RE: the Sun covenant language

[Takurou Saitou]

The other day I contributed the following questions, but do not yet have an 
answer.
About the particularly following questions, will not there be a person having 
you instruct
it?

 In addition, where will a pertinence point of ECC Code described in the
 covenant language be? Will it be the whole openssl/crypto/bn/bn_gf2m.c?

 ---
  * In addition, Sun covenants to all licensees who provide a reciprocal
  * covenant with respect to their own patents if any, not to sue under
  * current and future patent claims necessarily infringed by the making,
  * using, practicing, selling, offering for sale and/or otherwise
  * disposing of the ECC Code as delivered hereunder (or portions thereof),
  * provided that such covenant shall not apply:
  *  1) for code that a licensee deletes from the ECC Code;
  
  *  2) separates from the ECC Code; or
   
  *  3) for infringements caused by:
  *   i) the modification of the ECC Code or
 
  *  ii) the combination of the ECC Code with other software or

  *  devices where such combination causes the infringement.
 ---

Thanks!

Takurou Saitou.

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of Takurou Saitou
 Sent: Friday, February 24, 2006 8:14 PM
 To: openssl-dev@openssl.org
 Subject: the Sun covenant language


 Hi,

 The Sun covenant language is deleted for the following files before,

   openssl/apps/ecparam.c
   openssl/apps/speed.c
   openssl/crypto/bn/bn.h
   openssl/crypto/bn/bntest.c
   openssl/crypto/ec/ec.h
   openssl/crypto/ec/ec2_mult.c
   openssl/crypto/ec/ec2_smpl.c
   openssl/crypto/ec/ec_curve.c
   openssl/crypto/ec/ec_cvt.c
   openssl/crypto/ec/ec_lcl.h
   openssl/crypto/ec/ectest.c
   openssl/crypto/ecdh/ecdh.h
   openssl/crypto/ecdh/ecdhtest.c
   openssl/crypto/ecdh/ech_key.c
   openssl/crypto/ecdh/ech_lib.c
   openssl/crypto/ecdh/ech_ossl.c
   openssl/crypto/ecdsa/ecdsatest.c
   openssl/crypto/engine/tb_ecdh.c
   openssl/ssl/s3_clnt.c
   openssl/ssl/s3_lib.c
   openssl/ssl/s3_srvr.c
   openssl/ssl/tls1.h

   (CVS COMMIT MAIL)
   http://cvs.openssl.org/chngview?cn=8610

 the covenant language is not deleted about openssl/crypto/bn/bn_gf2m.c.
 Will there be the circumstances that cannot delete the covenant language?

 In addition, where will a pertinence point of ECC Code described in the
 covenant language be? Will it be the whole openssl/crypto/bn/bn_gf2m.c?

 ---
  * In addition, Sun covenants to all licensees who provide a reciprocal
  * covenant with respect to their own patents if any, not to sue under
  * current and future patent claims necessarily infringed by the making,
  * using, practicing, selling, offering for sale and/or otherwise
  * disposing of the ECC Code as delivered hereunder (or portions thereof),
  * provided that such covenant shall not apply:
  *  1) for code that a licensee deletes from the ECC Code;
  
  *  2) separates from the ECC Code; or
   
  *  3) for infringements caused by:
  *   i) the modification of the ECC Code or
 
  *  ii) the combination of the ECC Code with other software or

  *  devices where such combination causes the infringement.
 ---

 Thanks.

 Takurou Saitou


 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   openssl-dev@openssl.org
 Automated List Manager   [EMAIL PROTECTED]




__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

the Sun covenant language

[Takurou Saitou]

Hi,

The Sun covenant language is deleted for the following files before,

  openssl/apps/ecparam.c
  openssl/apps/speed.c
  openssl/crypto/bn/bn.h
  openssl/crypto/bn/bntest.c
  openssl/crypto/ec/ec.h
  openssl/crypto/ec/ec2_mult.c
  openssl/crypto/ec/ec2_smpl.c
  openssl/crypto/ec/ec_curve.c
  openssl/crypto/ec/ec_cvt.c
  openssl/crypto/ec/ec_lcl.h
  openssl/crypto/ec/ectest.c 
  openssl/crypto/ecdh/ecdh.h
  openssl/crypto/ecdh/ecdhtest.c
  openssl/crypto/ecdh/ech_key.c
  openssl/crypto/ecdh/ech_lib.c
  openssl/crypto/ecdh/ech_ossl.c
  openssl/crypto/ecdsa/ecdsatest.c
  openssl/crypto/engine/tb_ecdh.c
  openssl/ssl/s3_clnt.c
  openssl/ssl/s3_lib.c
  openssl/ssl/s3_srvr.c
  openssl/ssl/tls1.h
 
  (CVS COMMIT MAIL)
  http://cvs.openssl.org/chngview?cn=8610

the covenant language is not deleted about openssl/crypto/bn/bn_gf2m.c.
Will there be the circumstances that cannot delete the covenant language?

