Re: [openssl.org #3544] Remove MWERKS support
Hi Rich, On 25.09.2014 00:09, Rich Salz via RT wrote: All sorts of pre-OSx mac support has been removed. commit 92c78463720f71e47c251ffa58493e32cd793e13 Author: Rich Salz rs...@openssl.org Date: Wed Sep 24 12:18:19 2014 -0400 RT3544: Remove MWERKS support The following #ifdef tests were all removed: __MWERKS__ MAC_OS_pre_X MAC_OS_GUSI_SOURCE MAC_OS_pre_X OPENSSL_SYS_MACINTOSH_CLASSIC OPENSSL_SYS_MACOSX_RHAPSODY Reviewed-by: Andy Polyakov ap...@openssl.org Rich Salz, OpenSSL dev team; rs...@openssl.org as already mentioned on the list the Metrowerks CodeWarrior for NetWare compiler also sets the __MWERKS__ macro - therefore please revert the changes to /crypto/rand/rand_nw.c of commit 92c78463720f71e47c251ffa58493e32cd793e13 because this is a NetWare-only file and has nothing to do with your intention to remove old MAC_OS support. Thanks! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #3569] AutoReply: [PATCH] fix NetWare compilation with branch 1.0.1 / 1.0.2
Hi, it would be cool to get the patch below applied before another round of new releases or betas goes out ... On 17.10.2014 21:17, The default queue via RT wrote: - Attached patch adds: - a recursive ssl include since NetWare CodeWarrior compiler doesnt properly lookup includes when in same directory as the C file which includes it. --- util/pl/netware.pl.orig Tue Jul 22 21:41:23 2014 +++ util/pl/netware.plFri Aug 08 13:52:43 2014 @@ -212,7 +212,7 @@ #Turned off the possible warnings ( -w nopossible ). Metrowerks #complained a lot about various stuff. May want to turn back #on for further development. - $cflags.= -nostdinc -ir crypto -ir engines -ir apps -I$include_path \\ + $cflags.= -nostdinc -ir crypto -ir ssl -ir engines -ir apps -I$include_path \\ -msgstyle gcc -align 4 -processor pentium -char unsigned \\ -w on -w nolargeargs -w nopossible -w nounusedarg -w nounusedexpr \\ -w noimplicitconv -relax_pointers -nosyspath -maxerrors 20; please apply to OpenSSL 1.0.1 and 1.0.2 branch. Thanks! and of course also HEAD. Thanks, Guenter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3569] [PATCH] fix NetWare compilation with branch 1.0.1 / 1.0.2
Attached patch adds: - a recursive ssl include since NetWare CodeWarrior compiler doesnt properly lookup includes when in same directory as the C file which includes it. --- util/pl/netware.pl.orig Tue Jul 22 21:41:23 2014 +++ util/pl/netware.pl Fri Aug 08 13:52:43 2014 @@ -212,7 +212,7 @@ #Turned off the possible warnings ( -w nopossible ). Metrowerks #complained a lot about various stuff. May want to turn back #on for further development. - $cflags.= -nostdinc -ir crypto -ir engines -ir apps -I$include_path \\ + $cflags.= -nostdinc -ir crypto -ir ssl -ir engines -ir apps -I$include_path \\ -msgstyle gcc -align 4 -processor pentium -char unsigned \\ -w on -w nolargeargs -w nopossible -w nounusedarg -w nounusedexpr \\ -w noimplicitconv -relax_pointers -nosyspath -maxerrors 20; please apply to OpenSSL 1.0.1 and 1.0.2 branch. Thanks! --- util/pl/netware.pl.orig Tue Jul 22 21:41:23 2014 +++ util/pl/netware.pl Fri Aug 08 13:52:43 2014 @@ -212,7 +212,7 @@ #Turned off the possible warnings ( -w nopossible ). Metrowerks #complained a lot about various stuff. May want to turn back #on for further development. - $cflags.= -nostdinc -ir crypto -ir engines -ir apps -I$include_path \\ + $cflags.= -nostdinc -ir crypto -ir ssl -ir engines -ir apps -I$include_path \\ -msgstyle gcc -align 4 -processor pentium -char unsigned \\ -w on -w nolargeargs -w nopossible -w nounusedarg -w nounusedexpr \\ -w noimplicitconv -relax_pointers -nosyspath -maxerrors 20;
Re: Netware support?
Hi Rich, On 13.08.2014 22:59, Salz, Rich wrote: Is anyone willing to step up and maintain the Netware port? If not, then we will probably remove it after the next release. please dont do that! I maintained it in the past (and try to do in future as my time permits), and currently it still builds (except for asm support were ich had no time yet to fix this, but its only a build issue); we use OpenSSL with curl, Apache httpd, SVN and Perl. greets, Gün. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Netware support?
Rich, On 14.08.2014 16:19, Salz, Rich wrote: Okay. Thanks for your efforts. The NETWARE port is really messy, with about 130 #ifdef flags in 70 files. It would be great if we could reduce that impact. perhaps its possible to introduce some macros and then kill some code paths - but since a former Novell employee did the initial port I never looked that close into those ifdefs - I did mainly care for new stuff when it got introduced, and tweaked the build stuff. And are NETWARE_BSDSOCK and NETWARE_CLIB still useful? yes; we can build 4 different targets: - LIBC Winsock - LIBC BSD sockets - CLIB Winsock - CLIB BSD sockets although CLIB is the older NetWare stuff its still present side by side with LIBC with latest NetWare version, and you still need it if you want to access many NetWare edirectory functionality (the LIBC ediretory support was never completed and lacks of much stuff). Gün. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2444] Failure in build of the test programs (1.0.0c on MinGW)
Am 03.02.2011 16:39, schrieb via RT: Hello, I failed to build 1.0.0c on MinGW with the default config settings. The make command stopped at the test program build phase, because of empty source files: md2test.c, rc5test.c, and jpaketest.c. To work around this problem, the config arguments enable-md2 enable-rc5 experimental-jpake were required. duplicate - see #2377: http://rt.openssl.org/Ticket/Display.html?user=guestpass=guestid=2377 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2444] Failure in build of the test programs (1.0.0c on MinGW)
Am 03.02.2011 16:39, schrieb via RT: Hello, I failed to build 1.0.0c on MinGW with the default config settings. The make command stopped at the test program build phase, because of empty source files: md2test.c, rc5test.c, and jpaketest.c. To work around this problem, the config arguments enable-md2 enable-rc5 experimental-jpake were required. duplicate - see #2377: http://rt.openssl.org/Ticket/Display.html?user=guestpass=guestid=2377 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2426] [PATCH] fix Borland C++ 5.5 compilation
