Re: PATCH: Elimination of unused 10k stack variable

[David Schwartz]

For what it's worth, here are all the functions with over 4Kb of stack usage 
(at least, the way I compiled/analyzed it) for OpenSSL-0.9.6c.

4108 PKCS7_decrypt
4124 SMIME_text
4236 PKCS7_verify
4252 PKCS12_pbe_crypt
4268 PKCS12_decrypt_d2i
4268 PKCS12_i2d_encrypt
4380 PKCS5_pbe2_set
4764 d2i_RSA_NET_2
4780 i2d_RSA_NET
5276 PEM_X509_INFO_write_bio
5308 PEM_do_header
5356 PEM_ASN1_write_bio
8192 des_read_pw_string
8204 probable_prime
10284 BIO_vprintf
16412 des_read_2passwords
16412 des_read_password

For a multithreaded program, I consider 4Kb to be reasonable provided the 
call depth is not expected to be unusually large. 8Kb is reasonable so long 
as the function is shallow (not called from within the library except by a 
thin wrapper and doesn't call deeply into the library). More than 8kb is not 
reasonable, IMO.

-- 
David Schwartz
<[EMAIL PROTECTED]>



__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #27] AutoReply: Legalizing OpenSSL in France

[OpenSSL-Bugs]

   Greetings,
This message has been automatically generated in response to the
creation of a trouble ticket regarding:
"Legalizing OpenSSL in France", 
a summary of which appears below.

There is no need to reply to this message right now.  Your ticket has been
assigned an ID of [openssl.org #27].

Please include the string:

 [openssl.org #27]

in the subject line of all future correspondence about this issue. To do so, 
you may reply to this message.

Thank you,


-

Hi,

In France each cryptographic software must be declared to a
government agency (DCSSI, see http://france.fsfeurope.org/dcssi/dcssi.fr.html
for more information in french). 

In order to complete this declaration, we need to fill a short
technical form. Could someone with intimate OpenSSL knowledge fill it for
us in english ? You'll find a english translation of the form at:

http://france.fsfeurope.org/dcssi/arrete-17-mars-1999.en.html

and the technical form filled for GnuPG, also available in english
will give you an idea of the answers expected.

http://france.fsfeurope.org/dcssi/gnupg.en.html

Thanks in advance,

-- 
Loic   Dachary http://www.dachary.org/  [EMAIL PROTECTED]
12 bd  Magenta http://www.senga.org/  [EMAIL PROTECTED]
75010Paris T: 33 1 42 45 07 97  [EMAIL PROTECTED]
GPG Public Key: http://www.dachary.org/loic/gpg.txt
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #26] 64 bit Suse Linux on PowerPC

[Lutz Jaenicke via RT]

[[EMAIL PROTECTED] - Thu May  9 22:13:32 2002]:

> I am trying to compile on a 64 bit Suse sles7 powerpc system.
> the error message indicates
> 
> -m486
> 
> is an invalid compiler parameter. Anyone know the parameters I need to
give
> ./config to
> get it to work for 64 bit Suse on a powerpc
> 
> below are the results from running ./config without parameters and the
> results from running the make command.

> Operating system: ppc64-whatever-linux2
> Configuring for linux-elf

Obviously "config" mistakenly selects the "linux-elf" target that is
used for x86 platforms. (This is a bug that has to be fixed.)

Configure also contains an entry for "linux-ppc", I however don't know
whether it is suitable for 64bit PowerPC.
Please try "Configure linux-ppc" directly instead of calling "config"
and keep us updated, whether it works out.

Best regards,
Lutz
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #26] 64 bit Suse Linux on PowerPC

[Tim Rice]

On Thu, 9 May 2002,  John Bihlmeyer  via RT wrote:

>
> Hello to all,
> I am trying to compile on a 64 bit Suse sles7 powerpc system.
> the error message indicates
>
> -m486
>
> is an invalid compiler parameter. Anyone know the parameters I need to give
> ./config to
> get it to work for 64 bit Suse on a powerpc
>
> below are the results from running ./config without parameters and the
> results from running the make command.
> Thanks for all your help
> John
>
> running ./config  gave me the
> following:::
> Operating system: ppc64-whatever-linux2
> Configuring for linux-elf
> Configuring for linux-elf
  ^
That will not work for you.