In addition, where will a pertinence point of ECC Code described in the 
covenant language be? Will it be the whole openssl/crypto/bn/bn_gf2m.c?

---
 * In addition, Sun covenants to all licensees who provide a reciprocal
 * covenant with respect to their own patents if any, not to sue under
 * current and future patent claims necessarily infringed by the making,
 * using, practicing, selling, offering for sale and/or otherwise
 * disposing of the ECC Code as delivered hereunder (or portions thereof),
 * provided that such covenant shall not apply:
 *  1) for code that a licensee deletes from the ECC Code;
 
 *  2) separates from the ECC Code; or
  
 *  3) for infringements caused by:
 *   i) the modification of the ECC Code or

 *  ii) the combination of the ECC Code with other software or
   
 *  devices where such combination causes the infringement.
---

Thanks.

Takurou Saitou


__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: Race condition involving SSL_CTX_new

[Takurou Saitou]

Hi!

There is one point confirmation. 

May I think the action on the trouble described in the following mail 
was done with the E-mail of following openssl-cvs (Show with URL)?

http://marc.theaimsgroup.com/?l=openssl-cvsm=109870286615557w=2

I use the Openssl0.9.7d in our project. 

Takurou Saitou.

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] Behalf Of Arnold Hendriks
 Sent: Monday, October 25, 2004 7:30 PM
 To: openssl-dev@openssl.org
 Subject: Race condition involving SSL_CTX_new
 
 
 Dear list,
 
 I've been using the openssl libs for quite some time, and so far 
 they've always worked 
 fine. Recently, I've had to change my code to use different contexts 
 per connection 
 (due to easier key management being available in the SSL_CTX family), 
 and now I'm 
 hitting a race condition when starting the openssl libraries 
 (0.9.7d). Sporadically, the 
 following error appears:
 
 SSL:error:140A90A1:SSL routines:SSL_CTX_new:library has no ciphers
 
 Scanning through the google archive I saw that this problem was known 
 and that a fix 
 was made, but the fix was incorrect. Firstly, load_ciphers is only 
 called when 
 init_ciphers is set to 1. 
 
 But the first thing load_ciphers does is setting init_ciphers to 0 - 
 a parallel running call 
 to this code (quite likely on my SMP machine):
 
   if (init_ciphers)
   {
   CRYPTO_w_lock(CRYPTO_LOCK_SSL);
   if (init_ciphers) load_ciphers();
   CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
   }
 
 will cause the second thread to skip load_ciphers, and thus continue 
 running without 
 having a completed init_ciphers call.
 
 Moving the init_ciphers=0; statement to the end of load_ciphers would 
 fix that 
 problem, but would probably open up an even subtler race condition: 
 DCL may not be 
 safe on all platforms without proper memory barriers. It would 
 probably be safer to 
 remove this 'optimization' all together: SSL_CTX_new does a lot of memory 
 allocations already so the cost of hitting one more mutex should be 
 negligible?
 
 The following patch should fix the race condition in SSL_CTX_new:
 
 diff -ur openssl-0.9.7d-orig/ssl/ssl_ciph.c openssl-0.9.7d/ssl/ssl_ciph.c
 --- openssl-0.9.7d-orig/ssl/ssl_ciph.c  Mon Oct 25 11:53:33 2004
 +++ openssl-0.9.7d/ssl/ssl_ciph.c   Mon Oct 25 11:55:58 2004
 @@ -759,12 +759,9 @@
  */
 if (rule_str == NULL) return(NULL);
  
 -   if (init_ciphers)
 -   {
 -   CRYPTO_w_lock(CRYPTO_LOCK_SSL);
 -   if (init_ciphers) load_ciphers();
 -   CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
 -   }
 +   CRYPTO_w_lock(CRYPTO_LOCK_SSL);
 +   if (init_ciphers) load_ciphers();
 +   CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
  
 /*
  * To reduce the work to do we only want to process the compiled
 
 
 With this fix, I haven't been able to reproduce the race condition so far.
 
 
 With regards,
 Arnold Hendriks
 
 -- 
 Arnold Hendriks [EMAIL PROTECTED]
 B-Lex Information Technologies http://www.b-lex.com/
 Postbus 545, 7500 AM Enschede, The Netherlands
 
 B-Lex: +31 (0)53 4836543   
 Mobile: +31 (0)6 51710159
 MSN: [EMAIL PROTECTED]   
 ICQ: 86313731
 
 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   openssl-dev@openssl.org
 Automated List Manager   [EMAIL PROTECTED]
 

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: [openssl.org #1005] about a result of 'openssl ciphers'

[Takurou Saitou]

 -Original Message-
 Takurou Saitou wrote:
  Thank you for the correction.
  