Borland C++ 5.5 does not use underscored _ftime and _timeb, therefore code in ./crypto/bio/bss_dgram.c and ./ssl/d1_lib.c breaks. The quick hack to fix this would be to add defines in e_os.h in the __BORLANDC__ block: --- e_os.h.orig Mon May 31 14:18:08 2010 +++ e_os.h Tue Jan 11 12:41:04 2011 @@ -348,6 +348,8 @@ #define _O_BINARY O_BINARY #define _int64 __int64 #define _kbhit kbhit +#define _ftime ftime +#define _timeb timeb # endif # define EXIT(n) exit(n) but I'd suggest to go another route and clean up the code in ./crypto/bio/bss_dgram.c and ./ssl/d1_lib.c a bit: --- e_os.h.orig Mon May 31 14:18:08 2010 +++ e_os.h Tue Jan 11 12:51:05 2011 @@ -345,12 +345,15 @@ # if defined (__BORLANDC__) #define _setmode setmode #define _O_TEXT O_TEXT #define _O_BINARY O_BINARY #define _int64 __int64 #define _kbhit kbhit +# else +#define ftime _ftime +#define timeb _timeb # endif # define EXIT(n) exit(n) # define LIST_SEPARATOR_CHAR ';' # ifndef X_OK #define X_OK 0 # --- crypto/bio/bss_dgram.c.orig Thu Jan 07 11:44:21 2010 +++ crypto/bio/bss_dgram.c Tue Jan 11 12:54:43 2011 @@ -814,12 +814,7 @@ static void get_current_time(struct timeval *t) { -#ifdef OPENSSL_SYS_WIN32 - struct _timeb tb; - _ftime(tb); - t-tv_sec = (long)tb.time; - t-tv_usec = (long)tb.millitm * 1000; -#elif defined(OPENSSL_SYS_VMS) +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) struct timeb tb; ftime(tb); t-tv_sec = (long)tb.time; # --- ssl/d1_lib.c.orig Tue Apr 06 13:29:21 2010 +++ ssl/d1_lib.cTue Jan 11 12:56:21 2011 @@ -364,12 +364,7 @@ static void get_current_time(struct timeval *t) { -#ifdef OPENSSL_SYS_WIN32 - struct _timeb tb; - _ftime(tb); - t-tv_sec = (long)tb.time; - t-tv_usec = (long)tb.millitm * 1000; -#elif defined(OPENSSL_SYS_VMS) +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) struct timeb tb; ftime(tb); t-tv_sec = (long)tb.time; attached patch is against OpenSSL 1.0.0c. --- e_os.h.orig Mon May 31 14:18:08 2010 +++ e_os.h Tue Jan 11 12:51:05 2011 @@ -345,12 +345,15 @@ # if defined (__BORLANDC__) #define _setmode setmode #define _O_TEXT O_TEXT #define _O_BINARY O_BINARY #define _int64 __int64 #define _kbhit kbhit +# else +#define ftime _ftime +#define timeb _timeb # endif # define EXIT(n) exit(n) # define LIST_SEPARATOR_CHAR ';' # ifndef X_OK #define X_OK 0 # --- crypto/bio/bss_dgram.c.orig Thu Jan 07 11:44:21 2010 +++ crypto/bio/bss_dgram.c Tue Jan 11 12:54:43 2011 @@ -814,12 +814,7 @@ static void get_current_time(struct timeval *t) { -#ifdef OPENSSL_SYS_WIN32 - struct _timeb tb; - _ftime(tb); - t-tv_sec = (long)tb.time; - t-tv_usec = (long)tb.millitm * 1000; -#elif defined(OPENSSL_SYS_VMS) +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) struct timeb tb; ftime(tb); t-tv_sec = (long)tb.time; # --- ssl/d1_lib.c.orig Tue Apr 06 13:29:21 2010 +++ ssl/d1_lib.cTue Jan 11 12:56:21 2011 @@ -364,12 +364,7 @@ static void get_current_time(struct timeval *t) { -#ifdef OPENSSL_SYS_WIN32 - struct _timeb tb; - _ftime(tb); - t-tv_sec = (long)tb.time; - t-tv_usec = (long)tb.millitm * 1000; -#elif defined(OPENSSL_SYS_VMS) +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) struct timeb tb; ftime(tb); t-tv_sec = (long)tb.time;
Re: [openssl.org #2426] [PATCH] fix Borland C++ 5.5 compilation
Am 11.01.2011 14:40, schrieb Guenter via RT: Borland C++ 5.5 does not use underscored _ftime and _timeb, therefore code in ./crypto/bio/bss_dgram.c and ./ssl/d1_lib.c breaks. The quick hack to fix this would be to add defines in e_os.h in the __BORLANDC__ block: --- e_os.h.orig Mon May 31 14:18:08 2010 +++ e_os.h Tue Jan 11 12:41:04 2011 @@ -348,6 +348,8 @@ #define _O_BINARY O_BINARY #define _int64 __int64 #define _kbhit kbhit +#define _ftime ftime +#define _timeb timeb # endif # define EXIT(n) exit(n) but I'd suggest to go another route and clean up the code in ./crypto/bio/bss_dgram.c and ./ssl/d1_lib.c a bit: --- e_os.h.orig Mon May 31 14:18:08 2010 +++ e_os.hTue Jan 11 12:51:05 2011 @@ -345,12 +345,15 @@ # if defined (__BORLANDC__) #define _setmode setmode #define _O_TEXT O_TEXT #define _O_BINARY O_BINARY #define _int64 __int64 #define _kbhit kbhit +# else +#define ftime _ftime +#define timeb _timeb # endif # define EXIT(n) exit(n) # define LIST_SEPARATOR_CHAR ';' # ifndef X_OK #define X_OK 0 # --- crypto/bio/bss_dgram.c.orig Thu Jan 07 11:44:21 2010 +++ crypto/bio/bss_dgram.cTue Jan 11 12:54:43 2011 @@ -814,12 +814,7 @@ static void get_current_time(struct timeval *t) { -#ifdef OPENSSL_SYS_WIN32 - struct _timeb tb; - _ftime(tb); - t-tv_sec = (long)tb.time; - t-tv_usec = (long)tb.millitm * 1000; -#elif defined(OPENSSL_SYS_VMS) +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) struct timeb tb; ftime(tb); t-tv_sec = (long)tb.time; # --- ssl/d1_lib.c.orig Tue Apr 06 13:29:21 2010 +++ ssl/d1_lib.c Tue Jan 11 12:56:21 2011 @@ -364,12 +364,7 @@ static void get_current_time(struct timeval *t) { -#ifdef OPENSSL_SYS_WIN32 - struct _timeb tb; - _ftime(tb); - t-tv_sec = (long)tb.time; - t-tv_usec = (long)tb.millitm * 1000; -#elif defined(OPENSSL_SYS_VMS) +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) struct timeb tb; ftime(tb); t-tv_sec = (long)tb.time; attached patch is against OpenSSL 1.0.0c. the same fix should be applied to OpenSSL 0.9.8 branch as well. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2428] [PATCH] fix Borland C++ 5.5 compilation /2
Borland C++ 5.5 does not use underscored symbols for stat friends: --- crypto/rand/randfile.c.orig Sat Jun 12 14:18:55 2010 +++ crypto/rand/randfile.c Tue Jan 11 15:48:11 2011 @@ -81,7 +81,7 @@ # include sys/stat.h #endif -#ifdef _WIN32 +#if defined(_WIN32) !defined(__BORLANDC__) #define stat _stat #define chmod _chmod #define open _open --- crypto/x509/by_dir.c.orig Fri Feb 19 19:25:39 2010 +++ crypto/x509/by_dir.cTue Jan 11 16:10:40 2011 @@ -74,7 +74,7 @@ #include openssl/lhash.h #include openssl/x509.h -#ifdef _WIN32 +#if defined(_WIN32) !defined(__BORLANDC__) #define stat _stat #endif same goes for getpid on 1.0.0: --- engines/e_aep.c.origThu Nov 18 23:59:42 2010 +++ engines/e_aep.c Tue Jan 11 13:22:47 2011 @@ -68,7 +68,7 @@ #if defined(OPENSSL_SYS_NETWARE) defined(NETWARE_CLIB) #define getpid GetThreadID extern int GetThreadID(void); -#elif defined(_WIN32) !defined(__WATCOMC__) +#elif defined(_WIN32) !defined(__WATCOMC__) !defined(__BORLANDC__) #define getpid _getpid #endif and for 0.9.8 we should also backport #2375: --- engines/e_aep.c.origTue Dec 30 14:30:57 2008 +++ engines/e_aep.c Tue Jan 11 16:15:45 2011 @@ -68,6 +68,8 @@ #if