[openssl-users] [ANN] M2Crypto 0.31.0 ... plenty of bugfixes (and support for OpenSSL 1.1.1)
Hi, everybody, there is a new release of M2Crypto, most complete Python bindings for OpenSSL (from 1.0.1e to 1.1.1), supporting both Python 2 (2.6 and 2.7) and Python 3 (from 3.4 upwards). This is mostly bugfix release, including: - support for OpenSSL 1.1.1 - Fixes for Windows builds - Fixes of installs on AWS Lambda - Fixes of Mac OS X related failures - Fix Python 2.6 compatibility issues Support for OpenSSL 1.1.1 is just minimal, to make test suite pass. The biggest problem is that the latest OpenSSL doesn't raise exceptions in some situations where the earliest versions did so. Not sure, what is the proper reaction from M2Crypto size. Also, reminder, that we have special email list for development of M2Crypto. Its web page is http://redcrew.org/mailman/listinfo/ m2crypto and it is mailman with the posting address m2cry...@lists.redcrew.org so all email commands work. All complaints, support requests, and bug reports are welcome in the email list or on the issue tracker https://gitlab.com/m2crypto/m2crypto/issues Happy security hacking! Matěj -- https://matej.ceplovi.cz/blog/, Jabber: mc...@ceplovi.cz GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8 A man who won't die for something is not fit to live. signature.asc Description: This is a digitally signed message part -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] [ANN] M2Crypto 0.29.0 ... now supporting Windows
Hi, everybody, this is just a bugfix release. Marcus Huewe stepped up and produced a lot of smaller bugfixes while working on https://gitlab.com/m2crypto/m2crypto/merge_requests/188 (which itself has not been finished yet for this release). Also, we finally got rid off some remaining old-style classes (that's pre-2.2). Also, we no longer support Python 2.6 on Windows (it is still supported on Linux), hopefully people there are able to upgrade to 2.7. Also, reminder, that we have special email list for development of M2Crypto. Its web page is http://redcrew.org/mailman/listinfo/ m2crypto and it is mailman with the posting address m2cry...@lists.redcrew.org so all email commands work. All complaints, support requests, and bug reports are welcome in the email list or on the issue tracker https://gitlab.com/m2crypto/m2crypto/issues Happy security hacking! Matěj -- https://matej.ceplovi.cz/blog/, Jabber: mc...@ceplovi.cz GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8 For a successful technology, reality must take precedence over public relations, for nature cannot be fooled. -- R. P. Feynman's concluding sentence in his appendix to the Challenger Report signature.asc Description: This is a digitally signed message part -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Applying security patches to 0.9.8a
On 2018-04-17, 22:36 GMT, Rob Marshall wrote: > The OS is SLES 10 SP3 and there are currently close to 80 > binaries that appear to use libssl.so.0.9.8. Whoever decided this platform is a good idea, was in my opinion wrong. https://en.wikipedia.org/wiki/SUSE_Linux_Enterprise tells me that a) there was SP4 … why in the world you would not install that?, b) it was released April 2011, and all support of SLES 10 ceased on 2016-03-30. Such system is either so disconnected from everything, that patching OpenSSL doesn't matter, or patching just OpenSSL (if it was possible at all) doesn't make much difference. Matěj -- https://matej.ceplovi.cz/blog/, Jabber: mc...@ceplovi.cz GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8 You either die a hero or you live long enough to see yourself become the villain. -- Harvey Dent in The Dark Knight -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] [ANN] M2Crypto 0.29.0 ... now supporting Windows
Hi, everybody, just on the heels of 0.28.* with Python 3 compatibility with 0.29.0 resolving another heavy problem. This time we have renewed compatibility with Windows (all tests pass on Win32 and Win64 on all supported combinations of versions of OpenSSL and Python). The problem I have and I would like to input especially from those of you who might be interested in the Windows builds is which kind of package we want. Appveyor CI (which we use for testing) gives us in https://ci.appveyor.com/project/mcepl/m2cryp to-6gp50/build/1.0.52 as artifacts binary wheels, Windows executable installers, and MSI files. Which one of them is the most desired by Python developers on Windows? Where do you expect such binary packages to be found? PyPI, Chocolatey, somewhere else? Also, reminder, that we have special email list for development of M2Crypto. Its web page is http://redcrew.org/mailman/listinfo/ m2crypto and it is mailman with the posting address m2cry...@lists.redcrew.org so all email commands work. All complaints, support requests, and bug reports are welcome in the email list or on the issue tracker https://gitlab.com/m2crypto/m2crypto/issues Happy security hacking! Matěj -- https://matej.ceplovi.cz/blog/, Jabber: mc...@ceplovi.cz GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8 Because dwm is customized through editing its source code, it’s pointless to make binary packages of it. This keeps its userbase small and elitist. No novices asking stupid questions. -- http://dwm.suckless.org/ signature.asc Description: This is a digitally signed message part -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] [ANN] M2Crypto 0.28.1 ... now PYTHON 3 compatible!!!!
