[openssl.org #709] OpenSSL-0.9.7c on Solaris

2003-09-30 Thread [EMAIL PROTECTED] via RT 

I've tried to create a package for OpenSSL-0.9.7c on Solaris (8 and 9) and have seen a 
potential problem with the man page creation.  It seems that in the man3 section the 
files EVP_MD_CTX_copy and EVP_MD_CTX_copy_ex are created as one file called 
"EVP_MD_CTX_copy EVP_MD_CTX_copy_ex.3".  I looked into the file and noticed that line 
136 reads as follows:
"EVP_MD_CTX_copy_ex EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type,"

Shouldn't there be a comma between EVP_MD_CTX_copy_ex and EVP_MD_CTX_copy?  Is this a 
Solaris related problem or a typo in the pod files?

Thanks,

Jason Czech
SCSU

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #708] request: wish the website made the terms of the license more clear

2003-09-30 Thread Jerry Asher via RT 

I am part of a project that will be using openssl and I can't find the
license anywhere.

It would be great if site and faq could make plain:

A)  The exact license
B)  How you folks would prefer redistributions take place
a)  do we need to ship source
b)  can we just include a url to openssl

Thanks,

Jerry Asher

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #707] Documentation bug (man page creation) in openssl-0.9.7c

2003-09-30 Thread Neil W Rickert via RT 

I skipped the "make report", since this is only a documentation
problem.

The system is solaris 8.  I built openssl using the Sun compiler.

Problem 1:

 The following three man pages (actually links) were created.
 However, they appear to be bogus (with a space in the names):

Modes of DES.7
EVP_MD_CTX_copy_ex EVP_MD_CTX_copy.3
UI_construct_prompt UI_add_user_data.3


Problem 2:

 One of the man pages is an infinitely recursive symlink.

lrwxrwxrwx   1 support  staff 16 Sep 30 18:08 EVP_BytesToKey.3 -> 
EVP_BytesToKey.3

 -NWR


__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #706] PATCH suuport FreeBSD amd64

2003-09-30 Thread (Dirk Meyer) via RT 


Here is a patch to support amd64 on FreeBSD

kind regards Dirk

- Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany
- [EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED]

--- config.orig Thu Mar 20 12:44:31 2003
+++ config  Sun Jul  6 04:39:01 2003
@@ -642,6 +642,7 @@
   alpha*-*-freebsd*) OUT="FreeBSD-alpha" ;;
   sparc64-*-freebsd*) OUT="FreeBSD-sparc64" ;;
   ia64-*-freebsd*) OUT="FreeBSD-ia64" ;;
+  amd64-*-freebsd*) OUT="FreeBSD-amd64" ;;
   *-freebsd[3-9]*) OUT="FreeBSD-elf" ;;
   *-freebsd[1-2]*) OUT="FreeBSD" ;;
   *86*-*-netbsd) OUT="NetBSD-x86" ;;
--- Configure.orig  Sun Sep 28 16:07:01 2003
+++ Configure   Tue Sep 30 19:52:42 2003
@@ -398,6 +398,7 @@
 "FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 
-Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::BN_LLONG ${x86_gcc_des} 
${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "FreeBSD-sparc64","gcc:-DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::-pthread 
-D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR 
DES_RISC2 
BF_PTR::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "FreeBSD-ia64","gcc:-DL_ENDIAN -DTERMIOS -O 
-fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK 
RC4_CHAR:asm/ia64-cpp.o:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"FreeBSD-amd64","gcc:-DL_ENDIAN -DTERMIOS -O 
-fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK 
RC4_CHAR::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "FreeBSD",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 
-Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
 "bsdi-gcc", "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown):::RSA_LLONG 
${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}",
 "bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 
-Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} 
${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #705] PATCH FreeBSD osver.h

2003-09-30 Thread (Dirk Meyer) via RT 


in __FreeBSD_version == 470101

when cryptodevices where added, this version was not bumped.


added: Tue Dec 17 18:15:06 2002 UTC
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/opencrypto/cryptodev.h

Version bump 470101: 2002/11/10 15:58:37
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/sys/param.h.diff?r1=1.61.2.33&r2=1.61.2.34&f=h

Use the next version bump instead 470102: 2003/01/23 21:06:48
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/sys/param.h.diff?r1=1.61.2.34&r2=1.61.2.35&f=h

kind regards Dirk

- Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany
- [EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED]

