Re: OpenSSL FIPS Certification
On Sun, Jan 29, 2006, Kyle Hamilton wrote: 0.9.7h is FIPS certified, as long as you build with unmodified sources (and this is checked with an SHA check on the sources in question). Err no IT IS NOT. The version submitted for validation included various changes to sequestered code (the stuff under fips/). No released version of OpenSSL currently includes these changes. The current 0.9.7-stable snapshot sequestered code matches the submitted version. 0.9.7j (not yet released) and later releases will also match it. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: PocketPC Port Question
Hi OK -- I was able to get it working with your info and help. I really greatly appretiate that you went through all the trouble to make the Portable OpenSSL 0.9.8a and then to provide so much follow up help! Thank you! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Díaz Sánchez Sent: Sunday, January 29, 2006 5:38 PM To: openssl-users@openssl.org Subject: RE: PocketPC Port Question Hello, I have sent the lib files to OpenSSLGRT. Although the libraries, applications and libs can be built from the code that can be downloaded, tomorrow I will include a link in the page for both headers and libs. B.R. Daniel Díaz De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de OpenSSLGRT Enviado el: domingo, 29 de enero de 2006 23:18 Para: openssl-users@openssl.org Asunto: PocketPC Port Question Hi -- Thanks for info. I do not think I can use lib.exe with the supplied dlls to produce the libs I need. I think I am missing something here that maybe, if you would, you could help me understand: -I download Portable OpenSSL 0.9.8a from http://karajan.it.uc3m.es/~pervasive/wce_lite_compat/ -It gives me the OpenSSL dlls (libeay32.dll and ssleay32.dll) and I can run the any of the .exe samples that come with the download on my PocketPC so I know it works. -I want to write a simple TLS client for PocketPC in eVC -I did do a simple TLS client for Windows desktop OpenSSL so I just want to convert that to eVC (so code is same and I just need to build in eVC with correct OpenSSL libs). -In my desktop version I linked with libeay32.lib and ssleay32.lib -***Problem is Portable OpenSSL 0.9.8a does not have the .libs for eVC version (only the .dlls!) and I do not think I can make them from the dlls. Does anyone have example project or info for doing an eVC simple test using Portable OpenSSL 0.9.8a and/or the .lib files for Portable OpenSSL 0.9.8a? Thanks for any help. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Thomas J. Hruska Sent: Saturday, January 28, 2006 12:24 PM To: openssl-users@openssl.org Subject: Re: PocketPC Port Question OpenSSLGRT wrote: Thank you for sending the headers. I still have problem that if I use libeay32.dll and ssleay32.dll from the download at karajan.it.uc3m.es and to link they say they are corrupt? C:\OPENSSLPDA\OPENSSL\OPENSSL\libeay32.dll : fatal error LNK1136: invalid or corrupt file You said: we are preparing a version that uses full Win32 API will that work for PocketPC if so great. Thank you for your time and help! You don't link against DLLs. You link against .LIB files. IIRC, the LIB.exe tool that comes with VC++ can extract the exports located inside DLLs and generate a .LIB file. However, I don't remember how to do that...it has been a while. -- Thomas Hruska Shining Light Productions Home of BMP2AVI, Nuclear Vision, ProtoNova, and Win32 OpenSSL. http://www.slproweb.com/ Ask me about discounts on any Shining Light Productions product! __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: make: command not found , while installing mod_ssl