Try ./Configure linux-ppc


-- 
Tim RiceMultitalents(707) 887-1469
[EMAIL PROTECTED]


__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: PATCH: Elimination of unused 10k stack variable

[Richard Levitte - VMS Whacker]

In message <[EMAIL PROTECTED]> on Thu, 09 May 2002 14:06:26 
-0600, "Verdon Walker" <[EMAIL PROTECTED]> said:

VWalker> make the buffer allocated on the stack a more reasonable size
VWalker> - say 1 or 2k.

For everyone's info, I just decided to do exactly that.  The buffer in
question has diminished to 2k (for those who like to see it in
screens, that's a little more than 25 lines on a 80-column display,
which is a screenful on a "normal" terminal.  I don't print that much
in one go very often :-)).

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #26] 64 bit Suse Linux on PowerPC

Hello to all,
I am trying to compile on a 64 bit Suse sles7 powerpc system.
the error message indicates

-m486

is an invalid compiler parameter. Anyone know the parameters I need to give
./config to
get it to work for 64 bit Suse on a powerpc

below are the results from running ./config without parameters and the
results from running the make command.
Thanks for all your help
John

running ./config  gave me the
following:::
Operating system: ppc64-whatever-linux2
Configuring for linux-elf
Configuring for linux-elf
IsWindows=0
CC=gcc
CFLAG =-fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H
-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -DSHA1_ASM
-DMD5_ASM -DRMD160_ASM
EX_LIBS   =-ldl
BN_ASM=asm/bn86-elf.o asm/co86-elf.o
DES_ENC   =asm/dx86-elf.o asm/yx86-elf.o
BF_ENC=asm/bx86-elf.o
CAST_ENC  =asm/cx86-elf.o
RC4_ENC   =asm/rx86-elf.o
RC5_ENC   =asm/r586-elf.o
MD5_OBJ_ASM   =asm/mx86-elf.o
SHA1_OBJ_ASM  =asm/sx86-elf.o
RMD160_OBJ_ASM=asm/rm86-elf.o
PROCESSOR =
RANLIB=/usr/bin/ranlib
PERL  =/usr/bin/perl
THIRTY_TWO_BIT mode
DES_PTR used
DES_RISC1 used
DES_UNROLL used
BN_LLONG mode
RC4_INDEX mode
RC4_CHUNK is undefined
Makefile => Makefile.ssl
e_os.h => include/openssl/e_os.h [File exists]
e_os2.h => include/openssl/e_os2.h [File exists]
making links in crypto...
make[1]: Entering directory `/work/icccode/openssl-0.9.6c/crypto'
Makefile => Makefile.ssl
crypto.h => ../include/openssl/crypto.h [File exists]
tmdiff.h => ../include/openssl/tmdiff.h [File exists]
opensslv.h => ../include/openssl/opensslv.h [File exists]
opensslconf.h => ../include/openssl/opensslconf.h [File exists]
ebcdic.h => ../include/openssl/ebcdic.h [File exists]
symhacks.h => ../include/openssl/symhacks.h [File exists]
Makefile => Makefile.ssl
making links in crypto/md2...
make[2]: Entering directory `/work/icccode/openssl-0.9.6c/crypto/md2'
Makefile => Makefile.ssl
md2.h => ../../include/openssl/md2.h [File exists]
md2test.c => ../../test/md2test.c [File exists]
make[2]: Leaving directory `/work/icccode/openssl-0.9.6c/crypto/md2'
making links in crypto/md4...
make[2]: Entering directory `/work/icccode/openssl-0.9.6c/crypto/md4'
Makefile => Makefile.ssl
md4.h => ../../include/openssl/md4.h [File exists]
