OpenSSL

OpenSSL-1.0.0s development kit for OS2-KNIX (kLIBC). Requires OS/2 Warp V4 fix5 or later, TCP/IP for OS/2, kLIBC 0.6.3, gcc 3.3.5 csd3.

OpenSSL-1.0.0o runtime kit for OS2-KNIX (kLIBC). Requires OS/2 Warp V4 fix5 or later, TCP/IP for OS/2, kLIBC 0.6.3.

OpenSSL v1.0.1k for OS/2. Includes binaries and diff.

OpenSSL-1.0.0o runtime kit for OS2-KNIX (kLIBC). Requires OS/2 Warp V4 fix5 or later, TCP/IP for OS/2, kLIBC 0.6.3.

2014-10-16 - openssl 1.0.0o

2014-08-07 - openssl 1.0.0n

2014-06-06 - openssl 1.0.0m

2014-06-06 - openssl 1.0.0m

2014-06-06 - openssl 1.0.0m

2014-05-14 - security fix: CVE-2014-0198

OpenSSL 1.0.0l *experimental* port for OS/2 (EMX, kLIBC 0.6.x) Important change(s) from 0.9.8 (for OS/2): - different DLL module name. (I think that v1.0.0 has not `complete- upward-compatibility' with v0.9.8. Some functions are missing...) Installation (OS2-KNIX): 1. unzip runtime-zip into some directory. 2. unzip dev-zip into the same directory (if you need development toolkit). 3. add '(the directory)\bin' to PATH 4. add '(the directory)\dll' to LIBPATH 5. set the environment variable OPENSSL_CONF to point 'ssl/openssl.cnf' set OPENSSL_CONF=(the directory)\ssl\openssl.cnf (I have no idea about which is the best directory for end-users (non-developer) to install runtime. some ideas... e.g. /usr/local (openssl default configuration) /usr (commonly unix style) /etc (some unix style) /MPTN/ETC (some unix style, a la OS/2) /extras (Paul Smedley's bldenv) /openssl (unique directory for openssl) x:\OS2 (installed as OS2/eCS `system' components) It is supposed the development kit will be installed into the directory /extras, bacause this package is configured with '--prefix=/extras'.) Installation (OS2-EMX) 1. just unzip os2emx-package into the directory \emx. How to build (OS2-KNIX): 1. apply the patch. 2. os2\OS2-KNIX.cmd default 3. make -f os2/OS2-KNIX-DLL.mak How to build (OS2-EMX): 1. apply the patch. 2. os2\OS2-EMX.cmd default 3. make -f os2/OS2-EMX-DLL.mak note: You should need updated bintuils (as.exe). History: 2010-04-07 - configured for generic `gcc' build, without assembly codes and experimental features. 2010-04-09 - OS2-EMX, OS2-KNIX build (using assembly codes) 2010-06-03 - version 1.0.0a 2010-06-30 - crypto/rand/rand_os2.c: fix thread-unsafed RAND_pool() 2010-10-04 - crypto/rand/rand_os2.c: more fix RAND_pool() for more-than-2 CPUs (replacing DosPerfSysCall with libc's random) (I hope someone will write proper CSPRNG like /dev/random on modern Unix-like systems for OS2/eCS...) 2010-10-13 - e_os.h: use syslog (BIO_s_log) on knix 2010-11-17 - openssl 1.0.0b 2010-12-03 - openssl 1.0.0c 2011-02-09 - openssl 1.0.0d - fixed: import libraries' name (crypto.a -> libcrypto.a, ssl.a -> libssl.a) 2011-09-10 - openssl 1.0.0e - workaround for parallel build (make -f OS2-KNIX-DLL.mak mkdirs && make -f OS2-KNIX-DLL.mak -j4) 2012-01-07 - openssl 1.0.0f - with zlib 1.2.5 2012-01-21 - openssl 1.0.0g 2012-03-13 - openssl 1.0.0h 2012-04-20 - openssl 1.0.0i 2012-05-11 - openssl 1.0.0j - default configuration CFLAGS: -march=pentium -mtune=generic (OS2KNIX) LDFLAGS: -Zhigh-mem (OS2KNIX) 2013-02-07 - openssl 1.0.0k - with zlib 1.2.7 - applied http://svn.netlabs.org/ports/changeset/578 2014-01-08 - openssl 1.0.0l - with zlib 1.2.8 2014-05-11 - security fixes: CVE-2010-5298 and CVE-2014-0076

2014-05-11 - security fixes: CVE-2010-5298 and CVE-2014-0076

OpenSSL 1.0.0k *experimental* port for OS/2 (EMX, kLIBC 0.6.x) Important change(s) from 0.9.8 (for OS/2): - different DLL module name. (I think that v1.0.0 has not `complete- upward-compatibility' with v0.9.8. Some functions are missing...) Installation (OS2-KNIX): 1. unzip runtime-zip into some directory. 2. unzip dev-zip into the same directory (if you need development toolkit). 3. add '(the directory)\bin' to PATH 4. add '(the directory)\dll' to LIBPATH 5. set the environment variable OPENSSL_CONF to point 'ssl/openssl.cnf' set OPENSSL_CONF=(the directory)\ssl\openssl.cnf (I have no idea about which is the best directory for end-users (non-developer) to install runtime. some ideas... e.g. /usr/local (openssl default configuration) /usr (commonly unix style) /etc (some unix style) /MPTN/ETC (some unix style, a la OS/2) /extras (Paul Smedley's bldenv) /openssl (unique directory for openssl) x:\OS2 (installed as OS2/eCS `system' components) It is supposed the development kit will be installed into the directory /extras, bacause this package is configured with '--prefix=/extras'.) Installation (OS2-EMX) 1. just unzip os2emx-package into the directory \emx. How to build (OS2-KNIX): 1. apply the patch. 2. os2\OS2-KNIX.cmd default 3. make -f os2/OS2-KNIX-DLL.mak How to build (OS2-EMX): 1. apply the patch. 2. os2\OS2-EMX.cmd default 3. make -f os2/OS2-EMX-DLL.mak note: You should need updated bintuils (as.exe). History: 2010-04-07 - configured for generic `gcc' build, without assembly codes and experimental features. 2010-04-09 - OS2-EMX, OS2-KNIX build (using assembly codes) 2010-06-03 - version 1.0.0a 2010-06-30 - crypto/rand/rand_os2.c: fix thread-unsafed RAND_pool() 2010-10-04 - crypto/rand/rand_os2.c: more fix RAND_pool() for more-than-2 CPUs (replacing DosPerfSysCall with libc's random) (I hope someone will write proper CSPRNG like /dev/random on modern Unix-like systems for OS2/eCS...) 2010-10-13 - e_os.h: use syslog (BIO_s_log) on knix 2010-11-17 - openssl 1.0.0b 2010-12-03 - openssl 1.0.0c 2011-02-09 - openssl 1.0.0d - fixed: import libraries' name (crypto.a -> libcrypto.a, ssl.a -> libssl.a) 2011-09-10 - openssl 1.0.0e - workaround for parallel build (make -f OS2-KNIX-DLL.mak mkdirs && make -f OS2-KNIX-DLL.mak -j4) 2012-01-07 - openssl 1.0.0f - with zlib 1.2.5 2012-01-21 - openssl 1.0.0g 2012-03-13 - openssl 1.0.0h 2012-04-20 - openssl 1.0.0i 2012-05-11 - openssl 1.0.0j - default configuration CFLAGS: -march=pentium -mtune=generic (OS2KNIX) LDFLAGS: -Zhigh-mem (OS2KNIX) 2013-02-07 - openssl 1.0.0k - with zlib 1.2.7 - applied http://svn.netlabs.org/ports/changeset/578

