Re: Sun compiler problem?
I was trying to compile the current 0.9.5-dev on a Solaris machine. The linker complained about many missing symbols. nm reports libcrypto.a[cryptlib.o]: nm: cryptlib.o: invalid file type `./config -t`, `which ld`, `which nm`, `which ar`? and so on for a large part of the archive. Any ideas what is going wrong? ./config printed the warning about the required patch for WorkShop C, Well, I suppose `which ld` is redundant as cc shall always invoke /usr/ccs/bin/ld. Andy. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Fatal error using alpha-cc compiler option
jrfndes using the option alpha-cc. with -O4 ... -O1 the program ~ jrfndes /crypto/sha/sha_dsgt.c stop the jrfndes compiler sending the following the message: jrfndes jrfndes Fatal: Insufficient virtual memory to continue compilation. [...] It would appreciate other tips ... Add -DMD32_XARRAY to ./config or ./Configure command line, rebuild the whole thing and tell how it went. Andy. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problems in recent snapshot
On Tue, Feb 22, 2000 at 08:37:12PM +, Ben Laurie wrote: Yoram Meroz wrote: Since moving from the 02-20 to the 02-21 snapshots, I've been consistently unable to connect to www.apache-ssl.org or www.rsasecurity.com . www.verisign.com and www.buy.com work fine. Since I am one of very few working with the mac build, I'd like some confirmation as to whether anyone is having similar problems in the UNIX or Win32 builds, or whether this is unique to the mac build. I imagine this'll be Bodo's frag fixes failing. Can anyone reproduce the errors? www.apache-ssl.org works fine for me; at first I thought I had found a problem at www.rsarecurity.com, but that's just the server closing the connection without having sent a single byte in return to the Client Hello (same problem with OpenSSL 0.9.4, and with Netscape). If there are connection problems, of what kind are they? What happens according to 's_client -debug -state'? You didn't even reveal the error message ... __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Sun compiler problem?
On Wed, Feb 23, 2000 at 12:17:43AM +0100, Ulf Möller wrote: I was trying to compile the current 0.9.5-dev on a Solaris machine. The linker complained about many missing symbols. nm reports libcrypto.a[cryptlib.o]: nm: cryptlib.o: invalid file type and so on for a large part of the archive. Mixture between sparcv8 and sparcv9 configuration? __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problems in recent snapshot
On Wed, Feb 23, 2000 at 11:00:27AM +0100, Bodo Moeller wrote: On Tue, Feb 22, 2000 at 08:37:12PM +, Ben Laurie wrote: Yoram Meroz wrote: is having similar problems in the UNIX or Win32 builds, or whether this is unique to the mac build. I imagine this'll be Bodo's frag fixes failing. Can anyone reproduce the errors? www.apache-ssl.org works fine for me; at first I thought I had found a problem at www.rsarecurity.com, but that's just the server closing the connection without having sent a single byte in return to the Client Hello (same problem with OpenSSL 0.9.4, and with Netscape). Hi, I have just tried it with latest SNAPSHOT on HP-UX 10.20. Could reproduce the problems. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: MD4 anyone?
On Tue, Feb 22, 2000 at 10:49:11PM -0500, Evan Carew wrote: Is there any need for the MD4 message digest function in the openssl package? If so, let me know I can submit the diffs. Hello, I'm developping a password cracker using libcrypto.a from openssl. The goal isn't to have a fast password cracker as John the Ripper, but to document the different algorithmes, their weaknesses and to show how easy it is to develop such a piece of software when good libraries (as openssl) exist. NTLM algorithm uses MD4 and I must have a md4 implementation in my sources. MD5 and other algorithmes in openssl have asm optimized implementation so if md4 could have such asm optimization it could be great because faster than the standard C implementation. I'm OK to test your md4 patches. Denis Ducamp. PS. The first alpha version will be released at 2nd millenium bug (00/02/29). I'm looking for testers on different platforms : HPUX, AIX and others. Send me an email if you are interested. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
DECLARE_STACK_OF(ASN1_UTF8STRING) and 0.9.4 problem.
