[PATCH] to fix compilation issues of openssl v100a for WCE 420/WM5/WM6 target platform
Dear All, I am a contributor to the WCE port of stunnel, using intensively openssl. I have recently completed the port of stunnel v434 to WCE platform, and needed a refreshed version of openssl for that target. I have recompiled openssl v100a with MS EVC4 sp4 free compiler, MS WCE420 SDK and essemer/wcecompat 1.2 library, and fixed many compilation issues (mostly undefined symbols, a few inexistant routines, some libs missing at link time). I DID NOT fix any operational issue, ie execution-time issue. My code is basically a PORTING effort, not at all a rewrite or enriching effort. In particular I have a special concern to have wce code as close as possible as win32 code. Please find enclosed my patch in diff -ur orig patched format. SUMMARY of fixes for compilation issues : ./apps/apps.c: strings.h is not relevant in WCE environment. ./apps/apps.h FD_SET must include proper cast for WCE, as for win32. NOTA: this cast should be corrected in the future to UNIT_PTR, instead of unsigned int, as it is defined like this in the MS SDK. ./crypto/bio/bss_dgram.c get_current_time NEEDED a WCE code, as _ftime DOES NOT exist in WCE420 SDK. Nota: one day my code should go in wcecompat (I have to discuss with Maurice Kalinowski about that, and about the replacement of wccompat 1.2 by mauricek or alike version). ./crypto/bio/bss_fd.c some functions ARE missing definition for WCE. BIO *BIO_new_fd(int fd,int close_flag) int BIO_fd_non_fatal_error(int err) int BIO_fd_should_retry(int i) BIO_METHOD *BIO_s_fd(void) By default I put a stub. Is it sufficient ? at least it works with stunnel. ./crypto/cryptlib.c raise DOES NOT exist in WCE environment. Nota: In win32 _exit(3) is redundant with raise(sigabrt), because raise implies exit(3), dixit MS doc. ./crypto/dso/dso_win32.c len=0 just put to AVOID a warning of the compiler because this variable is NOT used in CE code. ./crypto/o_str.c strings.h is not relevant in WCE environment. ./crypto/opensslconf.h : no need of any explanation, automatically generated file. ./e_os.h winsock2/ws2tcp includes ARE needed in WCE environment. EACCES symbol must be defined in WCE: fix would have to be included in wcecompat stream one day. ./engines/ccgost/gost_lcl.h Missing type off_t ./engines/e_capi.c In WCE SDK, only UNICODE version of some Crypt function exist. But openssl explicitely uses ANSI fucntions. So I offer some code for this : CryptEnumProvidersA CryptAcquireContextA CryptSignHashA These ARE NOT STUB, but code really doing something. ./Makefile automatically generated, some lines changed due to change in VC-32.pl ./ssl/d1_lib.c get_current_time needed to be defined with real code, not stub. Nota: This code is a DUPLICATE of bss_dgram.c code : same function get_current_time, same code. ./util/pl/VC-32.pl VERY IMPORTANT : strangely the link process was supposed to link with winsock 1 lib ! It is a big error as all openssl code is using winsock2, which is much more bsd compliant than winsock1. So the linkage must be done with ws2.lib (which is for WCE what ws2_32.lib is for win32). crypt32.lib IS ALSO MANDATORY now in WCE port, as in win32. NOTE : I would also suggest to modify the INSTALL.WCE file just to mention EVC4 and wcecompat 1.2 instead of evc3 and wcecompat 1.1, and also the fact that out32dll path is now out32dll_$(TARGETCPU) NOTE 2 : just in case it may help, precompiled (patched) versions of openssl v100a and stunnel v434 for ARMV4 processors/WCE420 platform, are available at http://delaage.pierre.free.fr. The result works fine for HTC WM6 smartphones, and should work for WM5 phones. Thank you very much for your work. Yours sincerely, Pierre Delaage diff -ur orig/apps/apps.c patched/apps/apps.c --- orig/apps/apps.c2010-09-25 16:45:29.563877500 +0200 +++ patched/apps/apps.c 2010-09-26 07:12:44.368479500 +0200 @@ -118,7 +118,7 @@ #include stdio.h #include stdlib.h #include string.h -#if !defined(OPENSSL_SYSNAME_WIN32) !defined(NETWARE_CLIB) +#if !defined(OPENSSL_SYSNAME_WIN32) !defined(OPENSSL_SYSNAME_WINCE) !defined(NETWARE_CLIB) //pdelaage 