[openssl.org #11] Fw: trustway pkcs11 engine for openssl
It's so nice that someone provided pkcs11 enginge patch. Thanks, Afchine Madjlessi... However I have one problem while compling openssl 0.9.7 beta5 with this patch on Windows 2000. I just followed the intructions described in intall.w32 from openssl 0.9.7 beta5: 1. perl Configure VC-WIN32 = OK 2. ms\do_ms 3. nmake -f ms\ntdll.mak [guest - Fri Dec 13 15:23:00 2002]: Here you have the patch for pkcs11 engine for openssl 0.9.7 beta5 This engine has been tested with apache 1.3.27 mod_ssl 2.8.12 and the CC2000 Bull TrustWay hardware. If needed, I can provide also the patch to use with mod_ssl and some tools to create and sign certificate requests. In this new release of the pkcs#11 engine, I have added just the rsa_generate_key in the RSA_METHOD. This call permit to generate and put the private key in the crypto hardware. load_private_key and load_public_key engine calls are also added to this engine. All the PKCS#11 function calls are done through C_GetFunctionList. So the engine could be used with different pkcs#11 and token libraries. There is also a possibility to use a remote crypto box. Afchine Madjlessi __ [EMAIL PROTECTED] Bull TrustWay RD http://www.servers.bull.com/trustway __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #11] Fw: trustway pkcs11 engine for openssl
It's so nice that someone provided pkcs11 enginge patch. Thanks a lot, Afchine Madjlessi... However I have one problem while compling openssl 0.9.7 beta5 with this patch on Windows 2000. I just followed the instructions described in intall.w32 from openssl 0.9.7 beta5: 1. perl Configure VC-WIN32= OK 2. ms\do_ms = WARNING D:\Program\OCSP\OpenSSL\openssl-0.9.7-beta5perl util\mkdef.pl 16 libeay 1ms\l ibeay16.def Warning: ENGINE_load_pkcs11 does not have a number assigned D:\Program\OCSP\OpenSSL\openssl-0.9.7-beta5perl util\mkdef.pl 32 libeay 1ms\l ibeay32.def Warning: ENGINE_load_pkcs11 does not have a number assigned 3. nmake -f ms\ntdll.mak = ERROR NMAKE : fatal error U1073: don't know how to make '.\crypto\engine\hw_pkcs11.c' Stop. Then I move all the source codes from \crypto\engine\pkcs11 to \crypto\engine\, and execute nmake -f ms\ntdll.mak again.But it still didn't work. cl /Fotmp32dll\hw_pkcs11.obj -Iinc32 -Itmp32dll /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 - DWIN32_LEAN_AND_MEAN -DL_END IAN -DDSO_WIN32 -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM /Fdout32dll - DOPENSSL _NO_KRB5 -D_WINDLL -DOPENSSL_BUILD_SHLIBCRYPTO - c .\crypto\engine\hw_pkcs11.c hw_pkcs11.c .\crypto\engine\hw_pkcs11.c(13) : fatal error C1083: Cannot open include file: ' unistd.h': No such file or directory NMAKE : fatal error U1077: 'cl' : return code '0x2' Stop. Could anyone fix this problem? Thanks very much... [guest - Fri Dec 13 15:23:00 2002]: Here you have the patch for pkcs11 engine for openssl 0.9.7 beta5 This engine has been tested with apache 1.3.27 mod_ssl 2.8.12 and the CC2000 Bull TrustWay hardware. If needed, I can provide also the patch to use with mod_ssl and some tools to create and sign certificate requests. In this new release of the pkcs#11 engine, I have added just the rsa_generate_key in the RSA_METHOD. This call permit to generate and put the private key in the crypto hardware. load_private_key and load_public_key engine calls are also added to this engine. All the PKCS#11 function calls are done through C_GetFunctionList. So the engine could be used with different pkcs#11 and token libraries. There is also a possibility to use a remote crypto box. Afchine Madjlessi __ [EMAIL PROTECTED] Bull TrustWay RD http://www.servers.bull.com/trustway __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #11] Fw: trustway pkcs11 engine for openssl
I have tested the PKCS#11 engine on Linux (linux-elf). It will be very nice to submit your changes and correction for other environments to RT/openssl or if you prefer send them diectly to me to update the pkcs#11 engine patch. Thanks, Afchine - Original Message - From: via RT [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, December 16, 2002 9:47 AM Subject: [openssl.org #11] Fw: trustway pkcs11 engine for openssl It's so nice that someone provided pkcs11 enginge patch. Thanks a lot, Afchine Madjlessi... However I have one problem while compling openssl 0.9.7 beta5 with this patch on Windows 2000. I just followed the instructions described in intall.w32 from openssl 0.9.7 beta5: 1. perl Configure VC-WIN32= OK 2. ms\do_ms = WARNING D:\Program\OCSP\OpenSSL\openssl-0.9.7-beta5perl util\mkdef.pl 16 libeay 1ms\l ibeay16.def Warning: ENGINE_load_pkcs11 does not have a number assigned D:\Program\OCSP\OpenSSL\openssl-0.9.7-beta5perl util\mkdef.pl 32 libeay 1ms\l ibeay32.def Warning: ENGINE_load_pkcs11 does not have a number assigned 3. nmake -f ms\ntdll.mak = ERROR NMAKE : fatal error U1073: don't know how to make '.