I'm trying to define an ASN1 type that has an element which is a stack of UTF-8 string usins 0.9.4 and I have some problems. I figured I had to define the type STACK_OF(ASN1_UTF8STRING) with DECLARE_STACK_OF(ASN1_UTF8STRING), but this bring problems. I suggest you give up this message now if you're not a guru of C precompiler. In non-debug version, we have : #define ASN1_UTF8STRING ASN1_STRING and #define DECLARE_STACK_OF(type) \ typedef struct stack_st_##type \ { \ STACK stack; \ } STACK_OF(type); \ STACK_OF(type) *sk_##type##_new(int (*cmp)(type **,type **)); \ STACK_OF(type) *sk_##type##_new_null(void); \ void sk_##type##_free(STACK_OF(type) *sk); \ and #define IMPLEMENT_STACK_OF(type) \ STACK_OF(type) *sk_##type##_new(int (*cmp)(type **,type **)) \ { return (STACK_OF(type) *)sk_new(cmp); } \ STACK_OF(type) *sk_##type##_new_null() \ { return (STACK_OF(type) *)sk_new_null(); } \ void sk_##type##_free(STACK_OF(type) *sk) \ { sk_free((STACK *)sk); } \ and #define STACK_OF(type) STACK_##type In DECLARE_STACK_OF, the precompiler makes concatenation first. Then replaces ASN1_UTF8STRING with ASN1_STRING everywhere. Then the sub-macros are handled. This gives : typedef struct stack_st_ASN1_UTF8STRING { STACK stack; } STACK_ASN1_STRING; STACK_ASN1_STRING *sk_ASN1_UTF8STRING_new(int (*cmp)( ASN1_STRING **, ASN1_STRING **)); STACK_ASN1_STRING *sk_ASN1_UTF8STRING_new_null(void); void sk_ASN1_UTF8STRING_free(STACK_ASN1_STRING *sk); which sound like what we want. The names have ASN1_UTF8STRING in them, but the type is actually ASN1_STRING. But now when I declare : STACK_OF(ASN1_UTF8STRING) in my code, the deepness of the call is one so I get STACK_ASN1_UTF8STRING instead of the STACK_ASN1_STRING I had in DECLARE_STACK_OF. Is this solved in 0.9.5 ? I think the deepness of DECLARE_STACK_OF should be increased by one so that the behaviour becomes constant: #define STACK_OF(type) STACK_##type #define INTERNAL_STACK_OF(type) STACK_##type #define STACK_OF(type) INTERNAL_STACK_OF(type) We also have : #define ASN1_UTF8STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) But when I call : sk_ASN1_UTF8STRING_pop_free(a-extensions,ASN1_UTF8STRING_free); I don't get the result I want because ASN1_UTF8STRING_free is not replaced by ASN1_STRING_free as this is not a function call. We should have : #define ASN1_UTF8STRING_free ASN1_STRING_free because anyway a is of type ASN1_STRING. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: MD4 anyone?
