Re: EVP macros for AES

[Richard Levitte - VMS Whacker]

From: Stephen Sprunk <[EMAIL PROTECTED]>

stephen> After implementing CBC, CFB, OFB, and CTR for AES (mostly plagiarized
stephen> from IDEA), I'm beginning to wonder why we have 40 different
stephen> implementations of the exact same algorithms in the first place.
stephen> Couldn't we have a general "modes" macro set, to which you pass the
stephen> ECB function of the cipher you're using?

The current state is EAY legacy.  His idea was that one should be able
to pick out any of the algorithm directories and create a separate
library for them (the old libdes is actually exactly the same as
crypto/des/).

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-733-72 88 11
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, GemPlus: http://www.gemplus.com/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: 0.9.7 approaching

[Dr S N Henson]

Harald Koch wrote:
> 
> > Please test the 0.9.7-dev snapshots and report any problems that you
> > found, even if they have been reported before (it's a good reminder
> > for us), or even better, send us patches!
> 
> It used to be possible to call X509_STORE_CTX_init() with a NULL
> X509_STORE pointer, in order to use the verifier without using the
> builtin certificate store. (I am using X509_STORE_CTX_trusted_stack()
> instead).
> 

OK, I'll look into that.

Are you in the US BTW if so can you resend you patch with a CC: to
[EMAIL PROTECTED]

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Gemplus: http://www.gemplus.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: EVP macros for AES

[Stephen Sprunk]

Thus spake Dr S N Henson:
> 
> The reason for the macros was that when the EVP layer was being revised
> it was an absolute nightmare to change anything. IIRC at one point I had
> to add an additional field to the EVP_CIPHER structure. I then spent the
> next couple of hours modifying lots of almost identical EVP_CIPHER
> definitions spread over zillions of little files. So I rewrote the files
> to use macros so that any future changes could largely be handled by
> just changing the macros and the odd exception manually.

That's roughly what I figured :)

After implementing CBC, CFB, OFB, and CTR for AES (mostly plagiarized
from IDEA), I'm beginning to wonder why we have 40 different
implementations of the exact same algorithms in the first place.
Couldn't we have a general "modes" macro set, to which you pass the
ECB function of the cipher you're using?

I've also been at a loss for how to use SSE/MMX registers to pass
around keys and blocks, since doing so would grossly violate the
current API.  This would provide serious performance gains, however.

S

-- 
Stephen Sprunk  "So long as they don't get violent, I want to
CCIE #3723 let everyone say what they wish, for I myself have
K5SSSalways said exactly what pleased me."  --Albert Einstein
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

compiler optimizations

[Howard Chu]

Speaking of optimizations - Does anyone have a Motorola 68020 version of
bn_asm? I used to have one I wrote for SSLeay 0.8.0 but that seems to have
vanished from my hard drive. (Read - I deleted it without thinking, when I
downloaded the OpenSSL 0.9.6 sources...) It would be nice not to have to
recreate it, but I will if no one else has one. My web client with 0.9.6 is
now too slow, it cannot finish generating a key before the remote server
times out the connection. (Speed tests on 0.8.0 vs 0.9.6 are 2-3x faster,
which makes a big difference on my 32MHz 68030.)

  -- Howard Chu
  Chief Architect, Symas Corp.   Director, Highland Sun
  http://www.symas.com   http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support 

