Hi,
there is a bug in the Makefiles, where you write ==
for comparing $(PLATFORM). Should be = for traditionsl sh.
I guess when building shared library on sparcv9 one should
have BOTH shared object, in case an application that interfaces
the kernel (and hence needs to be -m64) has to use it. As
openssl 0.9.7-beta5 uses == as a comparison operator for the [ (test)
command. I have found only two implementations that support this: the
builtin test command in bash, and the external test command on
Solaris. It is not supported by the GNU sh-utils test, the pdksh
builtin test, NetBSD,
The INSTALL file in openssl 0.9.7-beta5 mentions that RT is available
at http://www.openssl.org/rt2.html. Trying to browse that URL gives
me:
Not Found
The requested URL /rt2.html was not found on this server.
Apache/1.3.27 Server at www.openssl.org Port 80
I'm tracking down the cause of an exception that did not occur with
Kermit 95 with previous
0.9.7 builds. In the process I noticed that in
X509_STORE_CTX_cleanup
the buffer ctx-ex_data is freed with
CRYPTO_free_ex_data
prior to it being cleansed with
OPENSSL_cleanse
I'm pretty sure
Please ignore my previous e-mail, the problem is located in
X509_STORE_CTX_init()
The memset((ctx-ex_data),0,sizeof(CRYPTO_EX_DATA)) that was commented out
needs to be restored due to the use of OPENSSL_cleanse() on that data
structure. In previous
releases this data structure would have
OpenSSL self-test report:
OpenSSL version: 0.9.7-beta6-dev
Last change: In asn1_d2i_read_bio() repeatedly call BIO_read() until...
Options: no-krb5
OS (uname): OSF1 pierredelune.i3s.unice.fr V5.0 910 alpha alpha
OS (config): alpha-dec-tru64
Target (default): alpha-cc
It turned to be a GCC compiler bug. Basically it's the compiler that
needs to be fixed, but a workaround is merged into HEAD and
OpenSSL_0_9_7-stable branches. The ticket is therefore resolved. A.
__
OpenSSL Project
User has increased optimization level beyond -O2 suggested/recommended
by ./Configure and ran into a compiler bug. As it's not self-obvious
that -O3 signifantly improves performance (OpenSSL has a lot of
source-code optimizations, -O2 is more than sufficient), the case is
therefore dismissed as
[[EMAIL PROTECTED] - Mon Dec 9 08:58:54 2002]:
The INSTALL file in openssl 0.9.7-beta5 mentions that RT is available
at http://www.openssl.org/rt2.html. Trying to browse that URL gives
me:
Not Found
The requested URL /rt2.html was not found on this server.
Apache/1.3.27 Server at
o BN_mod_mul verification fails for mips3-sgi-irix
unless configured with no-asm
Who reported this? I can't reproduce it! A.
__
OpenSSL Project http://www.openssl.org
Development
On Mon, Dec 09, 2002 at 07:20:22AM +0100, Alain Guibert via RT wrote:
Side note: I sent on 1 Dec 2002 at 21:42:47 a mail (uninteresting:
basically a question I answered myself in next mail) that got lost. Not
received back from Request Tracker, no delivery bounce, and not reached
User couldn't have been honest with us. There is/was *working*
solaris64-sparcv9-gcc config line. Instead he must have modified
solaris-sparcv9-gcc line replacing -m32 with -m64 and hoping for the
best. The case is dismissed. A.
Do post output from 'apps/openssl version -a' or case will be dismissed
as RTFM. A.
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
OpenSSL version: 0.9.7-beta6-dev
Last change: In asn1_d2i_read_bio() repeatedly call BIO_read() until...
Options: no-krb5
OS (uname): OSF1 pierredelune.i3s.unice.fr V5.0 910 alpha alpha
OS (config): alpha-dec-tru64
Target (default): alpha-cc
Target:
OK
I will but i must first install version 096g beacuse now i use 096c.
kk
- Original Message -
From: Andy Polyakov via RT [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Monday, December 09, 2002 10:38 AM
Subject: [openssl.org #354] openssl problem on tru64
Do
apps/openssl version -a
OpenSSL 0.9.6g 9 Aug 2002
built on: Mon Dec 9 11:19:16 CET 2002
platform: dist
options: bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long) idea(int)
blowfis
h(idx)
compiler: cc -O
Regards
Chris
- Original Message -
From: Andy Polyakov via RT [EMAIL PROTECTED]
and make test:
test 1 done
test 2 done
test 3 done
test 4 done
starting big number library test, could take a while...
test BN_add
test BN_sub
test BN_lshift1
test BN_lshift (fixed)
test BN_lshift
test BN_rshift1
test BN_rshift
test BN_sqr
Square test failed!
make[1]: *** [test_bn] Error 1
Jeffrey Altman wrote:
I think we need to take a very close look at the situations when it is
safe to replace memset(buf,0,sizeof(buf)) with
OPENSSL_cleanse(buf,sizeof(buf)).