Hi, everybody, after a way too long time I have finally version of M2Crypto working BOTH with Python 2.6 and 2.7 and with versions of Python from 3.3 up. Certainly the biggest feature of this release that we are finally compatible both with py2k (Python 2.6 and 2.7) and py3k (from Python 3.3 up). YAY!!! Let us celebrate!!! There were also some other improvements: * building on Mac OS X should be now more reliable and automagic * Fix licence in metadata: it is MIT, not BSD * Fix and add tests for SWIG/_aes.i module (the module was non- functional since its creation in 2004!) * Bundle-in unittest2 for Python 2.6 (dealing with the need for specific version of unittest2 package was too complicated) * Remove all PGP modules (nobody used them, and they were very complicated and brittle). I have also created special email list for development of M2Crypto. Its web page is http://redcrew.org/mailman/listinfo/m2c rypto and it is mailman with the posting address m2crypto@lists.r edcrew.org so all email commands work. All complaints, support requests, and bug reports are welcome in the email list or on the issue tracker https://gitlab.com/m2crypt o/m2crypto/issues Happy security hacking! Matěj -- https://matej.ceplovi.cz/blog/, Jabber: mc...@ceplovi.cz GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8 Don't anthropomorphize computers. They don't like it. signature.asc Description: This is a digitally signed message part -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] OpenSSL on side
On 2017-10-11, 12:11 GMT, Blumenthal, Uri - 0553 - MITLL wrote: > Unfortunately, not quite. Being pip-installable means to the > majority of users that the package in question can be > installed via, e.g., > >pip install M2Crypto I understand that, my question was whether you know how to make package with working python setup.py build to be pip-installable. Thanks, Matěj -- http://matej.ceplovi.cz/blog/, Jabber: mceplceplovi.cz GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8 I love deadlines. I like the whooshing sound they make as they fly by. -- Douglas Adams, The Salmon of Doubt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] OpenSSL on side
On 2017-10-11, 11:35 GMT, Blumenthal, Uri - 0553 - MITLL wrote: > And it is not installable via PIP, though to me being placed > on pypi site suggested that it should be (that's how I tried > to install it). What’s needed for package to be pip installable? I would think that if python setup.py build install works (and it should), then pip should do somehow the right thing? Best, Matěj -- http://matej.ceplovi.cz/blog/, Jabber: mceplceplovi.cz GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8 If we rise from prayer better persons, our prayers have been answered. -- a Jewish prayer book -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] OpenSSL on side [Was: Re: [ANN] M2Crypto 0.27.0]
On 2017-10-10, 21:17 GMT, Blumenthal, Uri - 0553 - MITLL wrote: > I have to report that this M2Crypto release is broken, as it > cannot find OpenSSL installed in /opt/local (apologies for > spamming multiple lists and people): Feel free to file a ticket on https://gitlab.com/m2crypto/m2crypto/issues , no need to use mailing lists for issue tracker, when we have a proper one. I work on M2Crypto right now, so I see them immediately. To your real problem: does --openssl set to /opt/local help? If you run python setup.py clean build --openssl /opt/local what happens? What is the generated swig line (which version you use?), and what are the two compiler lines (one for compilation, other for linking)? > /usr/bin/clang -fno-strict-aliasing -fno-common -dynamic -pipe I have made so far all my testing with GCC (on Linux, there are some users on Mac OS X, so I guess CLang should work as well, but I have never tested it myself). > -Os -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes > > -I/opt/local/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 > > -I/private/tmp/pip-build-lqb2R6/M2Crypto/SWIG -c > SWIG/_m2crypto_wrap.c -o > build/temp.macosx-10.12-x86_64-2.7/SWIG/_m2crypto_wrap.o > -Wno-deprecated-declarations > SWIG/_m2crypto_wrap.c:2894:9: warning: variable 'res' is used > uninitialized whenever 'if' condition is true [-Wsometimes-uninitialized] > if (PyType_Ready(tp) < 0) > ^~~~ > SWIG/_m2crypto_wrap.c:2918:10: note: uninitialized use occurs here > return res; > ^~~ > SWIG/_m2crypto_wrap.c:2894:5: note: remove the 'if' if its condition is > always false > if (PyType_Ready(tp) < 0) > ^ > SWIG/_m2crypto_wrap.c:2875:10: note: initialize the variable 'res' to > silence this warning > int res; > ^ > = 0 Just to note that this particular piece of code is generated completely by swig, I have nothing to do with it. > SWIG/_m2crypto_wrap.c:3554:10: fatal error: 'openssl/err.h' file not found > #include > ^~~ > 1 warning and 1 error generated. > error: command '/usr/bin/clang' failed with exit status 1 Where do you actually have err.h? Manually settings CFLAGS and LDFLAGS should be followed by seutp.py, it can help as a workaround, but my dream is that plain settings of --openssl parameter should be sufficient. Feel free to continue here, on on the issue tracker. Best, Matěj Cepl -- http://matej.ceplovi.cz/blog/, Jabber: mceplceplovi.cz GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8 Love doesn't just sit there, like a stone; it has to be made, like bread, remade all the time, made new. -- Ursula K. LeGuin -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] [ANN] M2Crypto 0.27.0
M2Crypto is the most complete Python wrapper for OpenSSL featuring RSA, DSA, DH, EC, HMACs, message digests, symmetric ciphers; SSL functionality to implement clients and servers; HTTPS extensions to Python’s httplib, urllib, and xmlrpclib; unforgeable HMAC’ing AuthCookies for web session management; FTP/TLS client and server; S/MIME. M2Crypto can also be used to provide SSL for Twisted. Smartcards supported through the Engine interface. This is another less earth-shattering release (after 0.26.2 which brought us OpenSSL 1.1.0 compatbility), one more step towards Python 3 compatibility nirvana, still more cleanups and accumulated bug fixes, which could be resolved before the big python3 branch is merged. The release is available on https://pypi.python.org/pypi/M2Crypto/ and all communication with the maintainer (that’s me) should go to https://gitlab.com/m2crypto/m2crypto. Talking about the python3 branch, ALL TESTS PASS on all Pythons from 2.6, 2.7, 3.3 to 3.6!!! Now is the time to test, help with review, and complain about whatever is wrong! I will still keep API stable, but changes are relatively large, so this is your opportunity to suggest whatever substantial thing you don't like with M2Crypto. I may not make it happen in 0.28 (which I expect to be Py3k-compatible release), but for settling the dust down and cleanup I prepare already 0.29, which should include yet more acummulated merge requests and bugfixes, this time ones which should be better served with python 3 layer already happening. Happy hacking! Matěj -- https://matej.ceplovi.cz/blog/, Jabber: mc...@ceplovi.cz GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8 Quod fuimus, estis; quod sumus, vos eritis. pgpLb1r0AI_td.pgp Description: PGP signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] [ANN] M2Crypto 0.26.4
One more bugfix release, fixing one silly FTBFS presenting itself on systems with OpenSSL 1.1.0 and LibreSSL (if anybody can provide some testing experience with LibreSSL and file bugs at https://gitlab.com/m2crypto/m2crypto/issues it would be very helpful). I am sorry, Matěj -- https://matej.ceplovi.cz/blog/, Jabber: mc...@ceplovi.cz GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8 Quod fuimus, estis; quod sumus, vos eritis. signature.asc Description: OpenPGP digital signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] [ANN] M2Crypto 0.26.3
