print-esp.c & gcc 2.95
-BEGIN PGP SIGNED MESSAGE-
I ran into a problem in print-esp.c.
To see,
http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-esp.c?rev=1.19.2.3
I had to add:
/* keep secret out of a register */
p = (u_char *)&secret;
because after the second call to des_set_key(), "secret" was trashed.
At first I thought this was because something was trashing the memory. After
some tracing, I since realized that it was the pointer itself that was being
trashed. It was in a register. "des_set_key()" uses lots of registers.
I am using Debian 2.2 (Potato) on i386. I have:
cassidy:/home/mcr/src/linux/i386/tcpdump# dpkg -l | grep gcc
ii gcc2.95.2-13 The GNU C compiler.
I am building against:
OpenSSL 0.9.6 24 Sep 2000
In order to debug easier, I linked in libcrypto.a statically after adding -g
to the CFLAGS in the toplevel.
I then tried openssl 0.9.6b, and it worked fine without the above hack.
I have looked around openssl.org, but the changelog doesn't seem to say
anything about problems against gcc-2.95.
It worked fine on NetBSD/i386 with the 1.5.2 openssl. I'm not clear, but
openssl/opensslv.h seems to suggest that NetBSD has 0.9.5a. (and: gcc version
egcs-2.91.66).
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON|net architect[
] [EMAIL PROTECTED] http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
-BEGIN PGP SIGNATURE-
Version: 2.6.3ia
Charset: latin1
Comment: Finger me for keys
iQCVAwUBO9TMZ4qHRg3pndX9AQHAiwP+KcxAidt7SpIw1yyt2Cw0i1MD4vZlUPQz
ULH/xK4mBQa2/CUs8c1mQXRfCyvML18O30G6IHIPhG1e4yqf5dkIevDu81BwixB4
zZ4y4l3tzH/rzRuU6fDGiwmxCQ8KhGnWH4unYnqKvatyvT6fXZbJk5/CTAfWBo5x
8RyE0jn/24c=
=S1Ow
-END PGP SIGNATURE-
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: [Design] changes to des.h
-BEGIN PGP SIGNED MESSAGE-
>>>>> "Bodo" == Bodo Moeller <[EMAIL PROTECTED]> writes:
Bodo> Actually a change similar to what you proposed above was done in the
Bodo> development version of OpenSSL (0.9.7-dev, snapshots available at
Bodo> ftp://ftp.openssl.org/snapshot;type=d>), except that
Bodo> des_key_schedule is now the actual struct and not a pointer to the
Bodo> struct.
Excellent!
Bodo> (which is still valid for variable definitions) then 'ks' will not
Bodo> automatically replaced by an appropriate pointer and you have to use
Bodo> '&ks' in function calls. If I remember correctly, I was the only one
Bodo> worried about this though. (Apart from transition difficulties, the
Bodo> new scheme surely is less confusing.)
And, compilers will complain nicely about this.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON|net architect[
] [EMAIL PROTECTED] http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
-BEGIN PGP SIGNATURE-
Version: 2.6.3ia
Charset: latin1
Comment: Finger me for keys
iQCVAwUBO9mlhIqHRg3pndX9AQHZkQQAqADrYp5RBekvI60Hg5mBZ8GUZw51+qhz
e5rTeB8nOYVNLc9yRdi1oeBXdsCsF27G30Lf3xqXiyODARYbR95LoOX93ZI8fO7j
/8ZuBZQEWiV7897zKKGpdnghKma2uQiZxGfAXoEovTZf/Cmpx9MNpk1kSpp/szkc
pQoC6LNVFjU=
=xkfO
-END PGP SIGNATURE-
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
changes to des.h
-BEGIN PGP SIGNED MESSAGE-
I'm in the process of cleaning up some of the FreeSWAN IPsec kernel code.
I'm CC'ing Eric because he may still care, and openssl-dev since I suspect
that they are the current maintainers of the code.
Specifically dealing with testing of various pieces of code. I was looking
around our key scheduling code, and the related error checking.