\crypto\engine\hw_pkcs11.c' Stop. Then I move all the source codes from \crypto\engine\pkcs11 to \crypto\engine\, and execute nmake -f ms\ntdll.mak again.But it still didn't work. cl /Fotmp32dll\hw_pkcs11.obj -Iinc32 -Itmp32dll /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 - DWIN32_LEAN_AND_MEAN -DL_END IAN -DDSO_WIN32 -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM /Fdout32dll - DOPENSSL _NO_KRB5 -D_WINDLL -DOPENSSL_BUILD_SHLIBCRYPTO - c .\crypto\engine\hw_pkcs11.c hw_pkcs11.c .\crypto\engine\hw_pkcs11.c(13) : fatal error C1083: Cannot open include file: ' unistd.h': No such file or directory NMAKE : fatal error U1077: 'cl' : return code '0x2' Stop. Could anyone fix this problem? Thanks very much... [guest - Fri Dec 13 15:23:00 2002]: Here you have the patch for pkcs11 engine for openssl 0.9.7 beta5 This engine has been tested with apache 1.3.27 mod_ssl 2.8.12 and the CC2000 Bull TrustWay hardware. If needed, I can provide also the patch to use with mod_ssl and some tools to create and sign certificate requests. In this new release of the pkcs#11 engine, I have added just the rsa_generate_key in the RSA_METHOD. This call permit to generate and put the private key in the crypto hardware. load_private_key and load_public_key engine calls are also added to this engine. All the PKCS#11 function calls are done through C_GetFunctionList. So the engine could be used with different pkcs#11 and token libraries. There is also a possibility to use a remote crypto box. Afchine Madjlessi __ [EMAIL PROTECTED] Bull TrustWay RD http://www.servers.bull.com/trustway __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #11] Fw: trustway pkcs11 engine for openssl
I have tested the PKCS#11 engine on Linux (linux-elf). It will be very nice to submit your changes and correction for other environments to RT/openssl or if you prefer send them diectly to me to update the pkcs#11 engine patch. Thanks, Afchine - Original Message - From: via RT [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, December 16, 2002 9:47 AM Subject: [openssl.org #11] Fw: trustway pkcs11 engine for openssl It's so nice that someone provided pkcs11 enginge patch. Thanks a lot, Afchine Madjlessi... However I have one problem while compling openssl 0.9.7 beta5 with this patch on Windows 2000. I just followed the instructions described in intall.w32 from openssl 0.9.7 beta5: 1. perl Configure VC-WIN32= OK 2. ms\do_ms = WARNING D:\Program\OCSP\OpenSSL\openssl-0.9.7-beta5perl util\mkdef.pl 16 libeay 1ms\l ibeay16.def Warning: ENGINE_load_pkcs11 does not have a number assigned D:\Program\OCSP\OpenSSL\openssl-0.9.7-beta5perl util\mkdef.pl 32 libeay 1ms\l ibeay32.def Warning: ENGINE_load_pkcs11 does not have a number assigned 3. nmake -f ms\ntdll.mak = ERROR NMAKE : fatal error U1073: don't know how to make '.\crypto\engine\hw_pkcs11.c' Stop. Then I move all the source codes from \crypto\engine\pkcs11 to \crypto\engine\, and execute nmake -f ms\ntdll.mak again.But it still didn't work. cl /Fotmp32dll\hw_pkcs11.obj -Iinc32 -Itmp32dll /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 - DWIN32_LEAN_AND_MEAN -DL_END IAN -DDSO_WIN32 -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM /Fdout32dll - DOPENSSL _NO_KRB5 -D_WINDLL -DOPENSSL_BUILD_SHLIBCRYPTO - c .\crypto\engine\hw_pkcs11.c hw_pkcs11.c .\crypto\engine\hw_pkcs11.c(13) : fatal error C1083: Cannot open include file: ' unistd.h': No such file or directory NMAKE : fatal error U1077: 'cl' : return code '0x2' Stop. Could anyone fix this problem? Thanks very much... [guest - Fri Dec 13 15:23:00 2002]: Here you have the patch for pkcs11 engine for openssl 0.9.7 beta5 This engine has been tested with apache 1.3.27 mod_ssl 2.8.12 and the CC2000 Bull TrustWay hardware. If needed, I can provide also the patch to use with mod_ssl and some tools to create and sign certificate requests. In this new release of the pkcs#11 engine, I have added just the rsa_generate_key in the RSA_METHOD. This call permit to generate and put the private key in the crypto hardware. load_private_key and load_public_key engine calls are also added to this engine. All the PKCS#11 function calls are done through C_GetFunctionList. So the engine could be used with different pkcs#11 and token libraries. There is also a possibility to use a remote crypto box. Afchine Madjlessi __ [EMAIL PROTECTED] Bull TrustWay RD http://www.servers.bull.com/trustway __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