On 21/09/17 00:26, Matej Cepl wrote: > after a way too long time I have another version of M2Crypto. Despite > the deceptively minor version number (0.26.2; it is mistake, it has all > right to be called 0.27.0, but the release is already on PyPI, sorry) > this was a lot of work. Oh well, so I have forgot one syntax error in a C file. I have no idea why it wasn't caught by CI, but there is quick 0.26.3 release available now on PyPI. Oh well, Matěj -- https://matej.ceplovi.cz/blog/, Jabber: mc...@ceplovi.cz GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8 Quod fuimus, estis; quod sumus, vos eritis. signature.asc Description: OpenPGP digital signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Lost in STACK_OF again (porting M2Crypto to OpenSSL 1.1.* API)
On 2017-09-12, 19:33 GMT, Dr. Stephen Henson wrote: > Yes *_seq_unpack() is no longer in 1.1. What happens is that > code above it generates a function d2i_SEQ_CERT() which does > the same as ASN1_seq_unpack() for a certificate. > > So something like this should work: > > const unsigned char *tmp = (unsigned char *)encoded_string; > > ... > > certs = d2i_SEQ_CERT(NULL, , encoded_string_len); Thank you very much for the help. It really helped! Also, for those who will get to this later, the documentation can be found in d2i_x509(3) and i2d_x509(3) (both are quite different in 1.1.0). Best, Matěj -- http://matej.ceplovi.cz/blog/, Jabber: mceplceplovi.cz GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8 The law, in its majestic equality, forbids the rich as well as the poor to sleep under bridges, to beg in the streets, and to steal bread. -- Anatole France -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Lost in STACK_OF again (porting M2Crypto to OpenSSL 1.1.* API)
Hi, I am working on porting M2Crypto to OpenSSL 1.1.* API (in branch https://gitlab.com/mcepl/m2crypto/commits/openssl-1.1.0 ) and I got lost in STACK_OF structures. Simplified function I have troubles with is (the real stuff with all Python2/Python3 shims is https://is.gd/Nbq3Qp ; the similar problem is couple of lines below in the function get_der_encoding_stack). #include #include #include #include typedef STACK_OF(X509) SEQ_CERT; ASN1_ITEM_TEMPLATE(SEQ_CERT) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, SeqCert, X509) ASN1_ITEM_TEMPLATE_END(SEQ_CERT) IMPLEMENT_ASN1_FUNCTIONS(SEQ_CERT) ... STACK_OF(X509) * make_stack_from_der_sequence(PyObject * pyEncodedString){ STACK_OF(X509) *certs; Py_ssize_t encoded_string_len; char *encoded_string; encoded_string_len = PyString_Size(pyEncodedString); if (encoded_string_len > INT_MAX) { PyErr_SetString(PyExc_ValueError, "object too large"); return NULL; } encoded_string = PyString_AsString(pyEncodedString); if (!encoded_string) { return NULL; } certs = ASN1_seq_unpack( (unsigned char *)encoded_string, encoded_string_len, d2i_X509, X509_free ); if (!certs) { PyErr_SetString(_x509_err, ERR_reason_error_string( ERR_get_error())); return NULL; } return certs; } Obviously this fails to compile with these errors: SWIG/_m2crypto_wrap.c: In function ‘make_stack_from_der_sequence’: SWIG/_m2crypto_wrap.c:8718:13: warning: implicit declaration of function ‘ASN1_seq_unpack’; did you mean ‘ASN1_item_unpack’? [- Wimplicit-function-declaration] certs = ASN1_seq_unpack((unsigned char *)encoded_string, encoded_string_len, d2i_X509, X509_free ); ^~~ ASN1_item_unpack SWIG/_m2crypto_wrap.c:8718:11: warning: assignment makes pointer from integer without a cast [-Wint-conversion] certs = ASN1_seq_unpack((unsigned char *)encoded_string, encoded_string_len, d2i_X509, X509_free ); ^ Obviously I have missed something from STACK_OF API, but I cannot for the love of the world find what. Did truly *_seq_unpack functions got lost on the way to 1.1 API? If I have to do the unpacking "manually", how to do it? How can I get STACK_OF(X509) from the string with DER certificate? I was looking also to the discussion by Jim Carroll on https://goo.gl/ZUxQH8 but I have probably misunderstood something. I believe I do everything I am supposed to, but still there is something apparently missing. Thank you for any help, Matěj -- http://matej.ceplovi.cz/blog/, Jabber: mceplceplovi.cz GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8 A philosopher like Plato, according to Luther's colorful imagery, remains like a cow who looks at a new door, refusing to enter? signature.asc Description: OpenPGP digital signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] [ANN] M2Crypto 0.25.0
