RE: [PATCH] Windows CE support for 0.9.7 (against 20021114 snapshot)

[Steven Reddie]

It may not necessarily be intuitive to CE developers either, it's just the
way I chose to do it because it integrates with an automated build system
better than the other choice.  Maybe appending the following to INSTALL.WCE
will make things clearer:

 This will copy each of the test programs to the Windows CE device and
execute
 them, displaying the output of the tests on this computer.  The output
should
 look similar to the output produced by running the tests for a regular
Windows
 build.

I've tried the latest snapshot and found that a time_t variable needs to be
changed to a long.  Windows CE's time_t is unsigned, whereas I think just
about every other platform must have it signed.  I'm pretty sure that
there's an ANSI or standard Unix function that takes or returns a time_t
that is an offset from another time_t, so it probably needs to be signed to
allow values before the other time.  Also, the infamous 2038 bug is due to a
signed time_t (unsigned would make it at least give us until 2106).  It's
the offset = -offset which causes the problem here.

Attached is a patch to 20021116 which changes this time_t to long and also
makes the output directories tmp32_$(TARGETCPU) and out32_$(TARGETCPU), eg.
tmp32_ARM and out32_ARM.  Chris, this means that you can do the following
steps to build for each processor (though I'd be surprised if most shops
need to build for all CPU's since Microsoft has started to drop support for
everything but the ARM):
perl Configure VC-CE (only do this once)
ms\do_ms.bat (only do this once)
C:\Program Files\Microsoft eMbedded Tools\EVC\WCE300\BIN\WCEARM.BAT
nmake -f ms\ce.mak
C:\Program Files\Microsoft eMbedded Tools\EVC\WCE300\BIN\WCEMIPS.BAT
nmake -f ms\ce.mak
C:\Program Files\Microsoft eMbedded Tools\EVC\WCE300\BIN\WCEx86.BAT
nmake -f ms\ce.mak

I left the comment in INSTALL.WCE (from INSTALL.W32) about Cygwin's perl
since it's a viable  option.  Even though I'm building in a regular Windows
command shell I'm using Cygwin's perl.  Maybe it's not worth mentioning
though; I'm sure anyone with Cygwin can work out that they don't really need
ActiveState's perl.

Steven

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Richard Levitte - VMS
Whacker
Sent: Saturday, 16 November 2002 8:43 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [PATCH] Windows CE support for 0.9.7 (against 20021114
snapshot)


In message [EMAIL PROTECTED] on Sat, 16 Nov
2002 15:18:12 +1100, Steven Reddie [EMAIL PROTECTED] said:

smr Everything is done from the Windows box.  The test*ce*.bat files use
cecopy
smr to copy files to the device and cerun to invoke the test programs.  The
smr output of the tests is redirected back through cerun, kind of like
using
smr rsh.

Thanks.  I guess this should be rather clear if you're actually a CE
user :-).

smr I'll look into the time_t problem and get back to you later today.

Thanks.

--
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See http://www.stacken.kth.se/~levitte/mail/ for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]



openssl-0.9.7-stable-SNAP-20021116-windowsce.patch
Description: Binary data

[STATUS] OpenSSL (Sun 17-Nov-2002)

[OpenSSL Project]

  OpenSSL STATUS   Last modified at
  __   $Date: 2002/08/14 11:07:29 $

  DEVELOPMENT STATE

o  OpenSSL 0.9.8:  Under development...
o  OpenSSL 0.9.7-beta3: Released on July 30th, 2002
o  OpenSSL 0.9.7-beta2: Released on June 16th, 2002
o  OpenSSL 0.9.7-beta1: Released on June  1st, 2002
o  OpenSSL 0.9.6g: Released on August 9th, 2002
o  OpenSSL 0.9.6f: Released on August 8th, 2002
o  OpenSSL 0.9.6e: Released on July  30th, 2002
o  OpenSSL 0.9.6d: Released on May9th, 2002
o  OpenSSL 0.9.6c: Released on December  21st, 2001
o  OpenSSL 0.9.6b: Released on July   9th, 2001
o  OpenSSL 0.9.6a: Released on April  5th, 2001
o  OpenSSL 0.9.6:  Released on September 24th, 2000
o  OpenSSL 0.9.5a: Released on April  1st, 2000
o  OpenSSL 0.9.5:  Released on February  28th, 2000
o  OpenSSL 0.9.4:  Released on August09th, 1999
o  OpenSSL 0.9.3a: Released on May   29th, 1999
o  OpenSSL 0.9.3:  Released on May   25th, 1999
o  OpenSSL 0.9.2b: Released on March 22th, 1999
o  OpenSSL 0.9.1c: Released on December  23th, 1998

  [See also http://www.openssl.org/support/rt2.html]

  RELEASE SHOWSTOPPERS

o BN_mod_mul verification fails for mips3-sgi-irix
  unless configured with no-asm

  AVAILABLE PATCHES

o 

  IN PROGRESS

o Steve is currently working on (in no particular order):
ASN1 code redesign, butchery, replacement.
OCSP
EVP cipher enhancement.
Enhanced certificate chain verification.
Private key, certificate and CRL API and implementation.
Developing and bugfixing PKCS#7 (S/MIME code).
Various X509 issues: character sets, certificate request extensions.
o Geoff and Richard are currently working on:
ENGINE (the new code that gives hardware support among others).
o Richard is currently working on:
UI (User Interface)
UTIL (a new set of library functions to support some higher level
  functionality that is currently missing).
Shared library support for VMS.
Kerberos 5 authentication
Constification
OCSP

  NEEDS PATCH

o  0.9.8-dev: COMPLEMENTOFALL and COMPLEMENTOFDEFAULT do not
   handle ECCdraft cipher suites correctly.

o  apps/ca.c: Sign the certificate? - n creates empty certificate file

o  OpenSSL STATUS is never up-to-date.