XXX_DESCRYPT / ENCRYPT
Hi, is there a particular reason why in crypto/aes/aes.h the symbols AES8DESCRYPT and AES_ENCRYPT are defined as static const int AES_DECRYPT = 0; static const int AES_ENCRYPT = 1; and not simply as in des as #define DES_ENCRYPT 1 #define DES_DECRYPT 0 regards __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #11] Fw: trustway pkcs11 engine for openssl
The new patch for pkcs#11 engine on openssl 0.9.7 delivered today to RT/openssl corrects compile problem in windows platform. Thanks to your advice! Afchine Madjlessi [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #11] Fw: trustway pkcs11 engine for openssl
The new patch for pkcs#11 engine on openssl 0.9.7 delivered today to RT/openssl corrects compile problem in windows platform. Thanks to your advice! Afchine Madjlessi [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [CVS] OpenSSL: openssl/ssl ssl_ciph.c
On Mon, Dec 16, 2002, Richard Levitte wrote: Protect loading routines with a lock. PR: 373 Summary: RevisionChanges Path 1.33.2.4+6 -1 openssl/ssl/ssl_ciph.c Index: openssl/ssl/ssl_ciph.c $ cvs diff -u -r1.33.2.3 -r1.33.2.4 ssl_ciph.c --- openssl/ssl/ssl_ciph.c 19 Jul 2002 19:53:02 - 1.33.2.3 +++ openssl/ssl/ssl_ciph.c 16 Dec 2002 06:06:06 - 1.33.2.4 @@ -751,7 +751,12 @@ */ if (rule_str == NULL) return(NULL); - if (init_ciphers) load_ciphers(); + if (init_ciphers) + { + CRYPTO_w_lock(CRYPTO_LOCK_SSL); + if (init_ciphers) load_ciphers(); + CRYPTO_w_unlock(CRYPTO_LOCK_SSL); + } Just curious: why the nested if (init_ciphers) ..? Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [CVS] OpenSSL: openssl/ssl ssl_ciph.c
* Ralf S. Engelschall ([EMAIL PROTECTED]) wrote: - if (init_ciphers) load_ciphers(); + if (init_ciphers) + { + CRYPTO_w_lock(CRYPTO_LOCK_SSL); + if (init_ciphers) load_ciphers(); + CRYPTO_w_unlock(CRYPTO_LOCK_SSL); + } Just curious: why the nested if (init_ciphers) ..? Because once load_ciphers() is called by the first thread to win the race (during which any competing threads will be waiting on the lock), future passes through this code won't need to lock at all. Cheers, Geoff -- Geoff Thorpe [EMAIL PROTECTED] http://www.openssl.org/ __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [CVS] OpenSSL: openssl/ssl ssl_ciph.c
In message [EMAIL PROTECTED] on Mon, 16 Dec 2002 17:18:18 +0100, Ralf S. Engelschall [EMAIL PROTECTED] said: rse- if (init_ciphers) load_ciphers(); rse+ if (init_ciphers) rse+ { rse+ CRYPTO_w_lock(CRYPTO_LOCK_SSL); rse+ if (init_ciphers) load_ciphers(); rse+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL); rse+ } rse rse Just curious: why the nested if (init_ciphers) ..? Same thing as in other places: a performance thing. If the flag is already set, avoid the overhead of locking. If it wasn't set, lock and check that it still isn't set to avoid the possible race condition. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [CVS] OpenSSL: openssl Makefile.org
appro Whoaa there, how does that change work when the compiler is *not* GNU? appro appro It works *perfectly* with vendor compiler! Trust me:-) A. Really? They understand -Wl? Yes. Richard, you win but for another reason:-) WorkShop C (as well as other vendor compiler drivers) does understand -Wl, *but* some of thier (Sun's) compiler drivers (well, one of those I have) collect all -Wl options in the beginning of ld command line so that ld is invoked as ld -z allextract -z defaultextract ... libcrypto.a ..., while idea is basically ld ... -z allextract libcrypto.a -z defaultextract ... Why, oh why? A. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [CVS] OpenSSL: openssl Makefile.org
In message [EMAIL PROTECTED] on Mon, 16 Dec 2002 19:54:08 +0100, Andy Polyakov [EMAIL PROTECTED] said: appro Richard, you win but for another reason:-) WorkShop C (as well as other appro vendor compiler drivers) does understand -Wl, *but* some of thier appro (Sun's) compiler drivers (well, one of those I have) collect all -Wl appro options in the beginning of ld command line so that ld is invoked as ld appro -z allextract -z defaultextract ... libcrypto.a ..., while idea is appro basically ld ... -z allextract libcrypto.a -z defaultextract ... Why, appro oh why? A. Eh god... So basically, we not only need to detect if GNU ld is used, but that it's really GNU cc as well? What happens if the compiler isn't GNU but ld is? -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [CVS] OpenSSL: openssl Makefile.org