defined(OPENSSL_SYS_NETWARE) defined(NETWARE_CLIB) #define getpid GetThreadID extern int GetThreadID(void); +#elif defined(_WIN32) !defined(__WATCOMC__) !defined(__BORLANDC__) +#define getpid _getpid #endif #include openssl/crypto.h @@ -867,13 +869,7 @@ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -#ifdef NETWARE_CLIB - curr_pid = GetThreadID(); -#elif defined(_WIN32) - curr_pid = _getpid(); -#else curr_pid = getpid(); -#endif /*Check if this is the first time this is being called from the current process*/ --- engines/e_aep.c.origThu Nov 18 23:59:42 2010 +++ engines/e_aep.c Tue Jan 11 13:22:47 2011 @@ -68,7 +68,7 @@ #if defined(OPENSSL_SYS_NETWARE) defined(NETWARE_CLIB) #define getpid GetThreadID extern int GetThreadID(void); -#elif defined(_WIN32) !defined(__WATCOMC__) +#elif defined(_WIN32) !defined(__WATCOMC__) !defined(__BORLANDC__) #define getpid _getpid #endif --- engines/e_aep.c.origTue Dec 30 14:30:57 2008 +++ engines/e_aep.c Tue Jan 11 16:15:45 2011 @@ -68,6 +68,8 @@ #if defined(OPENSSL_SYS_NETWARE) defined(NETWARE_CLIB) #define getpid GetThreadID extern int GetThreadID(void); +#elif defined(_WIN32) !defined(__WATCOMC__) !defined(__BORLANDC__) +#define getpid _getpid #endif #include openssl/crypto.h @@ -867,13 +869,7 @@ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -#ifdef NETWARE_CLIB - curr_pid = GetThreadID(); -#elif defined(_WIN32) - curr_pid = _getpid(); -#else curr_pid = getpid(); -#endif /*Check if this is the first time this is being called from the current process*/
[openssl.org #2429] [PATCH] fix Borland C++ 5.5 compilation /3
Attached patches add: - a compiler switch to suppress warnings about missing return values which are wrong since the functions do return but inside switch cases which bcc32 doesnt seem to detect correctly. - assembler detection (nasm vs. nasmw) and for 1.0.0 branch: - add crypt32.lib needed for evp_test linking .\crypto\evp\evp_test.c: ilink32 -ap -Tpe -x -Gn tmp32\evp_test.obj c0x32.obj, out32\evp_test.exe,, out32\ssleay32.lib out32\libeay32.lib cw32mt.lib import32.lib Turbo Incremental Link 5.00 Copyright (c) 1997, 2000 Borland Error: Unresolved external 'CertGetCertificateContextProperty' referenced from D:\PROJECTS\BCC\OPENSSL-1.0.0C\OUT32\LIBEAY32.LIB|e_capi Error: Unresolved external 'CertOpenStore' referenced from D:\PROJECTS\BCC\OPENSSL-1.0.0C\OUT32\LIBEAY32.LIB|e_capi Error: Unresolved external 'CertFindCertificateInStore' referenced from D:\PROJECTS\BCC\OPENSSL-1.0.0C\OUT32\LIBEAY32.LIB|e_capi Error: Unresolved external 'CertEnumCertificatesInStore' referenced from D:\PROJECTS\BCC\OPENSSL-1.0.0C\OUT32\LIBEAY32.LIB|e_capi Error: Unresolved external 'CertDuplicateCertificateContext' referenced from D:\PROJECTS\BCC\OPENSSL-1.0.0C\OUT32\LIBEAY32.LIB|e_capi Error: Unresolved external 'CertFreeCertificateContext' referenced from D:\PROJECTS\BCC\OPENSSL-1.0.0C\OUT32\LIBEAY32.LIB|e_capi Error: Unresolved external 'CertCloseStore' referenced from D:\PROJECTS\BCC\OPENSSL-1.0.0C\OUT32\LIBEAY32.LIB|e_capi --- util/pl/BC-32.pl.orig Thu Apr 17 11:19:16 2008 +++ util/pl/BC-32.plTue Jan 11 16:53:58 2011 @@ -18,7 +18,7 @@ $tmp_def=tmp32; $inc_def=inc32; #enable max error messages, disable most common warnings -$cflags=-DWIN32_LEAN_AND_MEAN -q -w-ccc -w-rch -w-pia -w-aus -w-par -w-inl -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -D_strnicmp=strnicmp ; +$cflags=-DWIN32_LEAN_AND_MEAN -q -w-ccc -w-rch -w-pia -w-aus -w-par -w-inl -w-rvl -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -D_strnicmp=strnicmp ; if ($debug) { $cflags.=-Od -y -v -vi- -D_DEBUG; @@ -38,7 +38,7 @@ $exep='.exe'; if ($no_sock) { $ex_libs=; } -else { $ex_libs=cw32mt.lib import32.lib; } +else { $ex_libs=cw32mt.lib import32.lib crypt32.lib; } # static library stuff $mklib='tlib /P64'; @@ -51,7 +51,8 @@ $shlib_ex_obj=; $app_ex_obj=c0x32.obj; -$asm='nasmw -f obj -d__omf__'; +$asm=(`nasm -v 2NUL` gt `nasmw -v 2NUL`?nasm:nasmw); +$asm.=' -f obj -d__omf__'; $asm.= /Zi if $debug; $afile='-o'; --- util/pl/BC-32.pl.orig Tue Sep 20 08:09:29 2005 +++ util/pl/BC-32.plTue Jan 11 16:53:28 2011 @@ -18,7 +18,7 @@ $tmp_def=tmp32; $inc_def=inc32; #enable max error messages, disable most common warnings -$cflags=-DWIN32_LEAN_AND_MEAN -q -w-ccc -w-rch -w-pia -w-aus -w-par -w-inl -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -D_strnicmp=strnicmp ; +$cflags=-DWIN32_LEAN_AND_MEAN -q -w-ccc -w-rch -w-pia -w-aus -w-par -w-inl -w-rvl -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -D_strnicmp=strnicmp ; if ($debug) { $cflags.=-Od -y -v -vi- -D_DEBUG; @@ -51,7 +51,8 @@ $shlib_ex_obj=; $app_ex_obj=c0x32.obj; -$asm='nasmw -f obj -d__omf__'; +$asm=(`nasm -v 2NUL` gt `nasmw -v 2NUL`?nasm:nasmw); +$asm.=' -f obj -d__omf__'; $asm.= /Zi if $debug; $afile='-o';
[openssl.org #2427] [PATCH] fix Borland C++ 5.5 redefine
Borland C++ 5.5 warns about: .\crypto\rand\randfile.c: Warning W8017 d:\prg\Bcc55\include\sys/stat.h 34: Redefinition of 'S_IFMT' is not identical Warning W8017 d:\prg\Bcc55\include\sys/stat.h 35: Redefinition of 'S_IFDIR' is not identical and: .\crypto\x509\by_dir.c: Warning W8017 d:\prg\Bcc55\include\sys/stat.h 34: Redefinition of 'S_IFMT' is not identical Warning W8017 d:\prg\Bcc55\include\sys/stat.h 35: Redefinition of 'S_IFDIR' is not identical in e_os.h we have: # ifndef S_IFDIR #define S_IFDIR _S_IFDIR # endif # ifndef S_IFMT #define S_IFMT _S_IFMT # endif now the prob is that randfile.c as well as by_dir.c both include e_os.h (by_dir.c via cryptlib.h) *before* including sys/stat.h - therefore the test in e_os.h for these defines is useless. One option would be to include sys/stat.h in e_os.h before testing these defines, but I've no idea if all platforms which process this block really have a sys/stat.h (maybe _WIN32_WCE has not?); else the warnings are cured with surrounding these defines with '#ifndef __BORLANDC__': --- e_os.h.org Tue Jan 11 15:08:35 2011 +++ e_os.h Tue Jan 11 15:37:55 2011 @@ -236,12 +236,14 @@ #define DEVRANDOM /dev/urandom\x24 # endif /* __DJGPP__ */ -# ifndef S_IFDIR -#define S_IFDIR_S_IFDIR -# endif +# if !defined (__BORLANDC__) +#ifndef S_IFDIR +# define S_IFDIR _S_IFDIR +#endif -# ifndef S_IFMT -#define S_IFMT _S_IFMT +#ifndef S_IFMT +# define S_IFMT _S_IFMT +#endif # endif # if !defined(WINNT) !defined(__DJGPP__) This prob exists with OpenSSL 0.9.8q as well as with 1.0.0c. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: memory.h confusion: Is it needed?