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Stephen Sprunk
> Sent: Thursday, February 14, 2002 1:59 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Pentium Pro compiler optimizations
> 
> 
> Thus spake Tim Rice:
> > 
> > Has anyone been sucessfull using Pentium Pro compiler optimizations
> > on UnixWare or OpenUNIX ? It builds but the md2test fails.
> > All works fine without the -Kpentium_pro (-Kp6 on UW 2.1.x) flag.
> > I see this problem on UnixWare 2.1.3 and OpenUNIX 8.0.0
> > My UnixWare 7.1.1 box runs a pentium so I can't test it there.
> > I'm suspecting a compiler problem like on UnixWare 2.0x where it fails
> > destest when -O is used.
> 
> It sounds like your cc has a nasty bug; why not use gcc?
> 
> I regularly use gcc -O3 -march=pentiumpro -fschedule-insns2; there
> is currently a bug when you mix -fschedule-insns (not 2) with -O2 or
> above.  This is at least 10% faster than the default -mcpu=pentium that
> OpenSSL uses on my box.
> 
> S
> 
> -- 
> Stephen Sprunk  "So long as they don't get violent, I want to
> CCIE #3723 let everyone say what they wish, for I myself have
> K5SSSalways said exactly what pleased me."  --Albert Einstein
> __
> OpenSSL Project http://www.openssl.org
> Development Mailing List   [EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [ietf-tls] Re: an attack against SSH2 protocol

[Stephen Sprunk]

Thus spake Wei Dai:
> I'll note that using CTR mode is more efficient than either of these
> suggestions. It doesn't require unpredictable IVs.
...
> Good point. If we want to fix SSH by using a per-packet unpredictable IV,
> the IV would have to be added to the list of MAC inputs. I think that
> would prevent the attack in appendix C.

So is the correct approach to fix the CBC implementation, or to switch
to a mode that is less prone to misuse?

> I'm not very familiar with how IETF working groups work, so what's the
> next step here?

Someone writes an internet-draft (ie. RFC format) describing the
change.

S

-- 
Stephen Sprunk  "So long as they don't get violent, I want to
CCIE #3723 let everyone say what they wish, for I myself have
K5SSSalways said exactly what pleased me."  --Albert Einstein
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Pentium Pro compiler optimizations

[Stephen Sprunk]

Thus spake Tim Rice:
> 
> Has anyone been sucessfull using Pentium Pro compiler optimizations
> on UnixWare or OpenUNIX ? It builds but the md2test fails.
> All works fine without the -Kpentium_pro (-Kp6 on UW 2.1.x) flag.
> I see this problem on UnixWare 2.1.3 and OpenUNIX 8.0.0
> My UnixWare 7.1.1 box runs a pentium so I can't test it there.
> I'm suspecting a compiler problem like on UnixWare 2.0x where it fails
> destest when -O is used.

It sounds like your cc has a nasty bug; why not use gcc?

I regularly use gcc -O3 -march=pentiumpro -fschedule-insns2; there
is currently a bug when you mix -fschedule-insns (not 2) with -O2 or
above.  This is at least 10% faster than the default -mcpu=pentium that
OpenSSL uses on my box.

S

-- 
Stephen Sprunk  "So long as they don't get violent, I want to
CCIE #3723 let everyone say what they wish, for I myself have
K5SSSalways said exactly what pleased me."  --Albert Einstein
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: 0.9.7 approaching

[Harald Koch]

> Please test the 0.9.7-dev snapshots and report any problems that you
> found, even if they have been reported before (it's a good reminder
> for us), or even better, send us patches!

It used to be possible to call X509_STORE_CTX_init() with a NULL
X509_STORE pointer, in order to use the verifier without using the
builtin certificate store. (I am using X509_STORE_CTX_trusted_stack()
instead).

There was a small problem with X509_STORE_CTX_init() that dereferenced
the store pointer without checking it for NULL, and I had patched this.
I started porting forward my old patch, but found a whole bunch of new
stuff that is copied from the X509_STORE structure. The only one that I
have trouble with is get_issuer, which is initialized by default to
X509_STORE_CTX_get1_issuer(), which in turn assumes the existence of a
cert store :-)

I have attached a patch that assumes that I can initialize get_issuer to
get_issuer_sk if the store pointer is NULL...

