aes_init_key
I am trying to add new mode to openssl library for AES, an enhanced counter mode (ECTR) I have modified a lot of files, includes: apps/progs.pl crypto/evp/c_allc.c crypto/evp/evp.h crypto/evp/e_aes.c crypto/aes/aes.h crypto/aes/aes_hectr.c crypto/aes/Makefile ssl/ssl_algs.c crypto/objects/objects.txt crypto/objects/objects.h crypto/objects/obj_mac.num added crypto/aes/aes_ectr.c The program compiled OK. but where I run with ./openssl aes-128-ectr -in test -out test.out it gave me Segmentation Fault so I tried to figure out what is happening and found that it looks like doesn't call the aes_init_key function. (crypto/evp/e_aes.c) I put some printf in the aes_init_key function, and it looks no output. My question is: Are there anythings that I missed to set to make it call aes_init_key? thanks and regards, SH Ng __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: aes_init_key
Show us the code, and we might be able to answer you :-). In message [EMAIL PROTECTED] on Tue, 30 Sep 2003 14:34:27 +0800, Ng Siak Hooi [EMAIL PROTECTED] said: shng I am trying to add new mode to openssl library for AES, an enhanced counter shng mode (ECTR) shng I have modified a lot of files, includes: shng apps/progs.pl shng crypto/evp/c_allc.c shng crypto/evp/evp.h shng crypto/evp/e_aes.c shng crypto/aes/aes.h shng crypto/aes/aes_hectr.c shng crypto/aes/Makefile shng ssl/ssl_algs.c shng crypto/objects/objects.txt shng crypto/objects/objects.h shng crypto/objects/obj_mac.num shng shng added shng crypto/aes/aes_ectr.c shng shng The program compiled OK. shng but where I run with shng ./openssl aes-128-ectr -in test -out test.out shng shng it gave me Segmentation Fault shng shng so I tried to figure out what is happening shng shng and found that it looks like doesn't call the shng aes_init_key function. (crypto/evp/e_aes.c) shng shng I put some printf in the aes_init_key function, and it looks no output. shng shng My question is: shng Are there anythings that I missed to set to make it call aes_init_key? shng shng thanks and regards, shng shng SH Ng shng shng __ shng OpenSSL Project http://www.openssl.org shng Development Mailing List [EMAIL PROTECTED] shng Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: aes_init_key
ok. I am using openssl 0.9.7b, actually I am adding the mode to test on 3DES and AES so I am adding 2 modes, DES-EDE3-HECTR and AES-128-HECTR ( i will exclude the des files below) in these files: (3des files not listed) crypto/evp/c_allc.c, ssl/ssl_algs.c, apps/progs.pl, crypto/aes/Makefile, crypto/aes/aes.h I just add what does CBC do, adding functions, prototypes, filenames, names... crypto/aes/aes_ectr.c (3des files not listed) is my implementation of new mode, but currently I put all code similar to CBC mode. in this file crypto/evp/e_aes.c, i add these below IMPLEMENT_BLOCK_CIPHER function calls: IMPLEMENT_AES128_HECTR_CIPHER(aes_128, ks, AES, EVP_AES_KEY, NID_aes_128, 32, 16, 32, 256, 0, aes_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) then in this file crypto/evp/evp_locl.h, I defined IMPLEMENT_AES128_HECTR_CIPHER just like IMPLEMENT_BLOCK_CIPHER, but just to add another mode, which all similar parameters,aes_128, ks, AES, EVP_AES_KEY, NID_aes_128, aes_init_key, ... except, I change the block size from 16 to 32, and IV from 16 to 32, and cbit from 128 to 256. I need these in my mode. and in crypto/objects/objects.txt , I added (actually I don't know what these files for, just put some possible values there) rsadsi 3 9 : DES-EDE3-HECTR : des-ede3-hecr aes 5 : AES-128-HECTR: aes-128-hectr similarly, in this file crypto/objects/objects.h #define SN_des_ede3_hectr DES-EDE3-HECTR #define LN_des_ede3_hectr des-ede3-hectr #define NID_des_ede3_hectr 650 #define OBJ_des_ede3_hectr OBJ_rsadsi, 3L, 9L and this file crypto/objects/obj_mac.num, i added des_ede3_hectr 650 