Earlier I mentioned that I was having difficulty building the current Mixmaster on FreeBSD - I'm confident that I've identified the problem. Specifically, the OpenSSL that's integrated into FreeBSD doesn't include IDEA, by default, because of patent concerns. To remedy that, one needs to change the line in /etc/defaults/make.conf so that it reads "MAKE_IDEA=YES". Then - this is the part I missed before - it's necessary to recompile the system libraries, so that they're rebuilt with IDEA support included. It sounds simple in retrospect . . . go to /usr/src and run "make buildworld; make installworld", which may take 12 hours or so on a slow PC. There's got to be a better way to just rebuild the crypto parts, but I didn't stumble across it yet. After those steps are completed, the Mixmaster stuff builds and runs happily. Mixmaster 2.9beta23 is available at <ftp://ftp.shinn.net/pub/remailer/mixmaster> or <ftp://mixmaster.anonymizer.com>. I suspect that the OpenBSD fix will be similar, but it may take some time to track it all down. -- Greg Broiles gbroiles@well.com "We have found and closed the thing you watch us with." -- New Delhi street kids
On Fri, Sep 14, 2001 at 03:17:42PM -0700, Greg Broiles wrote:
change the line in /etc/defaults/make.conf so that it reads "MAKE_IDEA=YES".
Actually, adding this line in /etc/make.conf is preferable. /etc/defaults/make.conf gets overwritten when you upgrade; /etc/make.conf is for local overrides.
There's got to be a better way to just rebuild the crypto parts, but I didn't stumble across it yet.
Assuming the system and crypto source is installed in /usr/src (which it must be to do a buildworld/installworld), the following works and is *much* faster: cp /usr/src/crypto/openssl/crypto/idea/idea.h /usr/include/idea.h cd /usr/src/secure/lib/libcrypto make make install make clean Then mix-2.9b23.tar.gz builds just fine after toggling the #ifdef from 0 to 1 at Src/crypto.h:33. cheers, --Scott -- Scott Renfro <scott@renfro.org>
On Fri, Sep 14, 2001 at 03:17:42PM -0700, Greg Broiles wrote:
I suspect that the OpenBSD fix will be similar, but it may take some time to track it all down.
The following seems to work on OpenBSD-2.8; 2.9 shouldn't be terribly different. cd /usr/src/lib/libssl/src/crypto/objects perl obj_dat.pl objects.h obj_dat.h cd /usr/src/lib/libssl/crypto patch < ~/libcrypto-makefile.diff make make install cd tar -zxvf mix-2.9b23.tar.gz patch < ~/mix-openssl-2.8.diff cd Mix-2.9beta23 ./Install The patch files are included below. cheers, --Scott -- Scott Renfro <scott@renfro.org> Here's libcrypto-makefile.diff: --- Makefile.orig Fri Sep 14 17:35:34 2001 +++ Makefile Fri Sep 14 17:35:44 2001 @@ -24,7 +24,7 @@ .endif .endif -CFLAGS+= -DNO_IDEA -DTERMIOS -DANSI_SOURCE -DNO_ERR -DNO_WINDOWS_BRAINDEATH +CFLAGS+= -DTERMIOS -DANSI_SOURCE -DNO_ERR -DNO_WINDOWS_BRAINDEATH CFLAGS+= -DNO_RC5 CFLAGS+= -I${.CURDIR}/../${SSLEAYDIST} CFLAGS+= -I${LCRYPTO_SRC} @@ -58,9 +58,9 @@ #CFLAGS+= -I${LCRYPTO_SRC}/rc5 #SRCS+= rc5_skey.c rc5_ecb.c rc5cfb64.c rc5cfb64.c #SRCS+= rc5ofb64.c rc5_enc.c -#CFLAGS+= -I${LCRYPTO_SRC}/idea -#SRCS+= i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c -#SRCS+= i_skey.c +CFLAGS+= -I${LCRYPTO_SRC}/idea +SRCS+= i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c +SRCS+= i_skey.c CFLAGS+= -I${LCRYPTO_SRC}/bf SRCS+= bf_skey.c bf_ecb.c bf_cfb64.c bf_ofb64.c bf_enc.c CFLAGS+= -I${LCRYPTO_SRC}/cast And here's mix-openssl-2.8.diff: diff -ru Mix-2.9beta23/Install Mix-2.9beta23.sgr/Install --- Mix-2.9beta23/Install Thu Mar 16 08:34:02 2000 +++ Mix-2.9beta23.sgr/Install Fri Sep 14 18:20:41 2001 @@ -382,8 +382,8 @@ fi opensslinfo="Please get OpenSSL 0.9.4 from http://www.openssl.org/" - LIBDIR=/usr/local/ssl/lib - INCDIR="/usr/include /usr/include/ssl /usr/lib/ssl/include /usr/local/ssl/include" + LIBDIR=/usr/lib + INCDIR="/usr/include" SRCDIR="openssl*" if [ "$system" = win32 ]
On Fri, Sep 14, 2001 at 03:17:42PM -0700, Greg Broiles wrote:
Specifically, the OpenSSL that's integrated into FreeBSD doesn't include IDEA, by default, because of patent concerns. To remedy that, one needs to change the line in /etc/defaults/make.conf so that it reads "MAKE_IDEA=YES".
Then - this is the part I missed before - it's necessary to recompile the system libraries, so that they're rebuilt with IDEA support included. It sounds simple in retrospect . . . go to /usr/src and run "make buildworld; make installworld", which may take 12 hours or so on a slow PC. There's got to be a better way to just rebuild the crypto parts, but I didn't stumble across it yet.
The OpenSSL bundled with FreeBSD is installed in /usr. The simplest way to get a different OpenSSL (with IDEA, RC5, etc.) is to build from source and install into /usr/local. Then, when configuring Mixmaster or whatever software, specify that OpenSSL lives in /usr/local. I last built Mix when it was still using rsaref, but I've used the above method to build any number of OpenSSL-using software, including my own M2Crypto. No need to remake the world. Cheers. -- Ng Pheng Siong <ngps@post1.com> * http://www.post1.com/home/ngps
participants (3)
-
Greg Broiles -
Ng Pheng Siong -
Scott Renfro