[openssl-dev] NEed help
I am trying to compile openssl 1.0.2 SNAP 20150801 and now I get if [ -n "libcrypto.so.1.0.0 libssl.so.1.0.0" ]; then (cd ..; make libcrypto.so.1.0.0); fi [ -z "" ] || gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O2 -march=pentium3 -Wall -g -DOPENSSL_EXPERIMENTAL_JPAKE -DOPENSSL_EXPERIMENTAL_LIBUNBOUND -DOPENSSL_EXPERIMENTAL_STORE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DGHASH_ASM -Iinclude -DFINGERPRINT_PREMAIN_DSO_LOAD -o fips_premain_dso fips_premain.c fipscanister.o libcrypto.a -ldl -lm -lc /usr/lib/libc.a(sha.o): In function `SHA': sha.o(.text+0x0): multiple definition of `SHA' libcrypto.a(sha_one.o):/usr/source/openssl-1.0.2-stable-SNAP-20150801/crypto/sha/sha_one.c:66: first defined here ld: Warning: size of symbol `SHA' changed from 142 to 92 in /usr/lib/libc.a(sha.o) /usr/lib/libc.a(malloc.o)(.text+0x16): undefined reference to `__progname' /usr/lib/libc.a(malloc.o)(.text+0xe0): undefined reference to `__progname' /usr/lib/libc.a(syslog.o): In function `vsyslog': syslog.o(.text+0x3a5): undefined reference to `__progname' /usr/lib/libc.a(getenv.o): In function `__findenv': getenv.o(.text+0x65): undefined reference to `environ' getenv.o(.text+0x72): undefined reference to `environ' /usr/lib/libc.a(exec.o): In function `execl': exec.o(.text+0x103): undefined reference to `environ' /usr/lib/libc.a(exec.o): In function `execv': exec.o(.text+0x26b): undefined reference to `environ' /usr/lib/libc.a(exec.o): In function `execvp': exec.o(.text+0x400): undefined reference to `environ' /usr/lib/libc.a(exec.o)(.text+0x4da): more undefined references to `environ' follow *** Error code 1 Stop. *** Error code 1 Stop. *** Error code 1 Stop. *** Error code 1 Stop. *** Error code 1 Stop. Pointers please on how to fix. -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Abuse a man unjustly, and you will make friends for him. -Edgar Watson Howe ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Need Help with BIO callback and/or BIO filter chain
On Fri, Feb 20, 2015, W Smith wrote: > Thanks, Rich. > > Does anyone know how to walk through a BIO stack that includes a "BIO pair" > and get to the ultimate source/sink BIO? If I can get that, I'll be in good > shape. Anybody? > Not sure I follow you. A BIO pair is the ultimate source/sink BIO. The data read from or written to the BIO may come from another BIO (or any source whatsoever) but that depends on application code and the BIO pair doesn't contain any information about where its data comes from. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Need Help with BIO callback and/or BIO filter chain
On Fri, Feb 20, 2015, W Smith wrote: > Rich, > > Yeah, I have industrial strength Tylenol standing by. I'm expecting this to > be painful, but not insurmountable for the handshake. If I'm unable to even > get at the ultimate source/sink, I can't get anywhere. > > I can deal with the HTTP side and the plethora of application-specific and > threading issues, but I'm lost on the BIO part. I'll take any pointers or > suggestions you can offer. > If I understand what you're trying to do I can see a couple of options. One is to write your own BIO which looks like an "ordinary" BIO to the TLS library but does all the translation under the hood. You could start with the socket BIO and adapt it to your needs, making sure you handle non-blocking I/O correctly. The other is a BIO pair where this I/O can be handled at an application level but you have to be careful to get everything right so there aren't any deadlocks. You mentioned a BIO pair in the other message though. Are you already using a BIO pair? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Need Help with BIO callback and/or BIO filter chain
Thanks, Rich. Does anyone know how to walk through a BIO stack that includes a "BIO pair" and get to the ultimate source/sink BIO? If I can get that, I'll be in good shape. Anybody? On Feb 20, 2015, at 08:18 AM, "Salz, Rich" wrote: I can deal with the HTTP side and the plethora of application-specific and threading issues, but I'm lost on the BIO part. I'll take any pointers or suggestions you can offer. Only to look at SSL_set_bio. Good luck. -- Principal Security Engineer, Akamai Technologies IM: rs...@jabber.me Twitter: RichSalz ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Need Help with BIO callback and/or BIO filter chain
> I can deal with the HTTP side and the plethora of application-specific and > threading issues, but I'm lost on the BIO part. I'll take any pointers or > suggestions you can offer. Only to look at SSL_set_bio. Good luck. -- Principal Security Engineer, Akamai Technologies IM: rs...@jabber.me Twitter: RichSalz ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Need Help with BIO callback and/or BIO filter chain
Rich, Yeah, I have industrial strength Tylenol standing by. I'm expecting this to be painful, but not insurmountable for the handshake. If I'm unable to even get at the ultimate source/sink, I can't get anywhere. I can deal with the HTTP side and the plethora of application-specific and threading issues, but I'm lost on the BIO part. I'll take any pointers or suggestions you can offer. Thanks for responding and, hopefully, for responding again soon... W On Feb 19, 2015, at 06:52 PM, "Salz, Rich" wrote: I've been tasked with wrapping OpenSSL encrypted traffic in another protocol (HTTP). That's going to be a bit tricky, and require some pretty detailed knowledge of the protocol. For example, the initial setup -- the hello messages -- will require a couple of POST and reply messages. Even if you are only ever sending encrypted application data from A to B, you need bidirectional exchanges between the two parties. -- Principal Security Engineer, Akamai Technologies IM: rs...@jabber.me Twitter: RichSalz ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Need Help with BIO callback and/or BIO filter chain
> I've been tasked with wrapping OpenSSL encrypted traffic in another protocol > (HTTP). That's going to be a bit tricky, and require some pretty detailed knowledge of the protocol. For example, the initial setup -- the hello messages -- will require a couple of POST and reply messages. Even if you are only ever sending encrypted application data from A to B, you need bidirectional exchanges between the two parties. -- Principal Security Engineer, Akamai Technologies IM: rs...@jabber.me Twitter: RichSalz ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] Need Help with BIO callback and/or BIO filter chain
Hi, I've been tasked with wrapping OpenSSL encrypted traffic in another protocol (HTTP). I'm able to intrude on the data stream with the BIO callback feature (BIO_set_callback), and have also created a BIO filter to play with. My problem is that the BIO I have access to seems to be the BIO pair above encryption. I need to insert plain text/unencrypted data into the stream, which suggests I need to locate the ultimate source/sink. All I have access to is the SSL context (SSL*) and the BIO*. The actual code is exceptionally convoluted/fragile, so it would be great to put my modifications only in the BIO callback or in a BIO filter. Any comment on how that can be done or whether I should take another approach would be appreciated. Thanks in advance, W ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev