headers
Arpadffy Zoltan | 1 Dec 2010 12:56
Picon

VMS upgrades and OpenSSL

Hello,

this is a very much VMS related question.

I have recently noticed that a VMS executable is sensitive to VMS upgrade if statically linked with an
OpenSSL library.

OpenSSL (0.9.8.h) is build under VMS 7.3-2 and statically linked with an executable.
This runs perfect on a VMS 7.3-2 system.

When the VMS is upgraded to VMS 8.3 the very same executable fails with

SSL error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt

error message in the function SSL_CTX_use_PrivateKey_file(ctx, serverKey, SSL_FILETYPE_PEM)

Does anybody have any experience eventually a suggestion that could lead to a solution?

Thank you in advance.

Regards,
Z

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev <at> openssl.org
Automated List Manager                           majordomo <at> openssl.org
Permalink | Reply | 1 comment |
headers
Kumaran Moodley via RT | 1 Dec 2010 15:03
Picon
Favicon

RE: [openssl.org #2371] Openssl mingw build error.

Thanks Andy.

I have updated to  openssl-1.0.0b and also had a problem building the code however there is a patch available
to fix the mingw compilation issue. I tried this patch and I have had no issues. Thanks for the help.  

On another note I found a bug on the openssl EVP_PKEY_verify(3) documentation
(http://www.openssl.org/docs/crypto/EVP_PKEY_verify.html). In the synopsis the API is defined as 

int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
                        const unsigned char *sig, size_t siglen,
                        const unsigned char *tbs, size_t tbslen);

However in the example section, 

/* Perform operation */
 ret = EVP_PKEY_verify(ctx, md, mdlen, sig, siglen);

Which shows that the message digest variables and the signature variables have been swapped around. I had
some signature failures due to that however everything is fine now when I put them correctly. The
documentation should be updated though. Thanks.  

Kind regards
Kumaran M

-----Original Message-----
From: Andy Polyakov via RT [mailto:rt <at> openssl.org] 
Sent: 19 November 2010 12:57 AM
To: Kumaran Moodley
Cc: openssl-dev <at> openssl.org
Subject: Re: [openssl.org #2371] Openssl mingw build error.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Doug Kaufman | 2 Dec 2010 07:03
Picon

Re: [openssl.org #2382] Win98 mingw problem with openssl head

On Wed, 1 Dec 2010, Andy Polyakov via RT wrote:

(I said:)
> > I thought that unicows had to be linked as the first library, so I
> > manually added -lunicows at the beginning of the LIBRARIES variable in
> > apps/Makefile, after Configure had completed.
> 
> ...
>
> >> 	else /*if (GetLastError()==ERROR_NO_UNICODE_TRANSLATION)*/
> >>
> >> I'm not suggesting this a fix, just trying to understand what happens
> >> exactly.
> > 
> > This seems to make the problems go away. With this commented out, the
> > application doesn't crash. Linking with libunicows does not appear
> > necessary. For openssl.exe version -a, see the attached file
> > "version.good".
> 
> I don't quite understand what happens if you do *not* uncomment and do
> *not* link with unicows? As mentioned I'm not comfortable with removing
> the above mentioned if clause, I'd rather adjust it. The fact that it
> works is proof enough that it's actually MultiByteToWideChar that
> returned 1004 and not wfopen. So could you test
> 
> 	else if ((ret=GetLastError())==ERROR_NO_UNICODE_TRANSLATION
> 		|| ret==ERROR_INVALID_FLAGS)
> 
> You'd have to add 'DWORD ret;' declaration after #ifdef _WIN32 in the
> beginning of function. A.
(Continue reading)

Permalink | Reply | 1 comment |
headers
dkaufman@rahul.net via RT | 2 Dec 2010 07:08
Picon
Favicon

Re: [openssl.org #2382] Win98 mingw problem with openssl head

On Wed, 1 Dec 2010, Andy Polyakov via RT wrote:

