[ANNOUNCE] OpenSSL version 0.9.8a and 0.9.7h released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 0.9.8a and 0.9.7h released == OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.8a of our open source toolkit for SSL/TLS. This new OpenSSL version is a security and bugfix release and incorporates changes and bugfixes to the toolkit. For a complete list of changes, please see http://www.openssl.org/source/exp/CHANGES. We also release 0.9.7h, which contains the same security bugfix as 0.9.8a and a few small bugfixes compared to 0.9.7g. These updates contain a fix for CAN-2005-2969, a potential SSL 2.0 rollback reported by Yutaka Oiwa. For more details of the security issue being fixed in this release please see http://www.openssl.org/news/secadv_20051011.txt We consider OpenSSL 0.9.8a to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 0.9.8a is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ For those who want or have to stay with the 0.9.7 series of OpenSSL, we strongly recommend that you upgrade to OpenSSL 0.9.7h as soon as possible. It's available in the same location as 0.9.8a. The distribution file names are: * openssl-0.9.8a.tar.gz MD5 checksum: 1d16c727c10185e4d694f87f5e424ee1 SHA1 checksum: 2aaba0f728179370fb3e86b43209205bc6c06a3a * openssl-0.9.7h.tar.gz MD5 checksum: 8dc90a113eb8925795071fbe52b2932c SHA1 checksum: 9fe535fce89af967b29c4727dedd25f2b4cc2f0d The checksums were calculated using the following commands: openssl md5 openssl-0.9.*.tar.gz openssl sha1 openssl-0.9.*.tar.gz Yours, The OpenSSL Project Team... Mark J. Cox Nils Larsch Ulf Möller Ralf S. Engelschall Ben Laurie Andy Polyakov Dr. Stephen Henson Richard Levitte Geoff Thorpe Lutz JänickeBodo Möller -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iQCVAwUBQ0uaXu6tTP1JpWPZAQKXyAP/V6xGTooFL52d9Ep0qd0DDaZCSHlukk48 DWljg3EY9QF9BfzLVB1BDbLNuHAyYpeAEjvte4kwHV1vWvAoiabV+XMx8kuoRTxi O+8NLOeOc1hilC0hLDYfM+XPq5k9dPiOfQvYpnqiwnr/TnwSBh11D+EEcoZlQToE a6qRMTC3mAM= =bwJD -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
symbol versioning
Hi, while introducing openssl 0.9.8 in Debian we found (as expected) abi conflicts with version 0.9.7. The problem is that programs and libraries now have complex dependencies with libssl et.al . If you think for example of pam. Different pam modules can link to different versions of openssl, which will lead to segmentation faults. The method to prevent this is symbol versioning. Did you think about introducing this (at least for linux)? If we do so, all the distributions should try to coordinate this work to have the same symbols. The goal ist to have LSB compatible libraries and binaries. Christoph -- Christoph Martin, Leiter der EDV der Verwaltung, Uni-Mainz, Germany Internet-Mail: [EMAIL PROTECTED] Telefon: +49-6131-3926337 Fax: +49-6131-3922856 signature.asc Description: OpenPGP digital signature
Re: integration of my own bigint multiplication
where is a good place to put an acc_init() function that needs to be called once? and where to put the counterpart, a acc_finish() call? I have added my .c modules to the crypto/bn folder and added them to the Makefile. After ./config and make the .o object files get compiled correctly. With nm -s libcrypto.a I can see that it seems to integrate my routines properly if I interpret the output correctly. However when it gets to linking in openssl-0.9.8/apps it says ../libcrypto.a(bn_mul.o)(.text+0x1550): In function `BN_mul': : undefined reference to `acc_multiply' collect2: ld returned 1 exit status I thought my routine acc_multiply was in libcrypto.a !? BN_mul() in bn_mul.c cally my routine. Thanks. -- Christian Kirbach [EMAIL PROTECTED] PGP key 1FE120E3 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