In message [EMAIL PROTECTED] on Mon, 16 Dec 2002 20:09:42 +0100 (CET), Richard Levitte - VMS Whacker [EMAIL PROTECTED] said: levitte Eh god... So basically, we not only need to detect if GNU ld is used, levitte but that it's really GNU cc as well? What happens if the compiler levitte isn't GNU but ld is? Ah, I see you did the change... -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [CVS] OpenSSL: openssl/ssl ssl_ciph.c
In article [EMAIL PROTECTED] you wrote: In message [EMAIL PROTECTED] on Mon, 16 Dec 2002 17:18:18 +0100, Ralf S. Engelschall [EMAIL PROTECTED] said: rse- if (init_ciphers) load_ciphers(); rse+ if (init_ciphers) rse+ { rse+ CRYPTO_w_lock(CRYPTO_LOCK_SSL); rse+ if (init_ciphers) load_ciphers(); rse+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL); rse+ } rse rse Just curious: why the nested if (init_ciphers) ..? Same thing as in other places: a performance thing. If the flag is already set, avoid the overhead of locking. If it wasn't set, lock and check that it still isn't set to avoid the possible race condition. Ah, now I see it. Thanks for clarifying this point. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [CVS] OpenSSL: openssl Makefile.org
appro Richard, you win but for another reason:-) WorkShop C (as well as other appro vendor compiler drivers) does understand -Wl, *but* some of thier appro (Sun's) compiler drivers (well, one of those I have) collect all -Wl appro options in the beginning of ld command line so that ld is invoked as ld appro -z allextract -z defaultextract ... libcrypto.a ..., while idea is appro basically ld ... -z allextract libcrypto.a -z defaultextract ... Why, appro oh why? A. Eh god... So basically, we not only need to detect if GNU ld is used, but that it's really GNU cc as well? Alternative could be to run /usr/ccs/bin/ld directly, but then we would have to cope with multiple ABI supported by kernel ourselves and we don't want that. I think... What happens if the compiler isn't GNU but ld is? Can't happen. Vendor compiler driver does not take any chances but invokes linker by explicit path, /usr/ccs/bin/ld to specific. Well, the only exclusion from this rule is when it wants/is instructed to perform incremental linking in which case it calls /opt/SUNWspro/*/bin/ild, where * stands for a version abbreviation, e.g. WS6 stands for WorkShop 6. A. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: [CVS] OpenSSL: openssl Makefile.org
Please please please forget about that allextract nonsense. You will*never* get it portable to all desired platforms. Just take the lib*.a and relink it explicitly: mkdir tmp; cd tmp; ar x ../libcrypto.a; ld -r -o ../libcrypto.o *.o ld -G -o libcrypto.so libcrypto.o -lwhatever -- Howard Chu Chief Architect, Symas Corp. Director, Highland Sun http://www.symas.com http://highlandsun.com/hyc Symas: Premier OpenSource Development and Support -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Richard Levitte - VMS Whacker Sent: Monday, December 16, 2002 11:10 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [CVS] OpenSSL: openssl Makefile.org In message [EMAIL PROTECTED] on Mon, 16 Dec 2002 19:54:08 +0100, Andy Polyakov [EMAIL PROTECTED] said: appro Richard, you win but for another reason:-) WorkShop C (as well as other appro vendor compiler drivers) does understand -Wl, *but* some of thier appro (Sun's) compiler drivers (well, one of those I have) collect all -Wl appro options in the beginning of ld command line so that ld is invoked as ld appro -z allextract -z defaultextract ... libcrypto.a ..., while idea is appro basically ld ... -z allextract libcrypto.a -z defaultextract ... Why, appro oh why? A. Eh god... So basically, we not only need to detect if GNU ld is used, but that it's really GNU cc as well? What happens if the compiler isn't GNU but ld is? -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [CVS] OpenSSL: openssl Makefile.org
Please please please forget about that allextract nonsense. You will*never* get it portable to all desired platforms. The changes being discussed affect Solaris and Solaris only, we're not talking about all desired platforms. Just take the lib*.a and relink it explicitly: mkdir tmp; cd tmp; ar x ../libcrypto.a; ld -r -o ../libcrypto.o *.o ld -G -o libcrypto.so libcrypto.o -lwhatever As mentioned calling /usr/ccs/bin/ld *is* an alternative. Or is it? Imagine following scenario. You compile the toolkit with gcc and link with ld as you suggest. This might leave unresolved references to libgcc. Now if it did, then attempt to cc ... -lssl would fail... A. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [CVS] OpenSSL: openssl Makefile.org