(I said:)
> > I thought that unicows had to be linked as the first library, so I
> > manually added -lunicows at the beginning of the LIBRARIES variable in
> > apps/Makefile, after Configure had completed.
> 
> ...
>
> >> 	else /*if (GetLastError()==ERROR_NO_UNICODE_TRANSLATION)*/
> >>
> >> I'm not suggesting this a fix, just trying to understand what happens
> >> exactly.
> > 
> > This seems to make the problems go away. With this commented out, the
> > application doesn't crash. Linking with libunicows does not appear
> > necessary. For openssl.exe version -a, see the attached file
> > "version.good".
> 
> I don't quite understand what happens if you do *not* uncomment and do
> *not* link with unicows? As mentioned I'm not comfortable with removing
> the above mentioned if clause, I'd rather adjust it. The fact that it
> works is proof enough that it's actually MultiByteToWideChar that
> returned 1004 and not wfopen. So could you test
> 
> 	else if ((ret=GetLastError())==ERROR_NO_UNICODE_TRANSLATION
> 		|| ret==ERROR_INVALID_FLAGS)
> 
> You'd have to add 'DWORD ret;' declaration after #ifdef _WIN32 in the
> beginning of function. A.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Stefan Birrer via RT | 2 Dec 2010 16:34
Picon
Favicon

[openssl.org #2386] Bug Report and Patch: Incompatible types in SKM_ASN1_SET_OF_d2i

Hi OpenSSL Devs,

I have found the following bug in crypto/stack/safestack.h:

The macro SKM_ASN1_SET_OF_d2i (crypto/stack/safestack.h: 181ff) expects a pointer to a
STACK_OF(type) as the second argument. A pointer to a pointer
to a STACK_OF(type) would be appropriate though. Consequently, the compiler reports an error if you call
one of the d2i_ASN1_SET_OF_≤TYPE> macros with
a pointer to a pointer to a STACK_OF(type).

The applied patch fixes this bug.

Cheers,
Stefan Birrer

--

-- 

 AdNovum Informatik AG
 Stefan Birrer, Software Engineer
 Dipl. Informatik-Ing. ETH

 Roentgenstrasse 22, CH-8005 Zurich
 mailto:stefan.birrer <at> adnovum.ch
 phone: +41 44 272 6111, fax: +41 44 272 6312
 http://www.adnovum.ch

 AdNovum Offices: Bern, Budapest, Singapore, Zurich (HQ)


(Continue reading)






Permalink
| Reply
| 0 comments  
| 



  

  

  





headers


Stefan Birrer via RT
 | 
2 Dec 2010 17:24






Picon

Favicon





ERRATA [openssl.org #2386] AutoReply: Bug Report and Patch: Incompatible types in SKM_ASN1_SET_OF_d2i


The suggested patch in my previous message was incorrect. Please find the corrected version attached.

Kind regards,
Stefan Birrer

On 2010-12-02 16:34, The default queue via RT wrote:
> 
> Greetings,
> 
> This message has been automatically generated in response to the
> creation of a trouble ticket regarding:
> 	"Bug Report and Patch: Incompatible types in SKM_ASN1_SET_OF_d2i", 
> a summary of which appears below.
> 
> There is no need to reply to this message right now.  Your ticket has been
> assigned an ID of [openssl.org #2386].
> 
> Please include the string:
> 
>          [openssl.org #2386]
> 
> in the subject line of all future correspondence about this issue. To do so, 
> you may reply to this message.
> 
>                         Thank you,
>                         rt <at> openssl.org
> 
> -------------------------------------------------------------------------
> Hi OpenSSL Devs,
> 

(Continue reading)






Permalink
| Reply
| 0 comments  
| 



  

  

  





headers


Arpadffy Zoltan
 | 
2 Dec 2010 17:45






Picon





RE: VMS upgrades and OpenSSL


Hello,

Meanwhile the problem is solved... all this is caused by the new C-RTL that handles wrong programming
habits on a different way, like non initialized variables are not memsetted etc.
In one word: this is not an OpenSSL issue.

