Loading CHANGES +43 −1 Original line number Diff line number Diff line Loading @@ -4,6 +4,48 @@ Changes between 0.9.6a and 0.9.6b [XX xxx XXXX] *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5 RSA encryption was accidentily removed in s3_srvr.c in OpenSSL 0.9.5 when fixing the server behaviour for backwards-compatible 'client hello' messages. (Note that the attack is impractical against SSL 3.0 and TLS 1.0 anyway because length and version checking means that the probability of guessing a valid ciphertext is around 2^-40; see section 5 in Bleichenbacher's CRYPTO '98 paper.) Before 0.9.5, the countermeasure (hide the error by generating a random 'decryption result') did not work properly because ERR_clear_error() was missing, meaning that SSL_get_error() would detect the supposedly ignored error. Both problems are now fixed. [Bodo Moeller] *) In crypto/bio/bf_buff.c, increase DEFAULT_BUFFER_SIZE to 4096 (previously it was 1024). [Bodo Moeller] *) Fix for compatibility mode trust settings: ignore trust settings unless some valid trust or reject settings are present. [Steve Henson] *) Fix for blowfish EVP: its a variable length cipher. [Steve Henson] *) Fix various bugs related to DSA S/MIME verification. Handle missing parameters in DSA public key structures and return an error in the DSA routines if parameters are absent. [Steve Henson] *) In versions up to 0.9.6, RAND_file_name() resorted to file ".rnd" in the current directory if neither $RANDFILE nor $HOME was set. RAND_file_name() in 0.9.6a returned NULL in this case. This has caused some confusion to Windows users who haven't defined $HOME. Thus RAND_file_name() is changed again: e_os.h can define a DEFAULT_HOME, which will be used if $HOME is not set. For Windows, we use "C:"; on other platforms, we still require environment variables. *) Move 'if (!initialized) RAND_poll()' into regions protected by CRYPTO_LOCK_RAND. This is not strictly necessary, but avoids having multiple threads call RAND_poll() concurrently. Loading Loading @@ -2382,7 +2424,7 @@ copied!) [Bodo Moeller] *) Bugfix: SSL_set_mode ignored its parameter, only SSL_CTX_set_mode *) Bugfix: SSL_set_options ignored its parameter, only SSL_CTX_set_options worked. *) Fix problems with no-hmac etc. Loading Configure +3 −0 Original line number Diff line number Diff line Loading @@ -143,6 +143,9 @@ my %table=( # error message. "solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### Solaris x86 with Sun C setups "solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### SPARC Solaris with GNU C setups "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", Loading FAQ +44 −12 Original line number Diff line number Diff line Loading @@ -17,6 +17,7 @@ OpenSSL - Frequently Asked Questions [USER] Questions on using the OpenSSL applications * Why do I get a "PRNG not seeded" error message? * Why do I get an "unable to write 'random state'" error message? * How do I create certificates or certificate requests? * Why can't I create certificate requests? * Why does <SSL program> fail with a certificate verify error? Loading Loading @@ -161,6 +162,7 @@ correctly. Many open source operating systems provide a "randomness device" that serves this purpose. On other systems, applications have to call the RAND_add() or RAND_seed() function with appropriate data before generating keys or performing public key encryption. (These functions initialize the pseudo-random number generator, PRNG.) Some broken applications do not do this. As of version 0.9.5, the OpenSSL functions that need randomness report an error if the random Loading @@ -170,18 +172,36 @@ application you are using. It is likely that it never worked correctly. OpenSSL 0.9.5 and later make the error visible by refusing to perform potentially insecure encryption. On systems without /dev/urandom, it is a good idea to use the Entropy Gathering Demon; see the RAND_egd() manpage for details. Most components of the openssl command line tool try to use the file $HOME/.rnd (or $RANDFILE, if this environment variable is set) for seeding the PRNG. If this file does not exist or is too short, the "PRNG not seeded" error message may occur. [Note to OpenSSL 0.9.5 users: The command "openssl rsa" in version 0.9.5 does not do this and will fail on systems without /dev/urandom when trying to password-encrypt an RSA key! This is a bug in the library; try a later version instead.] On systems without /dev/urandom and /dev/random, it is a good idea to use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for details. Starting with version 0.9.7, OpenSSL will automatically look for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and /etc/entropy. Most components of the openssl command line utility automatically try to seed the random number generator from a file. The name of the default seeding file is determined as follows: If environment variable RANDFILE is set, then it names the seeding file. Otherwise if environment variable HOME is set, then the seeding file is $HOME/.rnd. If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will use file .rnd in the current directory while OpenSSL 0.9.6a uses no default seeding file at all. OpenSSL 0.9.6b and later will behave similarly to 0.9.6a, but will use a default of "C:" for HOME on Windows systems if the environment variable has not been set. If the default seeding file does not exist or is too short, the "PRNG not seeded" error message may occur. The openssl command line utility will write back a new state to the default seeding file (and create this file if necessary) unless there was no sufficient seeding. Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work. Use the "-rand" option of the OpenSSL command line tools instead. The $RANDFILE environment variable and $HOME/.rnd are only used by the OpenSSL command line tools. Applications using the OpenSSL library provide their own configuration options to specify the entropy source, please check out the documentation coming the with application. For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested installing the SUNski package from Sun patch 105710-01 (Sparc) which Loading @@ -191,6 +211,18 @@ versions. However, be warned that /dev/random is usually a blocking device, which may have some effects on OpenSSL. * Why do I get an "unable to write 'random state'" error message? Sometimes the openssl command line utility does not abort with a "PRNG not seeded" error message, but complains that it is "unable to write 'random state'". This message refers to the default seeding file (see previous answer). A possible reason is that no default filename is known because neither RANDFILE nor HOME is set. (Versions up to 0.9.6 used file ".rnd" in the current directory in this case, but this has changed with 0.9.6a.) * How do I create certificates or certificate requests? Check out the CA.pl(1) manual page. This provides a simple wrapper round Loading INSTALL +4 −4 Original line number Diff line number Diff line Loading @@ -7,8 +7,11 @@ To install OpenSSL, you will need: * make * Perl 5 * an ANSI C compiler * a development environment in form of development libraries and C header files * a supported Unix operating system Quick Start Loading Loading @@ -43,9 +46,6 @@ --openssldir=DIR Directory for OpenSSL files. If no prefix is specified, the library files and binaries are also installed there. rsaref Build with RSADSI's RSAREF toolkit (this assumes that librsaref.a is in the library search path). no-threads Don't try to build with support for multi-threaded applications. Loading Loading @@ -128,7 +128,7 @@ directory, and the binary will be in the "apps" directory. If "make" fails, look at the output. There may be reasons for the failure that isn't a problem in OpenSSL itself (like missing the failure that aren't problems in OpenSSL itself (like missing standard headers). If it is a problem with OpenSSL itself, please report the problem to <openssl-bugs@openssl.org> (note that your message will be forwarded to a public mailing list). Include the Loading INSTALL.VMS +10 −0 Original line number Diff line number Diff line Loading @@ -8,6 +8,7 @@ Intro: This file is divided in the following parts: Requirements - Mandatory reading. Checking the distribution - Mandatory reading. Compilation - Mandatory reading. Logical names - Mandatory reading. Loading @@ -19,6 +20,15 @@ This file is divided in the following parts: TODO - Things that are to come. Requirements: ============= To build and install OpenSSL, you will need: * DEC C or some other ANSI C compiler. VAX C is *not* supported. [Note: OpenSSL has only been tested with DEC C. Compiling with a different ANSI C compiler may require some work] Checking the distribution: ========================== Loading Loading
CHANGES +43 −1 Original line number Diff line number Diff line Loading @@ -4,6 +4,48 @@ Changes between 0.9.6a and 0.9.6b [XX xxx XXXX] *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5 RSA encryption was accidentily removed in s3_srvr.c in OpenSSL 0.9.5 when fixing the server behaviour for backwards-compatible 'client hello' messages. (Note that the attack is impractical against SSL 3.0 and TLS 1.0 anyway because length and version checking means that the probability of guessing a valid ciphertext is around 2^-40; see section 5 in Bleichenbacher's CRYPTO '98 paper.) Before 0.9.5, the countermeasure (hide the error by generating a random 'decryption result') did not work properly because ERR_clear_error() was missing, meaning that SSL_get_error() would detect the supposedly ignored error. Both problems are now fixed. [Bodo Moeller] *) In crypto/bio/bf_buff.c, increase DEFAULT_BUFFER_SIZE to 4096 (previously it was 1024). [Bodo Moeller] *) Fix for compatibility mode trust settings: ignore trust settings unless some valid trust or reject settings are present. [Steve Henson] *) Fix for blowfish EVP: its a variable length cipher. [Steve Henson] *) Fix various bugs related to DSA S/MIME verification. Handle missing parameters in DSA public key structures and return an error in the DSA routines if parameters are absent. [Steve Henson] *) In versions up to 0.9.6, RAND_file_name() resorted to file ".rnd" in the current directory if neither $RANDFILE nor $HOME was set. RAND_file_name() in 0.9.6a returned NULL in this case. This has caused some confusion to Windows users who haven't defined $HOME. Thus RAND_file_name() is changed again: e_os.h can define a DEFAULT_HOME, which will be used if $HOME is not set. For Windows, we use "C:"; on other platforms, we still require environment variables. *) Move 'if (!initialized) RAND_poll()' into regions protected by CRYPTO_LOCK_RAND. This is not strictly necessary, but avoids having multiple threads call RAND_poll() concurrently. Loading Loading @@ -2382,7 +2424,7 @@ copied!) [Bodo Moeller] *) Bugfix: SSL_set_mode ignored its parameter, only SSL_CTX_set_mode *) Bugfix: SSL_set_options ignored its parameter, only SSL_CTX_set_options worked. *) Fix problems with no-hmac etc. Loading
Configure +3 −0 Original line number Diff line number Diff line Loading @@ -143,6 +143,9 @@ my %table=( # error message. "solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### Solaris x86 with Sun C setups "solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### SPARC Solaris with GNU C setups "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", Loading