In message [EMAIL PROTECTED] on Mon, 16 Dec 2002 20:53:20 +0100, Andy Polyakov [EMAIL PROTECTED] said: appro Eh god... So basically, we not only need to detect if GNU ld is used, appro but that it's really GNU cc as well? appro appro Alternative could be to run /usr/ccs/bin/ld directly, but then we would appro have to cope with multiple ABI supported by kernel ourselves and we appro don't want that. I think... Not a good idea, we'd also miss the links back to libc and so on... appro What happens if the compiler appro isn't GNU but ld is? appro appro Can't happen. Vendor compiler driver does not take any chances but appro invokes linker by explicit path, /usr/ccs/bin/ld to specific. Well, the appro only exclusion from this rule is when it wants/is instructed to perform appro incremental linking in which case it calls /opt/SUNWspro/*/bin/ild, appro where * stands for a version abbreviation, e.g. WS6 stands for WorkShop appro 6. A. OK. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [CVS] OpenSSL: openssl Makefile.org
In message 005201c2a53d$5f4523f0$0e01a8c0@CELLO on Mon, 16 Dec 2002 11:55:55 -0800, Howard Chu [EMAIL PROTECTED] said: hyc Please please please forget about that allextract nonsense. You will*never* hyc get it portable to all desired platforms. Just take the lib*.a and relink it hyc explicitly: hycmkdir tmp; cd tmp; ar x ../libcrypto.a; ld -r -o ../libcrypto.o *.o hycld -G -o libcrypto.so libcrypto.o -lwhatever Note that the changes done are for *Solaris*, not all platforms. If you look in 0.9.8-dev, however, you'll see that the approach you're asking has been implemented. Because you're right, it's quite a lot easier to do that way, and have it vary with just a few environment variables... -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [CVS] OpenSSL: openssl Makefile.org
In message [EMAIL PROTECTED] on Mon, 16 Dec 2002 21:30:46 +0100, Andy Polyakov [EMAIL PROTECTED] said: appro Just take the lib*.a and relink it appro explicitly: appro mkdir tmp; cd tmp; ar x ../libcrypto.a; ld -r -o ../libcrypto.o *.o appro ld -G -o libcrypto.so libcrypto.o -lwhatever appro appro As mentioned calling /usr/ccs/bin/ld *is* an alternative. Or is it? appro Imagine following scenario. You compile the toolkit with gcc and link appro with ld as you suggest. This might leave unresolved references to appro libgcc. Now if it did, then attempt to cc ... -lssl would fail... A. OK, I lied a message ago. In 0.9.8-dev's Makefile.shared, the first ld is actually an ld, while the second shown above is done through cc or gcc. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: [CVS] OpenSSL: openssl Makefile.org
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Andy Polyakov Please please please forget about that allextract nonsense. You will*never* get it portable to all desired platforms. The changes being discussed affect Solaris and Solaris only, we're not talking about all desired platforms. Just take the lib*.a and relink it explicitly: mkdir tmp; cd tmp; ar x ../libcrypto.a; ld -r -o ../libcrypto.o *.o ld -G -o libcrypto.so libcrypto.o -lwhatever As mentioned calling /usr/ccs/bin/ld *is* an alternative. Or is it? Imagine following scenario. You compile the toolkit with gcc and link with ld as you suggest. This might leave unresolved references to libgcc. Now if it did, then attempt to cc ... -lssl would fail... A. Never mind the direct invocation of ld in my example above. The point I was trying to get across is to eliminate the dependency on the allextract flag. Use whatever linking step you would normally have used after creating e.g. libcrypto.o. Also, you will find that libgcc is only needed because gcc was used for the link step. It's only because of the C++ constructor/destructor cruft that gcc always throws on there that libgcc becomes a dependency. If you compile with gcc and link with ld you get a perfectly working standalone library, no libgcc required. Even though you guys were only discussing Solaris - for the sake of portability and maintainability, stick to the least common denominator. Don't introduce special cases where none are needed. There is no reason to have 18-zillion different variations on how to create a shared libcrypto or libssl using god knows how many different platform-specific and version-specific LD flags. You can use basic, plain Jane, SVR3/BSD4.2 syntax to get over the main hurdle, and then use the appropriate -shared flag for your linker of choice after the basic object file exists. -- Howard Chu Chief Architect, Symas Corp. Director, Highland Sun http://www.symas.com http://highlandsun.com/hyc Symas: Premier OpenSource Development and Support __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: [CVS] OpenSSL: openssl Makefile.org