20100926 #include strings.h #endif #include sys/types.h diff -ur orig/apps/apps.h patched/apps/apps.h --- orig/apps/apps.h2009-10-31 14:34:19.0 +0100 +++ patched/apps/apps.h 2010-09-26 07:13:54.676479500 +0200 @@ -202,8 +202,9 @@ # endif #endif -#ifdef OPENSSL_SYSNAME_WIN32 -# define openssl_fdset(a,b) FD_SET((unsigned int)a, b) +// pdelaage 20100926 #ifdef OPENSSL_SYSNAME_WIN32 +#if defined(OPENSSL_SYSNAME_WIN32) || defined(OPENSSL_SYSNAME_WINCE) +# define openssl_fdset(a,b) FD_SET((unsigned int)a, b) // pdelaage uint should be UINT_PTR ! #else # define openssl_fdset(a,b) FD_SET(a, b) #endif diff -ur orig/crypto/bio/bss_dgram.c patched/crypto/bio/bss_dgram.c --- orig/crypto/bio/bss_dgram.c 2010-01-07 11:44:21.0 +0100 +++ patched/crypto/bio/bss_dgram.c 2010-09-24 22:28:07.948264500 +0200 @@ -815,10 +815,43 @@
Install openssl without root rights
Hello, I have to install openssl on a Computer with openSUSE where I don't have any root rights. Is this possible? How? Thanks in advance -- View this message in context: http://old.nabble.com/Install-openssl-without-root-rights-tp29825759p29825759.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
[no subject]
Hello, brothers and sisters help me. See attached for details. I use Windows 7 64bit OS on ASRock Motherboard, MinGW-5.1.6 + MSYS-1.0.11, msysDTK-1.0.1, other windows platform requirements for squid, squid-2.7.STABLE8, and also squid-2.7.STABLE9 it gives stack.o error, Win64OpenSSL_light-1_0_0a from http://www.slproweb.com/products/Win32OpenSSL.html, vcredist_x64, ActivePerl-5.12.2.1202-MSWin32-x64-293621, openssl-0.9.8h-1-setup (i copied some files from lib and include into MinGW lib and include respectively). I am trying to compile squid-2.7.STABLE8 or squid-2.7.STABLE9 with --enable-ssl has one of the options, after the ./configure command and during the make command it gives error. I sent the above message to squi...@acmeconsulting.it, see reply below: You must use a full 32 bit build environment. 64 bit build tools or libraries are not supported (and never developed) on Windows. Regards Guido Serassio - Squid Core Developer Acme Consulting S.r.l. Microsoft Gold Certified Partner VMware Professional Partner Via Lucia Savarino, 110098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: guido.seras...@acmeconsulting.it WWW: http://www.acmeconsulting.it I subsequently use 32 bit build environment: Win32OpenSSL_light-1_0_0a and later try Win32OpenSSL-1_0_0a from http://www.slproweb.com/products/Win32OpenSSL.html, vcredist_x32, ActivePerl-5.12.2.1202-MSWin32-x32-293621 the error still persist. The issue now is that i am trying to compile squid-2.7.STABLE8 or squid-2.7.STABLE9 with --enable-ssl option and i got the error (see attachemts). I have tried the compilation on different environmentg x86 or x64 all give the same error i told you before (could not find lssleay32on squid-2.7.8 and stack.o error on squid-2.7.9). I wanted to install another version of openssl say 10.0.0a but couldn't find a suitable binary that could address the problem but i find a clue somewhere http://old.nabble.com/OpenSSL-code-on-Windows-crashes.-td24003641.html and http://openssl.org/support/faq.html#PROG2 that ask me to do the following: To build, I needed to modify the first lines of the example openssl-10.0.0a.tar.gz source code's Makefile as follows: OPENSSLDIR=c:/openssl32 CFLAGS=-g -I$(OPENSSLDIR)/include MD=-Lc:/openssl32/lib -llibeay32 -lssleay32 Honestly, i dont know how to compile openssl talk less of modify any file in it but later i surmon courage to do something. See the attached again for the error message i got when am trying to compile openssl-1.0.0a. OPENSSL USERS:Please, what can i do to resolve the error ? OR Kindly help compile or link me to any suitable openssl version that can work in windows7 x32 or x64 environments. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Compiling Squid with ssl enable