-- 
Harald Koch <[EMAIL PROTECTED]>



 //depot/ThirdParty/Distributions/openssl-snapshot/crypto/x509/x509_vfy.c#3 - 
/home/chk/work/openssl-snapshot/crypto/x509/x509_vfy.c 
@@ -1055,6 +1055,4 @@
ctx->untrusted=chain;
ctx->last_untrusted=0;
-   ctx->purpose=store->purpose;
-   ctx->trust=store->trust;
ctx->check_time=0;
ctx->flags=0;
@@ -1072,17 +1070,35 @@
 */
 
-   ctx->flags = store->flags;
+   if (store)
+   ctx->purpose=store->purpose;
+   else
+   ctx->purpose=0;
+
+   if (store)
+   ctx->trust=store->trust;
+   else
+   ctx->trust = 0;
+
+   if (store)
+   ctx->flags = store->flags;
+   else
+   ctx->flags = 0;
 
-   if (store->check_issued)
+   if (store && store->check_issued)
ctx->check_issued = store->check_issued;
else
ctx->check_issued = check_issued;
 
-   if (store->get_issuer)
-   ctx->get_issuer = store->get_issuer;
+   if (store)
+   {
+   if (store->get_issuer)
+   ctx->get_issuer = store->get_issuer;
+   else
+   ctx->get_issuer = X509_STORE_CTX_get1_issuer;
+   }
else
-   ctx->get_issuer = X509_STORE_CTX_get1_issuer;
+   ctx->get_issuer = get_issuer_sk;
 
-   if (store->verify_cb)
+   if (store && store->verify_cb)
ctx->verify_cb = store->verify_cb;
else
@@ -1094,25 +1110,25 @@
ctx->verify = internal_verify;
 
-   if (store->check_revocation)
+   if (store && store->check_revocation)
ctx->check_revocation = store->check_revocation;
else
ctx->check_revocation = check_revocation;
 
-   if (store->get_crl)
+   if (store && store->get_crl)
ctx->get_crl = store->get_crl;
else
ctx->get_crl = get_crl;
 
-   if (store->check_crl)
+   if (store && store->check_crl)
ctx->check_crl = store->check_crl;
else
ctx->check_crl = check_crl;
 
-   if (store->cert_crl)
+   if (store && store->cert_crl)
ctx->cert_crl = store->cert_crl;
else
ctx->cert_crl = cert_crl;
 
-   ctx->cleanup = store->cleanup;
+   if (store) ctx->cleanup = store->cleanup;
 
/* This memset() can't make any sense anyway, so it's removed. As

OpenSSL and ASP

[Derek Strickland]

I have to integrate with a company that is running an all Perl/Unix site
that requires an OpenSSL authentication.  I have compiled OpenSSL on my
Windows box and it passes all the tests for a valid installation, but I
can't find any article on using OpenSSL from ASP.  Is it possible?  I even
tried going into VB and making a project reference just so I could get some
intellisense help on methods/properties and VB cannot add a reference to
this DLL.  Does this mean that I have no options other than building a
FreeBSD box to talk to this Apache Server for this one task?  Is there no
way to make this run via ASP/IIS or at least use a built in IIS object that
will communicate effectively with an OpenSSL Listener on his end.  Help
would be awesome.  Thanks.

Derek Strickland
DotAnything Inc.



__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [ietf-tls] Re: an attack against SSH2 protocol

[Wei Dai]

On Wed, Feb 13, 2002 at 03:57:59PM +0200, Hugo Krawczyk wrote:
> Thus, future revisions of TLS should also take this into account.
> That is, either transmit a fresh (unpredictable) IV with each msg,
> or implcitly compute this IV in an *unpredictable* way, for example by
> applying a  prf to the msg counter. 

I'll note that using CTR mode is more efficient than either of these
suggestions. It doesn't require unpredictable IVs.

