Re: Sparc compiling problem
> I am having this same problem, only in English, Please let me know if you find the >answer. This is a problem in the current configuration script. You need to configure with the option "no_asm". It is now fixed in the CVS. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
OpenSSL - Frequently Asked Questions
OpenSSL - Frequently Asked Questions -- * Which is the current version of OpenSSL? * Where is the documentation? * How can I contact the OpenSSL developers? * Do I need patent licenses to use OpenSSL? * Is OpenSSL thread-safe? * Why do I get a "PRNG not seeded" error message? * Why does the linker complain about undefined symbols? * Where can I get a compiled version of OpenSSL? * Which is the current version of OpenSSL? The current version is available from http://www.openssl.org>. OpenSSL 0.9.5 was released on February 28th, 2000. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at ftp://ftp.openssl.org/snapshot/>, or get it by anonymous CVS access. * Where is the documentation? OpenSSL is a library that provides cryptographic functionality to applications such as secure web servers. Be sure to read the documentation of the application you want to use. The INSTALL file explains how to install this library. OpenSSL includes a command line utility that can be used to perform a variety of cryptographic functions. It is described in the openssl(1) manpage. Documentation for developers is currently being written. A few manual pages already are available; overviews over libcrypto and libssl are given in the crypto(3) and ssl(3) manpages. The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a different directory if you specified one as described in INSTALL). In addition, you can read the most current versions at http://www.openssl.org/docs/>. For information on parts of libcrypto that are not yet documented, you might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's predecessor, at http://www.columbia.edu/~ariel/ssleay/>. Much of this still applies to OpenSSL. There is some documentation about certificate extensions and PKCS#12 in doc/openssl.txt The original SSLeay documentation is included in OpenSSL as doc/ssleay.txt. It may be useful when none of the other resources help, but please note that it reflects the obsolete version SSLeay 0.6.6. * How can I contact the OpenSSL developers? The README file describes how to submit bug reports and patches to OpenSSL. Information on the OpenSSL mailing lists is available from http://www.openssl.org>. * Do I need patent licenses to use OpenSSL? The patents section of the README file lists patents that may apply to you if you want to use OpenSSL. For information on intellectual property rights, please consult a lawyer. The OpenSSL team does not offer legal advice. You can configure OpenSSL so as not to use RC5 and IDEA by using ./config no-rc5 no-idea Until the RSA patent expires, U.S. users may want to use ./config no-rc5 no-idea no-rsa Please note that you will *not* be able to communicate with most of the popular web browsers without RSA support. * Is OpenSSL thread-safe? Yes. On Windows and many Unix systems, OpenSSL automatically uses the multi-threaded versions of the standard libraries. If your platform is not one of these, consult the INSTALL file. Multi-threaded applications must provide two callback functions to OpenSSL. This is described in the threads(3) manpage. * Why do I get a "PRNG not seeded" error message? Cryptographic software needs a source of unpredictable data to work correctly. Many open source operating systems provide a "randomness device" that serves this purpose. On other systems, applications have to call the RAND_add() or RAND_seed() function with appropriate data before generating keys or performing public key encryption. Some broken applications do not do this. As of version 0.9.5, the OpenSSL functions that need randomness report an error if the random number generator has not been seeded with at least 128 bits of randomness. If this error occurs, please contact the author of the application you are using. It is likely that it never worked correctly. OpenSSL 0.9.5 makes the error visible by refusing to perform potentially insecure encryption. * Why does the linker complain about undefined symbols? Maybe the compilation was interrupted, and make doesn't notice that something is missing. Run "make clean; make". If you used ./Configure instead of ./config, make sure that you selected the right target. File formats may differ slightly between OS versions (for example sparcv8/sparcv9, or a.out/elf). If that doesn't help, you may want to try using the current snapshot. If the problem persists, please submit a bug report. * Where can I get a compiled version of OpenSSL? Some applications that use OpenSSL are distributed in binary form. When using such an application, you don't need to install OpenSSL yourself; the application will include the required parts (e.g. DLLs). If you want to install OpenSSL on a Windows system and you don't have a C compiler, read the "Mingw32" section of INSTALL.W32 for information on how to obtain and install the free GNU C com
Re: setting random seed generator under Windows NT
On Wed, May 10, 2000 at 11:02:43AM +0530, Amit Chopra wrote: > srand((unsigned)(time(NULL))); //C Runtime Function > seed[i] = rand(); //C Runtime function > Can somebody tell me if this method of seeding the RNG secure enough? It is not. rand() was never meant to be a cryptographic RNG. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: difference between OpenSSL and BSAFE libs?
On Fri, May 26, 2000, Martin Szotkowski wrote: > When I tested SSL-C this look like OpenSSL. (I know both start from SSLeay) > Are somewhere document differences betwteen this two products? > Go both by same way? > Is some type of cooperation there? > It's possible BSAFE libs modified as OpenSSL? > What is better? The OpenSSL changes are documented in the CHANGES file. You'll have to try to find out what RSA changed in SSL-C and compare it to OpenSSL (in particular if they fixed the major SSLeay bugs). __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: SSLeay on HP-UX¿s, which perl version?
