Re: OpenSSL 1.0.0 beta5 release
On Jan 20, 2010, at 7:37 AM, OpenSSL wrote: Please download and test them as soon as possible. This new OpenSSL version incorporates 122 documented changes and bugfixes to the toolkit (for a complete list see http://www.openssl.org/source/exp/CHANGES). Darwin legadema.sandla.org 10.2.0 Darwin Kernel Version 10.2.0: Tue Nov 3 10:37:10 PST 2009; root:xnu-1486.2.11~1/RELEASE_I386 i386 Looks good: ALL TESTS SUCCESSFUL. OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a OpenSSL 1.0.0-beta5 20 Jan 2010 built on: Wed Jan 20 09:06:20 PST 2010 platform: darwin-i386-cc options: bn(64,32) rc4(4x,int) des(idx,cisc,16,long) idea(int) blowfish(ptr) compiler: cc -fPIC -fno-common -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DWHIRLPOOL_ASM OPENSSLDIR: /tmp/b5/ssl ALL TESTS SUCCESSFUL. OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a OpenSSL 1.0.0-beta5 20 Jan 2010 built on: Wed Jan 20 09:10:15 PST 2010 platform: darwin64-x86_64-cc options: bn(64,64) rc4(1x,char) des(idx,cisc,16,int) idea(int) blowfish(idx) compiler: cc -fPIC -fno-common -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch x86_64 -O3 -DL_ENDIAN -DMD32_REG_T=int -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DWHIRLPOOL_ASM OPENSSLDIR: /tmp/b5-64/ssl I compiled Apache 2.3.5-Alpha against this, and its test suite breaks in numerous places because of renegotiation problems between my build and the test suite which uses the OpenSSL 0.9.8k Apple ships. I believe that is being discussed in a separate thread. S. -- san...@temme.net http://www.temme.net/sander/ PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: Regression in OPENSSL_cleanse in v1.0?
On Jan 22, 2010, at 22:20 , Tomas Mraz wrote: On Fri, 2010-01-22 at 19:19 +0200, Martin Paljak wrote: Is OPENSSL_cleanse supposed to be callable with zero length? That's a question I did a very quick overview of the calls to OPENSSL_cleanse() in openssl and did not found anything suspicious at first sight that it would call it eventually with 0 bytes but there are definitely places that might need some deeper review. The call in question comes from an external library (OpenSC). I'll take it as a bug that will be fixed in OpenSSL and shall not call OPENSSL_cleanse with zero length for now. -- Martin Paljak http://martin.paljak.pri.ee +3725156495 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2152] FIPS Support
Dear Support: When will the OpenSSL community update the FIPS Module for v1.2 to meet the new FIPS requirements that will be enforced by the end of this year? Are you aware of the new requirements for Cryptographic Algorithms and Key Sizes coming at the end of 2010 and do you have plans for them? Thank you, Paul Paul A. Spencer General Manager, Secure Application Access AEP Networks Inc. pspen...@aepnetworks.com mailto:pspen...@aepnetworks.com +1 732 652 5211 (office) +1 732 764 8862 (fax) www.aepnetworks.com http://www.aepnetworks.com Dear Support: When will the OpenSSL community update the FIPS Module for v1.2 to meet the new FIPS requirements that will be enforced by the end of this year? Are you aware of the new requirements for Cryptographic Algorithms and Key Sizes coming at the end of 2010 and do you have plans for them? Thank you, Paul Paul A. Spencer General Manager, Secure Application Access AEP Networks Inc. pspen...@aepnetworks.com +1 732 652 5211 (office) +1 732 764 8862 (fax) www.aepnetworks.com
Re: OpenSSL 1.0.0 beta5 release v. VMS