Denis Ducamp wrote: I'm developping a password cracker using libcrypto.a from openssl. The goal isn't to have a fast password cracker as John the Ripper, but to document the different algorithmes, their weaknesses and to show how easy it is to develop such a piece of software when good libraries (as openssl) exist. NTLM algorithm uses MD4 and I must have a md4 implementation in my sources. MD5 and other algorithmes in openssl have asm optimized implementation so if md4 could have such asm optimization it could be great because faster than the standard C implementation. I've seen recently MD4 has been broken to the point you can get any text to hash to a given MD4 hash value, if you have around 10 byte in the original text you can give free value to. You should try to document yourself on that and to implement this to break the password. Of course if the password is shorter than 10 byte, brute force might be faster to find the correct value. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Fatal error using alpha-cc compiler option
Andy Polyakov wrote: > > jrfndes> using the option alpha-cc. with -O4 ... -O1 the program ~ > > jrfndes> /crypto/sha/sha_dsgt.c stop the > > jrfndes> compiler sending the following the message: > > jrfndes> > > jrfndes> Fatal: Insufficient virtual memory to continue compilation. > > [...] > > It would appreciate other tips ... Add -DMD32_XARRAY to ./config or ./Configure command line, rebuild the whole thing and tell how it went. Unhappily it didn't work. I am also sending this problem for the DEC osf-managers list at: http://www.ornl.gov/its/archives/mailing-lists / for more suggestions. While compiling with your define the vmstat trace showing: Pay attention in the last 48 seconds #vmstat 3 Virtual Memory Statistics: (pagesize = 8192) procs memory pages intr cpu r w u act free wire fault cow zero react pin pout in sy cs us sy id 7 52 16 2882 7303 986 3M 589K 2M 48K 727K 25K 23 335 68 27 4 69 8 51 16 2890 7295 986 119 15 62 54 10 0 1 253 280 95 5 0 8 51 16 2892 7293 986 44 0 44 51 0 0 0 350 313 94 6 0 5 54 16 2898 7287 986 45 0 45 56 0 0 3 279 293 95 5 0 8 51 16 2903 7282 986 59 3 48 68 5 0 6 227 274 94 6 0 8 51 16 3227 6958 986 196 0 196 75 0 0 2 263 292 89 11 0 4 55 16 4063 6119 989 764 0 764 54 0 0 0 175 198 80 20 0 3 56 16 5069 5112 990 1316 0 1316 28 0 0 0 103 150 74 26 0 3 56 16 6012 4168 991 965 0 965 21 0 0 1 121 176 76 24 0 3 56 16 6876 3296 999 1123 67 937 21 78 0 83 264 174 67 33 0 8 51 16 7391 2780 1000 625 0 616 23 6 0 4 234 246 82 18 0 4 55 16 7936 2235 1000 472 0 472 16 0 0 0 236 253 82 18 0 8 51 16 8541 1623 1007 734 0 734 6 0 0 0 233 258 80 20 0 8 51 16 8771 1393 1007 302 0 302 6 0 0 1 299 288 88 12 0 3 56 16 9278 885 1008 392 0 392 6 0 0 2 240 267 81 19 0 3 56 16 10K 80 1009 868 0 868 8 0 0 28 128 185 73 27 0 3 56 16 10K 9 987 724 0 724 465 0 154 537 116 347 54 45 0 3 55 17 10K 35 987 701 0 686 138 8 201 608 73 391 45 48 6 6 52 16 10K 60 983 697 0 690 14 7 219 623 105 412 45 49 6 3 57 16 10K 43 987 1110 66 920 18 82 289 581 225 349 46 51 3 7 53 16 10K 48 987 290 0 290 2 0 216 562 242 471 66 33 1 8 52 16 10K 117 960 344 0 344 10 0 153 414 239 390 66 34 0 4 56 16 10K 23 962 532 0 532 3 0 187 532 193 382 57 43 0 3 57 16 10K 32 964 647 0 644 40 3 218 583 80 310 46 50 4 4 56 16 10K 75 952 701 0 701 57 0 168 433 113 282 52 48 0 4 56 16 10K 85 954 717 0 716 170 1 150 456 97 248 47 52 2 5 55 16 10K 66 955 381 0 380 46 1 121 300 263 355 68 32 0 5 54 17 10K 97 956 300 0 300 64 0 118 297 257 342 74 26 0 3 55 17 10K 69 958 518 0 513 21 5 178 560 125 310 50 50 0 4 56 16 10K 54 955 797 56 619 39 89 164 568 266 320 44 56 0 4 56 16 10K 111 958 856 11 828 31 14 238 441 115 269 48 49 3 3 55 16 1540 8705 926 454 0 452 8 3 112 399 80 250 34 44 23 2 56 16 1540 8705 926 110 0 42 305 43 6 1 94 151 8 3 89
Re: Problems in recent snapshot
On Wed, Feb 23, 2000 at 02:32:32PM +0100, Lutz Jaenicke wrote: Can anyone reproduce the errors? www.apache-ssl.org works fine for me; at first I thought I had found a problem at www.rsarecurity.com, but that's just the server closing the connection without having sent a single byte in return to the Client Hello (same problem with OpenSSL 0.9.4, and with Netscape). I have just tried it with latest SNAPSHOT on HP-UX 10.20. Could reproduce the problems. www.rsasecurity.com does not count because that site does not even work with Netscape at the moment. So what's the matter with www.apache-ssl.org ("openssl s_client -debug -state -connect www.apache-ssl.org:443")? __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problems in recent snapshot