OpenSSL 0.9.8y experimental port for genuine EMX (OS2-EMX) and klibc 0.6.x (OS2-KNIX). System Requirement ------------------ Runtime (OS2-KNIX): - OS/2 Warp V4 or later - Pentium or above CPU - 32 bit TCP/IP for OS/2 (TCPIP32) - kLIBC 0.6.x (0.6.3 or later) Runtime (OS2-EMX): - OS/2 Warp V3 or later - i486 or above CPU - TCP/IP for OS/2 - EMX runtime (0.9d fix 04) (Note zlib 1.2.7 has linked statically with runtime DLLs.) Development Kit: - (OS2-KNIX) gcc 3.3.5 or later - (OS2-EMX) gcc 2.8.1 - zlib (1.2.7) Quick and Dirty Installation (OS2-KNIX) --------------------------------------- Runtime: 1. unzip runtime zip into some directory. 2. add '(the directory)\bin' to PATH 3. add '(the directory)\dll' to LIBPATH 4. set the environment variable OPENSSL_CONF to point 'ssl/openssl.cnf' set OPENSSL_CONF=(the directory)\ssl\openssl.cnf (I have no idea about which is the best directory for end-users (non-developer) to install runtime. some ideas... e.g. /usr/local (openssl default configuration) /usr (commonly unix style) /etc (some unix style) /MPTN/ETC (some unix style, a la OS/2) /extras (Paul Smedley's bldenv) /openssl (unique directory for openssl) x:\OS2 (installed as OS2/eCS `system' components) It is supposed the development kit will be installed into the directory /extras, bacause this package is configured with '--prefix=/extras'. ) Quick and Dirty Installation (OS2-EMX) --------------------------------------- Runtime: - copy os2_dll\openssl.exe into \emx\bin. - copy os2_dll\*.dll into \emx\dll. Development kit: - copy os2_include\* into \emx\include. - copy os2_dll\*.a and os2_dll\*.lib into \emx\lib. How to build runtime DLLs and libraries --------------------------------------- Prerequisites: - EMX runtime and development kits - perl - grep - sed - Unix style shell sh.exe - GNU make - Unix style utilities: cp, mv, rm (and more, maybe) - NetLabs gcc 3.3.5 or later (OS2-KNIX) - Unix style patch to apply *.diff Configuration and Make (OS2-EMX): on OS/2 command prompt: > os2\OS2-EMX default > make -f OS2-EMX-DLL.mak Configuration and Make (OS2-KNIX): on OS/2 command prompt: > os2\OS2-KNIX default > make -f OS2-KNIX-DLL.mak (and see INSTALL.OS2 in official OpenSSL package.)

OpenSSL 0.9.8y experimental port for genuine EMX (OS2-EMX) and klibc 0.6.x (OS2-KNIX). System Requirement ------------------ Runtime (OS2-KNIX): - OS/2 Warp V4 or later - Pentium or above CPU - 32 bit TCP/IP for OS/2 (TCPIP32) - kLIBC 0.6.x (0.6.3 or later) Runtime (OS2-EMX): - OS/2 Warp V3 or later - i486 or above CPU - TCP/IP for OS/2 - EMX runtime (0.9d fix 04) (Note zlib 1.2.7 has linked statically with runtime DLLs.) Development Kit: - (OS2-KNIX) gcc 3.3.5 or later - (OS2-EMX) gcc 2.8.1 - zlib (1.2.7) Quick and Dirty Installation (OS2-KNIX) --------------------------------------- Runtime: 1. unzip runtime zip into some directory. 2. add '(the directory)\bin' to PATH 3. add '(the directory)\dll' to LIBPATH 4. set the environment variable OPENSSL_CONF to point 'ssl/openssl.cnf' set OPENSSL_CONF=(the directory)\ssl\openssl.cnf (I have no idea about which is the best directory for end-users (non-developer) to install runtime. some ideas... e.g. /usr/local (openssl default configuration) /usr (commonly unix style) /etc (some unix style) /MPTN/ETC (some unix style, a la OS/2) /extras (Paul Smedley's bldenv) /openssl (unique directory for openssl) x:\OS2 (installed as OS2/eCS `system' components) It is supposed the development kit will be installed into the directory /extras, bacause this package is configured with '--prefix=/extras'. ) Quick and Dirty Installation (OS2-EMX) --------------------------------------- Runtime: - copy os2_dll\openssl.exe into \emx\bin. - copy os2_dll\*.dll into \emx\dll. Development kit: - copy os2_include\* into \emx\include. - copy os2_dll\*.a and os2_dll\*.lib into \emx\lib. How to build runtime DLLs and libraries --------------------------------------- Prerequisites: - EMX runtime and development kits - perl - grep - sed - Unix style shell sh.exe - GNU make - Unix style utilities: cp, mv, rm (and more, maybe) - NetLabs gcc 3.3.5 or later (OS2-KNIX) - Unix style patch to apply *.diff Configuration and Make (OS2-EMX): on OS/2 command prompt: > os2\OS2-EMX default > make -f OS2-EMX-DLL.mak Configuration and Make (OS2-KNIX): on OS/2 command prompt: > os2\OS2-KNIX default > make -f OS2-KNIX-DLL.mak (and see INSTALL.OS2 in official OpenSSL package.)