However, what is interesting that using session cache caused also problems in the multithreaded (AST)
network application running under VMS 8.3, therefore it was needed to turn off (SSL_SESS_CACHE_OFF)

Regards,
Z

-----Original Message-----
From: Arpadffy Zoltan [mailto:Zoltan.Arpadffy <at> scientificgames.se]
Sent: den 1 december 2010 12:56
To: openssl-dev <at> openssl.org
Subject: VMS upgrades and OpenSSL

Hello,

this is a very much VMS related question.

I have recently noticed that a VMS executable is sensitive to VMS upgrade if statically linked with an
OpenSSL library.

OpenSSL (0.9.8.h) is build under VMS 7.3-2 and statically linked with an executable.
This runs perfect on a VMS 7.3-2 system.

When the VMS is upgraded to VMS 8.3 the very same executable fails with


(Continue reading)






Permalink
| Reply
| 0 comments  
| 



  

  

  





headers


Christoph Garst via RT
 | 
3 Dec 2010 12:04






Picon

Favicon





[openssl.org #2387] [PATCH] wrong handling of CAfile/CApath in s_client


Calling s_client with -CAfile or -CApath additionally loads CA certificates from default location.

Otherwise if calling s_client without those parameters, no CA certificates are loaded at all (should then
load default certificates instead).

-- 

Christoph Garst | cgarst <at> astaro.com | Software Engineer

Astaro GmbH & Co. KG | www.astaro.com | Phone +49-721-25516-0 | Fax -200

An der RaumFabrik 33a | 76227 Karlsruhe | Germany

Astaro GmbH & Co. KG

Commercial Register: Mannheim HRA 702710

Headquarter Location: Karlsruhe

Represented by the General Partner Astaro Verwaltungs GmbH

Commercial Register: Mannheim HRB 708248

An der RaumFabrik 33a | 76227 Karlsruhe | Germany

Executive Board: Gert Hansen, Markus Hennig, Jan Hichert, Günter Junk, Dr. Frank Nellissen







(Continue reading)






Permalink
| Reply
| 1 comment  
| 



  

  

  





headers


Tim Hollebeek
 | 
3 Dec 2010 22:02





RE: OpenSSL 0.9.8q released


Are these changes outside of the "FIPS Object Module"  ?
We want to upgrade, but need to be running in FIPS mode.

> -----Original Message-----
> From: owner-openssl-dev <at> openssl.org [mailto:owner-openssl-
> dev <at> openssl.org] On Behalf Of OpenSSL
> Sent: Thursday, December 02, 2010 2:18 PM
> To: openssl-announce <at> master.openssl.org; openssl-
> dev <at> master.openssl.org; openssl-users <at> master.openssl.org
> Subject: OpenSSL 0.9.8q released
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
>    OpenSSL version 0.9.8q released
>    ===============================
> 
>    OpenSSL - The Open Source toolkit for SSL/TLS
>    http://www.openssl.org/

> 
>    The OpenSSL project team is pleased to announce the release of
>    version 0.9.8q of our open source toolkit for SSL/TLS. This new
>    OpenSSL version is a security and bugfix release. For a complete
>    list of changes, please see
> 
>        http://www.openssl.org/source/exp/CHANGES.

> 
>    The most significant changes are:
> 

(Continue reading)






Permalink
| Reply
| 1 comment  
| 



  

  

  





headers


Dr. Stephen Henson
 | 
3 Dec 2010 22:56






Picon

Favicon





Re: OpenSSL 0.9.8q released


On Fri, Dec 03, 2010, Tim Hollebeek wrote:

> Are these changes outside of the "FIPS Object Module"  ?
> We want to upgrade, but need to be running in FIPS mode.
> 

None of the changes affect FIPS, just link with the 1.2.x module.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev <at> openssl.org
Automated List Manager                           majordomo <at> openssl.org







Permalink
| Reply
| 0 comments  
| 



  

  

  

  


  





    



Gmane