It is clearly safe to make this replacement when the buffer is a stack
allocation because there can be no future use of
At 01:28 AM 12/7/02 +0100, Richard Levitte - VMS Whacker wrote:
In message [EMAIL PROTECTED] on Fri, 06
Dec 2002 16:51:37 +, Bertie [EMAIL PROTECTED] said:
bertie There is a bug in CRYPTO_get_new_dynlockid(), since the first
bertie time it gets called it returns -2 (not -1 as I expected) and
See the ld error messages about SHA_Init, SHA_Update and SHA_Final
undefined.
It's either a completely unrelated problem (like momentary lack of disk
space) or the problem mentioned in ./FAQ, Why does the OpenSSL
compilation fail on Alpha Tru64 Unix?
I did not use any option to
It must be a compiler bug and I'm dismissing this case for the following
reasons:
- you seem to have old compiler, 6.1 vs. currently available 6.4 (which
I have no problems with), ask for patch or consider upgrading;
- SHA is seldomly used algorithm, it probably doesn't worth the effort
to
apps/openssl version -a
OpenSSL 0.9.6g 9 Aug 2002
built on: Mon Dec 9 11:19:16 CET 2002
platform: dist
options: bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long) idea(int)
blowfis
h(idx)
compiler: cc -O
This wouldn't work and it would indeed fail in BN_sqr. It looks like as
you've
Same concerns are raised while trying to gain performance by reusing the SSL
structure, instead of reallocating it for new connection establishment.
Using SSL_clear(SSL *s), as part of the reuse flow, involves a call to
OPENSSL_cleanse.
Following OPENSSL_cleanse with a call to memset() may result
I don't know how it was happenned but it was probably this problem
Now I run ./config and make test was OK.
I will check this version with my software if it is OK
Sorry for inconveniences
Now the output is like below:
apps/openssl version -a
OpenSSL 0.9.6g 9 Aug 2002
built on: Mon Dec 9
However, I should note that I read file PROBLEMS
and did not see anything about tru64. Maybe there should be a pointer to
the FAQ?
Well, there is a pointer from ./FAQ to ./PROBLEMS... And to me it
appears like ./PROBLEMS could be merged into the ./FAQ... So I suppose
consensus is not
Case is dismissed as RTFM. User failed to run ./config script. It feels
like we need BN_sqr entry in FAQ. I'll write couple of lines. A.
__
OpenSSL Project http://www.openssl.org
Development
I managed to reproduce the problem and am looking into it. A.
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager
test results for aix 4.2.1
/audio/kemper/SAH/openssl-0.9.7-beta5/test
testing...
/audio/kemper/SAH/openssl-0.9.7-beta5/apps
making all in apps...
Target all is up to date.
Target all is up to date.
LIBPATH=`cd ..; pwd`; LD_LIBRARY_PATH=$LIBPATH;
DYLD_LIBRARY_PATH=$LIBPATH;
However, this is not true for data structures that are located on the
heap. In many cases OpenSSL provides functions that allow a buffer to
be reused: XXX_init(), XXX_cleanup(), XXX_free(). This is true for
several data structures. By replacing memset() with OPENSSL_cleanse()
in the
On Sun, Dec 08, 2002 at 12:39:04PM +0100, Martin MOKREJ? wrote:
cc: Error: /usr/local/openssl/include/openssl/mdc2.h, line 79: Missing type
specifier or type qualifier. (missingtype)
DES_cblock h,hh;
^
i don't think openssl's evp.h should include mdc2.h
hi,
I try to use openssl to issue and manage certificates for internal usage.
I generated CA ROOT certificate with utility from openssl and issued server
certificate signed by the CA ROOT. The server certificate and CA ROOT worked
very well with iplanet fasttrack 4.1, a early version web server
Rich Salz wrote:
Hmm, so OpenSSL is depending on NULL being all-bytes-zero. :)
Funny about that. :-)
Probably a safe assumption, although theoretically you shouldn't do that.