aes_128_hectr 651 thanks and regards, SH Ng - Original Message - From: Richard Levitte - VMS Whacker [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, September 30, 2003 2:34 PM Subject: Re: aes_init_key Show us the code, and we might be able to answer you :-). In message [EMAIL PROTECTED] on Tue, 30 Sep 2003 14:34:27 +0800, Ng Siak Hooi [EMAIL PROTECTED] said: shng I am trying to add new mode to openssl library for AES, an enhanced counter shng mode (ECTR) shng I have modified a lot of files, includes: shng apps/progs.pl shng crypto/evp/c_allc.c shng crypto/evp/evp.h shng crypto/evp/e_aes.c shng crypto/aes/aes.h shng crypto/aes/Makefile shng ssl/ssl_algs.c shng crypto/objects/objects.txt shng crypto/objects/objects.h shng crypto/objects/obj_mac.num shng shng added shng crypto/aes/aes_ectr.c shng shng The program compiled OK. shng but where I run with shng ./openssl aes-128-ectr -in test -out test.out shng shng it gave me Segmentation Fault shng shng so I tried to figure out what is happening shng shng and found that it looks like doesn't call the shng aes_init_key function. (crypto/evp/e_aes.c) shng shng I put some printf in the aes_init_key function, and it looks no output. shng shng My question is: shng Are there anythings that I missed to set to make it call aes_init_key? shng shng thanks and regards, shng shng SH Ng shng shng __ shng OpenSSL Project http://www.openssl.org shng Development Mailing List [EMAIL PROTECTED] shng Automated List Manager [EMAIL PROTECTED] __ NOD32 1.521 (20030928) Information __ This message was checked by NOD32 Antivirus System. http://www.nod32.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #678] Crash in lhash code in openssl 0.9.7a
I stumbled across the same crashes that Philip did in crypto/err/err.c when used in a multithreaded application. I initially observed the problem in 0.9.7b under Linux, but found it was much easier to reproduce when running under the debugger of MSVC 6.0. In particular, I would often see a crash in ERR_clear_error() when called before every SSL_read() or SSL_write(). I agree with Philip's analysis of the problem. Attached is a patch in which I've made some changes to ensure mutually exclusive access to int_thread_lash and int_error_hash in critical areas. I've stress-tested this version in my application for several days continuously and have not seen any problems yet (previously, I'd see a crash within 3-4 hours). After examining how int_thread_hash is used (particularly in the external ERR_* API functions (pretty much everything that uses ERR_get_state()), I agree it simplifies things greatly to allocate it once and leave it in place until shutdown. Even a reference count scheme will be problematic, given functions like ERR_get_err_state_table(). Regarding the potential for a memory leak- I ensured int_thread_hash is ultimately freed in ERR_free_strings(). While it's slightly non-intuitive to do this in ERR_free_strings(), the advantage is that existing apps already leak-tested and using ERR_free_strings() in their cleanup sequences will remain leak-free without changes. I just joined openssl-dev and discovered Richard has been working on a fix as well. I'll have a look at that now. Mark Fontana Electronics For Imaging diff -ur openssl-0.9.7b/crypto/err/err.c openssl-0.9.7b-fix/crypto/err/err.c --- openssl-0.9.7b/crypto/err/err.c Tue Feb 18 06:15:13 2003 +++ openssl-0.9.7b-fix/crypto/err/err.c Thu Sep 25 13:16:54 2003 @@ -225,6 +225,7 @@ ERR_STRING_DATA *(*cb_err_del_item)(ERR_STRING_DATA *); /* Works on the thread_hash error-state table */ LHASH *(*cb_thread_get)(int create); + void (*cb_thread_del)(void); ERR_STATE *(*cb_thread_get_item)(const ERR_STATE *); ERR_STATE *(*cb_thread_set_item)(ERR_STATE *); void (*cb_thread_del_item)(const ERR_STATE *); @@ -239,6 +240,7 @@ static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *); static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *); static LHASH *int_thread_get(int create); +static void int_thread_del(void); static ERR_STATE *int_thread_get_item(const ERR_STATE *); static ERR_STATE *int_thread_set_item(ERR_STATE *); static void int_thread_del_item(const ERR_STATE *); @@ -252,6 +254,7 @@ int_err_set_item, int_err_del_item, int_thread_get, + int_thread_del, int_thread_get_item, int_thread_set_item, int_thread_del_item, @@ -325,22 +328,18 @@ /* The internal functions used in the err_defaults implementation */ + +/* NOTE: CRYPTO_LOCK_ERR must be locked while calling this function */ static LHASH *int_err_get(int create) { - LHASH *ret = NULL; - - CRYPTO_w_lock(CRYPTO_LOCK_ERR); if (!int_error_hash create) { CRYPTO_push_info(int_err_get (err.c)); int_error_hash = lh_new(err_hash, err_cmp); CRYPTO_pop_info(); } - if (int_error_hash) - ret = int_error_hash; - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - return ret; + return int_error_hash; } static void int_err_del(void) @@ -356,33 +355,27 @@ static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d) { - ERR_STRING_DATA *p; + ERR_STRING_DATA *p = NULL; LHASH *hash; err_fns_check(); - hash = ERRFN(err_get)(0); - if (!hash) - return NULL; - - CRYPTO_r_lock(CRYPTO_LOCK_ERR); - p = (ERR_STRING_DATA *)lh_retrieve(hash, d); - CRYPTO_r_unlock(CRYPTO_LOCK_ERR); + CRYPTO_w_lock(CRYPTO_LOCK_ERR); + if ((hash = ERRFN(err_get)(0)) != NULL) + p = (ERR_STRING_DATA *)lh_retrieve(hash, d); + CRYPTO_w_unlock(CRYPTO_LOCK_ERR); return p; } static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *d) { - ERR_STRING_DATA *p; + ERR_STRING_DATA *p = NULL; LHASH *hash; err_fns_check(); - hash = ERRFN(err_get)(1); - if (!hash) - return NULL; - CRYPTO_w_lock(CRYPTO_LOCK_ERR); - p = (ERR_STRING_DATA *)lh_insert(hash, d); + if ((hash = ERRFN(err_get)(1)) != NULL) + p = (ERR_STRING_DATA *)lh_insert(hash, d); CRYPTO_w_unlock(CRYPTO_LOCK_ERR); return p; @@ -390,67 +383,66 @@ static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *d) { - ERR_STRING_DATA *p; + ERR_STRING_DATA *p = NULL; LHASH *hash; err_fns_check(); - hash = ERRFN(err_get)(0); - if (!hash) - return NULL; - CRYPTO_w_lock(CRYPTO_LOCK_ERR); - p =
Re: BN_add_word bug
Hi Geoff, Geoff Thorpe wrote: I understand that, and if someone else is prepared to verify and assure themselves that the patch is acceptable, I won't object to them committing it. However, I don't *like* us committing more hacks when there are already too many, and your bug-report and patch provided a I think you should at least commit the fix for BN_bn2dec as I think BN_bn2dec should not throw a core even if the format of the bignum is not optimal. Assume a-top == 1 and a-d[0] == 0 then char *BN_bn2dec(const BIGNUM *a) { if ((t=BN_dup(a)) == NULL) goto err; t == a p=buf; lp=bn_data; if (t-neg) *(p++)='-'; if (t-top == 0) t-top == 1 { *(p++)='0'; *(p++)='\0'; } else { i=0; while (!BN_is_zero(t)) t == a == 0 { *lp=BN_div_word(t,BN_DEC_CONV); lp++; } lp--; lp = bn_data - 1; /* We now have a series of blocks, BN_DEC_NUM chars * in length, where the last one needs truncation. * The blocks need to be reversed in order. */ sprintf(p,BN_DEC_FMT1,*lp); while (*p) p++; while (lp != bn_data) { lp--; sprintf(p,BN_DEC_FMT2,*lp); this would produce a core dump as lp points to some unallocated memory (note: BN_bn2hex and BN_print would simly print nothing (== '\0') in the above case). Another question would be if both bignum representations for '0' should be considered legal, i.e. is {{0, 0}, 0, 2, 0, 0} the same as {{0, 0}, 1, 2, 0, 0} (BN_is_zero returns 1 for both representations of '0') ? Nils __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[ANNOUNCE] OpenSSL 0.9.7c and 0.9.6k released