OpenSSL 1.0.0a *experimental* port for OS/2 (EMX, kLIBC) Important change(s) from 0.9.8 (for OS/2): - different DLL module name. (I think that v1.0.0 has not `complete- upward-compatibility' with v0.9.8. Some functions are missing...) Installation (OS2-KNIX): 1. unzip runtime-zip into some directory. 2. unzip dev-zip into the same directory (if you need development toolkit). 3. add '(the directory)\bin' to PATH 4. add '(the directory)\dll' to LIBPATH 5. set the environment variable OPENSSL_CONF to point 'ssl/openssl.cnf' set OPENSSL_CONF=(the directory)\ssl\openssl.cnf (I have no idea about which is the best directory for end-users (non-developer) to install runtime. some ideas... e.g. /usr/local (openssl default configuration) /usr (commonly unix style) /etc (some unix style) /MPTN/ETC (some unix style, a la OS/2) /extras (Paul Smedley's bldenv) /openssl (unique directory for openssl) x:\OS2 (installed as OS2/eCS `system' components) It is supposed the development kit will be installed into the directory /extras, bacause this package is configured with '--prefix=/extras'.) Installation (OS2-EMX) 1. just unzip os2emx-package into the directory \emx. How to build (OS2-KNIX): 1. apply the patch. 2. os2\OS2-KNIX.cmd default 3. make -f os2/OS2-KNIX-DLL.mak How to build (OS2-EMX): 1. apply the patch. 2. os2\OS2-EMX.cmd default 3. make -f os2/OS2-EMX-DLL.mak note: You should need updated bintuils (as.exe). History: 2010-04-07 - configured for generic `gcc' build, without assembly codes and experimental features. 2010-04-09 - OS2-EMX, OS2-KNIX build (with assmbly codes) 2010-06-03 - version 1.0.0a

OpenSSL 0.9.8o experimental port for genuine EMX (OS2-EMX) and klibc 0.6.x (OS2-KNIX). System Requirement ------------------ Runtime (OS2-KNIX): - OS/2 Warp V4 or later - Pentium or above CPU - 32 bit TCP/IP for OS/2 (TCPIP32) - kLIBC 0.6.3 Runtime (OS2-EMX): - OS/2 Warp V3 or later - i486 or above CPU - TCP/IP for OS/2 - EMX runtime (0.9d fix 04) (Note zlib 1.2.3 has linked statically with runtime DLLs.) Development Kit: - (OS2-KNIX) gcc 3.3.5 or later - (OS2-EMX) gcc 2.8.1 - zlib (1.2.3) System Recommendation --------------------- - perl (5.10 or later) Quick and Dirty Installation (OS2-KNIX) --------------------------------------- Runtime: 1. unzip runtime zip into some directory. 2. add '(the directory)\bin' to PATH 3. add '(the directory)\dll' to LIBPATH 4. set the environment variable OPENSSL_CONF to point 'ssl/openssl.cnf' set OPENSSL_CONF=(the directory)\ssl\openssl.cnf (I have no idea about which is the best directory for end-users (non-developer) to install runtime. some ideas... e.g. /usr/local (openssl default configuration) /usr (commonly unix style) /etc (some unix style) /MPTN/ETC (some unix style, a la OS/2) /extras (Paul Smedley's bldenv) /openssl (unique directory for openssl) x:\OS2 (installed as OS2/eCS `system' components) It is supposed the development kit will be installed into the directory /extras, bacause this package is configured with '--prefix=/extras'. ) Quick and Dirty Installation (OS2-EMX) --------------------------------------- Runtime: - copy os2_dll/openssl.exe into \emx\bin. - copy os2_dll/*.dll into \emx\dll. Development kit: - copy os2_include/* into \emx\include. - copy os2_dll/*.a and os2_dll/*.lib into \emx\lib. How to build runtime DLLs and libraries --------------------------------------- Prerequisites: - EMX runtime and development kits - perl - grep - sed - Unix style shell sh.exe - GNU make - Unix style utilities: cp, mv, rm (and more, maybe) - NetLabs gcc 3.3.5 or later (OS2-KNIX) - Unix style patch to apply *.diff Configuration and Make (OS2-EMX): on OS/2 command prompt: > os2\OS2-EMX default > make -f OS2-EMX-DLL.mak Configuration and Make (OS2-KNIX): on OS/2 command prompt: > os2\OS2-KNIX default > make -f OS2-KNIX-DLL.mak (and see INSTALL.OS2 in official OpenSSL package.)

OpenSSL CHANGES _______________ Changes between 0.9.8m and 0.9.8n [24 Mar 2010] *) When rejecting SSL/TLS records due to an incorrect version number, never update s->server with a new major version number. As of - OpenSSL 0.9.8m if 'short' is a 16-bit type, - OpenSSL 0.9.8f if 'short' is longer than 16 bits, the previous behavior could result in a read attempt at NULL when receiving specific incorrect SSL/TLS records once record payload protection is active. (CVE-2010-0740) [Bodo Moeller, Adam Langley <agl@chromium.org>] *) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL could be crashed if the relevant tables were not present (e.g. chrooted). [Tomas Hoger <thoger@redhat.com>]