Hi Michael, Am 29.12.2010 20:36, schrieb Michael Bergandi: My concern is with the actual library code, not the demo stuff. My confusion comes from the #ifdef's around the include. In one place, it gets include for everyone but NETWARE, in another only for WIN32, and in JPAKE (i know this experimental code) says include it for everyone. I looked through the source for each and I can't determine where anything from memory.h is even being used. Can someone else confirm whether or not memory.h is actually needed? I can confirm that it is certainly not needed for NetWare; the only reasons why this has not yet borked the NetWare builds is simply because NetWare has a ./include/nks folder which holds a NetWare-specific memory.h which contains nothing comparable to other memory.h files. So I'm fine with a patch which disables memory.h for all files for NetWare platform. If so, under what system should it be included? I can submit a patch to clean it up after we sort it out. I think the memory.h include should be axed from all files you listed and then be included only from e_os.h for only those systems which may need it - if there are any at all. Gün. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2323] bug in openssl commandline tool with md5 fingerprint output
Am 13.12.2010 08:44, schrieb Tomas Mraz: On Sun, 2010-12-12 at 11:54 +0100, Andy Polyakov via RT wrote: I'd argue that it's intentional. The original purpose for -out option appears to be to emit *certificate* itself, not information about it. Yes, this kind of means that I reckon that -text option should result in output to STDout, not to one appointed by -out. There also is inconsistent usage of STDout when treating -days parameter: error message should be printed on stderr, not STDout. If nobody screams for a week, http://cvs.openssl.org/chngview?cn=20156 will go down to 1.0.x. A. I'm afraid that the change of the target of the -text option output will break expectations of some scripts people in the wild use. Although it is slightly more logical with the change than before I'd prefer keeping it as is at least for 1.0.x. Of course the -days error output change is fine. I second this. My initial reason for the RT was exactly for catching the output with a script; sure its possible to catch it with IO redirection too, but in my case I run a VBScript on Windows which is not able to do IO redirection without launching cmd.exe 1st; doing so makes the script 10+ times slower for 140 certs due to the launch of the shell for 140 times; maybe on Linux this is not that dramatical, but forking a new shell is there time-intensive too. Perhaps a 2nd file output option for catching informational output would be more nice ... Günter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2323] bug in openssl commandline tool with md5 fingerprint output
Andy, Am 14.12.2010 00:00, schrieb Andy Polyakov via RT: My initial reason for the RT was exactly for catching the output with a script; sure its possible to catch it with IO redirection too, but in my case I run a VBScript on Windows which is not able to do IO redirection without launching cmd.exe 1st; set ex=shell.Exec(...) while not ex.StdOut.AtEndOfStream ... ex.StdOut.ReadLine ... wend hmm, when I was on it I got IO redirection only working when launched with cscript - not wscript; do you know if the above works with wscript too? Günter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2377] MingW32 test compilation breaks (1.0.0b)
Am 23.11.2010 23:58, schrieb Andy Polyakov via RT: My MSYS is older... What I can tell about it is that 'ln -s' works by *copying* the file to target location. Or should I say pretends working. Your tar might do the same, i.e. defer symlink resolution till the end of tar-file and copy the files. Can you confirm this? It should be noted that Vista and onward implements symbolic links, and it's not impossible to imagine that new enough MSYS would take advantage of it:-) also did just some tests on Linux, and it seems that -h does only work for archiving, but not extracting: tar xfz openssl-1.0.0b.tar.gz tar cf openssl-1.0.0b.tar openssl-1.0.0b/ tar chf openssl-1.0.0b-h.tar openssl-1.0.0b/ ll *.tar -rw-r--r-- 1 root root 21575680 Nov 20 03:15 openssl-1.0.0b-h.tar -rw-r--r-- 1 root root 19793920 Nov 20 03:15 openssl-1.0.0b.tar Right, this was exactly suggestion in #2273. I.e. re-pack resolving symbolic links. Either way, shall we settle for http://cvs.openssl.org/chngview?cn=20071. Cheers. A. yes, that's ok - lets close this bug then. Günter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2377] MingW32 test compilation breaks (1.0.0b)
Am 23.11.2010 23:58, schrieb Andy Polyakov via RT: My MSYS is older... What I can tell about it is that 'ln -s' works by *copying* the file to target location. Or should I say pretends working. Your tar might do the same, i.e. defer symlink resolution till the end of tar-file and copy the files. Can you confirm this? It should be noted that Vista and onward implements symbolic links, and it's not impossible to imagine that new enough MSYS would take advantage of it:-) also did just some tests on Linux, and it seems that -h does only work for archiving, but not extracting: tar xfz openssl-1.0.0b.tar.gz tar cf openssl-1.0.0b.tar openssl-1.0.0b/ tar chf openssl-1.0.0b-h.tar openssl-1.0.0b/ ll *.tar -rw-r--r-- 1 root root 21575680 Nov 20 03:15 openssl-1.0.0b-h.tar -rw-r--r-- 1 root root 19793920 Nov 20 03:15 openssl-1.0.0b.tar Right, this was exactly suggestion in #2273. I.e. re-pack resolving symbolic links. Either way, shall we settle for http://cvs.openssl.org/chngview?cn=20071. Cheers. A. yes, that's ok - lets close this bug then. Günter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2323] bug in openssl commandline tool with md5 fingerprint output
Hi, Am 28.08.2010 00:19, schrieb Guenter via RT: I've meanwhile checked apps/x509.c, and patching it to send output to file is trivial (attached); but looking at the other output options around these lines makes me a bit unsure if these options are intended to go to STDOUT rather than to honor a file option? However if the later then I'm asking me why? Almost all options print their output to STDOUT and ignore a file option - except for the text option ... no comments on this? Is this behaviour now intended? Then lets close the RT with a comment stating this; or just an oversight, and can we then fix this (see my patches)? Günter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2323] bug in openssl commandline tool with md5 fingerprint output
Hi, Am 28.08.2010 00:19, schrieb Guenter via RT: I've meanwhile checked apps/x509.c, and patching it to send output to file is trivial (attached); but looking at the other output options around these lines makes me a bit unsure if these options are intended to go to STDOUT rather than to honor a file option? However if the later then I'm asking me why? Almost all options print their output to STDOUT and ignore a file option - except for the text option ... no comments on this? Is this behaviour now intended? Then lets close the RT with a comment stating this; or just an oversight, and can we then fix this (see my patches)? Günter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2377] MingW32 test compilation breaks (1.0.0b)
Andy, Am 19.11.2010 22:38, schrieb Andy Polyakov via RT: yes - that's same issue; I did delete my source tree, and extracted from MSYS with: tar xfhz openssl-1.0.0b.tar.gz Is it correctly understood that in this context 'h' option simply omits symbolic links? I get a bunch of Cannot create symlink to with corresponding consequences. Configure then recreates them by copying files symlinks should point to. Can you confirm this? A. nope. See: http://linux.die.net/man/1/tar -h, --dereference don't dump symlinks; dump the files they point to I dont see what you describe; but some more tests on MSYS show that it works also correctly even when I extract the release archive with standard command: tar xfz openssl-1.0.0b.tar.gz so I guess with 1st trial I did extract with 7-Zip (stupid habbit on Windoze) which caused the symlinks stripped. MSYS tar seems clever enough to dump the files when it sees symlinks ... also did just some tests on Linux, and it seems that -h does only work for archiving, but not extracting: tar xfz openssl-1.0.0b.tar.gz tar cf openssl-1.0.0b.tar openssl-1.0.0b/ tar chf openssl-1.0.0b-h.tar openssl-1.0.0b/ ll *.tar -rw-r--r-- 1 root root 21575680 Nov 20 03:15 openssl-1.0.0b-h.tar -rw-r--r-- 1 root root 19793920 Nov 20 03:15 openssl-1.0.0b.tar when I extract with -h I can still see symlinks in ./test folder ... apologies for not fully testing at 1st time. New patch below: --- INSTALL.W32.orig2010-07-09 14:31:41 + +++ INSTALL.W32 2010-11-20 02:51:07 + @@ -184,6 +184,10 @@ MinGW and MSYS are available from http://www.mingw.org/, both are required. Run the installers and do whatever magic they say it takes to start MSYS bash shell with GNU tools on its PATH. + Since the release tarballs contain symlinks which Windows cant deal + with you must use MSYS tar in order to dereference the symlinks: + $ tar xfz openssl-x.y.zr.tar.gz + Dont use a GUI tool like 7-Zip or WinZip for extracting! * Compile OpenSSL: BTW. I tested with a relatively new MSYS version - msysinfo: MSYS 1.0.15(0.47/3/2) 2010-07-06 22:04 i686 unknown; targ=MINGW32 and: gcc version 4.5.0 (GCC) Günter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2377] MingW32 test compilation breaks (1.0.0b)