Hi, everybody, after trials and tribulations I have the honor to announce new release of M2Crypto 0.25.0. This is an intermediary version on our way towards port to python 3 (or rather to the bi-versional state of both py2k and py3k compatibility). Particularly we have made these achievements (whole changelog since 0.21.1 follows, because I am not sure whether previous changes were properly announced). Of course any help on python3 porting branch (https://gitlab.com/m2crypto/m2crypto/merge_requests/65) is very welcome! Happy security hacking! Matěj -- https://matej.ceplovi.cz/blog/, Jabber: mc...@ceplovi.cz GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8 Do not long for the night, when people vanish in their place. Be careful, do not turn to evil; for you have preferred this to affliction. -- Job 36:20f (NASB) = 0.25.0 - 2016-03-21 --- - More cleanups, removal of obsolete stuff, and moves towards py3k compatibility. - Add support for EC.get_builtin_curves() and use it for testing. - Enable AES CTR mode - Bundle-in six module v. 1.10.0 - add rand_file_name and rand_status - remove all LHASH fiddling - Extend Travis and GitLab CI configuration to test also py3k (with allowed_failures) and CentOS6 (on GitLab CI). - Add CONTRIBUTORS.rst. Thank you! - Add PEP-484 type hints in comments to all Python files (except for tests) - Use context managers for file handling wherever possible instead of leaking open file descriptors. - Improve defaults handling for SSL_CTX_new(). - Fix PGP tests to actually run 0.24.0 - 2016-03-21 --- - More cleanups, removal of obsolete stuff, and moves towards py3k compatibility. - Add DSA.pub_key_from_params() factory function (and m2.dsa_set_pub()). - Allow import/export of EC public key with binary values - Add EVP.load_key_string_pubkey() function, as well as helper functions - Add EVP.get_digestbyname() functionality. - Convert documentation to rST (and add instructions for building on Mac OS X) - Another round of fixing multiarch building. - Disable tests with weak ciphers on some platforms (Debain) 0.23.0 - 2016-01-29 --- - Add Travis and GitLab CI configurations - Allow building without SSLv2 - More cleanups and removing obsolete code - Fix README - Fix buffer overflow in pkcs5_pbkdf2_hmac_sha1 - First moves towards Python 3 compatibility - Removed rather large and completely unmaintained demo/ subdirectory (now in a separate repo https://gitlab.com/m2crypto/m2crypto_demo) - Automatically generated test data files - Finally fix building on multiarch systems - All objects derived from BIO.BIO now could work as context managers - Switch setup.py to setuptools 0.22.5 - 2015-10-13 --- - Add forgoteen SWIG/*.h among distributed files. 0.22.4 - 2015-10-13 --- - Matěj Cepl takes over leadership of the upstream maintenance - Fedora/RHEL distribution patches merged to the main development (mainly, but not only, upgrading to the more recent versions of OpenSSL, swig which is now at 3.0.5, but anything above 2.0.4 is supported as well, and python which now has to be at least 2.6). - Tons of cleaning up the code for obsolete constructs, PEP8ization, etc. 0.22.3 - 2014-01-22 --- (released by Martin Paljak, later development started on top of 0.21.1 with his improvements cherry picked to the new development branch) 0.21.1 - 2011-01-15 --- - Distribution fix signature.asc Description: OpenPGP digital signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] regarding ssl_server test