md4test.c => ../../test/md4test.c [File exists]
md4.c => ../../apps/md4.c [File exists]
make[2]: Leaving directory `/work/icccode/openssl-0.9.6c/crypto/md4'
making links in crypto/md5...
make[2]: Entering directory `/work/icccode/openssl-0.9.6c/crypto/md5'
Makefile => Makefile.ssl
md5.h => ../../include/openssl/md5.h [File exists]
md5test.c => ../../test/md5test.c [File exists]
make[2]: Leaving directory `/work/icccode/openssl-0.9.6c/crypto/md5'
making links in crypto/sha...
make[2]: Entering directory `/work/icccode/openssl-0.9.6c/crypto/sha'
Makefile => Makefile.ssl
sha.h => ../../include/openssl/sha.h [File exists]
shatest.c => ../../test/shatest.c [File exists]
sha1test.c => ../../test/sha1test.c [File exists]
make[2]: Leaving directory `/work/icccode/openssl-0.9.6c/crypto/sha'
making links in crypto/mdc2...
make[2]: Entering directory `/work/icccode/openssl-0.9.6c/crypto/mdc2'
Makefile => Makefile.ssl
mdc2.h => ../../include/openssl/mdc2.h [File exists]
mdc2test.c => ../../test/mdc2test.c [File exists]
make[2]: Leaving directory `/work/icccode/openssl-0.9.6c/crypto/mdc2'
making links in crypto/hmac...
make[2]: Entering directory `/work/icccode/openssl-0.9.6c/crypto/hmac'
Makefile => Makefile.ssl
hmac.h => ../../include/openssl/hmac.h [File exists]
hmactest.c => ../../test/hmactest.c [File exists]
make[2]: Leaving directory `/work/icccode/openssl-0.9.6c/crypto/hmac'
making links in crypto/ripemd...
make[2]: Entering directory `/work/icccode/openssl-0.9.6c/crypto/ripemd'
Makefile => Makefile.ssl
ripemd.h => ../../include/openssl/ripemd.h [File exists]
rmdtest.c => ../../test/rmdtest.c [File exists]
make[2]: Leaving directory `/work/icccode/openssl-0.9.6c/crypto/ripemd'
making links in crypto/des...
make[2]: Entering directory `/work/icccode/openssl-0.9.6c/crypto/des'
Makefile => Makefile.ssl
asm/perlasm => ../../perlasm
des.h => ../../include/openssl/des.h [File exists]
destest.c => ../../test/destest.c [File exists]
make[2]: Leaving directory `/work/icccode/openssl-0.9.6c/crypto/des'
making links in crypto/rc2...
make[2]: Entering directory `/work/icccode/openssl-0.9.6c/crypto/rc2'
Makefile => Makefile.ssl
rc2.h => ../../include/openssl/rc2.h [File exists]
rc2test.c => ../../test/rc2test.c [File exists]
make[2]: Leaving directory `/work/icccode/openssl-0.9.6c/crypto/rc2'
making links in crypto/rc4...
make[2]: Entering directory `/work/icccode/openssl-0.9.6c/crypto/rc4'
Makefile => Makefile.ssl
rc4.h => ../../include/openssl/rc4.h [File exists]
rc4test.c => ../../test/rc4test.c [File exists]
make[2]: Leaving directory `/work/icccode/openssl-0.9.6c/crypto/rc4'
making links in crypto/rc5...
make[2

Re: PATCH: Elimination of unused 10k stack variable

[Verdon Walker]

It is always painful to admit when you are wrong, but hopefully I will
save at least some face by doing it now. You are correct that the static
buffer is used and dynamic buffer is only used when the static buffer
runs out of space.

In my defense, I did post an inquiry about the code before submitting a
patch.