Andy, Am 19.11.2010 22:38, schrieb Andy Polyakov via RT: yes - that's same issue; I did delete my source tree, and extracted from MSYS with: tar xfhz openssl-1.0.0b.tar.gz Is it correctly understood that in this context 'h' option simply omits symbolic links? I get a bunch of Cannot create symlink to with corresponding consequences. Configure then recreates them by copying files symlinks should point to. Can you confirm this? A. nope. See: http://linux.die.net/man/1/tar -h, --dereference don't dump symlinks; dump the files they point to I dont see what you describe; but some more tests on MSYS show that it works also correctly even when I extract the release archive with standard command: tar xfz openssl-1.0.0b.tar.gz so I guess with 1st trial I did extract with 7-Zip (stupid habbit on Windoze) which caused the symlinks stripped. MSYS tar seems clever enough to dump the files when it sees symlinks ... also did just some tests on Linux, and it seems that -h does only work for archiving, but not extracting: tar xfz openssl-1.0.0b.tar.gz tar cf openssl-1.0.0b.tar openssl-1.0.0b/ tar chf openssl-1.0.0b-h.tar openssl-1.0.0b/ ll *.tar -rw-r--r-- 1 root root 21575680 Nov 20 03:15 openssl-1.0.0b-h.tar -rw-r--r-- 1 root root 19793920 Nov 20 03:15 openssl-1.0.0b.tar when I extract with -h I can still see symlinks in ./test folder ... apologies for not fully testing at 1st time. New patch below: --- INSTALL.W32.orig2010-07-09 14:31:41 + +++ INSTALL.W32 2010-11-20 02:51:07 + @@ -184,6 +184,10 @@ MinGW and MSYS are available from http://www.mingw.org/, both are required. Run the installers and do whatever magic they say it takes to start MSYS bash shell with GNU tools on its PATH. + Since the release tarballs contain symlinks which Windows cant deal + with you must use MSYS tar in order to dereference the symlinks: + $ tar xfz openssl-x.y.zr.tar.gz + Dont use a GUI tool like 7-Zip or WinZip for extracting! * Compile OpenSSL: BTW. I tested with a relatively new MSYS version - msysinfo: MSYS 1.0.15(0.47/3/2) 2010-07-06 22:04 i686 unknown; targ=MINGW32 and: gcc version 4.5.0 (GCC) Günter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2374] [PATCH] mingw32 cant compile e_capi.c (1.0.0b)
Hi, it seems that all native MingW32 versions (tested with MingW32 4.50) lack of stuff to compile e_capi.c: gcc -I../include -DOPENSSL_THREADS -D_MT -DDSO_WIN32 -mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DWHIRLPOOL_ASM -c -o e_capi.o e_capi.c e_capi.c: In function 'capi_get_pkey': e_capi.c:671:3: error: 'DSSPUBKEY' undeclared (first use in this function) e_capi.c:671:3: note: each undeclared identifier is reported only once for each function it appears in e_capi.c:671:14: error: 'dp' undeclared (first use in this function) e_capi.c:674:20: error: expected expression before ')' token e_capi.c:718:3: warning: format '%lx' expects type 'long unsigned int', but argument 4 has type 'ALG_ID' e_capi.c: In function 'capi_rsa_sign': e_capi.c:818:3: warning: format '%lx' expects type 'long unsigned int', but argument 4 has type 'int' e_capi.c: In function 'capi_rsa_priv_dec': e_capi.c:912:2: warning: passing argument 6 of 'CryptDecrypt' from incompatible pointer type d:\mingw\bin\../lib/gcc/mingw32/4.5.0/../../../../include/wincrypt.h:1209:23: note: expected 'PDWORD' but argument is of type 'int *' e_capi.c: In function 'capi_get_provname': e_capi.c:1090:2: warning: implicit declaration of function 'CryptEnumProvidersA' e_capi.c: In function 'capi_list_providers': e_capi.c:1129:3: warning: format '%d' expects type 'int', but argument 3 has type 'DWORD' e_capi.c:1129:3: warning: format '%d' expects type 'int', but argument 5 has type 'DWORD' e_capi.c: In function 'capi_list_containers': e_capi.c:1173:3: warning: pointer targets in passing argument 3 of 'CryptGetProvParam' differ in signedness d:\mingw\bin\../lib/gcc/mingw32/4.5.0/../../../../include/wincrypt.h:1203:23: note: expected 'PBYTE' but argument is of type 'LPSTR' e_capi.c:1188:3: warning: format '%d' expects type 'int', but argument 3 has type 'DWORD' e_capi.c: In function 'capi_dump_prov_info': e_capi.c:1239:2: warning: format '%d' expects type 'int', but argument 4 has type 'DWORD' e_capi.c:1240:2: warning: format '%d' expects type 'int', but argument 4 has type 'DWORD' e_capi.c: In function 'capi_dump_cert': e_capi.c:1290:2: warning: passing argument 2 of 'd2i_X509' from incompatible pointer type ../include/openssl/x509.h:834:1: note: expected 'const unsigned char **' but argument is of type 'unsigned char **' e_capi.c: In function 'capi_open_store': e_capi.c:1328:25: error: 'CERT_STORE_PROV_SYSTEM_A' undeclared (first use in this function) e_capi.c: In function 'capi_list_certs': e_capi.c:1369:11: warning: unused variable 'fname' e_capi.c: In function 'capi_ctx_new': e_capi.c:1529:5: error: 'CERT_STORE_READONLY_FLAG' undeclared (first use in this function) e_capi.c: In function 'capi_load_ssl_client_cert': e_capi.c:1632:5: warning: pointer targets in assignment differ in signedness e_capi.c:1633:3: warning: passing argument 2 of 'd2i_X509' from incompatible pointer type ../include/openssl/x509.h:834:1: note: expected 'const unsigned char **' but argument is of type 'const char **' make[1]: *** [e_capi.o] Error 1 make[1]: Leaving directory `/d/openssl-1.0.0b/engines' Therefore I've added some more define tests to OpenSSL 1.0.0b e_capi.c to furher check what we have (or not) in wincrypt.h: --- e_capi.c.orig Mon Mar 15 23:29:20 2010 +++ e_capi.cThu Nov 18 17:43:19 2010 @@ -76,10 +76,16 @@ * CertGetCertificateContextProperty. CERT_KEY_PROV_INFO_PROP_ID is * one of possible values you can pass to function in question. By * checking if it's defined we can see if wincrypt.h and accompanying - * crypt32.lib are in shape. Yes, it's rather weak test and if - * compilation fails, then re-configure with -DOPENSSL_NO_CAPIENG. + * crypt32.lib are in shape. The native MingW32 headers up to and + * including __W32API_VERSION 3.14 lack of struct DSSPUBKEY and the + * defines CERT_STORE_PROV_SYSTEM_A and CERT_STORE_READONLY_FLAG, + * so we check for these too and avoid compiling. + * Yes, it's rather weak test and if compilation fails, + * then re-configure with -DOPENSSL_NO_CAPIENG. */ -#ifdef CERT_KEY_PROV_INFO_PROP_ID +#if defined(CERT_KEY_PROV_INFO_PROP_ID) \ +defined(CERT_STORE_PROV_SYSTEM_A) \ +defined(CERT_STORE_READONLY_FLAG) # define __COMPILE_CAPIENG #endif /* CERT_KEY_PROV_INFO_PROP_ID */ #endif /* OPENSSL_NO_CAPIENG */ patch also attached. --- e_capi.c.orig Mon Mar 15 23:29:20 2010 +++ e_capi.cThu Nov 18 17:43:19 2010 @@ -76,10 +76,16 @@ * CertGetCertificateContextProperty. CERT_KEY_PROV_INFO_PROP_ID is * one of possible values you can pass to function in question. By * checking if it's defined we can see if wincrypt.h and accompanying - * crypt32.lib are in shape. Yes, it's rather weak test and if - * compilation fails, then re-configure with -DOPENSSL_NO_CAPIENG. + * crypt32.lib are in
[openssl.org #2375] [PATCH] cleanup / fix e_aep.c for OpenWatcom (1.0.0b)
