Re: [openssl.org #170] OpenSSLDie not exported in Win32
On Tue, Jul 30, 2002 at 06:08:46PM +0300, Arne Ansper wrote: attached is a patch for openssl-0.9.6e that removes the usage of die. please review it carefully. all changes are localized but the action i take in some places where error reporting is not possible might be little bit wrong (i.e. in ssl2_generate_key_material(). this is void function, so i cannot indicate error). Thanks for the patch. For static functions, you can safely change void into int so that you can indicate the errors properly. -- Bodo Möller [EMAIL PROTECTED] PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html * TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt * Tel. +49-6151-16-6628, Fax +49-6151-16-6036 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #170] OpenSSLDie not exported in Win32
On Tue, Jul 30, 2002 at 06:08:46PM +0300, Arne Ansper wrote: attached is a patch for openssl-0.9.6e that removes the usage of die. please review it carefully. all changes are localized but the action i take in some places where error reporting is not possible might be little bit wrong (i.e. in ssl2_generate_key_material(). this is void function, so i cannot indicate error). Thanks for the patch. For static functions, you can safely change void into int so that you can indicate the errors properly. -- Bodo Möller [EMAIL PROTECTED] PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html * TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt * Tel. +49-6151-16-6628, Fax +49-6151-16-6036 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #170] OpenSSLDie not exported in Win32
In message [EMAIL PROTECTED] on Tue, 30 Jul 2002 15:26:34 +0200 (METDST), Jeffrey Altman via RT [EMAIL PROTECTED] said: rt Need to add it to the exports list. For anyone who has the time, the fix is to move the declaration (but not the macro die()) from cryptlib.h to crypto.h, then do a make update. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #170] OpenSSLDie not exported in Win32
In message [EMAIL PROTECTED] on Tue, 30 Jul 2002 15:56:30 +0200 (CEST), Richard Levitte - VMS Whacker [EMAIL PROTECTED] said: levitte In message [EMAIL PROTECTED] on Tue, 30 Jul 2002 15:26:34 +0200 (METDST), Jeffrey Altman via RT [EMAIL PROTECTED] said: levitte levitte rt Need to add it to the exports list. levitte levitte For anyone who has the time, the fix is to move the declaration (but levitte not the macro die()) from cryptlib.h to crypto.h, then do a make levitte update. The other solution is, of course, to include crypto/cryptlib.h in the list of header files to look at, in util/mkdef.pl. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #170] OpenSSLDie not exported in Win32
On Tue, Jul 30, 2002 at 04:10:45PM +0200, Richard Levitte - VMS Whacker via RT wrote: In message [EMAIL PROTECTED] on Tue, 30 Jul 2002 15:56:30 +0200 (CEST), Richard Levitte - VMS Whacker [EMAIL PROTECTED] said: levitte In message [EMAIL PROTECTED] on Tue, 30 Jul 2002 15:26:34 +0200 (METDST), Jeffrey Altman via RT [EMAIL PROTECTED] said: levitte levitte rt Need to add it to the exports list. levitte levitte For anyone who has the time, the fix is to move the declaration (but levitte not the macro die()) from cryptlib.h to crypto.h, then do a make levitte update. The other solution is, of course, to include crypto/cryptlib.h in the list of header files to look at, in util/mkdef.pl. I looked into the second option. I am actually holding off and wait for Ben. He designed the patch, so he should know best what was meant. Best, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #170] OpenSSLDie not exported in Win32
Lutz Jaenicke via RT wrote: On Tue, Jul 30, 2002 at 04:10:45PM +0200, Richard Levitte - VMS Whacker via RT wrote: In message [EMAIL PROTECTED] on Tue, 30 Jul 2002 15:56:30 +0200 (CEST), Richard Levitte - VMS Whacker [EMAIL PROTECTED] said: levitte In message [EMAIL PROTECTED] on Tue, 30 Jul 2002 15:26:34 +0200 (METDST), Jeffrey Altman via RT [EMAIL PROTECTED] said: levitte levitte rt Need to add it to the exports list. levitte levitte For anyone who has the time, the fix is to move the declaration (but levitte not the macro die()) from cryptlib.h to crypto.h, then do a make levitte update. The other solution is, of course, to include crypto/cryptlib.h in the list of header files to look at, in util/mkdef.pl. I looked into the second option. I am actually holding off and wait for Ben. He designed the patch, so he should know best what was meant. OK, I don't understand why it needs to be exported - isn't it internal to the library? But assuming it does, I prefer the original suggestions (i.e. move the declaration of OpenSSLDie()). Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ Available for contract work. There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #170] OpenSSLDie not exported in Win32