--- crypto/engine/hw_cryptodev.c.orig   Thu Jan 23 09:10:07 2003
+++ crypto/engine/hw_cryptodev.cMon Aug  4 05:39:28 2003
@@ -35,7 +35,7 @@
 
 #if (defined(__unix__) || defined(unix)) && !defined(USG)
 #include 
-# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 
50) || __FreeBSD_version >= 500041)
+# if (OpenBSD >= 200112) || ((__FreeBSD_version > 470101 && __FreeBSD_version < 
50) || __FreeBSD_version >= 500041)
 # define HAVE_CRYPTODEV
 # endif
 # if (OpenBSD >= 200110)

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #704] PATCH some manpages don't install linsk as expected

2003-09-30 Thread (Dirk Meyer) via RT 


opessl 0.9.7c RELEASE

while installing:

[...]
EVP_BytesToKey.3 => EVP_BytesToKey.3
[...]
EVP_MD_CTX_copy_ex EVP_MD_CTX_copy.3 => EVP_DigestInit.3
[...]
Modes of DES.7 => des_modes.7
[...]
UI_construct_prompt UI_add_user_data.3 => ui.3
[..]
/usr/local/man//man3/EVP_BytesToKey.3: Too many levels of symbolic links

afer patch:
EVP_MD_CTX_copy_ex.3 => EVP_DigestInit.3
EVP_MD_CTX_copy.3 => EVP_DigestInit.3
Modes_of_DES.7 => des_modes.7
UI_construct_prompt.3 => ui.3
UI_add_user_data.3 => ui.3

kind regards Dirk

- Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany
- [EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED]

--- doc/crypto/EVP_BytesToKey.pod.orig  Mon Dec  3 04:07:37 2001
+++ doc/crypto/EVP_BytesToKey.pod   Tue Sep 30 18:55:24 2003
@@ -2,7 +2,7 @@
 
 =head1 NAME
 
- EVP_BytesToKey - password based encryption routine
+EVP_BytesToKey - password based encryption routine
 
 =head1 SYNOPSIS
 
--- doc/crypto/EVP_DigestInit.pod.orig  Thu Jul 18 20:55:04 2002
+++ doc/crypto/EVP_DigestInit.pod   Tue Sep 30 18:57:18 2003
@@ -4,7 +4,7 @@
 
 EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate,
 EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE,
-EVP_MD_CTX_copy_ex EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
+EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
 EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, 
EVP_MD_CTX_type,
 EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2,
 EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj -
--- doc/crypto/des_modes.pod.orig   Tue Mar  5 16:30:13 2002
+++ doc/crypto/des_modes.podTue Sep 30 18:58:27 2003
@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-Modes of DES - the variants of DES and other crypto algorithms of OpenSSL
+Modes_of_DES - the variants of DES and other crypto algorithms of OpenSSL
 
 =head1 DESCRIPTION
 
--- doc/crypto/ui.pod.orig  Thu Oct 25 18:55:17 2001
+++ doc/crypto/ui.pod   Tue Sep 30 18:59:45 2003
@@ -5,7 +5,7 @@
 UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string,
 UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean,
 UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string,
-UI_add_error_string, UI_dup_error_string, UI_construct_prompt
+UI_add_error_string, UI_dup_error_string, UI_construct_prompt,
 UI_add_user_data, UI_get0_user_data, UI_get0_result, UI_process,
 UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method,
 UI_set_method, UI_OpenSSL, ERR_load_UI_strings - New User Interface

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [BUG?] 0.9.7c Makefile sets weird permissions

2003-09-30 Thread Richard Levitte - VMS Whacker 
In message <[EMAIL PROTECTED]> on Tue, 30 Sep 2003 20:29:41 +0200, Corinna Vinschen 
<[EMAIL PROTECTED]> said:

vinschen> Shouldn't line 837 set the permissions of the copied openssl.pc file
vinschen> instead of the permissions of the directory?
vinschen> 
vinschen>   chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc
vinschen> 
vinschen> instead of
vinschen> 
vinschen>   chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig

Right, that's a bug, and it's been corrected.