Hi, the patch below against OpenSSL 1.0.0b cleans up getpid() usage in e_aep.c and fixes win32 target compilation with OpenWatcom: --- e_aep.c.origMon Dec 22 14:54:12 2008 +++ e_aep.c Thu Nov 18 02:11:37 2010 @@ -68,6 +68,8 @@ #if defined(OPENSSL_SYS_NETWARE) defined(NETWARE_CLIB) #define getpid GetThreadID extern int GetThreadID(void); +#elif defined(_WIN32) !defined(__WATCOMC__) +#define getpid _getpid #endif #include openssl/crypto.h @@ -867,13 +869,7 @@ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -#ifdef NETWARE_CLIB - curr_pid = GetThreadID(); -#elif defined(_WIN32) - curr_pid = _getpid(); -#else curr_pid = getpid(); -#endif /*Check if this is the first time this is being called from the current process*/ patch also attached. --- e_aep.c.origMon Dec 22 14:54:12 2008 +++ e_aep.c Thu Nov 18 02:11:37 2010 @@ -68,6 +68,8 @@ #if defined(OPENSSL_SYS_NETWARE) defined(NETWARE_CLIB) #define getpid GetThreadID extern int GetThreadID(void); +#elif defined(_WIN32) !defined(__WATCOMC__) +#define getpid _getpid #endif #include openssl/crypto.h @@ -867,13 +869,7 @@ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -#ifdef NETWARE_CLIB - curr_pid = GetThreadID(); -#elif defined(_WIN32) - curr_pid = _getpid(); -#else curr_pid = getpid(); -#endif /*Check if this is the first time this is being called from the current process*/
[openssl.org #2376] [PATCH] cleanup / fix cryptlib.c for OpenWatcom (1.0.0b)
Hi, the patch below against OpenSSL 1.0.0b cleans up alloca() usage in cryptlib.c and fixes win32 target compilation with OpenWatcom: --- cryptlib.c.orig Sat Apr 10 15:13:12 2010 +++ cryptlib.c Thu Nov 18 18:11:02 2010 @@ -743,6 +743,16 @@ #if defined(_WIN32) !defined(__CYGWIN__) #include tchar.h #include signal.h +#ifdef __WATCOMC__ +#if defined(_UNICODE) || defined(__UNICODE__) +#define _vsntprintf _vsnwprintf +#else +#define _vsntprintf _vsnprintf +#endif +#endif +#ifdef _MSC_VER +#define alloca _alloca +#endif #if defined(_WIN32_WINNT) _WIN32_WINNT=0x0333 int OPENSSL_isservice(void) @@ -773,11 +783,7 @@ if (len512) return -1; /* paranoia */ len++,len=~1;/* paranoia */ -#ifdef _MSC_VER -name=(WCHAR *)_alloca(len+sizeof(WCHAR)); -#else name=(WCHAR *)alloca(len+sizeof(WCHAR)); -#endif if (!GetUserObjectInformationW (h,UOI_NAME,name,len,len)) return -1; @@ -822,11 +828,7 @@ size_t len_0=strlen(fmta)+1,i; WCHAR *fmtw; -#ifdef _MSC_VER - fmtw = (WCHAR *)_alloca (len_0*sizeof(WCHAR)); -#else - fmtw = (WCHAR *)alloca (len_0*sizeof(WCHAR)); -#endif + fmtw = (WCHAR *)alloca(len_0*sizeof(WCHAR)); if (fmtw == NULL) { fmt=(const TCHAR *)Lno stack?; break; } #ifndef OPENSSL_NO_MULTIBYTE patch also attached. --- cryptlib.c.orig Sat Apr 10 15:13:12 2010 +++ cryptlib.c Thu Nov 18 18:11:02 2010 @@ -743,6 +743,16 @@ #if defined(_WIN32) !defined(__CYGWIN__) #include tchar.h #include signal.h +#ifdef __WATCOMC__ +#if defined(_UNICODE) || defined(__UNICODE__) +#define _vsntprintf _vsnwprintf +#else +#define _vsntprintf _vsnprintf +#endif +#endif +#ifdef _MSC_VER +#define alloca _alloca +#endif #if defined(_WIN32_WINNT) _WIN32_WINNT=0x0333 int OPENSSL_isservice(void) @@ -773,11 +783,7 @@ if (len512) return -1;/* paranoia */ len++,len=~1; /* paranoia */ -#ifdef _MSC_VER -name=(WCHAR *)_alloca(len+sizeof(WCHAR)); -#else name=(WCHAR *)alloca(len+sizeof(WCHAR)); -#endif if (!GetUserObjectInformationW (h,UOI_NAME,name,len,len)) return -1; @@ -822,11 +828,7 @@ size_t len_0=strlen(fmta)+1,i; WCHAR *fmtw; -#ifdef _MSC_VER - fmtw = (WCHAR *)_alloca (len_0*sizeof(WCHAR)); -#else - fmtw = (WCHAR *)alloca (len_0*sizeof(WCHAR)); -#endif + fmtw = (WCHAR *)alloca(len_0*sizeof(WCHAR)); if (fmtw == NULL) { fmt=(const TCHAR *)Lno stack?; break; } #ifndef OPENSSL_NO_MULTIBYTE
[openssl.org #2377] MingW32 test compilation breaks (1.0.0b)
Hi, OpenSSL 1.0.0b standard test compilation breaks with MingW32 / MSYS: make[2]: Entering directory `/d/openssl-1.0.0b/test' ( :; LIBDEPS=${LIBDEPS:--L.. -lssl -L.. -lcrypto -lws2_32 -lgdi32 -lcrypt32}; LDCMD=${LDCMD:-gcc}; LDFLAGS=${LDFLAGS:--DOPENSSL_THREADS -D_MT -DDSO_WIN32 -mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DWHIRLPOOL_ASM}; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=md2test.exe} md2test.o ${LIBDEPS} ) d:/mingw/bin/../lib/gcc/mingw32/4.5.0/../../../libmingw32.a(main.o):main.c:(.text+0xd2): undefined reference to `winm...@16' collect2: ld returned 1 exit status make[2]: *** [link_app.] Error 1 make[2]: Leaving directory `/d/openssl-1.0.0b/test' make[1]: *** [md2test.exe] Error 2 seems this happens because md2, rc5, jpake are disabled by default, Makefile has: OPTIONS= no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-shared no-store no-zlib no-zlib-dynamic static-engine and the files md2test.c, jpaketest.c, rc5test.c are of zero bytes: 16.11.2010 14:41 0 rc5test.c 16.11.2010 14:41 0 jpaketest.c 16.11.2010 14:41 0 md2test.c which then cause the compiler break; when I enable these features the test files are ok, and compilation finishes, but since jpake is classified as 'experimental' this is not what everyone wants ... Günter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2377] MingW32 test compilation breaks (1.0.0b)
Hi Andy, Am 18.11.2010 23:58, schrieb Andy Polyakov via RT: Could you examine ticket #2273. Can you confirm that it's same issue discussed at the very end? A. argh! Now remember we discussed this issue already with last release ... will asap repack the release archive on Linux and check if that does any better ... thanks, Günter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2371] Openssl mingw build error.
Am 18.11.2010 23:56, schrieb Andy Polyakov via RT: While building the openssl-1.0.0b for windows (using the mingw compiler) I get the following build error : making all in crypto/dso... make[2]: Entering directory `/cygdrive/f/openssl-1.0.0a/crypto/dso' gcc -I.. -I../.. -I../asn1 -I../evp -I../../include -DOPENSSL_THREADS -D_MT -DD SO_WIN32 -mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 - march=i486 -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_AS M_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DW HIRLPOOL_ASM -c -o dso_win32.o dso_win32.c dso_win32.c: In function `win32_load': dso_win32.c:173: error: `HINSTANCE' undeclared (first use in this function) dso_win32.c:173: error: (Each undeclared identifier is reported only once dso_win32.c:173: error: for each function it appears in.) dso_win32.c:173: error: parse error before h The compilation relies on _WIN32 macro being pre-defined by compiler. This applies to *all* compilers targeting Windows, including mingw. So the key question is why doesn't your compiler define it? Examine 'gcc -dumpspecs' output and see if _WIN32 is defined for -mno-cygwin. If it doesn't, then I'd say it's a bug... A. it doesnt complain with later versions, so this bug seems fixed with newer headers ... also it seems that OP uses a cross-compiler on Linux, and these are often very weired; f.e. with my other prob with wincrypt.h my mingw32-cross on OpenSuSE 10.3 uses the ming64 header, thus my proposed additional check goes fine, but linking breaks then since exports missing from lib ... Gün. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2323] bug in openssl commandline tool with md5 fingerprint output
Hi, Am 20.08.2010 11:33, schrieb Guenter via RT: while hacking on a script where I use the openssl commandline tool for processing PEM certs I found that suprisingly the md5 fingerprint output always goes to stdout instead of using the -out stream, f.e. when using: openssl x509 -md5 -fingerprint -text -inform PEM -in tmpin.crt -out tmpout.crt the md5 fingerprint output goes to stdout while the whole rest of output goes into tmpout.crt as expected ... is this now intended behaviour, or just an oversight? If the latter I would look into the sources for fixing it ... tested versions: OpenSSL 0.9.8o 01 Jun 2010 OpenSSL 1.0.0a 1 Jun 2010 I've meanwhile checked apps/x509.c, and patching it to send output to file is trivial (attached); but looking at the other output options around these lines makes me a bit unsure if these options are intended to go to STDOUT rather than to honor a file option? However if the later then I'm asking me why? Almost all options print their output to STDOUT and ignore a file option - except for the text option ... thanks, Gün. --- x509.c.orig Fri Jun 26 13:34:21 2009 +++ x509.c Fri Aug 27 23:32:32 2010 @@ -898,11 +898,11 @@ BIO_printf(bio_err,out of memory\n); goto end; } - BIO_printf(STDout,%s Fingerprint=, + BIO_printf(out,%s Fingerprint=, OBJ_nid2sn(EVP_MD_type(digest))); for (j=0; j(int)n; j++) { - BIO_printf(STDout,%02X%c,md[j], + BIO_printf(out,%02X%c,md[j], (j+1 == (int)n) ?'\n':':'); } --- x509.c.orig Tue Jan 12 19:27:09 2010 +++ x509.c Fri Aug 27 23:38:23 2010 @@ -932,11 +932,11 @@ BIO_printf(bio_err,out of memory\n); goto end; } - BIO_printf(STDout,%s Fingerprint=, + BIO_printf(out,%s Fingerprint=, OBJ_nid2sn(EVP_MD_type(fdig))); for (j=0; j(int)n; j++) { - BIO_printf(STDout,%02X%c,md[j], + BIO_printf(out,%02X%c,md[j], (j+1 == (int)n) ?'\n':':'); }