-BEGIN PGP SIGNED MESSAGE- OpenSSL version 0.9.7c and 0.9.6k released == OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.7c of our open source toolkit for SSL/TLS. This new OpenSSL version is a security and bugfix release and incorporates changes and bugfixes to the toolkit (for a complete list see http://www.openssl.org/source/exp/CHANGES ). We also release 0.9.6k, which contains the same security bugfix as 0.9.7c and a few more small bugfixes compared to 0.9.6j. For more details of the security issues being fixed in this release please see http://www.openssl.org/news/secadv_20030930.txt The most significant changes are: o Security: fix vulnerabilities in ASN.1 parsing CAN-2003-0543, CAN-2003-0544[0.9.7c 0.9.6k] o Security: fix additional vulnerability in ASN.1 parsing CAN-2003-0545[0.9.7c] o Only accept a client cert if the server requests one[0.9.7c 0.9.6k] o Various S/MIME bug and compatibility fixes [0.9.7c] We consider OpenSSL 0.9.7c to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 0.9.7c is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): o http://www.openssl.org/source/ o ftp://ftp.openssl.org/source/ For those who want or have to stay with the 0.9.6 series of OpenSSL, we strongly recommend that you upgrade to OpenSSL 0.9.6k as soon as possible. It's available in the same location as 0.9.7c. The distribution file name is: o openssl-0.9.7c.tar.gz [normal] MD5 checksum: c54fb36218adaaaba01ef733cd88c8ec o openssl-0.9.6k.tar.gz [normal] MD5 checksum: dee92f648a02e4a7db0507ab3d0769c6 o openssl-engine-0.9.6k.tar.gz [engine] MD5 checksum: 50082758f8e5b3fcf5c26bd032e1739c The checksums were calculated using the following command: openssl md5 openssl-0.9.7c.tar.gz openssl md5 openssl-0.9.6k.tar.gz openssl md5 openssl-engine-0.9.6k.tar.gz Yours, The OpenSSL Project Team... Mark J. Cox Ben Laurie Andy Polyakov Ralf S. Engelschall Richard Levitte Geoff Thorpe Dr. Stephen Henson Bodo Möller Lutz JänickeUlf Möller -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iQCVAwUBP3mOMu6tTP1JpWPZAQF13wQApViz8Wz6dfLYAoznQ1Agauh7Hik9mQ06 Wiq0k+Jq8SkMbGlZxauNESdkG6H5g+0uXjwFv+IBIFWlrir3/5N5uzy8ex85r8Tx CW6SOT1P7Rvo1F9dVB1R7QnKFn0GYdIn9uMzma/bzOxhKSnYfpAP2QbIkleJBL+m 87wnyI0icvA= =7K10 -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #702] Bug-report: after installation man pages have broken symlinks
OpenSSL version: OpenSSL 0.9.7c 30 Sep 2003 Operating system: Solaris 9 (and any other *nix where OpenSSL library is not compiled and packaged by the vendor) Synopsis: After normal installation OpenSSL man directories contains at least one broken symlink. How to repeat the installation bug: Just do the normal ./config make make install After installation at least /usr/local/ssl/man/man3/EVP_BytesToKey.3 is a symlink that points to itself: % cd /usr/local/ssl/man/man3 % ls -l EVP_BytesToKey.3 lrwxrwxrwx 1 root root 16 Sep 30 17:42 EVP_BytesToKey.3 - EVP_BytesToKey.3 % ls EVP_BytesToKey.3 ls: EVP_BytesToKey.3: Too many levels of symbolic links -- -- Leena Heino (liinu at uta.fi) __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #703] man page install bugs
version: openssl-0.9.7c platform: linux (and probably others) perl: v5.8.0 There are missing commas (,) in EVP_DigestInit.pod and ui.pod, which leads to invalid links like function1 function2.3 man pages. Furthermore EVP_BytesToKey.pod before the function name, which leads to a link to itself (EVP_BytesToKey.3 - EVP_BytesToKey.3), when the man pages are installed. Since des_modes.pod contains whitespaces in the =head1 NAME section as well, an invalid link (i.e. Modes of DES - des_modes.7) is created. immediate suggested workarounds (except for the last problem): --- openssl-0.9.7c/doc/crypto/EVP_BytesToKey.pod.orig Mon Dec 3 04:07:37 2001+++ openssl-0.9.7c/doc/crypto/EVP_BytesToKey.pod Tue Sep 30 17:22:01 2003@@ -2,7 +2,7 @@ =head1 NAME - EVP_BytesToKey - password based encryption routine +EVP_BytesToKey - password based