-- 
Richard Levitte   \ Tunnlandsvägen 3  \ [EMAIL PROTECTED]
[EMAIL PROTECTED]  \ S-168 36  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[BUG?] 0.9.7c Makefile sets weird permissions

2003-09-30 Thread Corinna Vinschen 
Hi,

I just tried to build 0.9.7c on Cygwin.  I got an error message when
I created the Cygwin package.  The reason was that the package creation
script failed to remove the usr/lib/pkgconfig directory after creating
the package files.  What happened is that the top level Makefile creates
a directory usr/lib/pkgconfig and then after copying the openssl.pc
file into it it sets the permissions of this directory to 644 (line 837).
This results in a error message in the util/cygwin.sh script.

Shouldn't line 837 set the permissions of the copied openssl.pc file
instead of the permissions of the directory?

  chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc

instead of

  chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig


Corinna

-- 
Corinna Vinschen
Cygwin Developer
Red Hat, Inc.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #702] Bug-report: after installation man pages have broken symlinks

2003-09-30 Thread Richard Levitte via RT 

Corrected.  Thank you.

Ticket resolved.

[EMAIL PROTECTED] - Tue Sep 30 17:36:10 2003]:

> OpenSSL version: OpenSSL 0.9.7c 30 Sep 2003
> Operating system: Solaris 9 (and any other *nix where OpenSSL library
>is
>   not compiled and packaged by the vendor)
> 
> Synopsis:
> After normal installation OpenSSL man directories contains at least
>one
> broken symlink.
> 
> How to repeat the installation bug:
> Just do the normal ./config && make && make install
> 
> After installation at least /usr/local/ssl/man/man3/EVP_BytesToKey.3
>is a
> symlink that points to itself:
> % cd /usr/local/ssl/man/man3
> % ls -l EVP_BytesToKey.3
> lrwxrwxrwx  1 root  root  16 Sep 30 17:42 EVP_BytesToKey.3 ->
>EVP_BytesToKey.3
> % ls EVP_BytesToKey.3
> ls: EVP_BytesToKey.3: Too many levels of symbolic links


-- 
Richard Levitte
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #703] man page install bugs

2003-09-30 Thread Richard Levitte via RT 

Corrected.  Thank you.

Ticket resolved.

[guest - Tue Sep 30 17:46:05 2003]:

> version: openssl-0.9.7c
> platform: linux (and probably others)
> perl: v5.8.0
> 
> There are missing commas (,) in EVP_DigestInit.pod and ui.pod, which
> leads to invalid links like "function1 function2.3" man pages.
> 
> Furthermore EVP_BytesToKey.pod before the function name, which leads
> to a link to itself (EVP_BytesToKey.3 -> EVP_BytesToKey.3), when the
> man pages are installed.
> 
> Since des_modes.pod contains whitespaces in the =head1 NAME section
> as well, an "invalid" link (i.e. "Modes of DES" -> des_modes.7) is
> created.
> 
> immediate suggested workarounds (except for the last problem):
> 
> --- openssl-0.9.7c/doc/crypto/EVP_BytesToKey.pod.orig Mon Dec  3
> 04:07:37 2001+++ openssl-0.9.7c/doc/crypto/EVP_BytesToKey.pod Tue Sep 30
> 17:22:01 2003@@ -2,7 +2,7 @@
>  
>  =head1 NAME
>  
> - EVP_BytesToKey - password based encryption routine
> +EVP_BytesToKey - password based encryption routine
>  
>  =head1 SYNOPSIS
>  
> 
> 
> --- openssl-0.9.7c/doc/crypto/EVP_DigestInit.pod.orig Thu Jul 18
> 20:55:04 2002+++ openssl-0.9.7c/doc/crypto/EVP_DigestInit.pod Tue Sep 30
> 16:48:28 2003@@ -4,7 +4,7 @@
>  
>  EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate,
>  EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy,
> EVP_MAX_MD_SIZE,
> -EVP_MD_CTX_copy_ex EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type,
> EVP_MD_size,+EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type,
> EVP_MD_pkey_type, EVP_MD_size,
>  EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size,
> EVP_MD_CTX_block_size, EVP_MD_CTX_type,
>  EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1,
> EVP_mdc2,
>  EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid,
> EVP_get_digestbyobj -
> 
> 
> 
> --- openssl-0.9.7c/doc/crypto/ui.pod.orig Thu Oct 25 18:55:17 2001
> +++ openssl-0.9.7c/doc/crypto/ui.pod  Tue Sep 30 16:57:26 2003
> @@ -5,7 +5,7 @@
>  UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string,
>  UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean,
>  UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string,
> -UI_add_error_string, UI_dup_error_string, UI_construct_prompt
> +UI_add_error_string, UI_dup_error_string, UI_construct_prompt,
>  UI_add_user_data, UI_get0_user_data, UI_get0_result, UI_process,
>  UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method,
>  UI_set_method, UI_OpenSSL, ERR_load_UI_strings - New User Interface
> 
> 
> RFE:
> man pages sources in docbook format - much easier to
> parse/convert/extract information ...