OK, I don't understand why it needs to be exported - isn't it internal to the library? But assuming it does, I prefer the original suggestions (i.e. move the declaration of OpenSSLDie()). It needs to be exported because the function is defined in libeay32.dll and used in ssleay32.dll on Windows. Now the choices as I see it are: . export the function. which I have done in order to get the code to compile and link on Windows, or . remove the call entirely and instead simply have OpenSSL return an error to the application as is done with other length checks For example, in ssl_sess.c ssl_get_new_session() the error SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH is returned if tmp ss-session_id_length. I don't see why we need to call abort() (via die()) if s-sid_ctx_length sizeof ss-sid_ctx. Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #170] OpenSSLDie not exported in Win32
OK, I don't understand why it needs to be exported - isn't it internal to the library? But assuming it does, I prefer the original suggestions (i.e. move the declaration of OpenSSLDie()). It needs to be exported because the function is defined in libeay32.dll and used in ssleay32.dll on Windows. Now the choices as I see it are: . export the function. which I have done in order to get the code to compile and link on Windows, or . remove the call entirely and instead simply have OpenSSL return an error to the application as is done with other length checks For example, in ssl_sess.c ssl_get_new_session() the error SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH is returned if tmp ss-session_id_length. I don't see why we need to call abort() (via die()) if s-sid_ctx_length sizeof ss-sid_ctx. Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #170] OpenSSLDie not exported in Win32
On Tue, Jul 30, 2002 at 03:26:34PM +0200, Jeffrey Altman via RT wrote: Need to add it to the exports list. I just had a look into this thing. Ben designed the die() function such that it uses cryptlib.h, which is not exported. Thus the macro die() and the underlying OpenSSLDie() function are not intended as exported functions. I assume that it does not work on Win32? I have added Ben to the CCs of this ticket, as it might affect all other patches, too! Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #170] OpenSSLDie not exported in Win32
In message [EMAIL PROTECTED] on Tue, 30 Jul 2002 15:26:34 +0200 (METDST), Jeffrey Altman via RT [EMAIL PROTECTED] said: rt Need to add it to the exports list. For anyone who has the time, the fix is to move the declaration (but not the macro die()) from cryptlib.h to crypto.h, then do a make update. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #170] OpenSSLDie not exported in Win32
I have added Ben to the CCs of this ticket, as it might affect all other patches, too! btw, i'm in process of rewriting the patches to not use die at all. openssl-0.9.5a is almost ready. arne __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #170] OpenSSLDie not exported in Win32
rt Need to add it to the exports list. For anyone who has the time, the fix is to move the declaration (but not the macro die()) from cryptlib.h to crypto.h, then do a make update. And this will auto-generate the entry for util/libeay.num ? Cool. Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #170] OpenSSLDie not exported in Win32
btw, i'm in process of rewriting the patches to not use die at all. openssl-0.9.5a is almost ready. i started with openssl-0.9.6e instead. attached is a patch for openssl-0.9.6e that removes the usage of die. please review it carefully. all changes are localized but the action i take in some places where error reporting is not possible might be little bit wrong (i.e. in ssl2_generate_key_material(). this is void function, so i cannot indicate error). the conditions are taken directly from calls to die, but they are negated. i did not want to rewrite them in order to avoid errors. arne nodie Description: Binary data
Re: [openssl.org #170] OpenSSLDie not exported in Win32