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Richard Levitte - VMS Whacker In message [EMAIL PROTECTED] on Mon, 16 Dec 2002 21:30:46 +0100, Andy Polyakov [EMAIL PROTECTED] said: appro Just take the lib*.a and relink it appro explicitly: appro mkdir tmp; cd tmp; ar x ../libcrypto.a; ld -r -o ../libcrypto.o *.o appro ld -G -o libcrypto.so libcrypto.o -lwhatever appro appro As mentioned calling /usr/ccs/bin/ld *is* an alternative. Or is it? appro Imagine following scenario. You compile the toolkit with gcc and link appro with ld as you suggest. This might leave unresolved references to appro libgcc. Now if it did, then attempt to cc ... -lssl would fail... A. OK, I lied a message ago. In 0.9.8-dev's Makefile.shared, the first ld is actually an ld, while the second shown above is done through cc or gcc. Right. The first line must use ld to create the relocatable object, the final link can be done by cc / gcc / ld, whichever, as appropriate. -- Howard Chu Chief Architect, Symas Corp. Director, Highland Sun http://www.symas.com http://highlandsun.com/hyc Symas: Premier OpenSource Development and Support __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
OpenSSL port for Win64
I have looked through the email posts and seen the patch submitted by John Calcote and the discussion that followed, concerning the fact that it doesn't fully account as a full port for Win64. I did see that there was a Win64 branch created. We currently use OpenSSL under other OS's and I was wondering if there was an update or more information on a possible port to Win64? Any update or information on this would be appreciated, thanks for any help you can provide. Rich Purvis Hewlett-Packard Company ISS Software Development Manager [EMAIL PROTECTED] 281-514-8465 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [CVS] OpenSSL: openssl Makefile.org
In message 005201c2a53d$5f4523f0$0e01a8c0@CELLO on Mon, 16 Dec 2002 11:55:55 -0800, Howard Chu [EMAIL PROTECTED] said: hyc Please please please forget about that allextract nonsense. You hyc will*never* get it portable to all desired platforms. Just take hyc the lib*.a and relink it explicitly: hycmkdir tmp; cd tmp; ar x ../libcrypto.a; ld -r -o ../libcrypto.o *.o hycld -G -o libcrypto.so libcrypto.o -lwhatever BTW, are you sure about 'ld -r' never needing any '-z allextract' or whatever turns the local ld on? The reason I ask is that you provided the do_aix-shared target that's present in 0.9.7. No, I honestly don't recall if I did a lot of hacking into whatever you contributed or not, but I thought you said it looked OK. In that case, I'd take a closer look at the ALLSYMSFLAG example for Solaris. Is that one correct or not? What about the other platforms, are they correct as well? Note that for 0.9.7, I don't care since that method is used exclusively used for AIX and none else. 0.9.8-dev is another story, however, since I simply looked at do_aix-shared and generalised it further (to the point of having a general Makefile that should be possible to use for any library on any of the supported platforms). I know Andy is looking, but I also know his time is short, so if you have the time and inclination to help, please take a look at Makefile.shared in 0.9.8-dev. If you have any question, please ask. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL port for Win64
In message [EMAIL PROTECTED] on Mon, 16 Dec 2002 17:10:56 -0600, Purvis, Rich (Sys Hou) [EMAIL PROTECTED] said: Rich.PurvisI have looked through the email posts and seen the Rich.Purvis patch submitted by John Calcote and the discussion that Rich.Purvis followed, concerning the fact that it doesn't fully Rich.Purvis account as a full port for Win64. I did see that there Rich.Purvis was a Win64 branch created. We currently use OpenSSL Rich.Purvis under other OS's and I was wondering if there was an Rich.Purvis update or more information on a possible port to Win64? Rich.Purvis Any update or information on this would be appreciated, Rich.Purvis thanks for any help you can provide. It's going, but slowly. The goal is to have something ready for 0.9.8, so there's still time. As it is right now, what's in that branch isn't really functional (last time I dealt with it, it didn't compile properly), but I'm working on it when I can. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL port for Win64
