Geoff Thorpe via RT | 1 Apr 02:45 2003
Picon

[openssl.org #401] Bug in openssl-0.9.7-stable install_docs (head3)


OK, Steve's just updated the head of CVS by removing the "=head3" tags
as I'd already done in 0.9.7-stable. I had resisted doing this in the
head whilst making attempts to discuss the alternative of improving our
pod compilation. Unfortunately those attempts fell on deaf ears, so I'm
officially giving up on this ticket now. :-)

--

-- 
Geoff Thorpe, RT/openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev <at> openssl.org
Automated List Manager                           majordomo <at> openssl.org

Stephen Henson via RT | 1 Apr 02:55 2003
Picon

[openssl.org #401] Bug in openssl-0.9.7-stable install_docs (head3)


[geoff - Tue Apr  1 02:45:20 2003]:

> OK, Steve's just updated the head of CVS by removing the "=head3" tags
> as I'd already done in 0.9.7-stable. I had resisted doing this in the
> head whilst making attempts to discuss the alternative of improving
> our
> pod compilation. Unfortunately those attempts fell on deaf ears, so
> I'm
> officially giving up on this ticket now. :-)

Oops. I'd forgotten about this ticket. I just added the same "fix" to
the head to stop the damn pod compiler complaining.

Feel free to do anything else...

Steve.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev <at> openssl.org
Automated List Manager                           majordomo <at> openssl.org

Stephen Henson via RT | 1 Apr 03:41 2003
Picon

[openssl.org #552] [Fwd: Bug#186490: libssl0.9.7: EVP_{En,De}cryptFinal() don't free ctx parameter]


An application should call EVP_CIPHER_CTX_cleanup() after a cipher
context is finished with to free up any allocated memory.

Before 0.9.7 not calling this function on a ctx wouldn't leak memory but
it would still leave sensitive information around: so calling it was
always a good idea.

Unfortunately it isn't possible to free up the context in the EVP_*Final
function because this would break existing applications which reuse a
cipher context after calling EVP_*Final().

Steve.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev <at> openssl.org
Automated List Manager                           majordomo <at> openssl.org

Guus Sliepen via RT | 1 Apr 12:04 2003
Picon

Re: Bug#186490: [Fwd: Bug#186490: [openssl.org #552] [Fwd: Bug#186490: libssl0.9.7: EVP_{En,De}cryptFinal() don't free ctx parameter]]


On Tue, Apr 01, 2003 at 09:32:33AM +0200, Christoph Martin wrote:

> An application should call EVP_CIPHER_CTX_cleanup() after a cipher
> context is finished with to free up any allocated memory.
> 
> Before 0.9.7 not calling this function on a ctx wouldn't leak memory but
> it would still leave sensitive information around: so calling it was
> always a good idea.
> 
> Unfortunately it isn't possible to free up the context in the EVP_*Final
> function because this would break existing applications which reuse a
> cipher context after calling EVP_*Final().

So I can safely call EVP_*Init() on the same ctx without freeing
inbetween? Why are there *_ex() functions which don't free stuff
when the *() functions now don't free stuff either?

Whatever you want the functions to do, please make sure the manpages
contain correct information.

--

-- 
Met vriendelijke groet / with kind regards,
    Guus Sliepen <guus <at> sliepen.eu.org>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev <at> openssl.org
Automated List Manager                           majordomo <at> openssl.org

(Continue reading)

Stephen Henson via RT | 1 Apr 14:07 2003
Picon

[openssl.org #552] [Fwd: Bug#186490: libssl0.9.7: EVP_{En,De}cryptFinal() don't free ctx parameter]


[guus <at> sliepen.eu.org - Tue Apr  1 12:04:10 2003]:

> On Tue, Apr 01, 2003 at 09:32:33AM +0200, Christoph Martin wrote:
> 
> 
> So I can safely call EVP_*Init() on the same ctx without freeing
> inbetween? Why are there *_ex() functions which don't free stuff
> when the *() functions now don't free stuff either?
> 
> Whatever you want the functions to do, please make sure the manpages
> contain correct information.

No you can't completely reuse the same ctx. 