jaltman Now the choices as I see it are: jaltman jaltman . export the function. which I have done in order to get the jaltmancode to compile and link on Windows, or jaltman jaltman . remove the call entirely and instead simply have OpenSSL return jaltmanan error to the application as is done with other length checks jaltman jaltman For example, in ssl_sess.c ssl_get_new_session() the error jaltman SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH is returned if tmp jaltman ss-session_id_length. I don't see why we need to call abort() (via jaltman die()) if s-sid_ctx_length sizeof ss-sid_ctx. I believe it was done this way because time was too short to explore what cases one should die at and what cases one should not, including the ramifications of returning an error instead of using the biggest canon available. The possible threasts are serious, and at least in a hopefully short amount of time, we will look at those die() statements and deal with them in any way that seems appropriate. At this moment, it was more important to kill the possible holes quickly and swiftly rather than spend time being kind to the applications. My 2 cents, others may have a different opinion. That is fine. So the patches are out and already need to be replaced since they do not compile on two major platforms. The primary concern was to get notification out and patches that stop the attacks. That has been done. Arne has mentioned that he is working on alternate patches. All of the functions in which die() was inserted already return errors when comparing buffer lengths except for: s2_clnt.c client_finished() s2_lib.c ssl2_generate_key_material() s2_lib.c ssl2_write_error() s2_srvr.c server_verify() s2_srvr.c server_finished() of these, client_finished() is safe to return an error value 0 ssl2_generate_key_material() is void and so needs to have its interface changed in order to return an error. It is only called from ssl2_enc_init(). ssl2_enc_init() already returns error conditions. ssl2_write_error() is void. It is called from ssl2_return_error() which is also void and from ssl2_write() which is already returning errors to the caller. ssl2_return_error() is always called from locations that are already in the process of returning errors to the caller. server_verify() is safe to return an error value 0 server_finish() is safe to return an error value 0 So it seems that we should be able to safely return errors from all of them with minor interface changes to two functions. (void - int) Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #170] OpenSSLDie not exported in Win32
In message [EMAIL PROTECTED] on Tue, 30 Jul 2002 15:49:00 +0100, Ben Laurie [EMAIL PROTECTED] said: ben OK, I don't understand why it needs to be exported - isn't it internal ben to the library? But assuming it does, I prefer the original suggestions ben (i.e. move the declaration of OpenSSLDie()). It's for Windows and VMS. Unless a function is defined static, it's implicitely an exported function. For shared libraries (DLL's on Windows, shareable image on VMS), these need to have entry points in a transfer vector (at least, that true for VMS on VAX, I'm guessing it's the same for the rest of them), and to make sure nothing is changed by an upgrade, they need to be ordered the same between versions, and new functions are to be added at the end (hence the numbers they get assigned, and the importance that any update is kept consistent). Now, if the linker (at least on VMS for VAX) finds an exported symbol that doesn't have a defined slot in the transfer vector, it can't guess the intent, and will issue a warning at least, and probably an error, since it can't know if it's intended to be called from the outside or not. Welcome to the diversity of shared library technologies :-). -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #170] OpenSSLDie not exported in Win32
In message [EMAIL PROTECTED] on Tue, 30 Jul 2002 15:49:00 +0100, Ben Laurie [EMAIL PROTECTED] said: ben OK, I don't understand why it needs to be exported - isn't it internal ben to the library? But assuming it does, I prefer the original suggestions ben (i.e. move the declaration of OpenSSLDie()). It's for Windows and VMS. Unless a function is defined static, it's implicitely an exported function. For shared libraries (DLL's on Windows, shareable image on VMS), these need to have entry points in a transfer vector (at least, that true for VMS on VAX, I'm guessing it's the same for the rest of them), and to make sure nothing is changed by an upgrade, they need to be ordered the same between versions, and new functions are to be added at the end (hence the numbers they get assigned, and the importance that any update is kept consistent). Now, if the linker (at least on VMS for VAX) finds an exported symbol that doesn't have a defined slot in the transfer vector, it can't guess the intent, and will issue a warning at least, and probably an error, since it can't know if it's intended to be called from the outside or not. Welcome to the diversity of shared library technologies :-). -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #170] OpenSSLDie not exported in Win32