OpenSSL CHANGES _______________ Changes between 0.9.8l and 0.9.8m [25 Feb 2010] *) Always check bn_wexpend() return values for failure. (CVE-2009-3245) [Martin Olsson, Neel Mehta] *) Fix X509_STORE locking: Every 'objs' access requires a lock (to accommodate for stack sorting, always a write lock!). [Bodo Moeller] *) On some versions of WIN32 Heap32Next is very slow. This can cause excessive delays in the RAND_poll(): over a minute. As a workaround include a time check in the inner Heap32Next loop too. [Steve Henson] *) The code that handled flushing of data in SSL/TLS originally used the BIO_CTRL_INFO ctrl to see if any data was pending first. This caused the problem outlined in PR#1949. The fix suggested there however can trigger problems with buggy BIO_CTRL_WPENDING (e.g. some versions of Apache). So instead simplify the code to flush unconditionally. This should be fine since flushing with no data to flush is a no op. [Steve Henson] *) Handle TLS versions 2.0 and later properly and correctly use the highest version of TLS/SSL supported. Although TLS >= 2.0 is some way off ancient servers have a habit of sticking around for a while... [Steve Henson] *) Modify compression code so it frees up structures without using the ex_data callbacks. This works around a problem where some applications call CRYPTO_cleanup_all_ex_data() before application exit (e.g. when restarting) then use compression (e.g. SSL with compression) later. This results in significant per-connection memory leaks and has caused some security issues including CVE-2008-1678 and CVE-2009-4355. [Steve Henson] *) Constify crypto/cast (i.e., <openssl/cast.h>): a CAST_KEY doesn't change when encrypting or decrypting. [Bodo Moeller] *) Add option SSL_OP_LEGACY_SERVER_CONNECT which will allow clients to connect and renegotiate with servers which do not support RI. Until RI is more widely deployed this option is enabled by default. [Steve Henson] *) Add "missing" ssl ctrls to clear options and mode. [Steve Henson] *) If client attempts to renegotiate and doesn't support RI respond with a no_renegotiation alert as required by RFC5746. Some renegotiating TLS clients will continue a connection gracefully when they receive the alert. Unfortunately OpenSSL mishandled this alert and would hang waiting for a server hello which it will never receive. Now we treat a received no_renegotiation alert as a fatal error. This is because applications requesting a renegotiation might well expect it to succeed and would have no code in place to handle the server denying it so the only safe thing to do is to terminate the connection. [Steve Henson] *) Add ctrl macro SSL_get_secure_renegotiation_support() which returns 1 if peer supports secure renegotiation and 0 otherwise. Print out peer renegotiation support in s_client/s_server. [Steve Henson] *) Replace the highly broken and deprecated SPKAC certification method with the updated NID creation version. This should correctly handle UTF8. [Steve Henson] *) Implement RFC5746. Re-enable renegotiation but require the extension as needed. Unfortunately, SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION turns out to be a bad idea. It has been replaced by SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION which can be set with SSL_CTX_set_options(). This is really not recommended unless you know what you are doing. [Eric Rescorla <ekr@networkresonance.com>, Ben Laurie, Steve Henson] *) Fixes to stateless session resumption handling. Use initial_ctx when issuing and attempting to decrypt tickets in case it has changed during servername handling. Use a non-zero length session ID when attempting stateless session resumption: this makes it possible to determine if a resumption has occurred immediately after receiving server hello (several places in OpenSSL subtly assume this) instead of later in the handshake. [Steve Henson] *) The functions ENGINE_ctrl(), OPENSSL_isservice(), CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fixes for a few places where the return code is not checked correctly. [Julia Lawall <julia@diku.dk>] *) Add --strict-warnings option to Configure script to include devteam warnings in other configurations. [Steve Henson] *) Add support for --libdir option and LIBDIR variable in makefiles. This makes it possible to install openssl libraries in locations which have names other than "lib", for example "/usr/lib64" which some systems need. [Steve Henson, based on patch from Jeremy Utley] *) Don't allow the use of leading 0x80 in OIDs. This is a violation of X690 8.9.12 and can produce some misleading textual output of OIDs. [Steve Henson, reported by Dan Kaminsky] *) Delete MD2 from algorithm tables. This follows the recommendation in several standards that it is not used in new applications due to several cryptographic weaknesses. For binary compatibility reasons the MD2 API is still compiled in by default. [Steve Henson] *) Add compression id to {d2i,i2d}_SSL_SESSION so it is correctly saved and restored. [Steve Henson] *) Rename uni2asc and asc2uni functions to OPENSSL_uni2asc and OPENSSL_asc2uni conditionally on Netware platforms to avoid a name clash. [Guenter <lists@gknw.net>] *) Fix the server certificate chain building code to use X509_verify_cert(), it used to have an ad-hoc builder which was unable to cope with anything other than a simple chain. [David Woodhouse <dwmw2@infradead.org>, Steve Henson] *) Don't check self signed certificate signatures in X509_verify_cert() by default (a flag can override this): it just wastes time without adding any security. As a useful side effect self signed root CAs with non-FIPS digests are now usable in FIPS mode. [Steve Henson] *) In dtls1_process_out_of_seq_message() the check if the current message is already buffered was missing. For every new message was memory allocated, allowing an attacker to perform an denial of service attack with sending out of seq handshake messages until there is no memory left. Additionally every future messege was buffered, even if the sequence number made no sense and would be part of another handshake. So only messages with sequence numbers less than 10 in advance will be buffered. (CVE-2009-1378) [Robin Seggelmann, discovered by Daniel Mentz] *) Records are buffered if they arrive with a future epoch to be processed after finishing the corresponding handshake. There is currently no limitation to this buffer allowing an attacker to perform a DOS attack with sending records with future epochs until there is no memory left. This patch adds the pqueue_size() function to detemine the size of a buffer and limits the record buffer to 100 entries. (CVE-2009-1377) [Robin Seggelmann, discovered by Daniel Mentz] *) Keep a copy of frag->msg_header.frag_len so it can be used after the parent structure is freed. (CVE-2009-1379) [Daniel Mentz] *) Handle non-blocking I/O properly in SSL_shutdown() call. [Darryl Miles <darryl-mailinglists@netbauds.net>] *) Add 2.5.4.* OIDs [Ilya O. <vrghost@gmail.com>]