encryption routine =head1 SYNOPSIS --- openssl-0.9.7c/doc/crypto/EVP_DigestInit.pod.orig Thu Jul 18 20:55:04 2002+++ openssl-0.9.7c/doc/crypto/EVP_DigestInit.pod Tue Sep 30 16:48:28 2003@@ -4,7 +4,7 @@ EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE, -EVP_MD_CTX_copy_ex EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,+EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2, EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj - --- openssl-0.9.7c/doc/crypto/ui.pod.orig Thu Oct 25 18:55:17 2001 +++ openssl-0.9.7c/doc/crypto/ui.podTue Sep 30 16:57:26 2003 @@ -5,7 +5,7 @@ UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string, UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean, UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string, -UI_add_error_string, UI_dup_error_string, UI_construct_prompt +UI_add_error_string, UI_dup_error_string, UI_construct_prompt, UI_add_user_data, UI_get0_user_data, UI_get0_result, UI_process, UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method, UI_set_method, UI_OpenSSL, ERR_load_UI_strings - New User Interface RFE: man pages sources in docbook format - much easier to parse/convert/extract information ... __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[OpenSSL Advisory] Vulnerabilities in ASN.1 parsing
-BEGIN PGP SIGNED MESSAGE- OpenSSL Security Advisory [30 September 2003] Vulnerabilities in ASN.1 parsing NISCC (www.niscc.gov.uk) prepared a test suite to check the operation of SSL/TLS software when presented with a wide range of malformed client certificates. Dr Stephen Henson ([EMAIL PROTECTED]) of the OpenSSL core team identified and prepared fixes for a number of vulnerabilities in the OpenSSL ASN1 code when running the test suite. A bug in OpenSSLs SSL/TLS protocol was also identified which causes OpenSSL to parse a client certificate from an SSL/TLS client when it should reject it as a protocol error. Vulnerabilities - --- 1. Certain ASN.1 encodings that are rejected as invalid by the parser can trigger a bug in the deallocation of the corresponding data structure, corrupting the stack. This can be used as a denial of service attack. It is currently unknown whether this can be exploited to run malicious code. This issue does not affect OpenSSL 0.9.6. 2. Unusual ASN.1 tag values can cause an out of bounds read under certain circumstances, resulting in a denial of service vulnerability. 3. A malformed public key in a certificate will crash the verify code if it is set to ignore public key decoding errors. Public key decode errors are not normally ignored, except for debugging purposes, so this is unlikely to affect production code. Exploitation of an affected application would result in a denial of service vulnerability. 4. Due to an error in the SSL/TLS protocol handling, a server will parse a client certificate when one is not specifically requested. This by itself is not strictly speaking a vulnerability but it does mean that *all* SSL/TLS servers that use OpenSSL can be attacked using vulnerabilities 1, 2 and 3 even if they don't enable client authentication. Who is affected? - All versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all versions of SSLeay are affected. Any application that makes use of OpenSSL's ASN1 library to parse untrusted data. This includes all SSL or TLS applications, those using S/MIME (PKCS#7) or certificate generation routines. Recommendations - --- Upgrade to OpenSSL 0.9.7c or 0.9.6k. Recompile any OpenSSL applications statically linked to OpenSSL libraries. References - -- The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0545 for issue 1: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545 and CAN-2003-0543 and CAN-2003-0544 for issue 2: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544 URL for this Security Advisory: http://www.openssl.org/news/secadv_20030930.txt -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iQCVAwUBP3mNKu6tTP1JpWPZAQFjPwP/Y8epYBa9oCK69dCT5Y90kg9Ir8pYuv+q x4NxuyhD5JaJfmStwbl3BUSE5juI0mh7d6yFjfI0Ci3sdC+5v10ZOanGwX7o4JlS 3pGSSocAEiYS59qciRLtFsCbBt8jIOCG8KiTmKO2mI5dhAEB9UqPH9e8A1Wy/8un xjGKYbcITrM= =fFTe -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #703] man page install bugs