Rich.PurvisI have looked through the email posts and seen the Rich.Purvis patch submitted by John Calcote and the discussion that Rich.Purvis followed, concerning the fact that it doesn't fully Rich.Purvis account as a full port for Win64. I did see that there Rich.Purvis was a Win64 branch created. We currently use OpenSSL Rich.Purvis under other OS's and I was wondering if there was an Rich.Purvis update or more information on a possible port to Win64? Rich.Purvis Any update or information on this would be appreciated, Rich.Purvis thanks for any help you can provide. It's going, but slowly. The goal is to have something ready for 0.9.8, so there's still time. As it is right now, what's in that branch isn't really functional (last time I dealt with it, it didn't compile properly), but I'm working on it when I can. Richard, why don't you ask for an account? HP have [or had?] an Itanium lab opened to independent developers. Wouldn't it speed things up? At least without a way to test, it can take literally eternity... A. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [CVS] OpenSSL: openssl Makefile.shared
In message [EMAIL PROTECTED] on Tue, 17 Dec 2002 00:35:18 +0100 (CET), Andy Polyakov [EMAIL PROTECTED] said: appro Log: appro 'a=b c=$a; echo $c' doesn't necessarily prints b, '' vs. , $s in appro Makefiles... I suppose it wasn't tested very much... I don't understand the first part of that log, and I assume that talks about this change (and others with that variable): approDO_GNU=$(CALC_VERSIONS); \ appro SHLIB=lib$(LIBNAME).so \ appro - SHLIB_SUFFIX= \ appro + SHLIB_SUFFIX= ; \ appro LIBDEPS=$(LIBDEPS) -lc \ [...] For the rest, you're absolutely correct, there hasn't been much testing. The platforms I was playing on were Linux and Solaris with GNU tools. Thanks for testing and all the corrections! -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: [CVS] OpenSSL: openssl Makefile.org
-Original Message- From: Richard Levitte - VMS Whacker [mailto:[EMAIL PROTECTED]] In message 005201c2a53d$5f4523f0$0e01a8c0@CELLO on Mon, 16 Dec 2002 11:55:55 -0800, Howard Chu [EMAIL PROTECTED] said: hyc Please please please forget about that allextract nonsense. You hyc will*never* get it portable to all desired platforms. Just take hyc the lib*.a and relink it explicitly: hyc mkdir tmp; cd tmp; ar x ../libcrypto.a; ld -r -o ../libcrypto.o *.o hyc ld -G -o libcrypto.so libcrypto.o -lwhatever BTW, are you sure about 'ld -r' never needing any '-z allextract' or whatever turns the local ld on? The reason I ask is that you provided the do_aix-shared target that's present in 0.9.7. No, I honestly don't recall if I did a lot of hacking into whatever you contributed or not, but I thought you said it looked OK. In that case, I'd take a closer look at the ALLSYMSFLAG example for Solaris. Is that one correct or not? What about the other platforms, are they correct as well? I'll take a look. Sorry I didn't pay closer attention till now, I've had a lot of other loose threads to chase. Yes, ld -r works on every Unix-ish system from the newest of today to going back 30 years ago. There's no magic, you're just extracting the entire contents of the archive file and then telling ld to link all of those objects into a single relocatable object file. This is exactly what an ALLSYMSFLAG *must* do under the covers, but by doing it yourself you have complete control over the procedure. Note that for 0.9.7, I don't care since that method is used exclusively used for AIX and none else. 0.9.8-dev is another story, however, since I simply looked at do_aix-shared and generalised it further (to the point of having a general Makefile that should be possible to use for any library on any of the supported platforms). I know Andy is looking, but I also know his time is short, so if you have the time and inclination to help, please take a look at Makefile.shared in 0.9.8-dev. If you have any question, please ask. I will get back to you in a day or so, I have refresh my rsync config and other such before I can pull the tree down. -- Howard Chu Chief Architect, Symas Corp. Director, Highland Sun http://www.symas.com http://highlandsun.com/hyc Symas: Premier OpenSource Development and Support __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL port for Win64