-- 
Richard Levitte
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #703] man page install bugs

2003-09-30 Thread via RT 

version: openssl-0.9.7c
platform: linux (and probably others)
perl: v5.8.0

There are missing commas (,) in EVP_DigestInit.pod and ui.pod, which
leads to invalid links like "function1 function2.3" man pages.

Furthermore EVP_BytesToKey.pod before the function name, which leads
to a link to itself (EVP_BytesToKey.3 -> EVP_BytesToKey.3), when the
man pages are installed.

Since des_modes.pod contains whitespaces in the =head1 NAME section
as well, an "invalid" link (i.e. "Modes of DES" -> des_modes.7) is
created.

immediate suggested workarounds (except for the last problem):

--- openssl-0.9.7c/doc/crypto/EVP_BytesToKey.pod.orig   Mon Dec  3
04:07:37 2001+++ openssl-0.9.7c/doc/crypto/EVP_BytesToKey.pod   Tue Sep 30
17:22:01 2003@@ -2,7 +2,7 @@
 
 =head1 NAME
 
- EVP_BytesToKey - password based encryption routine
+EVP_BytesToKey - password based encryption routine
 
 =head1 SYNOPSIS
 


--- openssl-0.9.7c/doc/crypto/EVP_DigestInit.pod.orig   Thu Jul 18
20:55:04 2002+++ openssl-0.9.7c/doc/crypto/EVP_DigestInit.pod   Tue Sep 30
16:48:28 2003@@ -4,7 +4,7 @@
 
 EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate,
 EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy,
EVP_MAX_MD_SIZE,
-EVP_MD_CTX_copy_ex EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type,
EVP_MD_size,+EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type,
EVP_MD_pkey_type, EVP_MD_size,
 EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size,
EVP_MD_CTX_block_size, EVP_MD_CTX_type,
 EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1,
EVP_mdc2,
 EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid,
EVP_get_digestbyobj -



--- openssl-0.9.7c/doc/crypto/ui.pod.orig   Thu Oct 25 18:55:17 2001
+++ openssl-0.9.7c/doc/crypto/ui.podTue Sep 30 16:57:26 2003
@@ -5,7 +5,7 @@
 UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string,
 UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean,
 UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string,
-UI_add_error_string, UI_dup_error_string, UI_construct_prompt
+UI_add_error_string, UI_dup_error_string, UI_construct_prompt,
 UI_add_user_data, UI_get0_user_data, UI_get0_result, UI_process,
 UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method,
 UI_set_method, UI_OpenSSL, ERR_load_UI_strings - New User Interface


RFE:
man pages sources in docbook format - much easier to
parse/convert/extract information ...
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #702] Bug-report: after installation man pages have broken symlinks

2003-09-30 Thread Leena Heino via RT 

OpenSSL version: OpenSSL 0.9.7c 30 Sep 2003
Operating system: Solaris 9 (and any other *nix where OpenSSL library is
  not compiled and packaged by the vendor)

Synopsis:
After normal installation OpenSSL man directories contains at least one
broken symlink.

How to repeat the installation bug:
Just do the normal ./config && make && make install

After installation at least /usr/local/ssl/man/man3/EVP_BytesToKey.3 is a
symlink that points to itself:
% cd /usr/local/ssl/man/man3
% ls -l EVP_BytesToKey.3
lrwxrwxrwx  1 root  root  16 Sep 30 17:42 EVP_BytesToKey.3 -> EVP_BytesToKey.3
% ls EVP_BytesToKey.3
ls: EVP_BytesToKey.3: Too many levels of symbolic links

-- 
  -- Leena Heino (liinu at uta.fi)

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[ANNOUNCE] OpenSSL 0.9.7c and 0.9.6k released

2003-09-30 Thread Mark J Cox 
-BEGIN PGP SIGNED MESSAGE-


  OpenSSL version 0.9.7c and 0.9.6k released
  ==

  OpenSSL - The Open Source toolkit for SSL/TLS
  http://www.openssl.org/

  The OpenSSL project team is pleased to announce the release of
  version 0.9.7c of our open source toolkit for SSL/TLS.  This new
  OpenSSL version is a security and bugfix release and incorporates
  changes and bugfixes to the toolkit (for a complete list see 
  http://www.openssl.org/source/exp/CHANGES ).