Corrected. Thank you. Ticket resolved. [guest - Tue Sep 30 17:46:05 2003]: version: openssl-0.9.7c platform: linux (and probably others) perl: v5.8.0 There are missing commas (,) in EVP_DigestInit.pod and ui.pod, which leads to invalid links like function1 function2.3 man pages. Furthermore EVP_BytesToKey.pod before the function name, which leads to a link to itself (EVP_BytesToKey.3 - EVP_BytesToKey.3), when the man pages are installed. Since des_modes.pod contains whitespaces in the =head1 NAME section as well, an invalid link (i.e. Modes of DES - des_modes.7) is created. immediate suggested workarounds (except for the last problem): --- openssl-0.9.7c/doc/crypto/EVP_BytesToKey.pod.orig Mon Dec 3 04:07:37 2001+++ openssl-0.9.7c/doc/crypto/EVP_BytesToKey.pod Tue Sep 30 17:22:01 2003@@ -2,7 +2,7 @@ =head1 NAME - EVP_BytesToKey - password based encryption routine +EVP_BytesToKey - password based encryption routine =head1 SYNOPSIS --- openssl-0.9.7c/doc/crypto/EVP_DigestInit.pod.orig Thu Jul 18 20:55:04 2002+++ openssl-0.9.7c/doc/crypto/EVP_DigestInit.pod Tue Sep 30 16:48:28 2003@@ -4,7 +4,7 @@ EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE, -EVP_MD_CTX_copy_ex EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,+EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2, EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj - --- openssl-0.9.7c/doc/crypto/ui.pod.orig Thu Oct 25 18:55:17 2001 +++ openssl-0.9.7c/doc/crypto/ui.pod Tue Sep 30 16:57:26 2003 @@ -5,7 +5,7 @@ UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string, UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean, UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string, -UI_add_error_string, UI_dup_error_string, UI_construct_prompt +UI_add_error_string, UI_dup_error_string, UI_construct_prompt, UI_add_user_data, UI_get0_user_data, UI_get0_result, UI_process, UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method, UI_set_method, UI_OpenSSL, ERR_load_UI_strings - New User Interface RFE: man pages sources in docbook format - much easier to parse/convert/extract information ... -- Richard Levitte [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #702] Bug-report: after installation man pages have broken symlinks
Corrected. Thank you. Ticket resolved. [EMAIL PROTECTED] - Tue Sep 30 17:36:10 2003]: OpenSSL version: OpenSSL 0.9.7c 30 Sep 2003 Operating system: Solaris 9 (and any other *nix where OpenSSL library is not compiled and packaged by the vendor) Synopsis: After normal installation OpenSSL man directories contains at least one broken symlink. How to repeat the installation bug: Just do the normal ./config make make install After installation at least /usr/local/ssl/man/man3/EVP_BytesToKey.3 is a symlink that points to itself: % cd /usr/local/ssl/man/man3 % ls -l EVP_BytesToKey.3 lrwxrwxrwx 1 root root 16 Sep 30 17:42 EVP_BytesToKey.3 - EVP_BytesToKey.3 % ls EVP_BytesToKey.3 ls: EVP_BytesToKey.3: Too many levels of symbolic links -- Richard Levitte [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[BUG?] 0.9.7c Makefile sets weird permissions