One piece of code that bothered me was in our key scheduling
(freeswan-1.91, klips/net/ipsec/pfkey_v2_parser.c, line 1106)
error = des_set_key((caddr_t)ekp + EMT_ESPDES_KEY_SZ * i,
(caddr_t)&((struct des_eks*)(tdbp->tdb_key_e))[i]);
I wondered why we were casting to caddr_t, and why in the world we didn't
include des.h to get a proper prototype (we had a local prototype), and why
do we define "struct des_eks" instead of using des_key_schedule.
[Our des.h is: Copyright (C) 1995-1997 Eric Young ([EMAIL PROTECTED]),
although it appears the same in a recent openssl as found in NetBSD source]
I've since understood.
des_key_schedule is a pointer.
Despite the typedef at the top of des.h, it is in fact a pointer.
So, one can't really really cast the "tdb_key_e" (which is the algorithm
neutral pointer to the keying material) to "des_key_schedule *", and access
the three pieces of the 3DES key.
Thus "struct des_eks" that we created that was in fact a char[16][2].
My suggestion:
change the typedef, (or probably, add a new one):
struct des_ks_struct
{
union {
des_cblock _;
/* make sure things are correct size on machines with
* 8 byte longs */
DES_LONG pad[2];
} ks[16];
};
typedef struct des_ks_struct * des_key_schedule;
Our copy also has this ghastly:
#undef _
#define _ ks._
which I see is gone from a more recent des.h.
This let us include des.h and use "struct des_ks_struct" as our object.
-BEGIN PGP SIGNATURE-
Version: 2.6.3ia
Charset: latin1
Comment: Finger me for keys
iQCVAwUBO84ziIqHRg3pndX9AQFsPwQAno6Onn6ollkSOl3BDMK9lP/5Gc2MhdEx
iNvVHM4h5BWmtqlcHVlXe9Kmwk9xwX7VePZtnIesBoL+qCg0aiV0A3mFFY29mXYW
DkUaG024VeSkdGQuyhNRO6CIPWIVNo1mrNVgtaTjmfca1I2kjLfUULsvlom9nfVW
z8Vo7HZQiXM=
=zLS8
-END PGP SIGNATURE-
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: [Design] changes to des.h
-BEGIN PGP SIGNED MESSAGE-
>>>>> "Michael" == Michael Richardson <[EMAIL PROTECTED]> writes:
Michael> My suggestion:
Michael> change the typedef, (or probably, add a new one):
Michael> struct des_ks_struct
Michael>{
Michael>union {
Michael>des_cblock _;
Michael>/* make sure things are correct size on machines with
Michael> * 8 byte longs */
Michael>DES_LONG pad[2];
Michael>} ks[16];
Michael>};
Michael> typedef struct des_ks_struct * des_key_schedule;
I see the error of my ways.
des_key_schedule gets to be a nice chameleon.
If declared as an auto/static, its gets storage like a structure.
If declared in a parameter list, it gets treated like a pointer. This is
the nature of arrays in C. (And before structure passing, this was the case
for structures as well)
The above breaks lots of programs.
The problem is that one can't cast a pointer to a "des_key_schedule"
(as it was defined before) because that is an array type, not a pointer to an
array. So, one needs at a minimum:
struct des_eks {
des_key_schedule ks;
};
so that one can do ((struct des_eks *)foo)->ks to get the right type to
satisfy the prototype.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON|net architect[
] [EMAIL PROTECTED] http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
-BEGIN PGP SIGNATURE-
Version: 2.6.3ia
Charset: latin1
Comment: Finger me for keys
iQCVAwUBO84/04qHRg3pndX9AQHfPQQA5b9VQhsmCjX6rqiG43WNO5IRqBfvk7cA
mBUab6p7DQPG+390HO7ULMNskb4F7cVBocMYZe/e7ErczA81UbNN8U6ty21tC1td
tHqAQprx2N1767fNeLv5Ro0bx7gIqWgsFTlKRNuxmUduwcwI9GTwSbgFDeY/lMbW
2xH5vlwfB50=
=6o0U
-END PGP SIGNATURE-
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
AES and difference between engine and not
-BEGIN PGP SIGNED MESSAGE-
I would have thought that this would be a FAQ.