In message [EMAIL PROTECTED] on Tue, 30 Jul 2002 10:56:29 EDT, Jeffrey Altman [EMAIL PROTECTED] said: jaltman jaltman OK, I don't understand why it needs to be exported - isn't it internal jaltman to the library? But assuming it does, I prefer the original suggestions jaltman (i.e. move the declaration of OpenSSLDie()). jaltman jaltman It needs to be exported because the function is defined in jaltman libeay32.dll and used in ssleay32.dll on Windows. jaltman jaltman Now the choices as I see it are: jaltman jaltman . export the function. which I have done in order to get the jaltmancode to compile and link on Windows, or jaltman jaltman . remove the call entirely and instead simply have OpenSSL return jaltmanan error to the application as is done with other length checks jaltman jaltman For example, in ssl_sess.c ssl_get_new_session() the error jaltman SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH is returned if tmp jaltman ss-session_id_length. I don't see why we need to call abort() (via jaltman die()) if s-sid_ctx_length sizeof ss-sid_ctx. I believe it was done this way because time was too short to explore what cases one should die at and what cases one should not, including the ramifications of returning an error instead of using the biggest canon available. The possible threasts are serious, and at least in a hopefully short amount of time, we will look at those die() statements and deal with them in any way that seems appropriate. At this moment, it was more important to kill the possible holes quickly and swiftly rather than spend time being kind to the applications. My 2 cents, others may have a different opinion. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #170] OpenSSLDie not exported in Win32
In message [EMAIL PROTECTED] on Tue, 30 Jul 2002 10:56:29 EDT, Jeffrey Altman [EMAIL PROTECTED] said: jaltman jaltman OK, I don't understand why it needs to be exported - isn't it internal jaltman to the library? But assuming it does, I prefer the original suggestions jaltman (i.e. move the declaration of OpenSSLDie()). jaltman jaltman It needs to be exported because the function is defined in jaltman libeay32.dll and used in ssleay32.dll on Windows. jaltman jaltman Now the choices as I see it are: jaltman jaltman . export the function. which I have done in order to get the jaltmancode to compile and link on Windows, or jaltman jaltman . remove the call entirely and instead simply have OpenSSL return jaltmanan error to the application as is done with other length checks jaltman jaltman For example, in ssl_sess.c ssl_get_new_session() the error jaltman SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH is returned if tmp jaltman ss-session_id_length. I don't see why we need to call abort() (via jaltman die()) if s-sid_ctx_length sizeof ss-sid_ctx. I believe it was done this way because time was too short to explore what cases one should die at and what cases one should not, including the ramifications of returning an error instead of using the biggest canon available. The possible threasts are serious, and at least in a hopefully short amount of time, we will look at those die() statements and deal with them in any way that seems appropriate. At this moment, it was more important to kill the possible holes quickly and swiftly rather than spend time being kind to the applications. My 2 cents, others may have a different opinion. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #170] OpenSSLDie not exported in Win32
jaltman Now the choices as I see it are: jaltman jaltman . export the function. which I have done in order to get the jaltmancode to compile and link on Windows, or jaltman jaltman . remove the call entirely and instead simply have OpenSSL return jaltmanan error to the application as is done with other length checks jaltman jaltman For example, in ssl_sess.c ssl_get_new_session() the error jaltman SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH is returned if tmp jaltman ss-session_id_length. I don't see why we need to call abort() (via jaltman die()) if s-sid_ctx_length sizeof ss-sid_ctx. I believe it was done this way because time was too short to explore what cases one should die at and what cases one should not, including the ramifications of returning an error instead of using the biggest canon available. The possible threasts are serious, and at least in a hopefully short amount of time, we will look at those die() statements and deal with them in any way that seems appropriate. At this moment, it was more important to kill the possible holes quickly and swiftly rather than spend time being kind to the applications. My 2 cents, others may have a different opinion. That is fine. So the patches are out and already need to be replaced since they do not compile on two major