  We also release 0.9.6k, which contains the same security bugfix as
  0.9.7c and a few more small bugfixes compared to 0.9.6j.

  For more details of the security issues being fixed in this release
  please see http://www.openssl.org/news/secadv_20030930.txt

  The most significant changes are:

o Security: fix vulnerabilities in ASN.1 parsing
  CAN-2003-0543, CAN-2003-0544[0.9.7c & 0.9.6k]
o Security: fix additional vulnerability in ASN.1 parsing
  CAN-2003-0545[0.9.7c]
o Only accept a client cert if the server requests one[0.9.7c & 0.9.6k]
o Various S/MIME bug and compatibility fixes   [0.9.7c]

  We consider OpenSSL 0.9.7c to be the best version of OpenSSL available
  and we strongly recommend that users of older versions upgrade as
  soon as possible.  OpenSSL 0.9.7c is available for download via HTTP
  and FTP from the following master locations (you can find the various
  FTP mirrors under http://www.openssl.org/source/mirror.html):

o http://www.openssl.org/source/
o ftp://ftp.openssl.org/source/

  For those who want or have to stay with the 0.9.6 series of OpenSSL,
  we strongly recommend that you upgrade to OpenSSL 0.9.6k as soon as
  possible.  It's available in the same location as 0.9.7c.

  The distribution file name is:

o openssl-0.9.7c.tar.gz [normal]
  MD5 checksum: c54fb36218adaaaba01ef733cd88c8ec
o openssl-0.9.6k.tar.gz [normal]
  MD5 checksum: dee92f648a02e4a7db0507ab3d0769c6
o openssl-engine-0.9.6k.tar.gz [engine]
  MD5 checksum: 50082758f8e5b3fcf5c26bd032e1739c

  The checksums were calculated using the following command:

openssl md5 < openssl-0.9.7c.tar.gz
openssl md5 < openssl-0.9.6k.tar.gz
openssl md5 < openssl-engine-0.9.6k.tar.gz


  Yours,
  The OpenSSL Project Team...  

Mark J. Cox Ben Laurie  Andy Polyakov
Ralf S. Engelschall Richard Levitte Geoff Thorpe
Dr. Stephen Henson  Bodo Möller
Lutz JänickeUlf Möller
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)

iQCVAwUBP3mOMu6tTP1JpWPZAQF13wQApViz8Wz6dfLYAoznQ1Agauh7Hik9mQ06
Wiq0k+Jq8SkMbGlZxauNESdkG6H5g+0uXjwFv+IBIFWlrir3/5N5uzy8ex85r8Tx
CW6SOT1P7Rvo1F9dVB1R7QnKFn0GYdIn9uMzma/bzOxhKSnYfpAP2QbIkleJBL+m
87wnyI0icvA=
=7K10
-END PGP SIGNATURE-

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[OpenSSL Advisory] Vulnerabilities in ASN.1 parsing

2003-09-30 Thread Mark J Cox 
-BEGIN PGP SIGNED MESSAGE-

OpenSSL Security Advisory [30 September 2003]

Vulnerabilities in ASN.1 parsing


NISCC (www.niscc.gov.uk) prepared a test suite to check the operation
of SSL/TLS software when presented with a wide range of malformed client
certificates.

Dr Stephen Henson ([EMAIL PROTECTED]) of the OpenSSL core team
identified and prepared fixes for a number of vulnerabilities in the
OpenSSL ASN1 code when running the test suite.

A bug in OpenSSLs SSL/TLS protocol was also identified which causes
OpenSSL to parse a client certificate from an SSL/TLS client when it
should reject it as a protocol error.

Vulnerabilities
- ---

1. Certain ASN.1 encodings that are rejected as invalid by the parser
can trigger a bug in the deallocation of the corresponding data
structure, corrupting the stack. This can be used as a denial of service
attack. It is currently unknown whether this can be exploited to run
malicious code. This issue does not affect OpenSSL 0.9.6.