In any case, my problem is a real one. I did crash because of using too
much stack (not a stack "overrun" as I misstated). I can increase the
size of the application stack in this particular case, but that seems
like a bandaid since I can not guarantee the stack size of every
application that might call into this library. A 10240 byte stack
variable does seems rather large in any case so I respectfully withdraw
my patch from consideration and ask instead that a change be made to
make the buffer allocated on the stack a more reasonable size - say 1 or
2k.

Thanks for your feedback and for correcting my misunderstanding.

Verdon

>>> [EMAIL PROTECTED] 05/09/02 12:15PM >>>
In message <[EMAIL PROTECTED]> on Wed, 08 May
2002 17:31:41 -0600, "Verdon Walker" <[EMAIL PROTECTED]> said:

VWalker> This patch fixes the routine BIO_vprintf in
VWalker> crypto\bio\b_print.c so that no longer allocates a 10k buffer
VWalker> on the stack that is never really used.

I just looked at the code, and I have a hard time seeing why the
stack-allocated buffer would never be used.  Please note that any heap
allocation will be made only when *currlen gets larger than or equal
to *maxlen.  When the static buffer is passed, it's size (10240) is
also passed, so allocation of the dynamic buffer will only happen when
that functionality is desired (by passing the appropriate pointer) and
the calling function is about to overflow the static buffer.

At least, this is what I can conclude by looking at the code.  If
you're of a different opinion on how it works, please show me.

I entirely agree with the move of the assert() in doapr_outch(), and
will apply that part immediately.  I'll think about the rest.

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED] 
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] 
Member of the OpenSSL development team: http://www.openssl.org/ 

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org

Development Mailing List   [EMAIL PROTECTED]

Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #19] INSTALL_PREFIX ignored

[Bryan Henderson]

>> The main make file does not use INSTALL_PREFIX in installing some of
>> the files in OPENSSLDIR.

>I'm probably blind...  I'm looking at the current development branch 
>(0.9.8-dev) and can't see where the use of INSTALL_PREFIX is missing.

It was pretty obvious to me when I reported the problem, or I would have
given more detail.  But I don't see it at all now and can't reproduce the
problem.

It took me several tries to get all the paths right (hence my
suggestion about making less dependence on, or at least more
information about, compiled-in paths), and maybe along the way I got
lost or screwed something up.

-- 
Bryan HendersonPhone 408-621-2000
San Jose, California
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #8] EVP_SealFinal declared void while the docu states it returns int

[Richard Levitte via RT]

[[EMAIL PROTECTED] - Thu Apr 25 16:16:02 2002]:

> Is this the expected behaviour ? Either way one must be fixed :)
> Btw EVP_OpenFinal does exactly what EVP_SealFinal does and adds to
> this the return value...

Hmm, I think Steve should answer this one.  Personally, I think this 
shows a certain inconsistency in the EVP, I see quite a lot of 
variantion in return types depending on which EVP_*Init, EVP_*Update 
and EVP_*Final you look at...

-- 
Richard Levitte
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: PATCH: Elimination of unused 10k stack variable

[Richard Levitte - VMS Whacker]

In message <[EMAIL PROTECTED]> on Wed, 08 May 2002 17:31:41 
-0600, "Verdon Walker" <[EMAIL PROTECTED]> said:

VWalker> This patch fixes the routine BIO_vprintf in
VWalker> crypto\bio\b_print.c so that no longer allocates a 10k buffer
VWalker> on the stack that is never really used.

I just looked at the code, and I have a hard time seeing why the
stack-allocated buffer would never be used.  Please note that any heap
allocation will be made only when *currlen gets larger than or equal
to *maxlen.  When the static buffer is passed, it's size (10240) is
also passed, so allocation of the dynamic buffer will only happen when
that functionality is desired (by passing the appropriate pointer) and
the calling function is about to overflow the static buffer.

At least, this is what I can conclude by looking at the code.  If
you're of a different opinion on how it works, please show me.

I entirely agree with the move of the assert() in doapr_outch(), and
will apply that part immediately.  I'll think about the rest.

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]