Hello, brothers and sisters help me. See attached for details. I use Windows 7 64bit OS on ASRock Motherboard, MinGW-5.1.6 + MSYS-1.0.11, msysDTK-1.0.1, other windows platform requirements for squid, squid-2.7.STABLE8, and also squid-2.7.STABLE9 it gives stack.o error, Win64OpenSSL_light-1_0_0a from http://www.slproweb.com/products/Win32OpenSSL.html, vcredist_x64, ActivePerl-5.12.2.1202-MSWin32-x64-293621, openssl-0.9.8h-1-setup (i copied some files from lib and include into MinGW lib and include respectively). I am trying to compile squid-2.7.STABLE8 or squid-2.7.STABLE9 with --enable-ssl has one of the options, after the ./configure command and during the make command it gives error. I sent the above message to squi...@acmeconsulting.it, see reply below: You must use a full 32 bit build environment. 64 bit build tools or libraries are not supported (and never developed) on Windows. Regards Guido Serassio - Squid Core Developer Acme Consulting S.r.l. Microsoft Gold Certified Partner VMware Professional Partner Via Lucia Savarino, 110098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: guido.seras...@acmeconsulting.it WWW: http://www.acmeconsulting.it I subsequently use 32 bit build environment: Win32OpenSSL_light-1_0_0a and later try Win32OpenSSL-1_0_0a from http://www.slproweb.com/products/Win32OpenSSL.html, vcredist_x32, ActivePerl-5.12.2.1202-MSWin32-x32-293621 the error still persist. The issue now is that i am trying to compile squid-2.7.STABLE8 or squid-2.7.STABLE9 with --enable-ssl option and i got the error (see attachemts). I have tried the compilation on different environmentg x86 or x64 all give the same error i told you before (could not find lssleay32on squid-2.7.8 and stack.o error on squid-2.7.9). I wanted to install another version of openssl say 10.0.0a but couldn't find a suitable binary that could address the problem but i find a clue somewhere http://old.nabble.com/OpenSSL-code-on-Windows-crashes.-td24003641.html and http://openssl.org/support/faq.html#PROG2 that ask me to do the following: To build, I needed to modify the first lines of the example openssl-10.0.0a.tar.gz source code's Makefile as follows: OPENSSLDIR=c:/openssl32 CFLAGS=-g -I$(OPENSSLDIR)/include MD=-Lc:/openssl32/lib -llibeay32 -lssleay32 Honestly, i dont know how to compile openssl talk less of modify any file in it but later i surmon courage to do something. See the attached again for the error message i got when am trying to compile openssl-1.0.0a. OPENSSL USERS:Please, what can i do to resolve the error ? OR Kindly help compile or link me to any suitable openssl version that can work in windows7 x32 or x64 environments. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS PowerOn self test
On 28-09-2010 06:39, Vivek Madani wrote: Clipped earlier communication What OS is this running on? That error can be caused by a DLL being loaded to an address that is already in use under Windows and relocation would invalidate the signature. You can work around that by specifying an alternative load address when the DLL is compiled. This is Win2K3 on a virtual machine. I thought about the load address and is looking through ProcessExplorer to see where the conflict is. Will try a recompile. One more query: Shouldn't fips_test_suite.exe report failure as well? That passes without any issues. Sorry for fragmenting my queries. Just figured out that there is another DLL loaded at 0xFAF which occupies 0x44000 bytes. So I guess that explains why libeay32.dll is not getting loaded at 0xFB0. Just curious, what was the conflicting dll? Now my query is if I recompile it with a different base address, isn't there a rare possibility that I might see this issue in some other environment? Unfortunately yes, this is a weakness of the design of the old FIPS module, which I hope the OpenSSL developers will change when the get around to creating a new Suite B compliant FIPS module for OpenSSL 1.x. Anyway I can be sure that this will work always? No, see above. One additional thing you can do is to link the DLL with the Windows linker switch /FIXED . This tells Windows that it must never relocate this DLL (and in fact removes the data to do so), causing Windows to simply refuse to load the DLL at the wrong address, with a more appropriate error code than self-test failed . __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Install openssl without root rights