Thanks for the reply , In fact I know that, I ve installed GCC .. I ll try to install C Compiler .. But Can you plz advice me Where I can get C Compiler , or developer tools I got Visual C++, so Does it meet my requirement ? Any help will most appreciated , Thanks Kadir -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Hamilton Sent: Monday, January 30, 2006 12:09 PM To: openssl-users@openssl.org Subject: Re: make: command not found , while installing mod_ssl You don't have the C compiler or developer tools installed. Install those, and 'make' will be installed, along with gcc. -Kyle H On 1/29/06, kadir iscmng [EMAIL PROTECTED] wrote: Hi .. I m using Cygwin , While installing mod_ssl I got the following error .. [EMAIL PROTECTED] ~/mod_ssl-2.8.25-1.3.34 $ ./configure --with-apache=../apache_1.3.34 Configuring mod_ssl/2.8.25 for Apache/1.3.34 + Apache location: ../apache_1.3.34 (Version 1.3.34) + Auxiliary patch tool: ./etc/patch/patch (local) ./configure:Error: Building of 'patch' tool failed: - checking for fcntl.h... (cached) yes checking for rename... (cached) yes checking for pathconf... (cached) yes checking for strerror... (cached) yes checking for long file names... (cached) yes creating ./config.status creating Makefile creating config.h config.h is unchanged ./configure: line 435: make: command not found - Hint: Either try to build 'patch' under etc/patch/ Hint: manually and re-run this 'configure' script Hint: or provide us the path to your vendor 'patch' Hint: program via the --with-patch=FILE option (but Hint: expect perhaps failures when applying patches!) i cant understand the exact the problem above .. I hope you will help me what I should exactly do to install mod_ssl .. By the way There was no package of mod_ssl for Cygwin to be installed .. Thanks for advance Your sincerely __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: OpenSSL FIPS Certification
All, I downloaded and built the 20060124 stable snapshot and built the FIPS version for Windows. It built w/o errors, but it did not create a SHA1 signature file for fipscanister.obj. I built my application linking with libeay32.lib and ssleay32.lib. When I tried to enter FIPS mode with FIPS_mode_set(1), it failed with error FIPS_F_FIPS_CHECK_DSO, FIPS_R_FINGERPRINT_DOES_NOT_MATCH. The build procedures have changed since 0.9.7i, as a result of the certification back-and-forth, and I understand the Users Guide will be released soon with the FIPS build procedures. But I was able to enter FIPS mode with 0.9.7i by generating a SHA1 signature file of my app and passing the path to it to FIPS_mode_set, which has now dropped that parameter. My question is, has the current snapshot changed since the 0124 snapshot with regards to building FIPS versions for Windows and entering FIPS mode? Or am I doing something wrong, or is there an additional step in the build process that is not yet documented? Jim Adams Principal Software Developer Seagull Software Systems, Inc. Voice: (540) 341-8440 x102, Fax: (540) 428-3473 mailto: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson Sent: Monday, January 30, 2006 8:08 AM To: openssl-users@openssl.org Subject: Re: OpenSSL FIPS Certification On Sun, Jan 29, 2006, Kyle Hamilton wrote: 0.9.7h is FIPS certified, as long as you build with unmodified sources (and this is checked with an SHA check on the sources in question). Err no IT IS NOT. The version submitted for validation included various changes to sequestered code (the stuff under fips/). No released version of OpenSSL currently includes these changes. The current 0.9.7-stable snapshot sequestered code matches the submitted version. 0.9.7j (not yet released) and later releases will also match it. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL FIPS Certification
Are you going to support not only 0.9.7 branch, but also 0.9.8 branch? +Kiyoshi Kiyoshi Watanabe - Original Message - From: Dr. Stephen Henson [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Monday, January 30, 2006 10:07 PM Subject: Re: OpenSSL FIPS Certification On Sun, Jan 29, 2006, Kyle Hamilton wrote: 0.9.7h is FIPS certified, as long as you build with unmodified sources (and this is checked with an SHA check on the sources in question). Err no IT IS NOT. The version submitted for validation included various changes to sequestered code (the stuff under fips/). No released version of OpenSSL currently includes these changes. The current 0.9.7-stable snapshot sequestered code matches the submitted version. 0.9.7j (not yet released) and later releases will also match it. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL FIPS Certification