OpenSSL CHANGES _______________ Changes between 0.9.8l and 0.9.8m [25 Feb 2010] *) Always check bn_wexpend() return values for failure. (CVE-2009-3245) [Martin Olsson, Neel Mehta] *) Fix X509_STORE locking: Every 'objs' access requires a lock (to accommodate for stack sorting, always a write lock!). [Bodo Moeller] *) On some versions of WIN32 Heap32Next is very slow. This can cause excessive delays in the RAND_poll(): over a minute. As a workaround include a time check in the inner Heap32Next loop too. [Steve Henson] *) The code that handled flushing of data in SSL/TLS originally used the BIO_CTRL_INFO ctrl to see if any data was pending first. This caused the problem outlined in PR#1949. The fix suggested there however can trigger problems with buggy BIO_CTRL_WPENDING (e.g. some versions of Apache). So instead simplify the code to flush unconditionally. This should be fine since flushing with no data to flush is a no op. [Steve Henson] *) Handle TLS versions 2.0 and later properly and correctly use the highest version of TLS/SSL supported. Although TLS >= 2.0 is some way off ancient servers have a habit of sticking around for a while... [Steve Henson] *) Modify compression code so it frees up structures without using the ex_data callbacks. This works around a problem where some applications call CRYPTO_cleanup_all_ex_data() before application exit (e.g. when restarting) then use compression (e.g. SSL with compression) later. This results in significant per-connection memory leaks and has caused some security issues including CVE-2008-1678 and CVE-2009-4355. [Steve Henson] *) Constify crypto/cast (i.e., <openssl/cast.h>): a CAST_KEY doesn't change when encrypting or decrypting. [Bodo Moeller] *) Add option SSL_OP_LEGACY_SERVER_CONNECT which will allow clients to connect and renegotiate with servers which do not support RI. Until RI is more widely deployed this option is enabled by default. [Steve Henson] *) Add "missing" ssl ctrls to clear options and mode. [Steve Henson] *) If client attempts to renegotiate and doesn't support RI respond with a no_renegotiation alert as required by RFC5746. Some renegotiating TLS clients will continue a connection gracefully when they receive the alert. Unfortunately OpenSSL mishandled this alert and would hang waiting for a server hello which it will never receive. Now we treat a received no_renegotiation alert as a fatal error. This is because applications requesting a renegotiation might well expect it to succeed and would have no code in place to handle the server denying it so the only safe thing to do is to terminate the connection. [Steve Henson] *) Add ctrl macro SSL_get_secure_renegotiation_support() which returns 1 if peer supports secure renegotiation and 0 otherwise. Print out peer renegotiation support in s_client/s_server. [Steve Henson] *) Replace the highly broken and deprecated SPKAC certification method with the updated NID creation version. This should correctly handle UTF8. [Steve Henson] *) Implement RFC5746. Re-enable renegotiation but require the extension as needed. Unfortunately, SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION turns out to be a bad idea. It has been replaced by SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION which can be set with SSL_CTX_set_options(). This is really not recommended unless you know what you are doing. [Eric Rescorla <ekr@networkresonance.com>, Ben Laurie, Steve Henson] *) Fixes to stateless session resumption handling. Use initial_ctx when issuing and attempting to decrypt tickets in case it has changed during servername handling. Use a non-zero length session ID when attempting stateless session resumption: this makes it possible to determine if a resumption has occurred immediately after receiving server hello (several places in OpenSSL subtly assume this) instead of later in the handshake. [Steve Henson] *) The functions ENGINE_ctrl(), OPENSSL_isservice(), CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fixes for a few places where the return code is not checked correctly. [Julia Lawall <julia@diku.dk>] *) Add --strict-warnings option to Configure script to include devteam warnings in other configurations. [Steve Henson] *) Add support for --libdir option and LIBDIR variable in makefiles. This makes it possible to install openssl libraries in locations which have names other than "lib", for example "/usr/lib64" which some systems need. [Steve Henson, based on patch from Jeremy Utley] *) Don't allow the use of leading 0x80 in OIDs. This is a violation of X690 8.9.12 and can produce some misleading textual output of OIDs. [Steve Henson, reported by Dan Kaminsky] *) Delete MD2 from algorithm tables. This follows the recommendation in several standards that it is not used in new applications due to several cryptographic weaknesses. For binary compatibility reasons the MD2 API is still compiled in by default. [Steve Henson] *) Add compression id to {d2i,i2d}_SSL_SESSION so it is correctly saved and restored. [Steve Henson] *) Rename uni2asc and asc2uni functions to OPENSSL_uni2asc and OPENSSL_asc2uni conditionally on Netware platforms to avoid a name clash. [Guenter <lists@gknw.net>] *) Fix the server certificate chain building code to use X509_verify_cert(), it used to have an ad-hoc builder which was unable to cope with anything other than a simple chain. [David Woodhouse <dwmw2@infradead.org>, Steve Henson] *) Don't check self signed certificate signatures in X509_verify_cert() by default (a flag can override this): it just wastes time without adding any security. As a useful side effect self signed root CAs with non-FIPS digests are now usable in FIPS mode. [Steve Henson] *) In dtls1_process_out_of_seq_message() the check if the current message is already buffered was missing. For every new message was memory allocated, allowing an attacker to perform an denial of service attack with sending out of seq handshake messages until there is no memory left. Additionally every future messege was buffered, even if the sequence number made no sense and would be part of another handshake. So only messages with sequence numbers less than 10 in advance will be buffered. (CVE-2009-1378) [Robin Seggelmann, discovered by Daniel Mentz] *) Records are buffered if they arrive with a future epoch to be processed after finishing the corresponding handshake. There is currently no limitation to this buffer allowing an attacker to perform a DOS attack with sending records with future epochs until there is no memory left. This patch adds the pqueue_size() function to detemine the size of a buffer and limits the record buffer to 100 entries. (CVE-2009-1377) [Robin Seggelmann, discovered by Daniel Mentz] *) Keep a copy of frag->msg_header.frag_len so it can be used after the parent structure is freed. (CVE-2009-1379) [Daniel Mentz] *) Handle non-blocking I/O properly in SSL_shutdown() call. [Darryl Miles <darryl-mailinglists@netbauds.net>] *) Add 2.5.4.* OIDs [Ilya O. <vrghost@gmail.com>]

OpenSSL CHANGES _______________ Changes between 0.9.8i and 0.9.8j [07 Jan 2009] *) Properly check EVP_VerifyFinal() and similar return values (CVE-2008-5077). [Ben Laurie, Bodo Moeller, Google Security Team] *) Properly check EVP_VerifyFinal() and similar return values (CVE-2008-5077). [Ben Laurie, Bodo Moeller, Google Security Team] *) Enable TLS extensions by default. [Ben Laurie] *) Allow the CHIL engine to be loaded, whether the application is multithreaded or not. (This does not release the developer from the obligation to set up the dynamic locking callbacks.) [Sander Temme <sander@temme.net>] *) Use correct exit code if there is an error in dgst command. [Steve Henson; problem pointed out by Roland Dirlewanger] *) Tweak Configure so that you need to say "experimental-jpake" to enable JPAKE, and need to use -DOPENSSL_EXPERIMENTAL_JPAKE in applications. [Bodo Moeller] *) Add experimental JPAKE support, including demo authentication in s_client and s_server. [Ben Laurie] *) Set the comparison function in v3_addr_canonize(). [Rob Austein <sra@hactrn.net>] *) Add support for XMPP STARTTLS in s_client. [Philip Paeps <philip@freebsd.org>] *) Change the server-side SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG behavior to ensure that even with this option, only ciphersuites in the server's preference list will be accepted. (Note that the option applies only when resuming a session, so the earlier behavior was just about the algorithm choice for symmetric cryptography.) [Bodo Moeller]

OpenSSL CHANGES _______________ Changes between 0.9.8h and 0.9.8i [15 Sep 2008] *) Fix a state transitition in s3_srvr.c and d1_srvr.c (was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...). [Nagendra Modadugu] *) The fix in 0.9.8c that supposedly got rid of unsafe double-checked locking was incomplete for RSA blinding, addressing just one layer of what turns out to have been doubly unsafe triple-checked locking. So now fix this for real by retiring the MONT_HELPER macro in crypto/rsa/rsa_eay.c. [Bodo Moeller; problem pointed out by Marius Schilder] *) Various precautionary measures: - Avoid size_t integer overflow in HASH_UPDATE (md32_common.h). - Avoid a buffer overflow in d2i_SSL_SESSION() (ssl_asn1.c). (NB: This would require knowledge of the secret session ticket key to exploit, in which case you'd be SOL either way.) - Change bn_nist.c so that it will properly handle input BIGNUMs outside the expected range. - Enforce the 'num' check in BN_div() (bn_div.c) for non-BN_DEBUG builds. [Neel Mehta, Bodo Moeller] *) Add support for Local Machine Keyset attribute in PKCS#12 files. [Steve Henson] *) Fix BN_GF2m_mod_arr() top-bit cleanup code. [Huang Ying] *) Expand ENGINE to support engine supplied SSL client certificate functions. This work was sponsored by Logica. [Steve Henson] *) Add CryptoAPI ENGINE to support use of RSA and DSA keys held in Windows keystores. Support for SSL/TLS client authentication too. Not compiled unless enable-capieng specified to Configure. This work was sponsored by Logica. [Steve Henson] *) Allow engines to be "soft loaded" - i.e. optionally don't die if the load fails. Useful for distros. [Ben Laurie and the FreeBSD team]