Hi, I just tried to build 0.9.7c on Cygwin. I got an error message when I created the Cygwin package. The reason was that the package creation script failed to remove the usr/lib/pkgconfig directory after creating the package files. What happened is that the top level Makefile creates a directory usr/lib/pkgconfig and then after copying the openssl.pc file into it it sets the permissions of this directory to 644 (line 837). This results in a error message in the util/cygwin.sh script. Shouldn't line 837 set the permissions of the copied openssl.pc file instead of the permissions of the directory? chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc instead of chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig Corinna -- Corinna Vinschen Cygwin Developer Red Hat, Inc. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [BUG?] 0.9.7c Makefile sets weird permissions
In message [EMAIL PROTECTED] on Tue, 30 Sep 2003 20:29:41 +0200, Corinna Vinschen [EMAIL PROTECTED] said: vinschen Shouldn't line 837 set the permissions of the copied openssl.pc file vinschen instead of the permissions of the directory? vinschen vinschen chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc vinschen vinschen instead of vinschen vinschen chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig Right, that's a bug, and it's been corrected. -- Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #704] PATCH some manpages don't install linsk as expected
opessl 0.9.7c RELEASE while installing: [...] EVP_BytesToKey.3 = EVP_BytesToKey.3 [...] EVP_MD_CTX_copy_ex EVP_MD_CTX_copy.3 = EVP_DigestInit.3 [...] Modes of DES.7 = des_modes.7 [...] UI_construct_prompt UI_add_user_data.3 = ui.3 [..] /usr/local/man//man3/EVP_BytesToKey.3: Too many levels of symbolic links afer patch: EVP_MD_CTX_copy_ex.3 = EVP_DigestInit.3 EVP_MD_CTX_copy.3 = EVP_DigestInit.3 Modes_of_DES.7 = des_modes.7 UI_construct_prompt.3 = ui.3 UI_add_user_data.3 = ui.3 kind regards Dirk - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany - [EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED] --- doc/crypto/EVP_BytesToKey.pod.orig Mon Dec 3 04:07:37 2001 +++ doc/crypto/EVP_BytesToKey.pod Tue Sep 30 18:55:24 2003 @@ -2,7 +2,7 @@ =head1 NAME - EVP_BytesToKey - password based encryption routine +EVP_BytesToKey - password based encryption routine =head1 SYNOPSIS --- doc/crypto/EVP_DigestInit.pod.orig Thu Jul 18 20:55:04 2002 +++ doc/crypto/EVP_DigestInit.pod Tue Sep 30 18:57:18 2003 @@ -4,7 +4,7 @@ EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE, -EVP_MD_CTX_copy_ex EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, +EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2, EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj - --- doc/crypto/des_modes.pod.orig Tue Mar 5 16:30:13 2002 +++ doc/crypto/des_modes.podTue Sep 30 18:58:27 2003 @@ -2,7 +2,7 @@ =head1 NAME -Modes of DES - the variants of DES and other crypto algorithms of OpenSSL +Modes_of_DES - the variants of DES and other crypto algorithms of OpenSSL =head1 DESCRIPTION --- doc/crypto/ui.pod.orig Thu Oct 25 18:55:17 2001 +++ doc/crypto/ui.pod Tue Sep 30 18:59:45 2003 @@ -5,7 +5,7 @@ UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string, UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean, UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string, -UI_add_error_string, UI_dup_error_string, UI_construct_prompt +UI_add_error_string, UI_dup_error_string, UI_construct_prompt, UI_add_user_data, UI_get0_user_data, UI_get0_result, UI_process, UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method, UI_set_method, UI_OpenSSL, ERR_load_UI_strings - New User Interface __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #705] PATCH FreeBSD osver.h