On Mon, Jan 30, 2006, Jim Adams wrote: My question is, has the current snapshot changed since the 0124 snapshot with regards to building FIPS versions for Windows and entering FIPS mode? Or am I doing something wrong, or is there an additional step in the build process that is not yet documented? There are several steps in the Windows build process for FIPS which are currently not documented but that is being worked on. The requirements mean that this differs quite a lot from the normal Windows builds. What version of VC++ do you have BTW? Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: make: command not found , while installing mod_ssl
JFYI--- It sounds to me like you are trying to get an implementation of Apache and mod_ssl running on Windows, and you have migrated to Cygwin for lack of luck on the task. Rather than trying to make all this stuff, might I suggest downloading and installing pre-built packages?: http://www.opensa.org/ For Apache, and: http://www.slproweb.com/products/Win32OpenSSL.html For OpenSSL. Your life could be made significantly easier... If you are really stuck on compiling them, I would suggest not compiling them for Cygwin, which is about useless. You should compile them for Windows. All you really need (I believe) is ActiveState Perl and a C compiler. You can download the Microsoft C compiler here: ftp://ftp.microsoft.com/softlib/mslfiles/nmake15.exe Be sure to add the path to nmake15.exe to your windows environment variable PATH, so that Perl can find it. You may also need to re-configure Perl so it knows which cc to look for. It may be possible to just directly fix this in the ./configure file. Thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of kadir iscmng Sent: Monday, January 30, 2006 7:53 AM To: openssl-users@openssl.org Subject: RE: make: command not found , while installing mod_ssl Thanks for the reply , In fact I know that, I ve installed GCC .. I ll try to install C Compiler .. But Can you plz advice me Where I can get C Compiler , or developer tools I got Visual C++, so Does it meet my requirement ? Any help will most appreciated , Thanks Kadir -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Hamilton Sent: Monday, January 30, 2006 12:09 PM To: openssl-users@openssl.org Subject: Re: make: command not found , while installing mod_ssl You don't have the C compiler or developer tools installed. Install those, and 'make' will be installed, along with gcc. -Kyle H On 1/29/06, kadir iscmng [EMAIL PROTECTED] wrote: Hi .. I m using Cygwin , While installing mod_ssl I got the following error .. [EMAIL PROTECTED] ~/mod_ssl-2.8.25-1.3.34 $ ./configure --with-apache=../apache_1.3.34 Configuring mod_ssl/2.8.25 for Apache/1.3.34 + Apache location: ../apache_1.3.34 (Version 1.3.34) + Auxiliary patch tool: ./etc/patch/patch (local) ./configure:Error: Building of 'patch' tool failed: - checking for fcntl.h... (cached) yes checking for rename... (cached) yes checking for pathconf... (cached) yes checking for strerror... (cached) yes checking for long file names... (cached) yes creating ./config.status creating Makefile creating config.h config.h is unchanged ./configure: line 435: make: command not found - Hint: Either try to build 'patch' under etc/patch/ Hint: manually and re-run this 'configure' script Hint: or provide us the path to your vendor 'patch' Hint: program via the --with-patch=FILE option (but Hint: expect perhaps failures when applying patches!) i cant understand the exact the problem above .. I hope you will help me what I should exactly do to install mod_ssl .. By the way There was no package of mod_ssl for Cygwin to be installed .. Thanks for advance Your sincerely __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
openssl 0.9.8a install issue