In message 10012216542748_20205...@antinode.info on Fri, 22 Jan 2010 16:54:27 -0600 (CST), Steven M. Schweda s...@antinode.info said: smsI think that some of the tests still have problems, but these changes sms seem to help with the build: sms sms sms gdiff -u crypto/symhacks.h_orig crypto/symhacks.h sms --- crypto/symhacks.h_orig 2009-11-12 08:04:26 -0600 sms +++ crypto/symhacks.h 2010-01-22 16:05:16 -0600 sms @@ -177,6 +177,15 @@ sms #undef SSL_COMP_get_compression_methods sms #define SSL_COMP_get_compression_methods SSL_COMP_get_compress_methods sms sms +#undef ssl_add_clienthello_renegotiate_ext sms +#define ssl_add_clienthello_renegotiate_ext ssl_add_clnthello_reneg_ext sms +#undef ssl_add_serverhello_renegotiate_ext sms +#define ssl_add_serverhello_renegotiate_ext ssl_add_srvrhello_reneg_ext sms +#undef ssl_parse_clienthello_renegotiate_ext sms +#define ssl_parse_clienthello_renegotiate_ext ssl_parse_clnthello_reneg_ext sms +#undef ssl_parse_serverhello_renegotiate_ext sms +#define ssl_parse_serverhello_renegotiate_ext ssl_parse_srvrhello_reneg_ext sms + sms /* Hack some long ENGINE names */ sms #undef ENGINE_get_default_BN_mod_exp_crt sms #define ENGINE_get_default_BN_mod_exp_crt ENGINE_get_def_BN_mod_exp_crt sms smsSpaces or tabs? Seeing no consistency, I chose (copied) spaces. sms sms sms gdiff -u ssl/ssl-lib.com_orig ssl/ssl-lib.com sms --- ssl/ssl-lib.com_orig 2009-05-15 11:37:06 -0500 sms +++ ssl/ssl-lib.com2010-01-22 15:58:50 -0600 sms @@ -180,7 +180,7 @@ smsssl_lib,ssl_err2,ssl_cert,ssl_sess,+ - smsssl_ciph,ssl_stat,ssl_rsa,+ - smsssl_asn1,ssl_txt,ssl_algs,+ - sms - bio_ssl,ssl_err,kssl sms + bio_ssl,ssl_err,kssl,t1_reneg sms $! sms $! Tell The User That We Are Compiling The Library. sms $! Applying right now. sms gdiff -u util/ssleay.num_orig util/ssleay.num sms --- util/ssleay.num_orig 2009-07-08 04:13:24 -0500 sms +++ util/ssleay.num2010-01-22 16:10:26 -0600 sms @@ -259,3 +259,11 @@ sms SSL_set_session_ticket_ext_cb 308 EXIST::FUNCTION: sms SSL_set1_param 309 EXIST::FUNCTION: sms SSL_CTX_set1_param 310 EXIST::FUNCTION: sms +ssl_add_clienthello_renegotiate_ext 311 EXIST:!VMS:FUNCTION: sms +ssl_add_clnthello_reneg_ext 311 EXIST:VMS:FUNCTION: sms +ssl_add_serverhello_renegotiate_ext 312 EXIST:!VMS:FUNCTION: sms +ssl_add_srvrhello_reneg_ext 312 EXIST:VMS:FUNCTION: sms +ssl_parse_clienthello_renegotiate_ext 313 EXIST:!VMS:FUNCTION: sms +ssl_parse_clnthello_reneg_ext 313 EXIST:VMS:FUNCTION: sms +ssl_parse_serverhello_renegotiate_ext 314 EXIST:!VMS:FUNCTION: sms +ssl_parse_srvrhello_reneg_ext 314 EXIST:VMS:FUNCTION: This part is done automatically with make update, which I will also do. Cheers, Richard -- Richard Levitte rich...@levitte.org http://richard.levitte.org/ Life is a tremendous celebration - and I'm invited! -- from a friend's blog, translated from Swedish __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2152] FIPS Support
[paul.spen...@aepnetworks.com - Sat Jan 23 14:15:49 2010]: When will the OpenSSL community update the FIPS Module for v1.2 to meet the new FIPS requirements that will be enforced by the end of this year? Are you aware of the new requirements for Cryptographic Algorithms and Key Sizes coming at the end of 2010 and do you have plans for them? We are fully aware of the new requirements. The current situation is documented here: http://www.openssl.org/docs/fips/fipsnotes.html Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2152] FIPS Support
On Jan 23, 2010, at 19:19 , Stephen Henson via RT wrote: [paul.spen...@aepnetworks.com - Sat Jan 23 14:15:49 2010]: When will the OpenSSL community update the FIPS Module for v1.2 to meet the new FIPS requirements that will be enforced by the end of this year? Are you aware of the new requirements for Cryptographic Algorithms and Key Sizes coming at the end of 2010 and do you have plans for them? We are fully aware of the new requirements. The current situation is documented here: http://www.openssl.org/docs/fips/fipsnotes.html I assume there's a minor typo on that page: The CMVP test lab and filing fees are more than pocket change (~USD$25,00 and up) and beyond the financial resources of the OSF. Commas and zeros probably don't match the intended value. -- Martin Paljak http://martin.paljak.pri.ee +3725156495 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org