On 2016-05-26, 16:33 GMT, R-D intern wrote: > I have implemented ssl for my internal server that listens > over a private ip. Can anyone suggest how can I test my > ssl_server? For eg. Qualys test shows the amount of ssl > implementation of a server listening over public ip and even > checks for vulnerabilities in ssl implementation. How can such > a thing be tested for a server listening over private ip? Are we talking about unit testing or functional testing? For the former, just use whatever tools are appropriate for your language, and for the latter, ... I am trying to revive M2Crypto (Python bindings to OpenSSL), which has a lot of tests done via running the OpenSSL’s binary s_client against the server and checking the reaction of the server. That could work for you as well, couldn't it? Matěj -- https://matej.ceplovi.cz/blog/, Jabber: mc...@ceplovi.cz GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8 Courage is resistance of fear, mastery of fear, not absence of fear. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] OpenSSL in Linux kernel
On 2016-04-21, 20:50 GMT, Lei Kong wrote: > Can SSL library be used in Linux kernel mode? A bit of problem is that the OpenSSL’s license is incompatible with GPLv2. Matěj -- https://matej.ceplovi.cz/blog/, Jabber: mc...@ceplovi.cz GPG Finger: 89EF 4BC6 288A BF43 1BAB 25C3 E09F EF25 D964 84AC How many Bavarian Illuminati does it take to screw in a light bulb? Three: one to screw it in, and one to confuse the issue. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] lh_CONF_VALUE_new parameters?
Hi, I am trying to make M2Crypto build on Windows again (https://gitlab.com/m2crypto/m2crypto/merge_requests/26). I have replaced by POSIX's poll by WSAPoll( I know about https://daniel.haxx.se/blog/2012/10/10/wsapoll-is-broken/ but we don't play with the error values, which is a mistake, I know, so we shouldn't be affected). The second problem is that VC++ compiler crashes on problems with CONF_VALUE. Originally M2Crypto had this (https://gitlab.com/m2crypto/m2crypto/blob/master/SWIG/_x509.i#L514): #if OPENSSL_VERSION_NUMBER >= 0x1000L LHASH_OF(CONF_VALUE) #else LHASH #endif *x509v3_lhash() { return lh_new(NULL, NULL); /* Should probably be lh_CONF_VALUE_new but won't compile. */ } Apparently, using lh_new(NULL, NULL) is not good enough for VC++ and it crashes on it (https://ci.appveyor.com/project/mcepl/m2crypto-nngqn/build/job/e7q2ogndlje2x2h9) After a deep dive into lhash(3) and some examples on github, I have created this: /* typedef struct { char *section; char *name; char *value; } CONF_VALUE; */ unsigned long CONF_VALUE_hash(const CONF_VALUE *v) { char *v_key, *hash_hex; v_key = strncat(v1->section, v1->name, 1024); v_key = strncat(v1_key, v1->value, 2048); return *(unsigned long *) SHA256(v_key, strlen(v_key), hash_hex); } static IMPLEMENT_LHASH_HASH_FN(CONF_VALUE_hash, const CONF_VALUE*); int CONF_VALUE_cmp(const CONF_VALUE *v1, const CONF_VALUE *v2) { char *v1_key, *v2_key; v1_key = strncat(v1->section, v1->name, 1024); v1_key = strncat(v1_key, v1->value, 2048); v2_key = strncat(v2->section, v2->name, 1024); v2_key = strncat(v2_key, v2->value, 2048); return strncmp(v1_key, v2_key, 2048); } static IMPLEMENT_LHASH_COMP_FN(CONF_VALUE_cmp, const CONF_VALUE*); #if OPENSSL_VERSION_NUMBER >= 0x1000L LHASH_OF(CONF_VALUE) #else LHASH #endif *x509v3_lhash() { return lh_CONF_VALUE_new(CONF_VALUE_hash, CONF_VALUE_cmp); } but gcc still fails to compile with error: SWIG/_x509.i:554: Error: Macro 'lh_CONF_VALUE_new' expects no arguments lh_CONF_VALUE_new with arguments is however exactly what I found on the Internet (and in crypt/conf/conf_api.c, which seems to be the only use of lh_CONF_VALUE_new in OpenSSL tree). Using openssl-1.0.1e-56.el7.x86_64 on RHEL-7. Could anybody enlighten me, how to make lh_CONF_VALUE_new working, please? Thank you, Matěj -- https://matej.ceplovi.cz/blog/, Jabber: mc...@ceplovi.cz GPG Finger: 89EF 4BC6 288A BF43 1BAB 25C3 E09F EF25 D964 84AC You either die a hero or you live long enough to see yourself become the villain. -- Harvey Dent in The Dark Knight -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] openssl.spec build errors on CentOS 6?