Hi, I am trying to install openssl 0.9.8.a on solaris 10 platform with GNugcc 3.3.2 comipler. I keep seeingmake command failing. Any idea what causing the issue. ++ $ pwd /opt/ars/dump/openssl-0.9.8a $ ./config --prefix=/opt/ars/SSL --openssldir=/opt/ars/SSL/openssl Operating system: sun4us-whatever-solaris2 NOTICE! If you *know* that your GNU C supports 64-bit/V9 ABI and wish to build 64-bit library, then you have to invoke './Configure solaris64-sparcv9-gcc' *manually*. You have about 5 seconds to press Ctrl-C to abort. Configuring for solaris-sparcv9-gcc Configuring for solaris-sparcv9-gcc no-gmp [default] OPENSSL_NO_GMP (skip dir) no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5 no-mdc2 [default] OPENSSL_NO_MDC2 (skip dir) no-rc5 [default] OPENSSL_NO_RC5 (skip dir) no-shared [default] no-zlib [default] no-zlib-dynamic [default] -- -- making links in engines... making links in apps... making links in test... making links in tools... generating dummy tests (if needed)... Configured for solaris-sparcv9-gcc. $ $make making all in crypto/bio... gcc -I.. -I../.. -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DMD5_ASM -c bio_lib.c --- --- gcc -I.. -I../.. -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DMD5_ASM -c bf_nbio.c gcc -I.. -I../.. -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DMD5_ASM -c bss_log.c gcc -I.. -I../.. -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DMD5_ASM -c bss_bio.c gcc -I.. -I../.. -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DMD5_ASM -c bss_dgram.c ar r ../../libcrypto.a bio_lib.o bio_cb.o bio_err.o bss_mem.o bss_null.o bss_fd.o bss_file.o bss_sock.o bss_conn.o bf_null.o bf_buff.o b_print.o b_dump.o b_sock.o bss_acpt.o bf_nbio.o bss_log.o bss_bio.o bss_dgram.o /usr/ccs/bin/ranlib ../../libcrypto.a || echo Never mind. making all in crypto/stack... gcc -I.. -I../.. -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DMD5_ASM -c stack.c ar r ../../libcrypto.a stack.o /usr/ccs/bin/ranlib ../../libcrypto.a || echo Never mind. making all in crypto/lhash... gcc -I.. -I../.. -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DMD5_ASM -c lhash.c gcc -I.. -I../.. -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DMD5_ASM -c lh_stats.c ar r ../../libcrypto.a lhash.o lh_stats.o /usr/ccs/bin/ranlib ../../libcrypto.a || echo Never mind. making all in crypto/rand... gcc -I.. -I../.. -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DMD5_ASM -c md_rand.c gcc -I.. -I../.. -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DMD5_ASM -c randfile.c In file included from /usr/include/sys/wait.h:24, from /usr/include/stdlib.h:22, from randfile.c:64: /usr/include/sys/siginfo.h:259: error: parse error before ctid_t /usr/include/sys/siginfo.h:292: error: parse error before '}' token /usr/include/sys/siginfo.h:294: error: parse error before '}' token In file included from /usr/include/sys/procset.h:24, from /usr/include/sys/wait.h:25, from /usr/include/stdlib.h:22, from randfile.c:64: /usr/include/sys/signal.h:85: error: parse error before siginfo_t In file included from /usr/include/stdlib.h:22, from randfile.c:64: /usr/include/sys/wait.h:86: error: parse error before siginfo_t *** Error code 1 make: Fatal error: Command failed for target `randfile.o' Current working directory /apps/ars/dump/openssl-0.9.8a/crypto/rand *** Error code 1 The following command caused the error: target=all; [ -n objects md2 md4 md5 sha hmac ripemd des aes rc2 rc4 idea bf cast bn ec rsa dsa ecdsa dh ecdh dso engine buffer bio stack lhash rand err evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 store pqueue ] for i in objects
share session cache between processes
Hi, Can I share session cache between two processes that each create its own SSL_CONTEXT? The two process then simply call SSL_CTX_set_session_id_context() passing the same sid_ctx? The following paragraph in the documentation seems to indicate that this is not safe. Is this true? http://www.openssl.org/docs/ssl/SSL_CTX_set_session_id_context.html Sessions are generated within a certain context. When exporting/importing sessions with i2d_SSL_SESSION/d2i_SSL_SESSION it would be possible, to re-import a session generated from another context (e.g. another application), which might lead to malfunctions. Thank you, Ning __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: openssl 0.9.8a install issue