Re: [openssl.org #2323] bug in openssl commandline tool with md5 fingerprint output
Hi, Am 20.08.2010 11:33, schrieb Guenter via RT: while hacking on a script where I use the openssl commandline tool for processing PEM certs I found that suprisingly the md5 fingerprint output always goes to stdout instead of using the -out stream, f.e. when using: openssl x509 -md5 -fingerprint -text -inform PEM -in tmpin.crt -out tmpout.crt the md5 fingerprint output goes to stdout while the whole rest of output goes into tmpout.crt as expected ... is this now intended behaviour, or just an oversight? If the latter I would look into the sources for fixing it ... tested versions: OpenSSL 0.9.8o 01 Jun 2010 OpenSSL 1.0.0a 1 Jun 2010 I've meanwhile checked apps/x509.c, and patching it to send output to file is trivial (attached); but looking at the other output options around these lines makes me a bit unsure if these options are intended to go to STDOUT rather than to honor a file option? However if the later then I'm asking me why? Almost all options print their output to STDOUT and ignore a file option - except for the text option ... thanks, Gün. --- x509.c.orig Fri Jun 26 13:34:21 2009 +++ x509.c Fri Aug 27 23:32:32 2010 @@ -898,11 +898,11 @@ BIO_printf(bio_err,out of memory\n); goto end; } - BIO_printf(STDout,%s Fingerprint=, + BIO_printf(out,%s Fingerprint=, OBJ_nid2sn(EVP_MD_type(digest))); for (j=0; j(int)n; j++) { - BIO_printf(STDout,%02X%c,md[j], + BIO_printf(out,%02X%c,md[j], (j+1 == (int)n) ?'\n':':'); } --- x509.c.orig Tue Jan 12 19:27:09 2010 +++ x509.c Fri Aug 27 23:38:23 2010 @@ -932,11 +932,11 @@ BIO_printf(bio_err,out of memory\n); goto end; } - BIO_printf(STDout,%s Fingerprint=, + BIO_printf(out,%s Fingerprint=, OBJ_nid2sn(EVP_MD_type(fdig))); for (j=0; j(int)n; j++) { - BIO_printf(STDout,%02X%c,md[j], + BIO_printf(out,%02X%c,md[j], (j+1 == (int)n) ?'\n':':'); }
[openssl.org #2323] bug in openssl commandline tool with md5 fingerprint output
Hi, while hacking on a script where I use the openssl commandline tool for processing PEM certs I found that suprisingly the md5 fingerprint output always goes to stdout instead of using the -out stream, f.e. when using: openssl x509 -md5 -fingerprint -text -inform PEM -in tmpin.crt -out tmpout.crt the md5 fingerprint output goes to stdout while the whole rest of output goes into tmpout.crt as expected ... is this now intended behaviour, or just an oversight? If the latter I would look into the sources for fixing it ... tested versions: OpenSSL 0.9.8o 01 Jun 2010 OpenSSL 1.0.0a 1 Jun 2010 regards, Günter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 0.9.8n released
Hi, OpenSSL schrieb: OpenSSL version 0.9.8n released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.8n of our open source toolkit for SSL/TLS. This new OpenSSL version is a security and bugfix release which addresses CVE-2010-0740. For a complete list of changes, please see http://www.openssl.org/source/exp/CHANGES. We consider OpenSSL 0.9.8n to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 0.9.8n is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): the section 'Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n' ist still missing here: http://openssl.org/news/news.html Günter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2097] OpenSSL 1.0.0 beta4 - Microsoft Windows
Stephen Henson via RT schrieb: That's caused by broken IPv6 headers. If possible you should upgrade the platform SDK (which may not be possible on VC6). It is possible with VC6, but you need to take an older PSK from Feb. 2003: http://www.microsoft.com/msdownload/platformsdk/sdkupdate/psdk-full.htm this should be latest which works with MSVC6 ... Gün. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2097] OpenSSL 1.0.0 beta4 - Microsoft Windows
Steve, Stephen Henson via RT schrieb: That's caused by broken IPv6 headers. If possible you should upgrade the platform SDK (which may not be possible on VC6). The alternative is to forcibly disable IPV6 with: perl Configure VC-WIN32 -DOPENSSL_USE_IPV6=0 on the command line. we see these problems with other projects too, f.e libcurl, and we have added a section about MSVC6 in our INSTALL (see 'MSVC 6 caveats'): http://curl.haxx.se/cvs.cgi/curl/docs/INSTALL?revision=1.113view=markup I'd suggest to add same also to OpenSSL's README.WIN32 ... Gün. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2077] openssl 1.0.0 stable does not print all digests with help
Hi Victor, Really, there is a problem with digest commands. For instance I never was able to make md_gost94 digest work as digest command, not as option to dgst command. works for me (1.0.0-stable snapshot); it seems the syntax is: openssl dgst -digest file or openssl digest file f.e.: ./openssl md_gost94 openssl md_gost94(openssl)= 1f4e2ca3d0ef0bbf54528acad3d462205dfef7056e389a37d28b2e22649a1f70 or: ./openssl dgst -md_gost94 openssl md_gost94(openssl)= 1f4e2ca3d0ef0bbf54528acad3d462205dfef7056e389a37d28b2e22649a1f70 but: ./openssl dgst command command: No such file or directory so seems without a valid digest parameter openssl directly looks for a file, and uses md5 digest: ./openssl dgst openssl MD5(openssl)= dfb6bf0c6d61643e06e3c48a1573d4b9 Günter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2077] openssl 1.0.0 stable does not print all digests with help
Hi, I checked with a recent snapshot 1.0.0-stable, and found that although the openssl commandline supports now sha224, sha256, sha384, and sha512 message digests, it still only prints these: Message Digest commands (see the `dgst' command for more details) md4 md5 mdc2 rmd160 sha sha1 but 'openssl dgst x' gives: -gost-mac to use the gost-mac message digest algorithm -md_gost94 to use the md_gost94 message digest algorithm -md4to use the md4 message digest algorithm -md5to use the md5 message digest algorithm -mdc2 to use the mdc2 message digest algorithm -ripemd160 to use the ripemd160 message digest algorithm -shato use the sha message digest algorithm -sha1 to use the sha1 message digest algorithm -sha224 to use the sha224 message digest algorithm -sha256 to use the sha256 message digest algorithm -sha384 to use the sha384 message digest algorithm -sha512 to use the sha512 message digest algorithm -whirlpool to use the whirlpool message digest algorithm so seems there are a couple of digests missing ... BTW. is there a right way to get help from openssl commandline instead of just producing an error? thanks, Günter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
OpenSSL 1.0.0-stable build broken for MingW/MSYS
Hi, just tried a standard build of recent snapshot, and get this: making all in crypto/md2... make[2]: Entering directory `/projects/test/openssl-1.0.0-stable-SNAP-20091017/crypto/md2' gcc -I.. -I../.. -I../asn1 -I../evp -I../../include -DOPENSSL_THREADS -DDSO_WIN32 -mno-cygwin -DL_ENDIAN -DOPENSSL_NO_CAPIENG -fomit-frame-pointer -O3 -march=i486 -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DWHIRLPOOL_ASM -c -o md2_dgst.o md2_dgst.c In file included from md2_dgst.c:62: ../../include/openssl/md2.h:64:2: #error MD2 is disabled. make[2]: *** [md2_dgst.o] Error 1 make[2]: Leaving directory `/projects/test/openssl-1.0.0-stable-SNAP-20091017/crypto/md2' make[1]: *** [subdirs] Error 1 make[1]: Leaving directory `/projects/test/openssl-1.0.0-stable-SNAP-20091017/crypto' make: *** [build_crypto] Error 1 I would tend to fix it this way: --- crypto/md2/md2_dgst.c.orig 2007-08-31 10:12:36 + +++ crypto/md2/md2_dgst.c 2009-10-17 13:48:37 + @@ -56,6 +56,9 @@ * [including the GNU Public Licence.] */ +#include openssl/opensslconf.h /* OPENSSL_NO_MD2 */ +#ifndef OPENSSL_NO_MD2 + #include stdio.h #include stdlib.h #include string.h @@ -224,4 +227,5 @@ memset((char *)c,0,sizeof(c)); return 1; } +#endif /* OPENSSL_NO_MD2 */ ### --- crypto/md2/md2_one.c.orig 2005-04-14 22:58:42 + +++ crypto/md2/md2_one.c2009-10-17 13:48:30 + @@ -56,6 +56,9 @@ * [including the GNU Public Licence.] */ +#include openssl/opensslconf.h /* OPENSSL_NO_MD2 */ +#ifndef OPENSSL_NO_MD2 + #include stdio.h #include cryptlib.h #include openssl/md2.h @@ -92,3 +95,5 @@ OPENSSL_cleanse(c,sizeof(c)); /* Security consideration */ return(md); } +#endif /* OPENSSL_NO_MD2 */ + but I've not yet looked up how other platforms do it; I guess config should skip these source files when it builds the makefiles? Please advice; the next break occures with RC5: make[2]: Entering directory `/projects/test/openssl-1.0.0-stable-SNAP-20091017/crypto/rc5' gcc -I.. -I../.. -I../asn1 -I../evp -I../../include -DOPENSSL_THREADS -DDSO_WIN32 -mno-cygwin -DL_ENDIAN -DOPENSSL_NO_CAPIENG -fomit-frame-pointer -O3 -march=i486 -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DWHIRLPOOL_ASM -c -o rc5_skey.o rc5_skey.c In file included from rc5_skey.c:59: ../../include/openssl/rc5.h:69:2: #error RC5 is disabled. make[2]: *** [rc5_skey.o] Error 1 make[2]: Leaving directory `/projects/test/openssl-1.0.0-stable-SNAP-20091017/crypto/rc5' make[1]: *** [subdirs] Error 1 make[1]: Leaving directory `/projects/test/openssl-1.0.0-stable-SNAP-20091017/crypto' make: *** [build_crypto] Error 1 thanks, Guenter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.0-stable build broken for MingW/MSYS