On Thu, Jun 08, 2000, Sergio Basto wrote: > And the question is should i install a new version of perl, what the version that >you recommend and if perl5004 is more than enough for install OpenSSL? > How I can know what is the version of perl that I have install in /usr/contrib/bin ? perl 5.004 should be enough. You can run "perl -v" to get the version number. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: base64-encoding with openssl
On Wed, Jun 28, 2000, [EMAIL PROTECTED] wrote: > how can I encrypt a string with base64-encryption using openssl? openssl base64 But base64 is an encoding mechanism (just like hexadecimal encoding for example), not encryption. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Bug relating to /dev/urandom and RAND_egd in libcrypto.a
On Fri, Jun 30, 2000, Louis LeBlanc wrote: > RAND_bytes(entropy, 4000); > RAND_seed(entropy, 3000); > /* just giving myself some room until the code is working */ > > And everything works. No, nothing works, as you would have noticed, had you checked the RAND_bytes() return value. You still haven't grasped the concept: The "PRNG not seeded" error is not a bug in OpenSSL, it is a safety measure. OpenSSL stops when it detects that you are operating on an insecure PRNG state. Your task is not to trick OpenSSL into not noticing the insecurity, it is to provide sufficient randomness. The above code might win you a citation in future versions of Peter's paper on PRNG design, but it will not secure your data. Why don't you read the randomness manpages and use EGD? __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Randomness question
On Fri, Jul 21, 2000, Bennett Samowich wrote: > What if I were to take this routine and modify it so that it wrote to the > random device (/dev/random in my case) and just let it run in the > background or as a daemon? Aside from the extra CPU cycles would this > produce any ill-effects? Would it increase the quality of random numbers > generated by standard rand()/srand() mechanisms? No on both questions. It will not have any good or bad effects aside from wasting CPU time. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: RC5 question
On Fri, Jul 28, 2000, Jeff Hamilton wrote: > Does anyone have an idea as to what release of Openssl first contained RC5? It is in all versions of OpenSSL, and in some releases of SSLeay. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Error building 0.9.6 with ms\mingw32 on NT4
On Wed, Oct 11, 2000, Doug Serres wrote: > I am getting the error below when trying to build the 0.9.6 distribution using > Mingw32 on Windows NT 4 SP6. (I can build 0.9.5a with the same machine.) Where > can I get the missing files? >From a more recent Mingw32 distribution. If you don't want to update your compiler, as far as I know it is safe to just replace the Windows header files. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Licencing issues
On Mon, Nov 13, 2000, George Staikos wrote: > (I have emails here if you need to see these) Anyhow, is there > any chance of OpenSSL being released under GPL, or failing that, under a BSD > style licence without the advertising clause? The original authors now work for a company that sells a toolkit with the same functionality for a six figure price. Is there any chance of the GPL being changed to something less obnoxious? :) __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Licencing issues
On Mon, Nov 13, 2000, George Staikos wrote: > other people must be in this situation too, probably unknowingly. We have to > resolve this, and if what we are doing is not allowed, it should probably be > documented in the OpenSSL documentation. As far as the OpenSSL team is concerned, everybody is free to use OpenSSL. Unfortunately, the FSF is telling GPL software developers that they are not allowed to, and as I indicated we can't do anything about it. (The GPL is the only license with that problem that I know of. You can use OpenSSL even with the most evil commercially licensed SDK and of course with any other free software out there. Based on these facts I have come to the conclusion that that provision of the GPL is obnoxious - but thanks for caring about my reputation, Michael.) > [While you are reading this, keep in mind that this is KDE. We have to allow > redistribution in binary forms, on cds sold by vendors, and more. Some > platforms will be compiling and linking with a closed source commercial > compiler, linker and library too (ie HP-UX, IRIX, Solaris). This is not > negotiable.] OpenSSL is part of all major free operating systems and one or two commercial ones. You can use it on those systems, thanks to a special clause in the GPL. If you want to use it on any other systems, you'll have to change your license. Sorry. > > May I dynamically link my GPL-ed application to OpenSSL? > > You cannot do this without a special exception, lest redistribution of your > software will not be legal. Their own GnuPG is loading proprietary patent-protected modules at runtime. Is that hypocrisy or what? __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Licencing issues
On Tue, Nov 14, 2000, Ulf Moeller wrote: > OpenSSL is part of all major free operating systems and one or two commercial > ones. You can use it on those systems, thanks to a special clause in the > GPL. If you want to use it on any other systems, you'll have to change your > license. Sorry. I forgot to mention that I'm speaking for myself, not for the OpenSSL team or anyone else. Also, if you're in doubt about what the GPL does or doesn't allow, you should get legal advise. The FSF clearly has its own ideological agenda. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: installation problem
On Tue, Nov 14, 2000, Xiaohua Cheng wrote: > cc -o openssl -DMONOLITH -I../include -DTHREADS -D_REENTRANT -xtarget=ultra >-xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC >-DMD5_ASM openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o >gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o dsa.o dsaparam.o x509.o genrsa.o >gendsa.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o >version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o -L. -L.. >-L../.. -L../../.. -L.. -lssl -L.. -lcrypto -lsocket -lnsl You failed to include the "make report" output, so I can only gues, but probably your compiler flags are wrong. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Kurt Seifred's article on securityportal
On Wed, Dec 20, 2000, Gary Feldman wrote: > Let's be fair. As your example really points out, the problem in this > specific case (your example, not necessarily the "Accept this invalid > certificate case") is with the developers, not the users. Which browser would that be? Netscape has no default, and with IE the default is "no". __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]