2. Unusual ASN.1 tag values can cause an out of bounds read under
certain circumstances, resulting in a denial of service vulnerability.

3. A malformed public key in a certificate will crash the verify code if
it is set to ignore public key decoding errors. Public key decode errors
are not normally ignored, except for debugging purposes, so this is
unlikely to affect production code. Exploitation of an affected
application would result in a denial of service vulnerability.

4. Due to an error in the SSL/TLS protocol handling, a server will parse
a client certificate when one is not specifically requested. This by
itself is not strictly speaking a vulnerability but it does mean that
*all* SSL/TLS servers that use OpenSSL can be attacked using
vulnerabilities 1, 2 and 3 even if they don't enable client authentication.

Who is affected?
- 

All versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all
versions of SSLeay are affected.

Any application that makes use of OpenSSL's ASN1 library to parse
untrusted data. This includes all SSL or TLS applications, those using
S/MIME (PKCS#7) or certificate generation routines.

Recommendations
- ---

Upgrade to OpenSSL 0.9.7c or 0.9.6k. Recompile any OpenSSL applications
statically linked to OpenSSL libraries.

References
- --

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0545 for issue 1:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545

and CAN-2003-0543 and CAN-2003-0544 for issue 2:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544

URL for this Security Advisory:
http://www.openssl.org/news/secadv_20030930.txt
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)

iQCVAwUBP3mNKu6tTP1JpWPZAQFjPwP/Y8epYBa9oCK69dCT5Y90kg9Ir8pYuv+q
x4NxuyhD5JaJfmStwbl3BUSE5juI0mh7d6yFjfI0Ci3sdC+5v10ZOanGwX7o4JlS
3pGSSocAEiYS59qciRLtFsCbBt8jIOCG8KiTmKO2mI5dhAEB9UqPH9e8A1Wy/8un
xjGKYbcITrM=
=fFTe
-END PGP SIGNATURE-



__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: BN_add_word bug

2003-09-30 Thread Nils Larsch 
Hi Geoff,

Geoff Thorpe wrote:

I understand that, and if someone else is prepared to verify and assure 
themselves that the patch is acceptable, I won't object to them 
committing it. However, I don't *like* us committing more hacks when 
there are already too many, and your bug-report and patch provided a 
I think you should at least commit the fix for BN_bn2dec as I think
BN_bn2dec should not throw a core even if the format of the bignum
is not optimal. Assume a->top == 1 and a->d[0] == 0 then
char *BN_bn2dec(const BIGNUM *a)
{

if ((t=BN_dup(a)) == NULL) goto err;
t == a
p=buf;
lp=bn_data;
if (t->neg) *(p++)='-';
if (t->top == 0)
t->top == 1
{
*(p++)='0';
*(p++)='\0';
}
else
{
i=0;
while (!BN_is_zero(t))
t == a == 0
{
*lp=BN_div_word(t,BN_DEC_CONV);
lp++;
}
lp--;
lp = bn_data - 1;
/* We now have a series of blocks, BN_DEC_NUM chars
 * in length, where the last one needs truncation.
 * The blocks need to be reversed in order. */
sprintf(p,BN_DEC_FMT1,*lp);
while (*p) p++;
while (lp != bn_data)
{
lp--;
sprintf(p,BN_DEC_FMT2,*lp);
this would produce a core dump as lp points to some unallocated
memory (note: BN_bn2hex and BN_print would simly print nothing
(== '\0') in the above case).
Another question would be if both bignum representations for '0'
should be considered legal, i.e. is {{0, 0}, 0, 2, 0, 0} the same as
{{0, 0}, 1, 2, 0, 0} (BN_is_zero returns 1 for both representations
of '0') ?
Nils

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #678] Crash in lhash code in openssl 0.9.7a

2003-09-30 Thread Mark Fontana via RT 


I stumbled across the same crashes that Philip did in crypto/err/err.c
when used in a multithreaded application.  I initially observed the
problem in 0.9.7b under Linux, but found it was much easier to
reproduce when running under the debugger of MSVC 6.0.  In particular,
I would often see a crash in ERR_clear_error() when called before
every SSL_read() or SSL_write().

I agree with Philip's analysis of the problem.  Attached is a patch
in which I've made some changes to ensure mutually exclusive access
to int_thread_lash and int_error_hash in critical areas.

