Re: LSB inclusion of OpenSSL
In message [EMAIL PROTECTED] on Mon, 7 Nov 2005 12:45:15 +0530, Pradosh Adoni [EMAIL PROTECTED] said: pradosh.adoni so ,would it make more sense to standardize on the EVP pradosh.adoni interface as opposed to the lower level functions ? pradosh.adoni This would force developers seeking LSB certification pradosh.adoni to go by that recommendation, unfortunately we can't pradosh.adoni say how well this would be accepted. Or if we do pradosh.adoni standardize on the lower level stuff , then we would pradosh.adoni need to indentify interfaces which are ABSOULTELY NOT pradosh.adoni going to change in the coming versions, but I don't pradosh.adoni know how feasible that is .. I'd opt for a standardisation of the EVP interface. Cheers, Richard - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up. -- C.S. Lewis __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
[openssl.org #1238] Bug Report: OpenSSL 0.9.7i Configure broken for solaris-sparcv8-cc
Bug Report Release: 0.9.7i OS: Solaris 7,8 Architecture: Sparc v8 The Configure entry for solaris-sparcv8-cc is missing the dynamic loader options. The options -G -dy -z text should be inserted just after :-KPIC: as with the other solaris entries for SunCC. Thanks, Andrew Sherman Executive Director, IT Security Morgan Stanley 1 Pierrepont Plaza Brooklyn, NY 11201 +1 (718) 754-2276 (Voice) +1 (212) 507-2046 (FAX) [EMAIL PROTECTED] NOTICE: If received in error, please destroy and notify sender. Sender does not waive confidentiality or privilege, and use is prohibited. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
[openssl.org #1239] OpenSSL-0.9.8 executable fails to load when compiled with shared libraries on AIX
Related info from testlog file (home dir is used instead of the full path): -- Options: --openssldir=home dir/openssl enable-threads -D_REENTRANT enable-shared no-gmp no-krb5 no-mdc2 no-rc5 no-zlib no-zlib-dynamic OS (uname): AIX chi-ibm02 2 5 00CBD8CF4C00 OS (config): 00CBD8CF4C00-ibm-aix Target (default): aix-cc Target: aix-cc Compiler: /usr/bin/pg /usr/vac/exe/default_msg/vac.help C for AIX Compiler, Version 6 Usage: xlc [ option | inputfile ]... cc [ option | inputfile ]... c89 [ option | inputfile ]... xlc128 [ option | inputfile ]... cc128 [ option | inputfile ]... xlc_r [ option | inputfile ]... cc_r [ option | inputfile ]... xlc_r4 [ option | inputfile ]... cc_r4 [ option | inputfile ]... xlc_r7 [ option | inputfile ]... cc_r7 [ option | inputfile ]... - Output from openssl version -a: - OpenSSL 0.9.8a 11 Oct 2005 built on: Fri Nov 4 11:05:47 CST 2005 platform: aix-cc options: bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,4,long) idea(int) blowfish(idx) compiler: cc -DOPENSSL_THREADS -qthreaded -DDSO_DLFCN -DHAVE_DLFCN_H -D_REENTRANT -q32 -O -DB_ENDIAN -qmaxmem=16384 OPENSSLDIR: home dir/openssl Problem description: When I install OpenSSL-0.9.8/0.9.8a on AIX with shared libraries, after command make it builds but produces a number of error messages like: - exec(): 0509-036 Cannot load program home dir/openssl-0.9.8a/util/../apps/openssl because of the following errors: 0509-150 Dependent module libc.a(shr.o) could not be loaded. 0509-022 Cannot load module libc.a(shr.o). 0509-026 System error: A file or directory in the path name does not exist. - The next command make test actually fails with similar error messages. If I ignore this and call make install, it installs properly but when I try to run openssl executable, it again fails to load with the same error message. In fact, when I link another application with shared libraries libcrypto.so.0.9.8 libssl.so.0.9.8, they load successfully. The problem doesn't exist in previous major release, at least OpenSSL-0.9.7b, and even in OpenSSL-0.9.8/0.9.8a if it is built without shared libraries. It can be helped by explicitly adding the path for libc.a, e.g. env LIBPATH=/usr/lib required command but it doesn't seem to be a good permanent solution. When I examined the explicit paths contained in the binaries, using dump -H ..., for openssl executable, it gives: - ***Import File Strings*** INDEX PATH BASEMEMBER 0 home dir/openssl/lib 1libc.a shr.o - i.e. openssl contains only the path for just installed version and not any system path. Shared libraries contain the correct system path, e.g. for libssl.so: - ***Import File Strings*** INDEX PATH BASEMEMBER 0 .:/usr/lpp/xlopt:/usr/lib:/lib 1libcrypto.so 2libc.a shr.o -- As already mentioned, the path seems to be correct in OpenSSL-0.9.7b or in OpenSSL-0.9.8/0.9.8a built without shared libraries. In the build log, produced by make under the conditions of this bug, we can see the repeated line: LDFLAGS=-DOPENSSL_THREADS -qthreaded -DDSO_DLFCN -DHAVE_DLFCN_H -D_REENTRANT -q32 -O -DB_ENDIAN -qmaxmem=16384 -blibpath:home dir/openssl/lib; \ Because of the results, it is clear that -blibpath:..., suppressing system paths, somehow applied only to openssl executable but not shared libraries. Therefore, it looks necessary to fix