OpenSSL CHANGES _______________ Changes between 0.9.8g and 0.9.8h [28 May 2008] *) Fix flaw if 'Server Key exchange message' is omitted from a TLS handshake which could lead to a cilent crash as found using the Codenomicon TLS test suite (CVE-2008-1672) [Steve Henson, Mark Cox] *) Fix double free in TLS server name extensions which could lead to a remote crash found by Codenomicon TLS test suite (CVE-2008-0891) [Joe Orton] *) Clear error queue in SSL_CTX_use_certificate_chain_file() Clear the error queue to ensure that error entries left from older function calls do not interfere with the correct operation. [Lutz Jaenicke, Erik de Castro Lopo] *) Remove root CA certificates of commercial CAs: The OpenSSL project does not recommend any specific CA and does not have any policy with respect to including or excluding any CA. Therefore it does not make any sense to ship an arbitrary selection of root CA certificates with the OpenSSL software. [Lutz Jaenicke] *) RSA OAEP patches to fix two separate invalid memory reads. The first one involves inputs when 'lzero' is greater than 'SHA_DIGEST_LENGTH' (it would read about SHA_DIGEST_LENGTH bytes before the beginning of from). The second one involves inputs where the 'db' section contains nothing but zeroes (there is a one-byte invalid read after the end of 'db'). [Ivan Nestlerode <inestlerode@us.ibm.com>] *) Partial backport from 0.9.9-dev: Introduce bn_mul_mont (dedicated Montgomery multiplication procedure) as a candidate for BIGNUM assembler implementation. While 0.9.9-dev uses assembler for various architectures, only x86_64 is available by default here in the 0.9.8 branch, and 32-bit x86 is available through a compile-time setting. To try the 32-bit x86 assembler implementation, use Configure option "enable-montasm" (which exists only for this backport). As "enable-montasm" for 32-bit x86 disclaims code stability anyway, in this constellation we activate additional code backported from 0.9.9-dev for further performance improvements, namely BN_from_montgomery_word. (To enable this otherwise, e.g. x86_64, try "-DMONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD".) [Andy Polyakov (backport partially by Bodo Moeller)] *) Add TLS session ticket callback. This allows an application to set TLS ticket cipher and HMAC keys rather than relying on hardcoded fixed values. This is useful for key rollover for example where several key sets may exist with different names. [Steve Henson] *) Reverse ENGINE-internal logic for caching default ENGINE handles. This was broken until now in 0.9.8 releases, such that the only way a registered ENGINE could be used (assuming it initialises successfully on the host) was to explicitly set it as the default for the relevant algorithms. This is in contradiction with 0.9.7 behaviour and the documentation. With this fix, when an ENGINE is registered into a given algorithm's table of implementations, the 'uptodate' flag is reset so that auto-discovery will be used next time a new context for that algorithm attempts to select an implementation. [Ian Lister (tweaked by Geoff Thorpe)] *) Backport of CMS code to OpenSSL 0.9.8. This differs from the 0.9.9 implemention in the following ways: Lack of EVP_PKEY_ASN1_METHOD means algorithm parameters have to be hard coded. Lack of BER streaming support means one pass streaming processing is only supported if data is detached: setting the streaming flag is ignored for embedded content. CMS support is disabled by default and must be explicitly enabled with the enable-cms configuration option. [Steve Henson] *) Update the GMP engine glue to do direct copies between BIGNUM and mpz_t when openssl and GMP use the same limb size. Otherwise the existing "conversion via a text string export" trick is still used. [Paul Sheer <paulsheer@gmail.com>] *) Zlib compression BIO. This is a filter BIO which compressed and uncompresses any data passed through it. [Steve Henson] *) Add AES_wrap_key() and AES_unwrap_key() functions to implement RFC3394 compatible AES key wrapping. [Steve Henson] *) Add utility functions to handle ASN1 structures. ASN1_STRING_set0(): sets string data without copying. X509_ALGOR_set0() and X509_ALGOR_get0(): set and retrieve X509_ALGOR (AlgorithmIdentifier) data. Attribute function X509at_get0_data_by_OBJ(): retrieves data from an X509_ATTRIBUTE structure optionally checking it occurs only once. ASN1_TYPE_set1(): set and ASN1_TYPE structure copying supplied data. [Steve Henson] *) Fix BN flag handling in RSA_eay_mod_exp() and BN_MONT_CTX_set() to get the expected BN_FLG_CONSTTIME behavior. [Bodo Moeller (Google)] *) Netware support: - fixed wrong usage of ioctlsocket() when build for LIBC BSD sockets - fixed do_tests.pl to run the test suite with CLIB builds too (CLIB_OPT) - added some more tests to do_tests.pl - fixed RunningProcess usage so that it works with newer LIBC NDKs too - removed usage of BN_LLONG for CLIB builds to avoid runtime dependency - added new Configure targets netware-clib-bsdsock, netware-clib-gcc, netware-clib-bsdsock-gcc, netware-libc-bsdsock-gcc - various changes to netware.pl to enable gcc-cross builds on Win32 platform - changed crypto/bio/b_sock.c to work with macro functions (CLIB BSD) - various changes to fix missing prototype warnings - fixed x86nasm.pl to create correct asm files for NASM COFF output - added AES, WHIRLPOOL and CPUID assembler code to build files - added missing AES assembler make rules to mk1mf.pl - fixed order of includes in apps/ocsp.c so that e_os.h settings apply [Guenter Knauf <eflash@gmx.net>] *) Implement certificate status request TLS extension defined in RFC3546. A client can set the appropriate parameters and receive the encoded OCSP response via a callback. A server can query the supplied parameters and set the encoded OCSP response in the callback. Add simplified examples to s_client and s_server. [Steve Henson]