I've stress-tested this version in my application for several days
continuously and have not seen any problems yet (previously, I'd
see a crash within 3-4 hours).

After examining how int_thread_hash is used (particularly in the
external ERR_* API functions (pretty much everything that uses
ERR_get_state()), I agree it simplifies things greatly to allocate
it once and leave it in place until shutdown.  Even a reference
count scheme will be problematic, given functions like
ERR_get_err_state_table().

Regarding the potential for a memory leak- I ensured int_thread_hash
is ultimately freed in ERR_free_strings().  While it's slightly
non-intuitive to do this in ERR_free_strings(), the advantage is that
existing apps already leak-tested and using ERR_free_strings() in
their cleanup sequences will remain leak-free without changes.

I just joined openssl-dev and discovered Richard has been working on
a fix as well.  I'll have a look at that now.

Mark Fontana
Electronics For Imaging


diff -ur openssl-0.9.7b/crypto/err/err.c openssl-0.9.7b-fix/crypto/err/err.c
--- openssl-0.9.7b/crypto/err/err.c Tue Feb 18 06:15:13 2003
+++ openssl-0.9.7b-fix/crypto/err/err.c Thu Sep 25 13:16:54 2003
@@ -225,6 +225,7 @@
ERR_STRING_DATA *(*cb_err_del_item)(ERR_STRING_DATA *);
/* Works on the "thread_hash" error-state table */
LHASH *(*cb_thread_get)(int create);
+   void (*cb_thread_del)(void);
ERR_STATE *(*cb_thread_get_item)(const ERR_STATE *);
ERR_STATE *(*cb_thread_set_item)(ERR_STATE *);
void (*cb_thread_del_item)(const ERR_STATE *);
@@ -239,6 +240,7 @@
 static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *);
 static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *);
 static LHASH *int_thread_get(int create);
+static void int_thread_del(void);
 static ERR_STATE *int_thread_get_item(const ERR_STATE *);
 static ERR_STATE *int_thread_set_item(ERR_STATE *);
 static void int_thread_del_item(const ERR_STATE *);
@@ -252,6 +254,7 @@
int_err_set_item,
int_err_del_item,
int_thread_get,
+   int_thread_del,
int_thread_get_item,
int_thread_set_item,
int_thread_del_item,
@@ -325,22 +328,18 @@
 
 /* The internal functions used in the "err_defaults" implementation */
 
+
+/* NOTE: CRYPTO_LOCK_ERR must be locked while calling this function */
 static LHASH *int_err_get(int create)
{
-   LHASH *ret = NULL;
-
-   CRYPTO_w_lock(CRYPTO_LOCK_ERR);
if (!int_error_hash && create)
{
CRYPTO_push_info("int_err_get (err.c)");
int_error_hash = lh_new(err_hash, err_cmp);
CRYPTO_pop_info();
}
-   if (int_error_hash)
-   ret = int_error_hash;
-   CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
 
-   return ret;
+   return int_error_hash;
}
 
 static void int_err_del(void)
@@ -356,33 +355,27 @@
 
 static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d)
{
-   ERR_STRING_DATA *p;
+   ERR_STRING_DATA *p = NULL;
LHASH *hash;
 
err_fns_check();
-   hash = ERRFN(err_get)(0);
-   if (!hash)
-   return NULL;
-
-   CRYPTO_r_lock(CRYPTO_LOCK_ERR);
-   p = (ERR_STRING_DATA *)lh_retrieve(hash, d);
-   CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+   CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+   if ((hash = ERRFN(err_get)(0)) != NULL)
+   p = (ERR_STRING_DATA *)lh_retrieve(hash, d);
+   CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
 
return p;
}
 
 static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *d)
{
-   ERR_STRING_DATA *p;
+   ERR_STRING_DATA *p = NULL;
LHASH *hash;
 
err_fns_check();
-   hash = ERRFN(err_get)(1);
-   if (!hash)
-   return NULL;
-
CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-   p = (ERR_STRING_DATA *)lh_insert(hash, d);
+   if ((hash = ERRFN(err_get)(1)) != NULL)
+   p = (ERR_STRING_DATA *)lh_insert(hash, d);
CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
 
return p;
@@ -390,67 +383,66 @@
 
 static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *d)
{
-   ERR_STRING_DATA *p;
+   ERR_STRING_DATA *p = NULL;
LHASH *hash;
 
err_fns_check();
-   hash = ERRFN(err_get)(0);
-   if (!hash)
-   return NULL;
-
CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-