unresolved 098a issues
hi all, i'd reported both of these when 0.9.8 first came out. as of the 098a release, they're still, apparently, unresolved. (1) building 0.9.8a on OSX 10.4.2, 'make install' fails @ ... making install in engines... installing 4758cca cp: lib4758cca.so: No such file or directory ... make[1]: *** [install] Error 1 make: *** [install_sw] Error 1 since ... ls ./engines/*.dylib ./engines/lib4758cca.dylib ./engines/libaep.dylib ./engines/libatalla.dylib ./engines/libchil.dylib ./engines/libcswift.dylib ./engines/libgmp.dylib ./engines/libnuron.dylib ./engines/libsureware.dylib ./engines/libubsec.dylib the workaround is to: perl -pi -e 's/lib\$\$l.so/lib\$\$l.dylib/g' /usr/ports/openssl-0.9.8a/engines/Makefile *then* 'make install' completes successfully. (2) after install, note: for 0.9.7g otool -L libssl.dylib: /usr/local/ssl/lib/libssl.0.9.7.dylib (compatibility version 0.9.0, current version 0.9.7) /usr/local/ssl/lib/libcrypto.0.9.7.dylib (compatibility version 0.9.0, current version 0.9.7) /usr/lib/libgcc_s.1.dylib (compatibility version 1.0.0, current version 1.0.0) /usr/lib/libmx.A.dylib (compatibility version 1.0.0, current version 92.0.0) /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 88.0.0) for v0.9.8a: otool -L libssl.dylib: libssl.0.9.8.dylib (compatibility version 0.9.8, current version 0.9.8) libcrypto.0.9.8.dylib (compatibility version 0.9.8, current version 0.9.8) /usr/local/lib/libgmp.3.dylib (compatibility version 7.0.0, current version 7.3.0) /usr/lib/libgcc_s.1.dylib (compatibility version 1.0.0, current version 1.0.0) /usr/lib/libmx.A.dylib (compatibility version 1.0.0, current version 92.0.0) /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 88.0.0) v098x builds, for whatever reason, are MISSING the /usr/local/ssl/lib install_name prefixes to the libssl/libcrypto libs. this causes all SORTS of downstream probs ... thx! richard -- /\ \ / ASCII Ribbon Campaign X against HTML email, vCards / \ micro$oft attachments [GPG] OpenMacNews fingerprint: 3F07 3CFD 138A FD91 A4A6 1840 1A7A 8CCB 882F 67A1 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
v097 build OK, v098 build - FAILS @ 'make'
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 hi all, a new build of v097h, upgrading from a prior successful build of 097g, when config'd as: ./Configure \ --prefix=/usr/local/ssl \ --openssldir=/usr/local/ssl \ darwin-ppc-cc \ -DUSE_TOD \ threads \ shared \ no-zlib \ no-idea no-rc5 no-mdc2 \ -L/usr/local/lib \ -DOPENSSL_USE_GMP -lgmp fails at 'make'. case (1) OK: openssl v097g on OSX 10.4.2 % make ... making all in tools... make[1]: Nothing to be done for `all'. % case (2) FAIL: openssl v097h on OSX 10.4.2 cc -I../crypto -I.. -I../include -DOPENSSL_SYSNAME_MACOSX -fPIC -fno-common -DOPENSSL_PIC - -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -DUSE_TOD - -DOPENSSL_NO_IDEA -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_USE_GMP -O3 -fomit-frame-pointer - -DB_ENDIAN -c -o kssl.o kssl.c ar r ../libssl.a s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_enc.o s2_pkt.o s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o t1_meth.o t1_srvr.o t1_clnt.o t1_lib.o t1_enc.o ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o ssl_ciph.o ssl_stat.o ssl_rsa.o ssl_asn1.o ssl_txt.o