in __FreeBSD_version == 470101 when cryptodevices where added, this version was not bumped. added: Tue Dec 17 18:15:06 2002 UTC http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/opencrypto/cryptodev.h Version bump 470101: 2002/11/10 15:58:37 http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/sys/param.h.diff?r1=1.61.2.33r2=1.61.2.34f=h Use the next version bump instead 470102: 2003/01/23 21:06:48 http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/sys/param.h.diff?r1=1.61.2.34r2=1.61.2.35f=h kind regards Dirk - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany - [EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED] --- crypto/engine/hw_cryptodev.c.orig Thu Jan 23 09:10:07 2003 +++ crypto/engine/hw_cryptodev.cMon Aug 4 05:39:28 2003 @@ -35,7 +35,7 @@ #if (defined(__unix__) || defined(unix)) !defined(USG) #include sys/param.h -# if (OpenBSD = 200112) || ((__FreeBSD_version = 470101 __FreeBSD_version 50) || __FreeBSD_version = 500041) +# if (OpenBSD = 200112) || ((__FreeBSD_version 470101 __FreeBSD_version 50) || __FreeBSD_version = 500041) # define HAVE_CRYPTODEV # endif # if (OpenBSD = 200110) __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #706] PATCH suuport FreeBSD amd64
Here is a patch to support amd64 on FreeBSD kind regards Dirk - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany - [EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED] --- config.orig Thu Mar 20 12:44:31 2003 +++ config Sun Jul 6 04:39:01 2003 @@ -642,6 +642,7 @@ alpha*-*-freebsd*) OUT=FreeBSD-alpha ;; sparc64-*-freebsd*) OUT=FreeBSD-sparc64 ;; ia64-*-freebsd*) OUT=FreeBSD-ia64 ;; + amd64-*-freebsd*) OUT=FreeBSD-amd64 ;; *-freebsd[3-9]*) OUT=FreeBSD-elf ;; *-freebsd[1-2]*) OUT=FreeBSD ;; *86*-*-netbsd) OUT=NetBSD-x86 ;; --- Configure.orig Sun Sep 28 16:07:01 2003 +++ Configure Tue Sep 30 19:52:42 2003 @@ -398,6 +398,7 @@ FreeBSD-elf, gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR), FreeBSD-sparc64,gcc:-DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR), FreeBSD-ia64,gcc:-DL_ENDIAN -DTERMIOS -O -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64-cpp.o:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR), +FreeBSD-amd64,gcc:-DL_ENDIAN -DTERMIOS -O -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR), FreeBSD, gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}, bsdi-gcc, gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown):::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}, bsdi-elf-gcc, gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR), __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #707] Documentation bug (man page creation) in openssl-0.9.7c
I skipped the make report, since this is only a documentation problem. The system is solaris 8. I built openssl using the Sun compiler. Problem 1: The following three man pages (actually links) were created. However, they appear to be bogus (with a space in the names): Modes of DES.7 EVP_MD_CTX_copy_ex EVP_MD_CTX_copy.3 UI_construct_prompt UI_add_user_data.3 Problem 2: One of the man pages is an infinitely recursive symlink. lrwxrwxrwx 1 support staff 16 Sep 30 18:08 EVP_BytesToKey.3 - EVP_BytesToKey.3 -NWR __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #708] request: wish the website made the terms of the license more clear
I am part of a project that will be using openssl and I can't find the license anywhere. It would be great if site and faq could make plain: A) The exact license B) How you folks would prefer redistributions take place a) do we need to ship source b) can we just include a url to openssl Thanks, Jerry Asher __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #709] OpenSSL-0.9.7c on Solaris
I've tried to create a package for OpenSSL-0.9.7c on Solaris (8 and 9) and have seen a potential problem with the man page creation. It seems that in the man3 section the files EVP_MD_CTX_copy and EVP_MD_CTX_copy_ex are created as one file called EVP_MD_CTX_copy EVP_MD_CTX_copy_ex.3. I looked into the file and noticed that line 136 reads as follows: EVP_MD_CTX_copy_ex EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, Shouldn't there be a comma between EVP_MD_CTX_copy_ex and EVP_MD_CTX_copy? Is this a Solaris related problem or a typo in the pod files? Thanks, Jason Czech SCSU __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]