On Wed, Feb 23, 2000 at 06:45:46PM +0100, Bodo Moeller wrote: On Wed, Feb 23, 2000 at 02:32:32PM +0100, Lutz Jaenicke wrote: I have just tried it with latest SNAPSHOT on HP-UX 10.20. Could reproduce the problems. www.rsasecurity.com does not count because that site does not even work with Netscape at the moment. So what's the matter with www.apache-ssl.org ("openssl s_client -debug -state -connect www.apache-ssl.org:443")? ARRRGGGH! This should have been "Could NOT reproduce the problem". Seems the NOT key is defective Sorry, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
OT: I need algorithm (or function)
Hi all, i have interesting problem: + We have some Personal Number (PN). + PN is primary key in database (DB) of important data. ("bad customer") + must NOT exist way to get PN and data from DB + must exist way to find out if PN is in DB + of course we must inserting PN and data in DB - ease solution is to use one way function SHA or else, BUT cont of PN is limited it is only 6 digit number, so attacker can use hard power to get all PN from DB - my friend recommend me to expand number in this way, all digits 0 will be random of ('a'-'e'); 1 - ('f'-'n'), etc. Way for hackers will be harder, than in previous idea - does exist some algorithm for this problem (may be in OpenSSL)? thanks for all answers Martin (excuse me my English) __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problems in recent snapshot
On Wed, Feb 23, 2000 at 06:47:53PM +0100, Lutz Jaenicke wrote: On Wed, Feb 23, 2000 at 06:45:46PM +0100, Bodo Moeller wrote: On Wed, Feb 23, 2000 at 02:32:32PM +0100, Lutz Jaenicke wrote: I have just tried it with latest SNAPSHOT on HP-UX 10.20. Could reproduce the problems. www.rsasecurity.com does not count because that site does not even work with Netscape at the moment. So what's the matter with www.apache-ssl.org ("openssl s_client -debug -state -connect www.apache-ssl.org:443")? ARRRGGGH! This should have been "Could NOT reproduce the problem". Seems the NOT key is defective I didn't really believe you anyway :-) SCNR. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OT: I need algorithm (or function)
Hello Martin, I hope this can help you: In PKCS12 (V1.0) Appendix B, is described a method for generating pseudo-random bits for a strong password or a MAC, and it could be used as a complex Has function. The input data is: - An ID Byte - A salt - An input password I have used it for something similar to what you want to do with the following parameters: - An non standard ID Byte (not 1, 2 or 3) - Any of the following salts (depending on the application): - The same for all data (random generated at the setup of the aplication). - Based and/or extracted from other data of the same entry in the Data Base. - A random salt for each entry, random generated when the data was stored, and kept in the Data Base as another field or concatenated to the result of the hash. - Instead of the input password I use the data I want to validate. Claudio Horvilleur. Martin Szotkowski wrote: Hi all, i have interesting problem: + We have some Personal Number (PN). + PN is primary key in database (DB) of important data. ("bad customer") + must NOT exist way to get PN and data from DB + must exist way to find out if PN is in DB + of course we must inserting PN and data in DB - ease solution is to use one way function SHA or else, BUT cont of PN is limited it is only 6 digit number, so attacker can use hard power to get all PN from DB - my friend recommend me to expand number in this way, all digits 0 will be random of ('a'-'e'); 1 - ('f'-'n'), etc. Way for hackers will be harder, than in previous idea - does exist some algorithm for this problem (may be in OpenSSL)? thanks for all answers Martin (excuse me my English) __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: DECLARE_STACK_OF(ASN1_UTF8STRING) and 0.9.4 problem.