On 28-09-2010 08:57, fabermundi wrote: Hello, I have to install openssl on a Computer with openSUSE where I don't have any root rights. Is this possible? How? Thanks in advance Step 1: Compile it yourself from source. Step 2: During compilation and install, install to your own home dir, not to /usr (requires root rights) or /usr/local (requires root or staff rights). Step 3: Whenever using/linking to OpenSSL, you must explicitly refer to the folders in your home dir (~/bin, ~/lib, ~/include etc.) where you installed it. For instance gcc will need to be invoked with the extra options -I~/include -L~/lib -Wl,-rpath=~/lib when compiling code against OpenSSL. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Install openssl without root rights
It depends what you mean by 'install'. You can certainly install it under your home directory and use it or link to it. I often do that when testing with a new version. If you want to install it in a standard place like e.g. /usr/lib, then you need rights to write that directory, often root rights. owner-openssl-us...@openssl.org wrote on 09/28/2010 02:57:59 AM: From: fabermundi fabers...@hotmail.com I have to install openssl on a Computer with openSUSE where I don't have any root rights. Is this possible? How?
Re: Error signing certificates with my own CA... Configuration file?
I don't want to discourage you from learning the details yourself, but you may want to look at some wrapper software that is already worked out and takes care of these things for you. For example, I usually find TinyCA adequate to my minuscule certificate-processing needs. Even if you decide not to use such a tool, you may learn some useful things by studying the code. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Balance your desire for bells and whistles with the reality that only a little more than 2 percent of world population has broadband. -- Ledford and Tyler, _Google Analytics 2.0_ pgpUFiBawtbrY.pgp Description: PGP signature
Re: FIPS PowerOn self test
On Tue, Sep 28, 2010 at 4:51 PM, Jakob Bohm jb-open...@wisemo.com wrote: On 28-09-2010 06:39, Vivek Madani wrote: Clipped earlier communication What OS is this running on? That error can be caused by a DLL being loaded to an address that is already in use under Windows and relocation would invalidate the signature. You can work around that by specifying an alternative load address when the DLL is compiled. This is Win2K3 on a virtual machine. I thought about the load address and is looking through ProcessExplorer to see where the conflict is. Will try a recompile. One more query: Shouldn't fips_test_suite.exe report failure as well? That passes without any issues. Sorry for fragmenting my queries. Just figured out that there is another DLL loaded at 0xFAF which occupies 0x44000 bytes. So I guess that explains why libeay32.dll is not getting loaded at 0xFB0. Just curious, what was the conflicting dll? One of our own application dll compiled using Visual Studio which uses same base address for all dlls. There are way too many dlls else I would have fixed all of them :). Now my query is if I recompile it with a different base address, isn't there a rare possibility that I might see this issue in some other environment? Unfortunately yes, this is a weakness of the design of the old FIPS module, which I hope the OpenSSL developers will change when the get around to creating a new Suite B compliant FIPS module for OpenSSL 1.x. Anyway I can be sure that this will work always? No, see above. One additional thing you can do is to link the DLL with the Windows linker switch /FIXED . This tells Windows that it must never relocate this DLL (and in fact removes the data to do so), causing Windows to simply refuse to load the DLL at the wrong address, with a more appropriate error code than self-test failed . Thought on similar lines. Fatal error is something I need to get away with. Will probably try this option. Thanks. -Vivek __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Error signing certificates with my own CA... Configuration file?