OpenSSL CHANGES _______________ Changes between 0.9.8e and 0.9.8f [11 Oct 2007] *) DTLS Handshake overhaul. There were longstanding issues with OpenSSL DTLS implementation, which were making it impossible for RFC 4347 compliant client to communicate with OpenSSL server. Unfortunately just fixing these incompatibilities would "cut off" pre-0.9.8f clients. To allow for hassle free upgrade post-0.9.8e server keeps tolerating non RFC compliant syntax. The opposite is not true, 0.9.8f client can not communicate with earlier server. This update even addresses CVE-2007-4995. [Andy Polyakov] *) Changes to avoid need for function casts in OpenSSL: some compilers (gcc 4.2 and later) reject their use. [Kurt Roeckx <kurt@roeckx.be>, Peter Hartley <pdh@utter.chaos.org.uk>, Steve Henson] *) Add RFC4507 support to OpenSSL. This includes the corrections in RFC4507bis. The encrypted ticket format is an encrypted encoded SSL_SESSION structure, that way new session features are automatically supported. If a client application caches session in an SSL_SESSION structure support is transparent because tickets are now stored in the encoded SSL_SESSION. The SSL_CTX structure automatically generates keys for ticket protection in servers so again support should be possible with no application modification. If a client or server wishes to disable RFC4507 support then the option SSL_OP_NO_TICKET can be set. Add a TLS extension debugging callback to allow the contents of any client or server extensions to be examined. This work was sponsored by Google. [Steve Henson] *) Add initial support for TLS extensions, specifically for the server_name extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now have new members for a host name. The SSL data structure has an additional member SSL_CTX *initial_ctx so that new sessions can be stored in that context to allow for session resumption, even after the SSL has been switched to a new SSL_CTX in reaction to a client's server_name extension. New functions (subject to change): SSL_get_servername() SSL_get_servername_type() SSL_set_SSL_CTX() New CTRL codes and macros (subject to change): SSL_CTRL_SET_TLSEXT_SERVERNAME_CB - SSL_CTX_set_tlsext_servername_callback() SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG - SSL_CTX_set_tlsext_servername_arg() SSL_CTRL_SET_TLSEXT_HOSTNAME - SSL_set_tlsext_host_name() openssl s_client has a new '-servername ...' option. openssl s_server has new options '-servername_host ...', '-cert2 ...', '-key2 ...', '-servername_fatal' (subject to change). This allows testing the HostName extension for a specific single host name ('-cert' and '-key' remain fallbacks for handshakes without HostName negotiation). If the unrecogninzed_name alert has to be sent, this by default is a warning; it becomes fatal with the '-servername_fatal' option. [Peter Sylvester, Remy Allais, Christophe Renou, Steve Henson] *) Add AES and SSE2 assembly language support to VC++ build. [Steve Henson] *) Mitigate attack on final subtraction in Montgomery reduction. [Andy Polyakov] *) Fix crypto/ec/ec_mult.c to work properly with scalars of value 0 (which previously caused an internal error). [Bodo Moeller] *) Squeeze another 10% out of IGE mode when in != out. [Ben Laurie] *) AES IGE mode speedup. [Dean Gaudet (Google)] *) Add the Korean symmetric 128-bit cipher SEED (see http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp) and add SEED ciphersuites from RFC 4162: TLS_RSA_WITH_SEED_CBC_SHA = "SEED-SHA" TLS_DHE_DSS_WITH_SEED_CBC_SHA = "DHE-DSS-SEED-SHA" TLS_DHE_RSA_WITH_SEED_CBC_SHA = "DHE-RSA-SEED-SHA" TLS_DH_anon_WITH_SEED_CBC_SHA = "ADH-SEED-SHA" To minimize changes between patchlevels in the OpenSSL 0.9.8 series, SEED remains excluded from compilation unless OpenSSL is configured with 'enable-seed'. [KISA, Bodo Moeller] *) Mitigate branch prediction attacks, which can be practical if a single processor is shared, allowing a spy process to extract information. For detailed background information, see http://eprint.iacr.org/2007/039 (O. Aciicmez, S. Gueron, J.-P. Seifert, "New Branch Prediction Vulnerabilities in OpenSSL and Necessary Software Countermeasures"). The core of the change are new versions BN_div_no_branch() and BN_mod_inverse_no_branch() of BN_div() and BN_mod_inverse(), respectively, which are slower, but avoid the security-relevant conditional branches. These are automatically called by BN_div() and BN_mod_inverse() if the flag BN_FLG_CONSTTIME is set for one of the input BIGNUMs. Also, BN_is_bit_set() has been changed to remove a conditional branch. BN_FLG_CONSTTIME is the new name for the previous BN_FLG_EXP_CONSTTIME flag, since it now affects more than just modular exponentiation. (Since OpenSSL 0.9.7h, setting this flag in the exponent causes BN_mod_exp_mont() to use the alternative implementation in BN_mod_exp_mont_consttime().) The old name remains as a deprecated alias. Similary, RSA_FLAG_NO_EXP_CONSTTIME is replaced by a more general RSA_FLAG_NO_CONSTTIME flag since the RSA implementation now uses constant-time implementations for more than just exponentiation. Here too the old name is kept as a deprecated alias. BN_BLINDING_new() will now use BN_dup() for the modulus so that the BN_BLINDING structure gets an independent copy of the modulus. This means that the previous "BIGNUM *m" argument to BN_BLINDING_new() and to BN_BLINDING_create_param() now essentially becomes "const BIGNUM *m", although we can't actually change this in the header file before 0.9.9. It allows RSA_setup_blinding() to use BN_with_flags() on the modulus to enable BN_FLG_CONSTTIME. [Matthew D Wood (Intel Corp)] *) In the SSL/TLS server implementation, be strict about session ID context matching (which matters if an application uses a single external cache for different purposes). Previously, out-of-context reuse was forbidden only if SSL_VERIFY_PEER was set. This did ensure strict client verification, but meant that, with applications using a single external cache for quite different requirements, clients could circumvent ciphersuite restrictions for a given session ID context by starting a session in a different context. [Bodo Moeller] *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a ciphersuite string such as "DEFAULT:RSA" cannot enable authentication-only ciphersuites. [Bodo Moeller]

OpenSSL CHANGES _______________ Changes between 0.9.8c and 0.9.8d [28 Sep 2006] *) Introduce limits to prevent malicious keys being able to cause a denial of service. (CVE-2006-2940) [Steve Henson, Bodo Moeller] *) Fix ASN.1 parsing of certain invalid structures that can result in a denial of service. (CVE-2006-2937) [Steve Henson] *) Fix buffer overflow in SSL_get_shared_ciphers() function. (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team] *) Fix SSL client code which could crash if connecting to a malicious SSLv2 server. (CVE-2006-4343) [Tavis Ormandy and Will Drewry, Google Security Team] *) Since 0.9.8b, ciphersuite strings naming explicit ciphersuites match only those. Before that, "AES256-SHA" would be interpreted as a pattern and match "AES128-SHA" too (since AES128-SHA got the same strength classification in 0.9.7h) as we currently only have a single AES bit in the ciphersuite description bitmap. That change, however, also applied to ciphersuite strings such as "RC4-MD5" that intentionally matched multiple ciphersuites -- namely, SSL 2.0 ciphersuites in addition to the more common ones from SSL 3.0/TLS 1.0. So we change the selection algorithm again: Naming an explicit ciphersuite selects this one ciphersuite, and any other similar ciphersuite (same bitmap) from *other* protocol versions. Thus, "RC4-MD5" again will properly select both the SSL 2.0 ciphersuite and the SSL 3.0/TLS 1.0 ciphersuite. Since SSL 2.0 does not have any ciphersuites for which the 128/256 bit distinction would be relevant, this works for now. The proper fix will be to use different bits for AES128 and AES256, which would have avoided the problems from the beginning; however, bits are scarce, so we can only do this in a new release (not just a patchlevel) when we can change the SSL_CIPHER definition to split the single 'unsigned long mask' bitmap into multiple values to extend the available space. [Bodo Moeller]