On 1/30/06, Srini Naidu [EMAIL PROTECTED] wrote: Hi, I am trying to install openssl 0.9.8.a on solaris 10 platform with GNugcc 3.3.2 comipler. I keep seeingmake command failing. Any idea what causing the issue. gcc -I.. -I../.. -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DMD5_ASM -c randfile.c In file included from /usr/include/sys/wait.h:24, from /usr/include/stdlib.h:22, from randfile.c:64: /usr/include/sys/siginfo.h:259: error: parse error before ctid_t /usr/include/sys/siginfo.h:292: error: parse error before '}' token /usr/include/sys/siginfo.h:294: error: parse error before '}' token gcc is misconfigured. Have your system administrator rebuild it and (more importantly) remake its system header file fixups. -Kyle H __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Evp_Encrypt_Init Segfault
Hi, the following code executes once, and does fine. Calling the function a second time gives a segfault during the call marked by -- unsigned char *encrypt_message(unsigned char *message, int inl, int *outl) { EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(ctx); --EVP_EncryptInit(ctx, EVP_bf_ecb(), NULL, NULL); EVP_CIPHER_CTX_set_key_length(ctx, SHA_DIGEST_LENGTH); EVP_EncryptInit(ctx, NULL, k, NULL); char *ret; int tmp, ol; ol = 0; ret = (char *)malloc(inl + EVP_CIPHER_CTX_block_size(ctx)); EVP_EncryptUpdate(ctx, ret[ol], tmp, message, inl); ol = tmp; EVP_EncryptFinal(ctx, ret[ol], tmp); *outl = ol+tmp; return ret; } Anything obvious that might lead to the segfault? Thanks, Felix __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Evp_Encrypt_Init Segfault
Try calling EVP_CIPHER_CTX_cleanup(ctx) at the end... --- Felix Dorner [EMAIL PROTECTED] wrote: Hi, the following code executes once, and does fine. Calling the function a second time gives a segfault during the call marked by -- unsigned char *encrypt_message(unsigned char *message, int inl, int *outl) { EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(ctx); --EVP_EncryptInit(ctx, EVP_bf_ecb(), NULL, NULL); EVP_CIPHER_CTX_set_key_length(ctx, SHA_DIGEST_LENGTH); EVP_EncryptInit(ctx, NULL, k, NULL); char *ret; int tmp, ol; ol = 0; ret = (char *)malloc(inl + EVP_CIPHER_CTX_block_size(ctx)); EVP_EncryptUpdate(ctx, ret[ol], tmp, message, inl); ol = tmp; EVP_EncryptFinal(ctx, ret[ol], tmp); *outl = ol+tmp; return ret; } Anything obvious that might lead to the segfault? Thanks, Felix __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Evp_Encrypt_Init Segfault
Try calling EVP_CIPHER_CTX_cleanup(ctx) at the end... --- Felix Dorner [EMAIL PROTECTED] wrote: Hi, the following code executes once, and does fine. Calling the function a second time gives a segfault during the call marked by -- unsigned char *encrypt_message(unsigned char *message, int inl, int *outl) { EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(ctx); --EVP_EncryptInit(ctx, EVP_bf_ecb(), NULL, NULL); EVP_CIPHER_CTX_set_key_length(ctx, SHA_DIGEST_LENGTH); EVP_EncryptInit(ctx, NULL, k, NULL); char *ret; int tmp, ol; ol = 0; ret = (char *)malloc(inl + EVP_CIPHER_CTX_block_size(ctx)); EVP_EncryptUpdate(ctx, ret[ol], tmp, message, inl); ol = tmp; EVP_EncryptFinal(ctx, ret[ol], tmp); *outl = ol+tmp; return ret; } Anything obvious that might lead to the segfault? Thanks, Felix __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
CVSNT sserver SSL error
I just installed CVSNT 2.5.03.2151 on a Red Hat Enterprise 4 server. OpenSSL was previously installed with prefix /usr. When I attempt to connect using TortoiseCVS, I get the following error: SSL connection failed (-1): error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number cvs.exe [import aborted]: Connection to server failed Does anyone know what could be wrong? Thank You, Jason Williard __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: make: command not found , while installing mod_ssl