Not discouraged at all (just short on time trying to meet a deadline). I'll check out TinyCA (and the like) in the meantime, but actually do hope to delve into the source and figure out those directives when I get some time. I do appreciate your time and attention!! On 09/28/2010 09:41 AM, Mark H. Wood wrote: I don't want to discourage you from learning the details yourself, but you may want to look at some wrapper software that is already worked out and takes care of these things for you. For example, I usually find TinyCA adequate to my minuscule certificate-processing needs. Even if you decide not to use such a tool, you may learn some useful things by studying the code. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS PowerOn self test
On Tue, Sep 28, 2010, Vivek Madani wrote: Clipped earlier communication What OS is this running on? That error can be caused by a DLL being loaded to an address that is already in use under Windows and relocation would invalidate the signature. You can work around that by specifying an alternative load address when the DLL is compiled. This is Win2K3 on a virtual machine. I thought about the load address and is looking through ProcessExplorer to see where the conflict is. Will try a recompile. One more query: Shouldn't fips_test_suite.exe report failure as well? That passes without any issues. No, fips_test_suite and the other fips algorithm test utilities are not linked against libeay32.dll but statically linked against fipscanister.lib: as a result they wont see the conflict. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: where is the memory being held
On 9/27/2010 4:13 PM, Scott Neugroschl wrote: As David said, yes. On the other hand, you could re-implement malloc() and free() for your platform. There's really no way to make that help very much. It might help a little, but the fundamental problem is this: If you want to implement each 'malloc' so that a later 'free' can return the memory to the operating system, you can. But that requires rounding up even small allocations to at least a page, which increases your memory footprint. If you don't implement each 'malloc' that way, you still wind up with the problem that one small allocation that has not been freed in the middle of a bunch of larger allocations that have been freed prevents you from returning any of the memory used by the larger allocations to the operating system. Generally, what you need are algorithms designed for low memory footprint and a way to 'group' allocations that will tend to be freed as a unit (such as those related to a single SSL session) such that when they are all freed, the memory can be returned to the OS. OpenSSL simply is not designed this way. You could probably hack OpenSSL to pass a pointer to a session object to calls to malloc/free (perhaps using TSD) and use that TSD pointer as an allocation context. That might increase the chances that the whole allocation context is freed. It may even be sufficient (or at least helpful) just to hook all OpenSSL calls to malloc/free and process them from their own arena. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Install openssl without root rights
First, check to see that you're not able to have root rights via 'sudo'. If you can, you can just install it as a package. If you can't... Use './config --prefix=$HOME' (or whatever you want the installation's root to be), set 'export LD_LIBRARY_PATH=$HOME/ssl/lib:$HOME/lib:$LD_LIBRARY_PATH' in your ~/.profile or ~/.bash_profile script, and 'make install' when you're ready to go. Get ready to compile everything you need to use the library yourself. You will also need to use --with-ssl=$HOME with most autoconf-generated configure scripts. You can avoid setting LD_LIBRARY_PATH by linking everything statically, but I don't recommend it. (For additional information about issues you will likely encounter, and the meaning of the LD_LIBRARY_PATH variable as well as important caveats on its use, see the manpages for ld.so(1) and ldconfig(8).) -Kyle H On Mon, Sep 27, 2010 at 11:57 PM, fabermundi fabers...@hotmail.com wrote: Hello, I have to install openssl on a Computer with openSUSE where I don't have any root rights. Is this possible? How? Thanks in advance -- View this message in context: http://old.nabble.com/Install-openssl-without-root-rights-tp29825759p29825759.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-us...@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