> PS: since Wei Dai mentioned the case of SSH in this context, the bad news
> there is that even using CBC and fixing the problem of predictable IV
> leaves the protocol open to the attacks on authenticate-and-mac
> showed in my paper (e.g. the attack in appendix C)

Good point. If we want to fix SSH by using a per-packet unpredictable IV,
the IV would have to be added to the list of MAC inputs. I think that
would prevent the attack in appendix C.

I'm not very familiar with how IETF working groups work, so what's the
next step here?
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

0.9.7 Version

[Alphy A. Quintos]

Is there an estimated or guesstimated time of release
for version 0.9.7?

Alphy A. Quintos
[EMAIL PROTECTED]



BEGIN:VCARD
VERSION:2.1
N:Quintos;Alphy;A.
FN:Alphy A. Quintos
ORG:Hewlett-Packard;TSG
TITLE:Systems Engineer
TEL;WORK;VOICE:(818) 729-2115
TEL;PAGER;VOICE:(877) 456-6989
TEL;WORK;FAX:(818) 558-7725
ADR;WORK:;;3015 Winona Avenue;Burbank;CA;91504;United States of America
LABEL;WORK;ENCODING=QUOTED-PRINTABLE:3015 Winona Avenue=0D=0ABurbank, CA 91504=0D=0AUnited States of America
X-WAB-GENDER:2
BDAY:20010110
EMAIL;PREF;INTERNET:[EMAIL PROTECTED]
REV:20010619T233300Z
END:VCARD

Re: cvs commit: openssl/util libeay.num mkdef.pl mkerr.pl

[Dr S N Henson]

Any reason for this:

> /* Override the default new methods */
>   static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
>   {
> if(operation == ASN1_OP_NEW_PRE) {
> ECDSA_SIG *sig;
> sig = OPENSSL_malloc(sizeof(ECDSA_SIG));
> if (sig == NULL)
> {
> ECDSAerr(ECDSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
> return 0;
> }
> sig->r = NULL;
> sig->s = NULL;
> *pval = (ASN1_VALUE *)sig;
> return 2;
> }
> return 1;
>   }
>   
>   ASN1_SEQUENCE_cb(ECDSA_SIG, sig_cb) = {
> ASN1_SIMPLE(ECDSA_SIG, r, CBIGNUM),
> ASN1_SIMPLE(ECDSA_SIG, s, CBIGNUM)
>   } ASN1_SEQUENCE_END_cb(ECDSA_SIG, ECDSA_SIG)
>  

What this actually does is to override the default ASN1 "new" behaviour:
this should be avoided in new code where possible. If the original new
behaviour is retained it will be identical except it will populate
sig->r, sig->s using BN_new(). Shouldn't be a problem provided the
relevant assignment code takes note of this.

This actually looks identical to the DSA_SIG code. In that case
DSA_new() already existed and didn't allocate BIGNUMs for 'r' and 's' so
it has to override the default behaviour to avoid breaking existing
code.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Gemplus: http://www.gemplus.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Zencod engine for 0.9.7

[Frederic DONNAT]

Title: Zencod engine for 0.9.7






Hi all,

We have developed an engine for our crypto accelerator Zenssl32.
Symetric operation: RSA, DSA, DH
Random
Digest: MD5 SHA1
Cipher: DES, RC4 (based on evp)

We have some patch for OpenSSL-engine-0.9.6x (asymetric and random).
We are actually finishing tests.
We'd like to send it to the community before the end of the week, to have a chance to appeare in the next release.

So what should we do to be in the next release 0.9.7 (What are the step to follow ?).
Should we send the code in this mailing list?

Thanks in advance.
Fred

Re: 0.9.7 approaching

[Oscar Jacobsson]

Richard Levitte - VMS Whacker wrote:
> I just commited a libeay.num that have these added.  I also changed
> the main trunk libeay.num so those two would stay in the same position
> there as well.

Grand!

> According to the Unixly manuals, they are defined in or through
> string.h.  Is that true in the Windowsly environment as well?

Should be. The VC help states that memset is available through either
memory.h or string.h, so both should work. Lacking easy access to a
standard library reference, I simply grabbed the prior.

> I just commited a patch to fix this.

Cheers!

//oscar
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: 0.9.7 approaching

[Neff Robert A]

Richard,
memcpy, memset, and memcmp are defined in string.h and memory.h
for Windows Visual C++ environment.

-Original Message-
From: Richard Levitte - VMS Whacker [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 14, 2002 8:53 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: 0.9.7 approaching


From: Oscar Jacobsson <[EMAIL PROTECTED]>

oscar> 1) util/libeay.num seems to be missing a couple of entires, namely:
oscar>  ENGINE_load_aep
oscar>  ENGINE_load_sureware

I just commited a libeay.num that have these added.  I also changed
the main trunk libeay.num so those two would stay in the same position
there as well.

oscar> 2) For some reason, in the debug build of crypto/des/read2pwd.c,
memset
oscar> hasn't been defined, so a quick include of memory.h did the trick.
I'm
oscar> sure there's more to the issue than this though. :-)

According to the Unixly manuals, they are defined in or through
string.h.  Is that true in the Windowsly environment as well?

I just commited a patch to fix this.

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-733-72 88 11
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, GemPlus: http://www.gemplus.com/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
*
DISCLAIMER:   The information contained in this e-mail may be confidential
and is intended solely for the use of the named addressee.  Access, copying
or re-use of the e-mail or any information contained therein by any other
person is not authorized.  If you are not the intended recipient please
notify us immediately by returning the e-mail to the originator.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Build problem in CVS HEAD and openssl-0.9.6-stable-SNAP-20020213

[Doug Kaufman]

On Thu, 14 Feb 2002, Corinna Vinschen wrote:

> Make complains in crypto/hmac:
> 
>   make[2]: *** No rule to make target `../../include/openssl/idea.h', needed by 
>`hmac.o'.  Stop.
> 
> The dependencies in crypto/hmac/Makefile.ssl make hmac.o dependend on
> idea.h, rc5.h and mdc2.h but that seems pretty unnecessary since hmac.o
> is build even w/o these files.

These problems were fixed by my patches in December. I guess they
haven't been committed yet. See:
"http://www.mail-archive.com/openssl-dev@openssl.org/msg10318/096c.pch.gz";
for the patch to the 0.9c version and 
"http://www.mail-archive.com/openssl-dev@openssl.org/msg10317.html";
for the patch to the 0.9.7 version.

These ensure that the header files are created in the appropriate
directory even when the algorithm is excluded. You will also need the
header files when you do "make test".
   Doug
__ 
Doug Kaufman
Internet: [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: OpenSSL (openssl-0.9.1c)

[Richard Levitte - VMS Whacker]

From: Khan Alamgir <[EMAIL PROTECTED]>

akh> Please help!

Use a more modern OpenSSL.  The current release is 0.9.6c.

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-733-72 88 11
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, GemPlus: http://www.gemplus.com/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

OpenSSL (openssl-0.9.1c)

[Khan Alamgir]

Title: OpenSSL  (openssl-0.9.1c)





I have built libs for openssl with gcc 2.95. Build was sucessfull with minor warnings from GCC.  I have built my own application with openssl libs, but I am having problem with SSL_CTX_new(). It fails in

ssl_create_cipher_list(ret->method, &ret->cipher_list,&ret->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST); 


if (ret->cipher_list == NULL || sk_num(ret->cipher_list) <= 0)
{
    SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS);
 goto err2;
 } 


Please help!