Re: aes_init_key

2003-09-30 Thread Ng Siak Hooi 
ok.
I am using openssl 0.9.7b, actually I am adding the mode to test on 3DES and
AES
so I am adding 2 modes, DES-EDE3-HECTR and AES-128-HECTR ( i will exclude
the des files below)

in these files: (3des files not listed)
crypto/evp/c_allc.c,  ssl/ssl_algs.c, apps/progs.pl, crypto/aes/Makefile,
crypto/aes/aes.h
I just add what does CBC do, adding functions, prototypes, filenames,
names...

crypto/aes/aes_ectr.c (3des files not listed)
is my implementation of new mode, but currently I put all code similar to
CBC mode.

in this file crypto/evp/e_aes.c, i add these below IMPLEMENT_BLOCK_CIPHER
function calls:

IMPLEMENT_AES128_HECTR_CIPHER(aes_128, ks, AES, EVP_AES_KEY, NID_aes_128,
32, 16, 32, 256,
0, aes_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)

then in this file crypto/evp/evp_locl.h, I defined
IMPLEMENT_AES128_HECTR_CIPHER just like IMPLEMENT_BLOCK_CIPHER, but just to
add another mode, which all similar parameters,aes_128, ks, AES,
EVP_AES_KEY, NID_aes_128, aes_init_key, ...
except, I change the block size from 16 to 32, and IV from 16 to 32, and
cbit from 128 to 256. I need these in my mode.

and in crypto/objects/objects.txt , I added (actually I don't know what
these files for, just put some possible values there)
rsadsi 3 9 : DES-EDE3-HECTR : des-ede3-hecr
aes 5 : AES-128-HECTR: aes-128-hectr

similarly, in this file crypto/objects/objects.h
#define SN_des_ede3_hectr  "DES-EDE3-HECTR"
#define LN_des_ede3_hectr "des-ede3-hectr"
#define NID_des_ede3_hectr  650
#define OBJ_des_ede3_hectr OBJ_rsadsi, 3L, 9L

and this file crypto/objects/obj_mac.num, i added
des_ede3_hectr 650
aes_128_hectr 651


thanks and regards,
SH Ng


- Original Message - 
From: "Richard Levitte - VMS Whacker" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, September 30, 2003 2:34 PM
Subject: Re: aes_init_key


> Show us the code, and we might be able to answer you :-).
>
> In message <[EMAIL PROTECTED]> on Tue, 30 Sep 2003
14:34:27 +0800, "Ng Siak Hooi" <[EMAIL PROTECTED]> said:
>
> shng> I am trying to add new mode to openssl library for AES, an  enhanced
counter
> shng> mode (ECTR)
> shng> I have modified a lot of files, includes:
> shng> apps/progs.pl
> shng> crypto/evp/c_allc.c
> shng> crypto/evp/evp.h
> shng> crypto/evp/e_aes.c
> shng> crypto/aes/aes.h
> shng> crypto/aes/Makefile
> shng> ssl/ssl_algs.c
> shng> crypto/objects/objects.txt
> shng> crypto/objects/objects.h
> shng> crypto/objects/obj_mac.num
> shng>
> shng> added
> shng> crypto/aes/aes_ectr.c
> shng>
> shng> The program compiled OK.
> shng> but where I run with
> shng> ./openssl aes-128-ectr -in test -out test.out
> shng>
> shng> it gave me "Segmentation Fault"
> shng>
> shng> so I tried to figure out what is happening
> shng>
> shng> and found that it looks like doesn't call the
> shng> aes_init_key function. (crypto/evp/e_aes.c)
> shng>
> shng> I put some printf in the aes_init_key function, and it looks no
output.
> shng>
> shng> My question is:
> shng> Are there anythings that I missed to set to make it call
aes_init_key?
> shng>
> shng> thanks and regards,
> shng>
> shng> SH Ng
> shng>
> shng>
__
> shng> OpenSSL Project
http://www.openssl.org
> shng> Development Mailing List
[EMAIL PROTECTED]
> shng> Automated List Manager
[EMAIL PROTECTED]
>
>
> __ NOD32 1.521 (20030928) Information __
>
> This message was checked by NOD32 Antivirus System.
> http://www.nod32.com
>
>

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]