ssl_algs.o bio_ssl.o ssl_err.o kssl.o ar: creating archive ../libssl.a ranlib: file: ../libssl.a(kssl.o) has no symbols /usr/bin/ranlib ../libssl.a || echo Never mind. /usr/bin/ranlib: file: ../libssl.a(kssl.o) has no symbols if [ -n libcrypto.0.9.7.dylib libssl.0.9.7.dylib ]; then \ (cd ..; make libssl.0.9.7.dylib); \ fi + rm -f libcrypto.0.dylib + rm -f libcrypto.dylib + rm -f libcrypto.0.9.7.dylib libs='-L. '; for i in crypto; do \ if [ crypto = ssl -a -n ]; then \ libs= $libs; \ fi; \ ( set -x; cc /bin/sh: -c: line 2: syntax error: unexpected end of file make[3]: *** [do_darwin-shared] Error 2 + rm -f libssl.0.dylib + rm -f libssl.dylib + rm -f libssl.0.9.7.dylib libs='-L. -lcrypto'; for i in ssl; do \ if [ ssl = ssl -a -n ]; then \ libs= $libs; \ fi; \ ( set -x; cc /bin/sh: -c: line 2: syntax error: unexpected end of file make[3]: *** [do_darwin-shared] Error 2 make[2]: *** [libssl.0.9.7.dylib] Error 2 make[1]: *** [shared] Error 2 make: *** [sub_all] Error 1 cheers, richard - -- /\ \ / ASCII Ribbon Campaign X against HTML email, vCards / \ micro$oft attachments [GPG] OpenMacNews fingerprint: 3F07 3CFD 138A FD91 A4A6 1840 1A7A 8CCB 882F 67A1 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREDAAYFAkNMFa4ACgkQGnqMy4gvZ6FNBQCeOzH1uT9jxuDr5nwzqSqeJjfI FDEAnjmbSd5ZOKfeD+pvADXGa6Pt4P+o =o+QF -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
[TITLE CHG] v097g build OK, v097h build - FAILS @ 'make'
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 sorry abt that ... -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREDAAYFAkNMFq4ACgkQGnqMy4gvZ6FpuACfR0rsupRVdrNQTtS9FCq9DOPH wh0An2lfVjcOSJ4B3pyIHmB1zEvNZjRx =U4nt -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: v097 build OK, v098 build - FAILS @ 'make'
case (2) FAIL: openssl v097h on OSX 10.4.2 ... ( set -x; cc /bin/sh: -c: line 2: syntax error: unexpected end of file make[3]: *** [do_darwin-shared] Error 2 double-check http://cvs.openssl.org/chngview?cn=14516. a. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
[RESOLVED] Re: v097 build OK, v098 build - FAILS @ 'make'
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 hi andy, ( set -x; cc /bin/sh: -c: line 2: syntax error: unexpected end of file make[3]: *** [do_darwin-shared] Error 2 double-check http://cvs.openssl.org/chngview?cn=14516. a. nice easy. case(1): v097g otool -L /usr/local/ssl/lib/libssl.dylib /usr/local/ssl/lib/libssl.0.9.7.dylib (compatibility version 0.9.0, current version 0.9.7) /usr/local/ssl/lib/libcrypto.0.9.7.dylib (compatibility version 0.9.0, current version 0.9.7) /usr/lib/libgcc_s.1.dylib (compatibility version 1.0.0, current version 1.0.0) /usr/lib/libmx.A.dylib (compatibility version 1.0.0, current version 92.0.0) /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 88.0.0) case(2): v097h+patch otool -L /usr/local/ssl097h/lib/libssl.dylib /usr/local/ssl097h/lib/libssl.0.9.7.dylib (compatibility version 0.9.0, current version 0.9.7) /usr/local/ssl097h/lib/libcrypto.0.9.7.dylib (compatibility version 0.9.0, current version 0.9.7) /usr/lib/libgcc_s.1.dylib (compatibility version 1.0.0, current version 1.0.0) /usr/lib/libmx.A.dylib (compatibility version 1.0.0, current version 92.0.0) /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 88.2.1) now, 098 ... ! thx :-) cheers, richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (Darwin) iEYEAREDAAYFAkNMJtAACgkQGnqMy4gvZ6ER1ACfRmUIbfsXe7kcCHrOthuOJybj qZQAnRqUmKJF4eZYBWMdPM0NVYlDM/Me =BGCW -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]