Regards,
Alamgir Khan

Re: 0.9.7 make test needs work

[Richard Levitte - VMS Whacker]

From: Tim Rice <[EMAIL PROTECTED]>

tim> The "make test" in 0.9.7 needs a little work.
tim> It requires a previous SSL installation.
tim> ...
tim> Tests completed happily
tim> ./evp_test evptests.txt
tim> Auto configuration failed
tim> 3562:error:02001002:system library:fopen:No such file or 
directory:bss_file.c:104:fopen('/usr/local/ssl/openssl.cnf','rb')
tim> 3562:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:107:
tim> 3562:error:0E064002:configuration file routines:CONF_load:system 
lib:conf_def.c:198:
tim> make[2]: *** [test_evp] Error 1
tim> make[2]: Leaving directory `/usr/local/src/libs/openssl-SNAP-20020212/test'
tim> ...

Thanks.  The actual error was in the err section of libcrypto.  I
commited a patch to fix that.

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-733-72 88 11
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, GemPlus: http://www.gemplus.com/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: cvs commit: openssl/crypto/err err.c

[Bodo Moeller]

On Thu, Feb 14, 2002 at 02:42:36PM +0100, [EMAIL PROTECTED] wrote:

>   Log:
>   For some reason, getting the topmost error was done the same way as
>   getting the bottommost one.  I hope I understood correctly how this
>   should be done.  It seems to work when running evp_test in an
>   environment where it can't find openssl.cnf.

>   --- err.c   2002/01/24 17:17:29 1.51
>   +++ err.c   2002/02/14 13:42:33 1.51.2.1
>   @@ -720,7 +720,7 @@
>
>   if (es->bottom == es->top) return 0;
>   if (top)
>   -   i=(es->bottom+1)%ERR_NUM_ERRORS; /* last error */
>   +   i=es->top;   /* last error */
>   else
>   i=(es->bottom+1)%ERR_NUM_ERRORS; /* first error */
>

This fix for err.c is correct.

But evp_test.c should never have called OPENSSL_config() because
OPENSSL_config() uses the configuration file found in an OpenSSL
*installation*.  If we want to use a configuration file during
'make test', we should use one located in the source tree.


-- 
Bodo Möller <[EMAIL PROTECTED]>
PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: 0.9.7 approaching

[Richard Levitte - VMS Whacker]

From: Oscar Jacobsson <[EMAIL PROTECTED]>

oscar> 1) util/libeay.num seems to be missing a couple of entires, namely:
oscar>  ENGINE_load_aep
oscar>  ENGINE_load_sureware

I just commited a libeay.num that have these added.  I also changed
the main trunk libeay.num so those two would stay in the same position
there as well.

oscar> 2) For some reason, in the debug build of crypto/des/read2pwd.c, memset
oscar> hasn't been defined, so a quick include of memory.h did the trick. I'm
oscar> sure there's more to the issue than this though. :-)

According to the Unixly manuals, they are defined in or through
string.h.  Is that true in the Windowsly environment as well?

I just commited a patch to fix this.

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-733-72 88 11
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, GemPlus: http://www.gemplus.com/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: 0.9.7 make test needs work

[Bodo Moeller]

On Wed, Feb 13, 2002 at 08:37:24PM -0800, Tim Rice wrote:

> The "make test" in 0.9.7 needs a little work.
[...]
> ./evp_test evptests.txt
> Auto configuration failed

Fixed.


-- 
Bodo Möller <[EMAIL PROTECTED]>
PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: 0.9.7 approaching

[Oscar Jacobsson]

Hi!

Just two slight problems with the Win32/VC6 build:

1) util/libeay.num seems to be missing a couple of entires, namely:
ENGINE_load_aep
ENGINE_load_sureware

These are both in the trunk, but don't seem to have made it out into the
release branch.

2) For some reason, in the debug build of crypto/des/read2pwd.c, memset
hasn't been defined, so a quick include of memory.h did the trick. I'm
sure there's more to the issue than this though. :-)

Once the stuff gets built, everything tests out ok.

Best regards,

//oscar

Richard Levitte - VMS Whacker wrote:
> Please test the 0.9.7-dev snapshots and report any problems that you
> found, even if they have been reported before (it's a good reminder
> for us), or even better, send us patches!
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Rename "CygWin32" to "Cygwin" acceptable?