It is not. What is the "engine"?
I was however, specifically trying to determine if anyone
has started any work on having an AES integrated into openssl.
http://www.mail-archive.com/openssl-dev@openssl.org/msg10670.html
suggests that it will be in the 0.9.7 release?
(I am asking with my FreeSWAN and tcpdump hat on. We need to
have AES support in print-esp.c before we bother coding it
for FreeSWAN)
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON|net architect[
] [EMAIL PROTECTED] http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
-BEGIN PGP SIGNATURE-
Version: 2.6.3ia
Charset: latin1
Comment: Finger me for keys
iQCVAwUBPGrcj4qHRg3pndX9AQExiQQAiGYocFsrZCVKxBDO1Du/qlVwb9YHiX3B
uSAskA7SMQtQ9v/8K2atLeDCP5i95QwLFFb8b3elHUKx8h+xIk0B9/949TCi/YTq
o7GQisSxBw/s+b/x6WxFi7nTCNO47xP70BY+v0yUGWN9fe6Pven6xVOvxsXKlgVu
vruKfDgmK1c=
=VRRZ
-END PGP SIGNATURE-
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
[openssl.org #1236] problems with make
-BEGIN PGP SIGNED MESSAGE- Using either NetBSD 1.6.2 make, or NetBSD pkgsrc gmake to build 0.9.8a seems to result in a continuous make loop. istari-[/sandel/src/openssl-0.9.8a] mcr 1074 %gmake --version GNU Make 3.80 Copyright (C) 2002 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. It appears that the problem is that the make enters the "apps" subdir, and then the subdir Make decides that it needs to go back to the root to build the libraries, and then the crypto directory decides *IT* needs to do the same thing, and the result is a loop. (This runs until it hits the per-user process limit.) I configured using: ./Configure no-asm no-threads BSD-x86 Doing it with "no-shared" didn't help. I did do "asm" and "threads" first, but decided I didn't want that (asm didn't work). After some debugging, I realized that it was a partial previous build had left crypto/lib present, but not libcrypto.a. A make clean solved the problem. So: ./Configure no-threads BSD-x86 make (fails at s512base2-out.s...) istari-[/sandel/src/openssl-0.9.8a] mcr 1157 %ls -l libcrypto.a crypto/lib - -rw-r--r-- 1 mcr wheel 0 Nov 3 22:01 crypto/lib - -rw-r--r-- 1 mcr wheel 153902 Nov 3 22:01 libcrypto.a ./Configure no-threads no-asm BSD-x86 make # goes into the loop. It appears that somewhere along the way we wind up with: istari-[/sandel/src/openssl-0.9.8a] mcr 1166 %ls -l libcrypto.a crypto/lib ls: libcrypto.a: No such file or directory - -rw-r--r-- 1 mcr wheel 0 Nov 3 22:05 crypto/lib I tried this, but it didn't help. Perhaps it needs to be applied to all files down the tree. This posting is partly to fill google with an answer. - --- openssl-0.9.8a.orig/crypto/Makefile Thu Nov 3 21:50:18 2005 +++ openssl-0.9.8a/crypto/Makefile Thu Nov 3 22:00:01 2005 @@ -94,12 +94,14 @@ @$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS) @target=links; $(RECURSIVE_MAKE) - -lib: $(LIBOBJ) +lib: $(LIB) + @touch lib + +$(LIB): $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. - - @touch lib - -shared: buildinf.h lib subdirs +shared: buildinf.h lib subdirs if [ -n "$(SHARED_LIBS)" ]; then \ (cd ..; $(MAKE) $(SHARED_LIB)); \ fi -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Finger me for keys iQCVAwUBQ2rQ2YqHRg3pndX9AQFhyQP/VisuM+dStfF3XWig1DAl005GCl9UzFcN OlIDovLi+7DVbwszuhtrQ+7dG0mTNQ98RxhIPXfa9lgVt1M/oDU5C5HkZ8cROql+ enIPjcGUZ55mdc9FkcX9fjQeNPxObor4VIxw2jerG7yD7PBVTYg/eOx0MloHxJ1L U20FlPryf14= =0NNU -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