platforms. The primary concern was to get notification out and patches that stop the attacks. That has been done. Arne has mentioned that he is working on alternate patches. All of the functions in which die() was inserted already return errors when comparing buffer lengths except for: s2_clnt.c client_finished() s2_lib.c ssl2_generate_key_material() s2_lib.c ssl2_write_error() s2_srvr.c server_verify() s2_srvr.c server_finished() of these, client_finished() is safe to return an error value 0 ssl2_generate_key_material() is void and so needs to have its interface changed in order to return an error. It is only called from ssl2_enc_init(). ssl2_enc_init() already returns error conditions. ssl2_write_error() is void. It is called from ssl2_return_error() which is also void and from ssl2_write() which is already returning errors to the caller. ssl2_return_error() is always called from locations that are already in the process of returning errors to the caller. server_verify() is safe to return an error value 0 server_finish() is safe to return an error value 0 So it seems that we should be able to safely return errors from all of them with minor interface changes to two functions. (void - int) Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #170] OpenSSLDie not exported in Win32
Lutz Jaenicke via RT wrote: On Tue, Jul 30, 2002 at 04:10:45PM +0200, Richard Levitte - VMS Whacker via RT wrote: In message [EMAIL PROTECTED] on Tue, 30 Jul 2002 15:56:30 +0200 (CEST), Richard Levitte - VMS Whacker [EMAIL PROTECTED] said: levitte In message [EMAIL PROTECTED] on Tue, 30 Jul 2002 15:26:34 +0200 (METDST), Jeffrey Altman via RT [EMAIL PROTECTED] said: levitte levitte rt Need to add it to the exports list. levitte levitte For anyone who has the time, the fix is to move the declaration (but levitte not the macro die()) from cryptlib.h to crypto.h, then do a make levitte update. The other solution is, of course, to include crypto/cryptlib.h in the list of header files to look at, in util/mkdef.pl. I looked into the second option. I am actually holding off and wait for Ben. He designed the patch, so he should know best what was meant. OK, I don't understand why it needs to be exported - isn't it internal to the library? But assuming it does, I prefer the original suggestions (i.e. move the declaration of OpenSSLDie()). Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ Available for contract work. There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #170] OpenSSLDie not exported in Win32
In message [EMAIL PROTECTED] on Tue, 30 Jul 2002 11:31:17 EDT, Jeffrey Altman [EMAIL PROTECTED] said: jaltman since they do not compile on two major platforms. On VMS, creating OpenSSL shared libraries is not the norm yet, so it'll build fine :-). -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #170] OpenSSLDie not exported in Win32
In message [EMAIL PROTECTED] on Tue, 30 Jul 2002 16:16:50 EDT, Jeffrey Altman [EMAIL PROTECTED] said: jaltman fine. shared libraries won't work on two major platforms. jaltman One of which where it is the norm. I'm not arguing that. jaltman the other bug I submitted this morning prevents the 0.9.7 patch from jaltman compiling on any platform. That's quite true. It has however been fixed by now. I assume we will see a beta 4 rather soon. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #170] OpenSSLDie not exported in Win32
In message [EMAIL PROTECTED] on Tue, 30 Jul 2002 11:31:17 EDT, Jeffrey Altman [EMAIL PROTECTED] said: jaltman since they do not compile on two major platforms. On VMS, creating OpenSSL shared libraries is not the norm yet, so it'll build fine :-). fine. shared libraries won't work on two major platforms. One of which where it is the norm. the other bug I submitted this morning prevents the 0.9.7 patch from compiling on any platform. --- in case you hadn't heard Kermit 95 was granted a mass market export license including OpenSSL 0.9.7 and the full MIT Kerberos for Windows distribution. Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #170] OpenSSLDie not exported in Win32
In message [EMAIL PROTECTED] on Tue, 30 Jul 2002 11:31:17 EDT, Jeffrey Altman [EMAIL PROTECTED] said: jaltman since they do not compile on two major platforms. On VMS, creating OpenSSL shared libraries is not the norm yet, so it'll build fine :-). fine. shared libraries won't work on two major platforms. One of which where it is the norm. the other bug I submitted this morning prevents the 0.9.7 patch from compiling on any platform. --- in case you hadn't heard Kermit 95 was granted a mass market export license including OpenSSL 0.9.7 and the full MIT Kerberos for Windows distribution. Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]