Jean-Marc Desperrier wrote: I'm trying to define an ASN1 type that has an element which is a stack of UTF-8 string usins 0.9.4 and I have some problems. I figured I had to define the type STACK_OF(ASN1_UTF8STRING) with DECLARE_STACK_OF(ASN1_UTF8STRING), but this bring problems. I suggest you give up this message now if you're not a guru of C precompiler. As you've no doubt realised you can use a STACK_OF(ASN1_STRING) as a work around since ASN1_STRING is a real structure. I'll look into a better solution. We also have : #define ASN1_UTF8STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) But when I call : sk_ASN1_UTF8STRING_pop_free(a-extensions,ASN1_UTF8STRING_free); I don't get the result I want because ASN1_UTF8STRING_free is not replaced by ASN1_STRING_free as this is not a function call. We should have : #define ASN1_UTF8STRING_free ASN1_STRING_free because anyway a is of type ASN1_STRING. This should be fixed in the latest snapshot. ASN1_UTF8STRING_free() is now a real function instead of a macro. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: DECLARE_STACK_OF(ASN1_UTF8STRING) and 0.9.4 problem.
Jean-Marc Desperrier wrote: In non-debug version, we have : #define ASN1_UTF8STRING ASN1_STRING and #define DECLARE_STACK_OF(type) \ typedef struct stack_st_##type \ { \ STACK stack; \ } STACK_OF(type); \ STACK_OF(type) *sk_##type##_new(int (*cmp)(type **,type **)); \ STACK_OF(type) *sk_##type##_new_null(void); \ void sk_##type##_free(STACK_OF(type) *sk); \ and #define IMPLEMENT_STACK_OF(type) \ STACK_OF(type) *sk_##type##_new(int (*cmp)(type **,type **)) \ { return (STACK_OF(type) *)sk_new(cmp); } \ STACK_OF(type) *sk_##type##_new_null() \ { return (STACK_OF(type) *)sk_new_null(); } \ void sk_##type##_free(STACK_OF(type) *sk) \ { sk_free((STACK *)sk); } \ and #define STACK_OF(type) STACK_##type In DECLARE_STACK_OF, the precompiler makes concatenation first. Then replaces ASN1_UTF8STRING with ASN1_STRING everywhere. Then the sub-macros are handled. This gives : typedef struct stack_st_ASN1_UTF8STRING { STACK stack; } STACK_ASN1_STRING; STACK_ASN1_STRING *sk_ASN1_UTF8STRING_new(int (*cmp)( ASN1_STRING **, ASN1_STRING **)); STACK_ASN1_STRING *sk_ASN1_UTF8STRING_new_null(void); void sk_ASN1_UTF8STRING_free(STACK_ASN1_STRING *sk); which sound like what we want. The names have ASN1_UTF8STRING in them, but the type is actually ASN1_STRING. But now when I declare : STACK_OF(ASN1_UTF8STRING) in my code, the deepness of the call is one so I get STACK_ASN1_UTF8STRING instead of the STACK_ASN1_STRING I had in DECLARE_STACK_OF. Is this solved in 0.9.5 ? I think the deepness of DECLARE_STACK_OF should be increased by one so that the behaviour becomes constant: #define STACK_OF(type) STACK_##type #define INTERNAL_STACK_OF(type) STACK_##type #define STACK_OF(type) INTERNAL_STACK_OF(type) There's a problem with this solution. If you need another ASN1_STRING equivalent STACK_OF such as ASN1_IA5STRING you get a conflict because the structure STACK_ASN1_STRING gets declared twice. If the STACK_OF macro is removed from the definitions and written in full as STACK_##type then it should expand to STACK_ASN1_UTF8STRING which avoids this. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
How to build exportable OpenSSL?
Hi All, I've looked through the documentation, but I can't seem to find how to build an exportable (40 bit) version of OpenSSL? Thanks, Will __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]