Re: [openssl.org #1943] [PROPOSAL] rename uni2asc asc2uni because of naming conflict

2009-06-14 Thread Guenter via RT 
Hi Steve,   
 Guenter schrieb:
 Sure, we can do the renaming of the functions #ifdef'd for
 OPENSSL_SYS_NETWARE, no prob.
find attached a new patch for 0.9.8-stable which renames conditionally
for NetWare only.


diff -ur openssl-0_9_8/apps/pkcs12.c openssl-0_9_8-patched/apps/pkcs12.c
--- openssl-0_9_8/apps/pkcs12.c	Wed Nov 05 19:36:35 2008
+++ openssl-0_9_8-patched/apps/pkcs12.c	Mon Jun 15 01:42:13 2009
@@ -68,6 +68,12 @@
 #include openssl/pem.h
 #include openssl/pkcs12.h
 
+#ifdef OPENSSL_SYS_NETWARE
+/* Rename these functions to avoid name clashes on NetWare OS */
+#define uni2asc OPENSSL_uni2asc
+#define asc2uni OPENSSL_asc2uni
+#endif
+
 #define PROG pkcs12_main
 
 const EVP_CIPHER *enc;
diff -ur openssl-0_9_8/crypto/pkcs12/p12_attr.c openssl-0_9_8-patched/crypto/pkcs12/p12_attr.c
--- openssl-0_9_8/crypto/pkcs12/p12_attr.c	Wed Nov 05 19:36:46 2008
+++ openssl-0_9_8-patched/crypto/pkcs12/p12_attr.c	Mon Jun 15 01:44:07 2009
@@ -60,6 +60,12 @@
 #include cryptlib.h
 #include openssl/pkcs12.h
 
+#ifdef OPENSSL_SYS_NETWARE
+/* Rename these functions to avoid name clashes on NetWare OS */
+#define uni2asc OPENSSL_uni2asc
+#define asc2uni OPENSSL_asc2uni
+#endif
+
 /* Add a local keyid to a safebag */
 
 int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,
diff -ur openssl-0_9_8/crypto/pkcs12/p12_key.c openssl-0_9_8-patched/crypto/pkcs12/p12_key.c
--- openssl-0_9_8/crypto/pkcs12/p12_key.c	Wed Nov 05 19:36:46 2008
+++ openssl-0_9_8-patched/crypto/pkcs12/p12_key.c	Mon Jun 15 01:45:14 2009
@@ -69,6 +69,12 @@
 void h__dump (unsigned char *p, int len);
 #endif
 
+#ifdef OPENSSL_SYS_NETWARE
+/* Rename these functions to avoid name clashes on NetWare OS */
+#define uni2asc OPENSSL_uni2asc
+#define asc2uni OPENSSL_asc2uni
+#endif
+
 /* PKCS12 compatible key/IV generation */
 #ifndef min
 #define min(a,b) ((a)  (b) ? (a) : (b))
diff -ur openssl-0_9_8/crypto/pkcs12/p12_utl.c openssl-0_9_8-patched/crypto/pkcs12/p12_utl.c
--- openssl-0_9_8/crypto/pkcs12/p12_utl.c	Wed Nov 05 19:36:47 2008
+++ openssl-0_9_8-patched/crypto/pkcs12/p12_utl.c	Mon Jun 15 01:46:07 2009
@@ -60,6 +60,12 @@
 #include cryptlib.h
 #include openssl/pkcs12.h
 
+#ifdef OPENSSL_SYS_NETWARE
+/* Rename these functions to avoid name clashes on NetWare OS */
+#define uni2asc OPENSSL_uni2asc
+#define asc2uni OPENSSL_asc2uni
+#endif
+
 /* Cheap and nasty Unicode stuff */
 
 unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen)
diff -ur openssl-0_9_8/crypto/pkcs12/pkcs12.h openssl-0_9_8-patched/crypto/pkcs12/pkcs12.h
--- openssl-0_9_8/crypto/pkcs12/pkcs12.h	Wed Nov 05 19:36:47 2008
+++ openssl-0_9_8-patched/crypto/pkcs12/pkcs12.h	Mon Jun 15 02:22:56 2009
@@ -232,9 +232,14 @@
 		   const EVP_MD *md_type);
 int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
 	 int saltlen, const EVP_MD *md_type);
+#if defined(NETWARE) || defined(OPENSSL_SYS_NETWARE)
+/* Rename these functions to avoid name clashes on NetWare OS */
+unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen);
+char *OPENSSL_uni2asc(unsigned char *uni, int unilen);
+#else
 unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen);
 char *uni2asc(unsigned char *uni, int unilen);
-
+#endif
 DECLARE_ASN1_FUNCTIONS(PKCS12)
 DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
 DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG)

Re: [openssl.org #1946] Resolved: [PATCH] NetWare fix compilr break in

2009-06-14 Thread Guenter via RT 
Hi Steve,
Stephen Henson via RT schrieb:
 According to our records, your request has been resolved. If you have any
 further questions or concerns, please respond to this message.
I admit that I probably didnt test carefully enough; the NetWare CLIB
builds get now with older SDK a redefine due to the fact that dtls1.h is
used by some other C files which include the winsock header before
dtls1.h and thus get the timeval struct defined via winsock2.h; so at
the moment I see no other way than to check too for _WINSOCK2API_ :

diff -ur openssl-0_9_8\ssl\dtls1.h openssl-0_9_8-patched\ssl\dtls1.h
--- openssl-0_9_8\ssl\dtls1.h   Fri Jun 05 17:05:10 2009
+++ openssl-0_9_8-patched\ssl\dtls1.h   Mon Jun 15 01:34:57 2009
@@ -65,7 +65,7 @@
 #ifdef OPENSSL_SYS_WIN32
 /* Needed for struct timeval */
 #include winsock.h
-#elif defined(OPENSSL_SYS_NETWARE)
+#elif (defined(OPENSSL_SYS_NETWARE)  !defined(_WINSOCK2API_))
 #include sys/timeval.h
 #endif

this seems to work fine with all our 4 build flavours.



__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

SSL_library_init() EVP_sha256

2009-06-14 Thread Phil Pennock 
Folks,

The approach of the Exim MTA to cryptography is simple -- don't
second-guess the SSL library developers when it comes to choosing which
algorithms/digests/etc to load, and provide a knob
(tls_require_ciphers) for administrators to restrict what can be
loaded.  The MTA developers do not want to be in the cryptoanalysis
game, deciding when digests are or are not safe to use and reason that
this is best handled by the SSL libraries which are maintained by people
who understand this stuff better.

There's a pending request, from February 2008, to load SHA-256 in Exim
to let people verify certificates from CAs which have migrated to
SHA-256.  http://bugs.exim.org/show_bug.cgi?id=674

When RFC 5246 came out, specifying TLS 1.2 and having all mandated
cipher suites use SHA-256, we assumed that to aid the transition OpenSSL
would add EVL_sha256() to the list of digests initialised in
SSL_library_init(), even before support of TLS 1.2 itself.  I've checked
OpenSSL 1.0.0 beta 2 and see that this is still not the case.

I'm seeing usage of SHA-256 become more widespread by CAs today.

Are there plans to add this digest to the list initialised by
SSL_library_init() ?

If not, why not please?

Thanks,
-Phil
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org