You can *only* reuse exactly the same key and IV the last context used
by calling EVP_*Init() with all parameters NULL apart from the ctx. This
is a little known feature of the EVP_*Init() functions but some code
makes use of it so we have to retain compatibility. However this feature
means that we can't free up the ctx automatically in EVP_*Final().

The problem with the old EVP_*Init() functions is that they were
typically called like this:

EVP_CIPHER_CTX ctx;

EVP_CipherInit(ctx, ...);

This means that EVP_CipherInit() cannot make *any* assumptions about the
state of 'ctx' because it is completely uninitialized. So it has to
(Continue reading)

L.Walkiewicz | 1 Apr 15:14 2003
Picon

Compilation with -DOPENSSL_NO_SOCK

Hi!

I'm trying to adapt openssl-0.9.7a for Amoeba distributed system. There is
no BSD socket api, so I have just turned it off by compiling without
sockets. OPENSSL_NO_SOCK option referes to bss_conn.c in crypto/bio.

In my opinion there is some kind of inconsistence because libs are compiling
fine and test are not.... ssltest in example.

How will effect on libssl that I have compiled it without bss_conn.c?

Greets,

Lucas
lwalkiew <at> ia.pw.edu.pl
http://www.lucastm.republika.pl

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev <at> openssl.org
Automated List Manager                           majordomo <at> openssl.org

Bodo Moeller via RT | 1 Apr 16:58 2003
Picon

[openssl.org #558] Patch Openssl 0.9.7a for AIX 5.2 to use /dev/urandom


No patch should be required, not even AIX can be that weird.  An
official specification for select() is available at
http://publibn.boulder.ibm.com/doc_link/en_US/a_doc_lib/libs/commtrf1/select.htm

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev <at> openssl.org
Automated List Manager                           majordomo <at> openssl.org

Bodo Moeller via RT | 1 Apr 17:00 2003
Picon

[openssl.org #558] Patch Openssl 0.9.7a for AIX 5.2 to use /dev/urandom


[bodo - Tue Apr  1 16:58:47 2003]:

> No patch should be required, not even AIX can be that weird.  An
> official specification for select() is available at
>
http://publibn.boulder.ibm.com/doc_link/en_US/a_doc_lib/libs/commtrf1/select.htm
> 

This was the wrong link, I meant the www.opengroup.org link that appears
my other message ...

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev <at> openssl.org
Automated List Manager                           majordomo <at> openssl.org

Bodo Moeller via RT | 1 Apr 16:59 2003
Picon

[openssl.org #558] Patch Openssl 0.9.7a for AIX 5.2 to use /dev/urandom


No patch should be required, not even AIX can be that weird.  An
official specification for select() is available at
http://www.opengroup.org/onlinepubs/007908799/xsh/select.html

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev <at> openssl.org
Automated List Manager                           majordomo <at> openssl.org

Bodo Moeller | 1 Apr 17:22 2003
Picon

Re: RSA Blinding patch and a recent snapshot.

On Mon, Mar 31, 2003 at 03:01:27PM -0500, Greaney, Kevin wrote:

> 	I downloaded a snapshot recently,
> openssl-e-0.9.6-stable-SNAP-20030327.tar.gz,
>  and was comparing the files [.crypto.rsa]rsa_eay.c AND
> [.crypto.rsa]rsa_lib.c.  I noticed
>  that in rsa_eay.c that the patch used the "positive" when comparing,
> RSA_FLAG_BLINDING,
>  and the snapshot used the negative, RSA_FLAG_NO_BLINDING.  Here is the
> macro
>  BLINDING_HELPER, and it shows the differences: [...]

>  	As for RSA_LIB.C, it looks like only part of the patch has been 
>  applied to the snapshot.  [...]

The "missing" changes to rsa_lib.c have been obviated by the other
changes.  (The OPENSSL_NO_FORCE_RSA_BLINDING compilation flag found in
the patch no longer exists, but blinding now works when the PRNG has
insufficient seeding, and this avoids a severe problem with having
blinding always enabled.)

--

-- 
Bodo Möller <moeller <at> cdc.informatik.tu-darmstadt.de>
PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev <at> openssl.org
Automated List Manager                           majordomo <at> openssl.org
(Continue reading)


Gmane