[Corinna Vinschen]

On Thu, Feb 14, 2002 at 11:37:30AM +0100, Richard Levitte - VMS Whacker wrote:
> From: Corinna Vinschen <[EMAIL PROTECTED]>
> 
> vinschen> in OpenSSL, Cygwin is called "CygWin32" throughout.  But the
> vinschen> correct name and case usage of Cygwin is "Cygwin".  No upper
> vinschen> case Win, no 32.
> 
> Ah, OK, I'll fix that.

Thanks!
Corinna

-- 
Corinna Vinschen
Cygwin Developer
Red Hat, Inc.
mailto:[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Build problem in CVS HEAD and openssl-0.9.6-stable-SNAP-20020213

[Corinna Vinschen]

Hi,

I'm trying to build CVS HEAD as well as openssl-0.9.6-stable-SNAP-20020213
with the following options

  no-idea no-rc5 no-mdc2

as I'd do for a Cygwin release.

Make complains in crypto/hmac:

  make[2]: *** No rule to make target `../../include/openssl/idea.h', needed by 
`hmac.o'.  Stop.

The dependencies in crypto/hmac/Makefile.ssl make hmac.o dependend on
idea.h, rc5.h and mdc2.h but that seems pretty unnecessary since hmac.o
is build even w/o these files.

After tweaking Makefile in this directory, the build stops with the
same problem in crypto/rsa so I assume it's sort of a generic problem?

Corinna

-- 
Corinna Vinschen
Cygwin Developer
Red Hat, Inc.
mailto:[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [PATCH]: Latest `config' has syntax error

[Corinna Vinschen]

On Thu, Feb 14, 2002 at 11:24:38AM +0100, Corinna Vinschen wrote:
> Hi,
> 
> the patch to config has a syntax error.  Patch below.

Oh, I've just seen that a patch has already been applied to
openssl-0.9.6-stable-SNAP-20020213.  But the problem seems
still to be in CVS HEAD.

Corinna

-- 
Corinna Vinschen
Cygwin Developer
Red Hat, Inc.
mailto:[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Rename "CygWin32" to "Cygwin" acceptable?

[Richard Levitte - VMS Whacker]

From: Corinna Vinschen <[EMAIL PROTECTED]>

vinschen> in OpenSSL, Cygwin is called "CygWin32" throughout.  But the
vinschen> correct name and case usage of Cygwin is "Cygwin".  No upper
vinschen> case Win, no 32.

Ah, OK, I'll fix that.

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-733-72 88 11
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, GemPlus: http://www.gemplus.com/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[PATCH]: Latest `config' has syntax error

[Corinna Vinschen]

Hi,

the patch to config has a syntax error.  Patch below.

Corinna

Index: config
===
RCS file: /home/cvs/cvsroot/src/openssl/config,v
retrieving revision 1.95
diff -u -p -r1.95 config
--- config  2002/02/13 14:44:31 1.95
+++ config  2002/02/14 10:22:40
@@ -336,10 +336,11 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${
case "$RELEASE" in
[bB]*|1.0|1.[12].*)
echo "${MACHINE}-whatever-cygwin32_pre1.3"; exit 0
+   ;;
*)
echo "${MACHINE}-whatever-cygwin32"; exit 0
-   ;;
-
+   ;;
+   esac
 esac
 
 #

-- 
Corinna Vinschen
Cygwin Developer
Red Hat, Inc.
mailto:[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: ECDSA: unresolved function

[Nils Larsch]

Gisle Vanem wrote:
> 
> I get unresolved symbol  `EC_GROUP_get_group_by_name' when linking openssl.exe.
> In what file should this function exist?

The Function `EC_GROUP_get_group_by_name' doesn't exit anymore.
EC_GROUP_new_by_name() ( see ec.h ) should be used instead 
( in ecs_asn1.c , ecdsaparam.c and ecdsatest.c ).