OpenSSL CHANGES _______________ Changes between 0.9.8a and 0.9.8b [04 May 2006] *) When applying a cipher rule check to see if string match is an explicit cipher suite and only match that one cipher suite if it is. [Steve Henson] *) Link in manifests for VC++ if needed. [Austin Ziegler <halostatue@gmail.com>] *) Update support for ECC-based TLS ciphersuites according to draft-ietf-tls-ecc-12.txt with proposed changes (but without TLS extensions, which are supported starting with the 0.9.9 branch, not in the OpenSSL 0.9.8 branch). [Douglas Stebila] *) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support opaque EVP_CIPHER_CTX handling. [Steve Henson] *) Fixes and enhancements to zlib compression code. We now only use "zlib1.dll" and use the default __cdecl calling convention on Win32 to conform with the standards mentioned here: http://www.zlib.net/DLL_FAQ.txt Static zlib linking now works on Windows and the new --with-zlib-include --with-zlib-lib options to Configure can be used to supply the location of the headers and library. Gracefully handle case where zlib library can't be loaded. [Steve Henson] *) Several fixes and enhancements to the OID generation code. The old code sometimes allowed invalid OIDs (1.X for X >= 40 for example), couldn't handle numbers larger than ULONG_MAX, truncated printing and had a non standard OBJ_obj2txt() behaviour. [Steve Henson] *) Add support for building of engines under engine/ as shared libraries under VC++ build system. [Steve Henson] *) Corrected the numerous bugs in the Win32 path splitter in DSO. Hopefully, we will not see any false combination of paths any more. [Richard Levitte]

Yuri Dario's build of OpenSSL v0.9.8 including full source tree with static libraries and binaries built with GCC v3.3.5.

This is openssl-0.9.7a for OS/2. with the patch against the Klima-Pokorny-Rosa attack on RSA in SSL/TLS applied. I compiled it on Warp4 with emx 0.9d using OS2-EMX.cmd from the original tar ball. The DLLs and EXE are compressed with LXLite. Put openssl in a directory in your PATH and the DLLs to a direcotory in your LIBPATH. Copy conf\openssl.cnf.demoCA to a directory of your choice and set the environement variable OPENSSL_CONF by putting SET OPENSSL_CONF=D:\MPTN\etc\ssl\openssl.cnf into CONFIG.SYS. If you want to compile your own programs and link them with the opensll put the files from include and lib to your emx directory. Note that openssl is a subdirectory of your include directory. If you need .lib files you can create them using emxomf. See the doc directory for some information and visit http://www.columbia.edu/~ariel/ssleay/ for more infos. Grab the full source at http://www.openssl.org/ There are many ways to make your own keys and certificates. A good solution is to use sslRexx. It provides everithing you need Here is a short desctription how I made my own Certification Authority, a Server Key for Apache and a client Key/Certificate for me, signed by my own CA. Root CA: The root CA is needed to sign all certificates ======= Generate a CA-Key and store it in sub-directory private: openssl genrsa -des3 -out private/MyOwnCA.pem 2048 Make a selfsigned certificate based on above key. openssl req -new -x509 -days 730 -key private/CAkey.pem -out CAcert.pem optional generate text output of this certificate: openssl x509 -in ./CAcert.pem -text > CAcert.txt Now you have a key and certificate for your own CA which can be used to sign user and server keys. The CAcert is also needed to configure Apache and Netscape. You can/should give away the CA certificate but never give the CA key to anybody. Make a Key and Certificate for the Apache Server ================================================ Generate a key -------------- openssl genrsa -des3 -out server-key.pem 2048 With this variant, you will be prompted for a protecting password. If you don't want your key to be protected by a password, remove the flag '-des3' from the command line above. NOTE: if you intend to use the key together with a server certificate, you may want to avoid protecting it with a password, since that would mean someone would have to type in the password every time the server needs to access the key. But then you should protect the server key in another way. Create a signing request ------------------------ openssl req -new -key server-key.pem -out server-req.pem Now send this request to your CA for signing. Since you are your own CA sign it: -------- openssl ca -in server-req.pem -out server-cert.pem -outdir MyOwnCA/newcerts Verify the certificate openssl verify -CAfile CAcert.pem server-cert.pem Now you have a key and a certificate for your Apache Webserver. Your Client Certificate/Key =========================== Generate a private key ---------------------- openssl genrsa -des3 -out hrom-key.pem 2048 Create a signing request ------------------------ openssl req -new -key hrom-key.pem -out hrom-req.pem Let the CA sign it ------------------ openssl ca -in hrom-req.pem -out hrom-cert.pem -outdir MyOwnCA/newcerts After you get back the certificate from the CA, combine it with your private key and store the result as p12 file. This file can be imported into your browser. openssl pkcs12 -export -name Hromadka -in hrom-cert.pem -inkey hrom-key.pem -out hrom.p12 Securtiy Notes: Never give your private key to a CA, they only need the signing request. Never give away your p12 file. Always secure your private keys with a passphrase. -- Johannes Hromadka Johannes.Hromadka@gmx.net 2003-03-02

If you need to build the OpenSSL library for yourself, EG you're porting an application that requires SSL or other cryptography functions provided by it, all you need to do is the following. Download the official OpenSSL source code from the OpenSSL web site Extract the source using tar xzf openssl-0.9.6.tar.gz Delete all the 0 length files in openssl-0.9.6\include\openssl that tar makes in place of symlinks Apply the patch openssl-emx.patch in the openssl-0.9.6 directory using a unix style patch program like gnupatch.zip and a command line like patch -p0 < openssl-emx.patch While still in the openssl-0.9.6 directory, run os2\emx.cmd to generate the makefiles. Note that this requires that you have a PERL interpreter installed. Run make -f emx.mak Once finished, you'll find the libraries, test programs & the openssl.exe command line application in the out2 directory. You may need to move the .a files up into the openssl-0.9.6 directory for other applications to find them for linking.