  OPEN ISSUES

o  The Makefile hierarchy and build mechanism is still not a round thing:

   1. The config vs. Configure scripts
  It's the same nasty situation as for Apache with APACI vs.
  src/Configure. It confuses.
  Suggestion: Merge Configure and config into a single configure
  script with a Autoconf style interface ;-) and remove
  Configure and config. Or even let us use GNU Autoconf
  itself. Then we can avoid a lot of those platform checks
  which are currently in Configure.

o  Support for Shared Libraries has to be added at least
   for the major Unix platforms. The details we can rip from the stuff
   Ralf has done for the Apache src/Configure script. Ben wants the
   solution to be really simple.

   Status: Ralf will look how we can easily incorporate the
   compiler PIC and linker DSO flags from Apache
   into the OpenSSL Configure script.

   Ulf: +1 for using GNU autoconf and libtool (but not automake,
which apparently is not flexible enough to generate
libcrypto)

  WISHES

o  Add variants of DH_generate_parameters() and BN_generate_prime() [etc?]
   where the callback function can request that the function be aborted.
   [Gregory Stark [EMAIL PROTECTED], [EMAIL PROTECTED]]

o  SRP in TLS.
   [wished by:
Dj [EMAIL PROTECTED], Tom Wu [EMAIL PROTECTED],
Tom Holroyd [EMAIL PROTECTED]]

   See http://search.ietf.org/internet-drafts/draft-ietf-tls-srp-00.txt
   as well as http://www-cs-students.stanford.edu/~tjw/srp/.

   Tom Holroyd tells us there is a SRP patch for OpenSSH at
   http://members.tripod.com/professor_tom/archives/, that could
   be useful.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [PATCH] Windows CE support for 0.9.7 (against 20021114snapshot)

[Richard Levitte - VMS Whacker]

In message [EMAIL PROTECTED] on Mon, 18 Nov 2002 
00:51:36 +1100, Steven Reddie [EMAIL PROTECTED] said:

smr  This will copy each of the test programs to the Windows CE device and
smr execute
smr  them, displaying the output of the tests on this computer.  The output
smr should
smr  look similar to the output produced by running the tests for a regular
smr Windows
smr  build.

Added and committed.

smr I've tried the latest snapshot and found that a time_t variable needs to be
smr changed to a long.  Windows CE's time_t is unsigned, whereas I think just
smr about every other platform must have it signed.  I'm pretty sure that
smr there's an ANSI or standard Unix function that takes or returns a time_t
smr that is an offset from another time_t, so it probably needs to be signed to
smr allow values before the other time.  Also, the infamous 2038 bug is due to a
smr signed time_t (unsigned would make it at least give us until 2106).  It's
smr the offset = -offset which causes the problem here.

time_t can be anything.  It can be a nose-picking monster for all I
know.  All that matters is that it should represent time in some way,
and be usefull in that way for any function that takes a time_t as an
argument.  Under VMS (with DEC C), time_t is defined like this:

 typedef __time_t time_t;

and __time_t is defined like this:

 typedef unsigned long int __time_t;

To represent time as a 64-bit blob, one could very well have this:

 typedef struct { unsigned long t1, t2; } time_t;

That's why I'm asking you to tell me what problems you have with
time_t.  It may be that some of the OpenSSL code does incorrect
assumptions about time_t (for example assumes that it's a long), and
therefore behaves incorrectly and should be corrected.

I will simply *not* change time_t to long in OpenSSL.  That's going
backwards.

smr Attached is a patch to 20021116 which changes this time_t to long and also
smr makes the output directories tmp32_$(TARGETCPU) and out32_$(TARGETCPU), eg.
smr tmp32_ARM and out32_ARM.  Chris, this means that you can do the following

Thanks for the TARGETCPU patch, I just committed it.

smr I left the comment in INSTALL.WCE (from INSTALL.W32) about Cygwin's perl
smr since it's a viable  option.  Even though I'm building in a regular Windows
smr command shell I'm using Cygwin's perl.  Maybe it's not worth mentioning
smr though; I'm sure anyone with Cygwin can work out that they don't really need
smr ActiveState's perl.

It doesn't make much sense to run VC from Cygwin either, or does it?


Anyway, I'm sorry for the harsch notes.  I think you've done a great
job doing this Windows CE port.

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See http://www.stacken.kth.se/~levitte/mail/ for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]