  I immediately confirmed operation.
  When ciphersuite keywords of the same processing group was
  combined by '+'(The example: kRSA+kEDH) and specified for the
  command argument, I confirmed a correct result returned.
  
  OpenSSL ciphers kRSA+kEDH
  Error in cipher list
  940:error:140A60B9:SSL routines:SSL_CREATE_CIPHER_LIST:no cipher 
 match:ssl_ciph.
  c:882:
  error in ciphers
  
  However, when ciphersuite keywords of the different processing group was
  combined by '+'(The example: AES+SHA1) and specified for the command
  argument, the following execution results were returned.
 
 ok, I've committed a fix. Please try a new snapshot.

Thank you for the correction.

 I immediately confirmed operation and confirmed a correct result returned.

Thanks.

Takurou Saitou.
 

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: [openssl.org #1005] about a result of 'openssl ciphers'

[Takurou Saitou]

Thank you for the correction.
(B
(BI immediately confirmed operation.
(BWhen ciphersuite keywords of the same processing group was
(Bcombined by '+'(The example: kRSA+kEDH) and specified for the
(Bcommand argument, I confirmed a correct result returned.
(B
(BOpenSSL ciphers kRSA+kEDH
(BError in cipher list
(B940:error:140A60B9:SSL routines:SSL_CREATE_CIPHER_LIST:no cipher match:ssl_ciph.
(Bc:882:
(Berror in ciphers
(B
(BHowever, when ciphersuite keywords of the different processing group was
(Bcombined by '+'(The example: AES+SHA1) and specified for the command
(Bargument, the following execution results were returned.
(B
(BOpenSSL ciphers AES+SHA1
(BError in cipher list
(B940:error:140A60B9:SSL routines:SSL_CREATE_CIPHER_LIST:no cipher match:ssl_ciph.
(Bc:882:
(Berror in ciphers
(B
(BThe following results are output in OpenSSL0.9.7d.
(B
(BOpenSSL ciphers AES+SHA1
(BADH-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:ADH-AES128-SHA:D
(BHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA
(B
(Ba degrad has occurred consequentially.
(B
(BThanks.
(B
(BTakurou Saitou
(B
(B -Original Message-
(B From: [EMAIL PROTECTED]
(B [mailto:[EMAIL PROTECTED] Behalf Of Nils Larsch via RT
(B Sent: Thursday, June 09, 2005 7:26 AM
(B To: [EMAIL PROTECTED]
(B Cc: openssl-dev@openssl.org
(B Subject: [openssl.org #1005] about a result of 'openssl ciphers'
(B
(B
(B
(B should be fixed; please try a new snapshot.
(B
(B Thanks,
(B Nils
(B __
(B OpenSSL Project http://www.openssl.org
(B Development Mailing List   openssl-dev@openssl.org
(B Automated List Manager   [EMAIL PROTECTED]
(B
(B
(B
(B
(B__
(BOpenSSL Project http://www.openssl.org
(BDevelopment Mailing List   openssl-dev@openssl.org
(BAutomated List Manager   [EMAIL PROTECTED]

[openssl.org #1005] about a result of 'openssl ciphers'

[Takurou Saitou via RT]

Hi,

In the openssl command option ciphers, when ciphersuite keywords
of the same processing group was combined by '+'(The example: kRSA+kEDH)
and specified for the command argument, the following execution results
were returned.

---
[Execution result]
opeenssl ciphers -v 'kRSA+kEDH'

ADH-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:ADH-AES128-SHA:DHE-RSA-AES
128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:DHE-DSS-RC4-SHA:EXP1024-DHE-DSS-RC4-SHA:EXP1024-RC4-
SHA:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EXP1024-RC2-CBC-MD5:EXP1024-RC4-MD5:ED
H-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC3-SHA:EDH-DS
S-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:DES-CBC3-SHA:DES-CBC-SHA:EXP-DES-CBC-SHA:IDEA-CBC-SH
A:EXP-RC2-CBC-MD5:RC4-SHA:RC4-MD5:EXP-RC4-MD5:ADH-DES-CBC3-SHA:ADH-DES-CBC-SHA:EXP-ADH-DES
-CBC-SHA:ADH-RC4-MD5:EXP-ADH-RC4-MD5:NULL-SHA:NULL-MD5:RC4-64-MD5:DES-CBC3-MD5:DES-CBC-MD5
:IDEA-CBC-MD5:RC2-CBC-MD5:EXP-RC2-CBC-MD5:RC4-MD5:EXP-RC4-MD5
---

When ciphersuite keywords of the key exchange was combined by +,
the output result was expected none because there was no ciphersuite
with which it met the requirement.

Is this correct behavior?

Thanks!

Takurou Saitou


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]