In message [EMAIL PROTECTED] on Tue, 17 Dec 2002 00:47:51 +0100, Andy Polyakov [EMAIL PROTECTED] said: appro Richard, why don't you ask for an account? HP have [or had?] an appro Itanium lab opened to independent developers. Wouldn't it speed appro things up? At least without a way to test, it can take appro literally eternity... A. I *have* asked. Several times. As a result, I do have a Windows partition on the laptop with the right stuff to run builds until I get blue in the face. Unfortunately, Windows isn't what I run normally, so there's a time span between times. I've also had several people talking about giving me an account for a while, but I haven't seen any tangeable result (for those I talked with, it's VERY possible some mail got lost in the deluge I usually get, so if I missed something, please get in touch with me). I think someone mentioned that HP lab, but I'm pretty sure that if it was up and I could reach it, I would already have set up things to do automatic builds for me. If my current info on this is incorrect, please remind me where to look. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [CVS] OpenSSL: openssl Makefile.shared
appro 'a=b c=$a; echo $c' doesn't necessarily prints b, I don't understand the first part of that log, Under bash: $ a=b c=$a; echo $c b While under Solaris /bin/sh: $ a=b c=$a; echo $c i.e. it prints nothing. You need a=b; c=$a; echo $c to see b. A. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [CVS] OpenSSL: openssl Makefile.shared
In message [EMAIL PROTECTED] on Tue, 17 Dec 2002 01:07:31 +0100, Andy Polyakov [EMAIL PROTECTED] said: appro Under bash: appro appro $ a=b c=$a; echo $c appro b appro appro While under Solaris /bin/sh: appro appro $ a=b c=$a; echo $c appro appro i.e. it prints nothing. You need a=b; c=$a; echo $c to see b. A. Ah, thanks, that may explain some weird stuff I saw and couldn't figure out. Doesn't that mean that every assignment should be followed by a ;? Right now, you've only done that for those with empty values... -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [CVS] OpenSSL: openssl Makefile.shared
In message [EMAIL PROTECTED] on Tue, 17 Dec 2002 01:07:47 +0100 (CET), Richard Levitte - VMS Whacker [EMAIL PROTECTED] said: levitte In message [EMAIL PROTECTED] on Tue, 17 Dec 2002 01:07:31 +0100, Andy Polyakov [EMAIL PROTECTED] said: levitte levitte appro Under bash: levitte appro levitte appro $ a=b c=$a; echo $c levitte appro b levitte appro levitte appro While under Solaris /bin/sh: levitte appro levitte appro $ a=b c=$a; echo $c levitte appro levitte appro i.e. it prints nothing. You need a=b; c=$a; echo $c to see b. A. levitte levitte Ah, thanks, that may explain some weird stuff I saw and couldn't levitte figure out. levitte levitte Doesn't that mean that every assignment should be followed by a ;? levitte Right now, you've only done that for those with empty values... Oh wait, I get it, it's whenever there's a reference to another variable that's assigned in the same statement that things don't work the same. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #402] Invalid assembly generated in a.out mode
In 0.9.7-stable since the recent PIC-ification, the assembly generation scripts add a leading underscore to the target when generating a call to a local label which has no leading underscore. EG the output of perl des-586.pl a.out (run in crypto/des/asm) includes in its output: jz .L007finish call_.L008PIC_point .L008PIC_point: popl%edx This of course leads to a link error. -- __ | Brian Havard | He is not the messiah! | | [EMAIL PROTECTED] | He's a very naughty boy! - Life of Brian | -- __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [CVS] OpenSSL: openssl Makefile.shared
levitte levitte appro Under bash: levitte appro levitte appro $ a=b c=$a; echo $c levitte appro b levitte appro levitte appro While under Solaris /bin/sh: levitte appro levitte appro $ a=b c=$a; echo $c levitte appro levitte appro i.e. it prints nothing. You need a=b; c=$a; echo $c to see b. A. levitte levitte Ah, thanks, that may explain some weird stuff I saw and couldn't levitte figure out. levitte levitte Doesn't that mean that every assignment should be followed by a ;? levitte Right now, you've only done that for those with empty values... Oh wait, I get it, it's whenever there's a reference to another variable that's assigned in the same statement that things don't work the same. Right! The fact that only empty assignments are followed by ; is a pure coincidence. It has nothing to do with the fact that assignments are empty. A. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]