On 2016-04-06, 12:16 GMT, Tomasz Chmielewski wrote: > error: File not found by glob: > /root/rpmbuild/BUILDROOT/openssl-1.0.2g-1.x86_64/usr/lib/*.so* This is something really really weird. x86_64 package should never ever write anything to /usr/lib/ , but only to /usr/lib64. You have to have something else screwed up in your configuration. Matěj -- https://matej.ceplovi.cz/blog/, Jabber: mc...@ceplovi.cz GPG Finger: 89EF 4BC6 288A BF43 1BAB 25C3 E09F EF25 D964 84AC All of us could take a lesson from the weather. It pays no attention to criticism. -- somewhere on the Intenret -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Help with M2Crypto on Windows?
Hi, I am the crazy guy who decided to continue in maintenance of M2Crypto when everybody else wisely (?) left the ship. Unfortunately (for M2Crypto), I am a Linux guy, so while I have finally gave up and installed Windows X in VM, I am really lost in the Windows APIs and we have currently M2Crypto released which doesn't even build on Windows. The official upstream repo for M2Crypto is now on https://gitlab.com/m2crypto/m2crypto/ and I have this merge request https://gitlab.com/m2crypto/m2crypto/merge_requests/26 where I am trying to make things working. I have managed to make CI on Appveyor working for me, but still even the build fails (not mentioning I haven't run the tests on Windows ever). Is there anybody here who would be willing and able to help with fixing problems of M2Crypto on Windows? Also, if anybody else is willing to help with issues we have, I would hugely appreciate it and you would increase your karma on project which is suprisingly popular and widly used. Aside from Windows people I am looking for somebody who would be willing to help with maintenance on Macs. It is at least Unix so we have POSIX APIs there, but still intricacies of brew and weird Apple policies on providing non-working header files for non-existent libraries (at least that's my feeling from their stance on OpenSSL) baffles me. Thank you for any help, Matěj -- https://matej.ceplovi.cz/blog/, Jabber: mc...@ceplovi.cz GPG Finger: 89EF 4BC6 288A BF43 1BAB 25C3 E09F EF25 D964 84AC Wise walks steady step, only fools around them dance contemporary dances. -- Franz Kafka ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Better understanding of EC encryption API
On 2015-11-27, 09:28 GMT, Tim Hudson wrote: > http://www.mail-archive.com/openssl-dev@openssl.org/msg28042.html That’s http://article.gmane.org/gmane.comp.encryption.openssl.devel/17997/ for those afflicted with gmane’s mangling of anything looking like an email address. Matěj -- https://matej.ceplovi.cz/blog/, Jabber: mc...@ceplovi.cz GPG Finger: 89EF 4BC6 288A BF43 1BAB 25C3 E09F EF25 D964 84AC See, when the GOVERNMENT spends money, it creates jobs; whereas when the money is left in the hands of TAXPAYERS, God only knows what they do with it. Bake it into pies, probably. Anything to avoid creating jobs. -- Dave Barry ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users