FAQ +44 −12 Original line number Diff line number Diff line Loading @@ -17,6 +17,7 @@ OpenSSL - Frequently Asked Questions [USER] Questions on using the OpenSSL applications * Why do I get a "PRNG not seeded" error message? * Why do I get an "unable to write 'random state'" error message? * How do I create certificates or certificate requests? * Why can't I create certificate requests? * Why does <SSL program> fail with a certificate verify error? Loading Loading @@ -161,6 +162,7 @@ correctly. Many open source operating systems provide a "randomness device" that serves this purpose. On other systems, applications have to call the RAND_add() or RAND_seed() function with appropriate data before generating keys or performing public key encryption. (These functions initialize the pseudo-random number generator, PRNG.) Some broken applications do not do this. As of version 0.9.5, the OpenSSL functions that need randomness report an error if the random Loading @@ -170,18 +172,36 @@ application you are using. It is likely that it never worked correctly. OpenSSL 0.9.5 and later make the error visible by refusing to perform potentially insecure encryption. On systems without /dev/urandom, it is a good idea to use the Entropy Gathering Demon; see the RAND_egd() manpage for details. Most components of the openssl command line tool try to use the file $HOME/.rnd (or $RANDFILE, if this environment variable is set) for seeding the PRNG. If this file does not exist or is too short, the "PRNG not seeded" error message may occur. [Note to OpenSSL 0.9.5 users: The command "openssl rsa" in version 0.9.5 does not do this and will fail on systems without /dev/urandom when trying to password-encrypt an RSA key! This is a bug in the library; try a later version instead.] On systems without /dev/urandom and /dev/random, it is a good idea to use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for details. Starting with version 0.9.7, OpenSSL will automatically look for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and /etc/entropy. Most components of the openssl command line utility automatically try to seed the random number generator from a file. The name of the default seeding file is determined as follows: If environment variable RANDFILE is set, then it names the seeding file. Otherwise if environment variable HOME is set, then the seeding file is $HOME/.rnd. If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will use file .rnd in the current directory while OpenSSL 0.9.6a uses no default seeding file at all. OpenSSL 0.9.6b and later will behave similarly to 0.9.6a, but will use a default of "C:" for HOME on Windows systems if the environment variable has not been set. If the default seeding file does not exist or is too short, the "PRNG not seeded" error message may occur. The openssl command line utility will write back a new state to the default seeding file (and create this file if necessary) unless there was no sufficient seeding. Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work. Use the "-rand" option of the OpenSSL command line tools instead. The $RANDFILE environment variable and $HOME/.rnd are only used by the OpenSSL command line tools. Applications using the OpenSSL library provide their own configuration options to specify the entropy source, please check out the documentation coming the with application. For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested installing the SUNski package from Sun patch 105710-01 (Sparc) which Loading @@ -191,6 +211,18 @@ versions. However, be warned that /dev/random is usually a blocking device, which may have some effects on OpenSSL. * Why do I get an "unable to write 'random state'" error message? Sometimes the openssl command line utility does not abort with a "PRNG not seeded" error message, but complains that it is "unable to write 'random state'". This message refers to the default seeding file (see previous answer). A possible reason is that no default filename is known because neither RANDFILE nor HOME is set. (Versions up to 0.9.6 used file ".rnd" in the current directory in this case, but this has changed with 0.9.6a.) * How do I create certificates or certificate requests? Check out the CA.pl(1) manual page. This provides a simple wrapper round Loading
INSTALL +4 −4 Original line number Diff line number Diff line Loading @@ -7,8 +7,11 @@ To install OpenSSL, you will need: * make * Perl 5 * an ANSI C compiler * a development environment in form of development libraries and C header files * a supported Unix operating system Quick Start Loading Loading @@ -43,9 +46,6 @@ --openssldir=DIR Directory for OpenSSL files. If no prefix is specified, the library files and binaries are also installed there. rsaref Build with RSADSI's RSAREF toolkit (this assumes that librsaref.a is in the library search path). no-threads Don't try to build with support for multi-threaded applications. Loading Loading @@ -128,7 +128,7 @@ directory, and the binary will be in the "apps" directory. If "make" fails, look at the output. There may be reasons for the failure that isn't a problem in OpenSSL itself (like missing the failure that aren't problems in OpenSSL itself (like missing standard headers). If it is a problem with OpenSSL itself, please report the problem to <openssl-bugs@openssl.org> (note that your message will be forwarded to a public mailing list). Include the Loading
INSTALL.VMS +10 −0 Original line number Diff line number Diff line Loading @@ -8,6 +8,7 @@ Intro: This file is divided in the following parts: Requirements - Mandatory reading. Checking the distribution - Mandatory reading. Compilation - Mandatory reading. Logical names - Mandatory reading. Loading @@ -19,6 +20,15 @@ This file is divided in the following parts: TODO - Things that are to come. Requirements: ============= To build and install OpenSSL, you will need: * DEC C or some other ANSI C compiler. VAX C is *not* supported. [Note: OpenSSL has only been tested with DEC C. Compiling with a different ANSI C compiler may require some work] Checking the distribution: ========================== Loading
