1 NAME rt version.pod:=head1 NAME rt x509.pod:=head1 NAME rt x509.pod:=head1 NAME OPTIONS rt rt all but the last are fine here. How one can stop the pod2latex to rt misunderstand the =head1 NAME OPTIONS string? Hmm, I can't see any way to stop pod2latex, except maybe changing the following line in Pod::LaTeX: if ($self-{_CURRENT_HEAD1} =~ /^NAME/i $self-ReplaceNAMEwithSection()) { to: if ($self-{_CURRENT_HEAD1} =~ /^NAME\s*$/i $self-ReplaceNAMEwithSection()) { This might be a worthy bug report to the authors of the Pod system. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #328] DH_compute_key incompatable with PKCS #3
In message [EMAIL PROTECTED] on Thu, 14 Nov 2002 18:54:21 +0100 (MET), Jack Lloyd via RT [EMAIL PROTECTED] said: rt Looks like the 1.1 TLS draft spec uses the same wording. Perhaps someone rt should contact the TLS WG and ask for a clarification on this issue? [I'll rt do it if nobody else is interested] Please do. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]