Nils

diff -r openssl-SNAP-20020213/apps/ecdsaparam.c 
openssl-SNAP-20020213_patch/apps/ecdsaparam.c
351c351
<   ecdsa->group = EC_GROUP_get_group_by_name(curve_type);
---
>   ecdsa->group = EC_GROUP_new_by_name(curve_type);
diff -r openssl-SNAP-20020213/crypto/ecdsa/ecdsatest.c 
openssl-SNAP-20020213_patch/crypto/ecdsa/ecdsatest.c
122c122
<   if ((ecdsa->group = EC_GROUP_get_group_by_name(EC_GROUP_X9_62_PRIME_192V1)) == 
NULL)
---
>   if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_X9_62_PRIME_192V1)) == NULL)
155c155
<   if ((ecdsa->group = EC_GROUP_get_group_by_name(EC_GROUP_X9_62_PRIME_239V1)) == 
NULL)
---
>   if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_X9_62_PRIME_239V1)) == NULL)
535c535
<   if ((ecdsa->group = EC_GROUP_get_group_by_name(EC_GROUP_NIST_PRIME_192)) == 
NULL) goto err;
---
>   if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_192)) == NULL) 
>goto err;
561c561
< if ((ecdsa->group = EC_GROUP_get_group_by_name(EC_GROUP_NIST_PRIME_224)) == 
NULL) goto err;
---
> if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_224)) == NULL) 
>goto err;
587c587
< if ((ecdsa->group = EC_GROUP_get_group_by_name(EC_GROUP_NIST_PRIME_256)) == 
NULL) goto err;
---
> if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_256)) == NULL) 
>goto err;
613c613
< if ((ecdsa->group = EC_GROUP_get_group_by_name(EC_GROUP_NIST_PRIME_384)) == 
NULL) goto err;
---
> if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_384)) == NULL) 
>goto err;
639c639
< if ((ecdsa->group = EC_GROUP_get_group_by_name(EC_GROUP_NIST_PRIME_521)) == 
NULL) goto err;
---
> if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_521)) == NULL) 
>goto err;
diff -r openssl-SNAP-20020213/crypto/ecdsa/ecs_asn1.c 
openssl-SNAP-20020213_patch/crypto/ecdsa/ecs_asn1.c
505c505
<   if ((ret->group = EC_GROUP_get_group_by_name(tmp)) == NULL)
---
>   if ((ret->group = EC_GROUP_new_by_name(tmp)) == NULL)

Re: AES and difference between engine and not

[Richard Levitte - VMS Whacker]

From: Michael Richardson <[EMAIL PROTECTED]>

mcr>   I would have thought that this would be a FAQ.
mcr>   It is not. What is the "engine"?

It is.  http://www.openssl.org/support/faq.html#MISC6

mcr>   I was however, specifically trying to determine if anyone
mcr> has started any work on having an AES integrated into openssl.
mcr>   http://www.mail-archive.com/openssl-dev@openssl.org/msg10670.html
mcr> 
mcr>   suggests that it will be in the 0.9.7 release?

Yup.  It's not entirely complete yet, we're adding the ofb and cfb
modes soon.

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-733-72 88 11
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, GemPlus: http://www.gemplus.com/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Rename "CygWin32" to "Cygwin" acceptable?

[Corinna Vinschen]

Hi,

in OpenSSL, Cygwin is called "CygWin32" throughout.  But the correct name
and case usage of Cygwin is "Cygwin".  No upper case Win, no 32.

Question:  Would renaming in the scripts be an acceptable patch?

Corinna

-- 
Corinna Vinschen
Cygwin Developer
Red Hat, Inc.
mailto:[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

ECDSA: unresolved function

[Gisle Vanem]

I get unresolved symbol  `EC_GROUP_get_group_by_name' when linking openssl.exe.
In what file should this function exist?

Gisle V.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]