Openssl 0.9.8 Win 64 bit initial support
Hi All, While seeing the Major changes between Openssl 0.9.7g and Openssl 0.9.8 I found that for Win64 support it says : Added initial support for Win64 But I am not able to find out what initial support does this provide? Could anyone elaborate on this? Thanks regards Ashith __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: LSB inclusion of OpenSSL
On Mon, Nov 07, 2005, Pradosh Adoni wrote: pradosh.adoni for eg. Of the current list of interfaces which ones pradosh.adoni are most definitely going to be deprecated in future pradosh.adoni versions ? For the longest time, we have recommended to use the EVP interface rather than lower level crypto functions. However, not even the EVP interface has been safe from incompatible changes, BUT those changes have been comparatively few. so ,would it make more sense to standardize on the EVP interface as opposed to the lower level functions ? This would force developers seeking LSB certification to go by that recommendation, unfortunately we can't say how well this would be accepted. Or if we do standardize on the lower level stuff , then we would need to indentify interfaces which are ABSOULTELY NOT going to change in the coming versions, but I don't know how feasible that is .. I'm assuming that by ABSOULTELY NOT going to change in the coming versions means not going to change in incompatible ways rather that not going to change at all. Some compatible changes may well be likely. As for incompatible chanhes there is one nasty incompatibility with PKCS#11 which EVP might have to address if we ever need a full PKCS#11 ENGINE. Even that though could be done in a compatible way. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: LSB inclusion of OpenSSL
In message [EMAIL PROTECTED] on Mon, 7 Nov 2005 13:37:19 +0100, Dr. Stephen Henson [EMAIL PROTECTED] said: steve As for incompatible chanhes there is one nasty incompatibility steve with PKCS#11 which EVP might have to address if we ever need a steve full PKCS#11 ENGINE. Even that though could be done in a steve compatible way. Without jumping through hoops and bending over backwards twice? Cheers, Richard - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up. -- C.S. Lewis __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: LSB inclusion of OpenSSL
On Mon, Nov 07, 2005, Richard Levitte - VMS Whacker wrote: In message [EMAIL PROTECTED] on Mon, 7 Nov 2005 13:37:19 +0100, Dr. Stephen Henson [EMAIL PROTECTED] said: steve As for incompatible chanhes there is one nasty incompatibility steve with PKCS#11 which EVP might have to address if we ever need a steve full PKCS#11 ENGINE. Even that though could be done in a steve compatible way. Without jumping through hoops and bending over backwards twice? Probably more than that :-( There are two PKCS#11 issue which are painful. One is its handling of fork() which I've mentioned before. The other is that its equivalent to EVP_CipherUpdate() and EVP_CipherFinal() which can output data in arbitrary sizes whereas our stuff will never be more than one block length larger than the input. I'm aware of some PKCS#11 implementations that buffer the input data until it reaches a few K in size and then dumps the whole lot. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: LSB inclusion of OpenSSL
In message [EMAIL PROTECTED] on Mon, 7 Nov 2005 14:00:17 +0100, Dr. Stephen Henson [EMAIL PROTECTED] said: steve The other is that its equivalent to EVP_CipherUpdate() and steve EVP_CipherFinal() which can output data in arbitrary sizes steve whereas our stuff will never be more than one block length steve larger than the input. I'm aware of some PKCS#11 steve implementations that buffer the input data until it reaches a steve few K in size and then dumps the whole lot. E Cheers, Richard - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up. -- C.S. Lewis __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]