It really wouldn't matter what assumption you made. At some point there
needs to be a test:
Is this structure
Andy Polyakov wrote:
Ok. the last line in Configure that I've tested is:
linux64-sparcv9,...
do you want that I test another configuration?
Well, it would be nice if you could verify that linux-sparcv9 and
linux-sparcv8 work...
I was tested more configs (./Configure _arch_ shared):
In message [EMAIL PROTECTED] on Mon, 09 Dec 2002 14:07:55 +0100, Andy
Polyakov [EMAIL PROTECTED] said:
appro However, I should note that I read file PROBLEMS
appro and did not see anything about tru64. Maybe there should be a
appro pointer to the FAQ?
appro
appro Well, there is a pointer
These tests within testssl still fail with 0.9.7 Beta 5 if OPENSSL_NO_DH
is included in the Configure options, when make tests is run.
Suggested fix is attached (though this may be auto-created).
Chris Brook
###
if ../apps/openssl no-dh;
Hello,
On December 9, 2002 01:17 am, Wirta Ville wrote:
Just a humble opinnion on that problem. How about adding a normal
memset to be the last action that OPENSSL_cleanse() does? Would that
make any kind of sence or improvement? That way the compiler would have
to make sure OpenSSL can
Jeffrey Altman wrote:
I think we need to take a very close look at the situations when
it is safe to replace memset(buf,0,sizeof(buf)) with
OPENSSL_cleanse(buf,sizeof(buf)). It is clearly safe to make this
[snip]
Ben OPENSSL_cleanse() should be followed by a memset()? OTOH, if the
These tests within testssl still fail with 0.9.7 Beta 5 if OPENSSL_NO_DH
is included in the Configure options, when make tests is run.
Suggested fix is attached (though this may be auto-created).
Chris Brook
###
if ../apps/openssl no-dh;
In message 20021209122438.GB16737@folly on Mon, 9 Dec 2002 13:24:38 +0100, Markus
Friedl [EMAIL PROTECTED] said:
markus On Sun, Dec 08, 2002 at 12:39:04PM +0100, Martin MOKREJ? wrote:
markus cc: Error: /usr/local/openssl/include/openssl/mdc2.h, line 79: Missing type
specifier or type
For y'all that have concerns about this: I'll take a look tomorrow,
and see what I may have done wrong (not an excluded possibility :-)).
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN
On Mon, Dec 09, 2002, wen ding wrote:
hi,
I try to use openssl to issue and manage certificates for internal usage.
I generated CA ROOT certificate with utility from openssl and issued server
certificate signed by the CA ROOT. The server certificate and CA ROOT worked
very well with
SUBMISSION TYPE: TSU
SUBMITTED BY: Tim Rice
SUBMITTED FOR:
POINT OF CONTACT: [EMAIL PROTECTED]
PHONE and/or FAX:
MANUFACTURER: (if relevant)
PRODUCT NAME/MODEL #: openssl-0.9.7
ECCN: 5D002
NOTIFICATION: The attached patch applies to openssl-0.9.7. The source
code
On Mon, 9 Dec 2002, Tim Rice wrote:
NOTIFICATION: The attached patch applies to openssl-0.9.7. The source
code is at ftp.openssl.org and its worldwide mirrors. Code submitted
to the mailing list at [EMAIL PROTECTED]
This patch corrects build problems on SCO OpenServer and adds
hi
we would like to apply SSL to our Web site. Now most of our pages are using
Request.Querystring object. I feel it would create pblm ie we can't user GET method
in ASP while applying SSL.
I would like to know what are the other issues will come. Can you help me to get a
list of do's and
On Tue, 10 Dec 2002 08:24:09 +0100 (MET), Jeyalakshmi via RT wrote:
we would like to apply SSL to our Web site. Now most of our pages are using
Request.Querystring object. I feel it would create pblm ie we can't user
GET method in ASP while applying SSL.
Why not? What does one have to
In message [EMAIL PROTECTED] on Tue, 10 Dec 2002 08:24:09
+0100 (MET), Jeyalakshmi via RT [EMAIL PROTECTED] said:
Please resend those questions to [EMAIL PROTECTED]
This kind of post does not belong in our request tracker (the
intention of the request tracker is to track down bugs in OpenSSL,
46 matches
Mail list logo