Thanks For your time .., You understand me very good What I m trying to do, As you know I m trying to implement of Apache and mod_ssl on Windows, To do this I m using Cygwin .. But I cant manage to implement Mod_ssl by cygwin ... I downloaded the following packages except C Compiler.. I think the link was changed or broken .. ftp://ftp.microsoft.com/softlib/mslfiles/nmake15.exe if it s possible, give me another working link to download the package Thanks in advance -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Brown Sent: Tuesday, January 31, 2006 1:13 AM To: openssl-users@openssl.org Subject: RE: make: command not found , while installing mod_ssl JFYI--- It sounds to me like you are trying to get an implementation of Apache and mod_ssl running on Windows, and you have migrated to Cygwin for lack of luck on the task. Rather than trying to make all this stuff, might I suggest downloading and installing pre-built packages?: http://www.opensa.org/ For Apache, and: http://www.slproweb.com/products/Win32OpenSSL.html For OpenSSL. Your life could be made significantly easier... If you are really stuck on compiling them, I would suggest not compiling them for Cygwin, which is about useless. You should compile them for Windows. All you really need (I believe) is ActiveState Perl and a C compiler. You can download the Microsoft C compiler here: ftp://ftp.microsoft.com/softlib/mslfiles/nmake15.exe Be sure to add the path to nmake15.exe to your windows environment variable PATH, so that Perl can find it. You may also need to re-configure Perl so it knows which cc to look for. It may be possible to just directly fix this in the ./configure file. Thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of kadir iscmng Sent: Monday, January 30, 2006 7:53 AM To: openssl-users@openssl.org Subject: RE: make: command not found , while installing mod_ssl Thanks for the reply , In fact I know that, I ve installed GCC .. I ll try to install C Compiler .. But Can you plz advice me Where I can get C Compiler , or developer tools I got Visual C++, so Does it meet my requirement ? Any help will most appreciated , Thanks Kadir -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Hamilton Sent: Monday, January 30, 2006 12:09 PM To: openssl-users@openssl.org Subject: Re: make: command not found , while installing mod_ssl You don't have the C compiler or developer tools installed. Install those, and 'make' will be installed, along with gcc. -Kyle H On 1/29/06, kadir iscmng [EMAIL PROTECTED] wrote: Hi .. I m using Cygwin , While installing mod_ssl I got the following error .. [EMAIL PROTECTED] ~/mod_ssl-2.8.25-1.3.34 $ ./configure --with-apache=../apache_1.3.34 Configuring mod_ssl/2.8.25 for Apache/1.3.34 + Apache location: ../apache_1.3.34 (Version 1.3.34) + Auxiliary patch tool: ./etc/patch/patch (local) ./configure:Error: Building of 'patch' tool failed: - checking for fcntl.h... (cached) yes checking for rename... (cached) yes checking for pathconf... (cached) yes checking for strerror... (cached) yes checking for long file names... (cached) yes creating ./config.status creating Makefile creating config.h config.h is unchanged ./configure: line 435: make: command not found - Hint: Either try to build 'patch' under etc/patch/ Hint: manually and re-run this 'configure' script Hint: or provide us the path to your vendor 'patch' Hint: program via the --with-patch=FILE option (but Hint: expect perhaps failures when applying patches!) i cant understand the exact the problem above .. I hope you will help me what I should exactly do to install mod_ssl .. By the way There was no package of mod_ssl for Cygwin to be installed .. Thanks for advance Your sincerely __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project
Re: CVSNT sserver SSL error
Your client is trying to use SSLv2, or SSLv3, and the server is configured to not allow that protocol. (Or, the server isn't configured to use any protocol.) I don't know the specifics of how to configure what you're doing, but I do know that there are environment variables available to specify what protocol versions to accept. -Kyle H On 1/31/06, Jason Williard [EMAIL PROTECTED] wrote: I just installed CVSNT 2.5.03.2151 on a Red Hat Enterprise 4 server. OpenSSL was previously installed with prefix /usr. When I attempt to connect using TortoiseCVS, I get the following error: SSL connection failed (-1): error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number cvs.exe [import aborted]: Connection to server failed Does anyone know what could be wrong? Thank You, Jason Williard __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]