Hi, Guenter schrieb: just tried a standard build of recent snapshot, and get this: making all in crypto/md2... make[2]: Entering directory `/projects/test/openssl-1.0.0-stable-SNAP-20091017/crypto/md2' gcc -I.. -I../.. -I../asn1 -I../evp -I../../include -DOPENSSL_THREADS -DDSO_WIN32 -mno-cygwin -DL_ENDIAN -DOPENSSL_NO_CAPIENG -fomit-frame-pointer -O3 -march=i486 -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DWHIRLPOOL_ASM -c -o md2_dgst.o md2_dgst.c In file included from md2_dgst.c:62: ../../include/openssl/md2.h:64:2: #error MD2 is disabled. make[2]: *** [md2_dgst.o] Error 1 make[2]: Leaving directory `/projects/test/openssl-1.0.0-stable-SNAP-20091017/crypto/md2' make[1]: *** [subdirs] Error 1 make[1]: Leaving directory `/projects/test/openssl-1.0.0-stable-SNAP-20091017/crypto' make: *** [build_crypto] Error 1 sorry for the noise, but seems this was related to crlf line endings; once I extracted the tarball from MSYS all went fine. Again sorry! Günter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2066] [FEATURE-REQUEST] add -r option to checksum outputs
Hi, I did recently some research on available checksum tools on various platforms, and found its really a mess with all those different checksum outputs since there is no RFC which describes a standard format. Anyway, I think the most commonly used tools might be md5sum / sha1sum from GNU core utilities, and they are also user-friendly because they provide to validate directly from a checksum file without need for hacks with external tools (-c option). See also here where I have summarized what I've found so far: http://www.gknw.net/phpbb/viewtopic.php?t=570 as you can see there I describe how the format of openssl's output only slightly differs from the md5 / sha1 tools (two blanks are missing). In addition I have already knocked at the door from coreutils, and got a positive reply that they are willing to support openssl's format too in order to make md5sum / sha1sum even more user-friendly - however before I proceed to look into that direction I thought I ask here first if there's willingness to fix the format of openssl (add the 2 blanks) and / or add an option -r (like the *BSD md5 / sha1 have) to output the checksum in the same format as md5sum / sha1sum use; this would make it *easily* possible to automatically verify openssl-generated checksums with md5sum / sha1sum. Please do not reply here with cool sed hacks - read my summarize and you see that I'm aware of such; think more of the users who are often not able to hack around with sed, pipes, whatever. I believe that even changing the existing format to be 100% identical with md5 / sha1 (which in turn md5sum / sha1sum can deal with) is not an issue of backward compatibility since openssl has no option to verify from checksum files AFAIK; and those who use sed hacks are certainly also able to skip the two additional blanks in future. current 'openssl md5' output: MD5(dummy.gz)= 085fb517d4e442564672c6dda5490ab7 md5 output (which can be used by md5sum): MD5 (dummy.gz) = 085fb517d4e442564672c6dda5490ab7 thanks, Günter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2066] [FEATURE-REQUEST] add -r option to checksum outputs
Hi, find below (also attached) a very simple patch which adds a -r option to the openssl 1.0 branch; the output is like this: # ./openssl md5 openssl MD5(openssl)= 4d184b33151ecde62657079a8b4c3e15 # ./openssl md5 -r openssl 4d184b33151ecde62657079a8b4c3e15 *openssl # ./openssl sha1 openssl SHA1(openssl)= f385aa365dcb11d6beef54eaef1f717c90b40a90 # ./openssl sha1 -r openssl f385aa365dcb11d6beef54eaef1f717c90b40a90 *openssl # ./openssl sha256 -r openssl a2b3d8af6fc052626f13f740cad7aaadb2700ac6a331a876da2ecbcdeacc18d7 *openssl and the check with coreutils tools succeeds: # ./openssl md5 -r openssl | md5sum -c - openssl: OK # ./openssl sha1 -r openssl | sha1sum -c - openssl: OK # ./openssl sha256 -r openssl | sha256sum -c - openssl: OK --- dgst.c.orig 2009-04-26 14:16:12.0 +0200 +++ dgst.c 2009-09-29 01:19:39.0 +0200 @@ -155,6 +155,8 @@ if ((*argv)[0] != '-') break; if (strcmp(*argv,-c) == 0) separator=1; + if (strcmp(*argv,-r) == 0) + separator=2; else if (strcmp(*argv,-rand) == 0) { if (--argc 1) break; @@ -262,6 +264,7 @@ BIO_printf(bio_err,unknown option '%s'\n,*argv); BIO_printf(bio_err,options are\n); BIO_printf(bio_err,-c to output the digest with separating colons\n); + BIO_printf(bio_err,-r to output the digest in coreutils format\n); BIO_printf(bio_err,-d to output debug info\n); BIO_printf(bio_err,-hexoutput as hex dump\n); BIO_printf(bio_err,-binary output in binary form\n); @@ -602,6 +605,12 @@ } if(binout) BIO_write(out, buf, len); + else if (sep == 2) + { + for (i=0; i(int)len; i++) + BIO_printf(out, %02x,buf[i]); + BIO_printf(out, *%s\n, file); + } else { if (sig_name) as you see I have just re-used the separator / sep variables which avoids adding another parameter to do_fp(); however if we do it that way then we should probably rename it to something like optoutput / optout ... Günter. --- dgst.c.orig 2009-04-26 14:16:12.0 +0200 +++ dgst.c 2009-09-29 01:19:39.0 +0200 @@ -155,6 +155,8 @@ if ((*argv)[0] != '-') break; if (strcmp(*argv,-c) == 0) separator=1; + if (strcmp(*argv,-r) == 0) + separator=2; else if (strcmp(*argv,-rand) == 0) { if (--argc 1) break; @@ -262,6 +264,7 @@ BIO_printf(bio_err,unknown option '%s'\n,*argv); BIO_printf(bio_err,options are\n); BIO_printf(bio_err,-c to output the digest with separating colons\n); + BIO_printf(bio_err,-r to output the digest in coreutils format\n); BIO_printf(bio_err,-d to output debug info\n); BIO_printf(bio_err,-hexoutput as hex dump\n); BIO_printf(bio_err,-binary output in binary form\n); @@ -602,6 +605,12 @@ } if(binout) BIO_write(out, buf, len); + else if (sep == 2) + { + for (i=0; i(int)len; i++) + BIO_printf(out, %02x,buf[i]); + BIO_printf(out, *%s\n, file); + } else { if (sig_name)
[openssl.org #2005] Re: OpenSSL 1.0.0 beta3 release
Hi Steve, Dr. Stephen Henson schrieb: Does adding Netware to the OPENSSL_SYS_BEOS_BONE part which #undefs AF_INET6 in b_sock.c work or do you need additional cases? yes, this works at first glance (cant tell more since I have finally a linkage prob so cant test ATM); with below patch compilation finishes: --- crypto/bio/b_sock.c.origMon Apr 27 21:30:36 2009 +++ crypto/bio/b_sock.c Wed Jul 22 16:37:44 2009 @@ -88,8 +88,8 @@ static int wsa_init_done=0; #endif -#if defined(OPENSSL_SYS_BEOS_BONE) -/* BONE's IP6 support is incomplete */ +#if defined(OPENSSL_SYS_BEOS_BONE) || defined(NETWARE_CLIB) +/* BONE's and NetWare's CLIB IP6 support is incomplete */ #undef AF_INET6 #endif Instead of changing every single case we could instead have an #ifdef OPENSSL_USE_IPV6 and set that in an appropriate way in a header file. yes, that would be fine - which header do you suggest? It must then be a header which is always included after the system headers, or else AF_INET6 would get defined again through the system headers, or? So I think its more save to change all '#ifdef AF_INET6' to '#if OPENSSL_USE_IPV6', and then in one header something like: #if defined(OPENSSL_SYS_BEOS_BONE) || defined(NETWARE_CLIB) /* BONE's and NetWare's CLIB IP6 support is incomplete */ #define OPENSSL_USE_IPV6 0 #endif #if !defined(OPENSSL_USE_IPV6) defined(AF_INET6) #define OPENSSL_USE_IPV6 1 #endif Günter. --- crypto/bio/b_sock.c.orig Mon Apr 27 21:30:36 2009 +++ crypto/bio/b_sock.c Wed Jul 22 16:37:44 2009 @@ -88,8 +88,8 @@ static int wsa_init_done=0; #endif -#if defined(OPENSSL_SYS_BEOS_BONE) -/* BONE's IP6 support is incomplete */ +#if defined(OPENSSL_SYS_BEOS_BONE) || defined(NETWARE_CLIB) +/* BONE's and NetWare's CLIB IP6 support is incomplete */ #undef AF_INET6 #endif
Re: OpenSSL 1.0.0 beta3 release
Hi Steve, Dr. Stephen Henson schrieb: Does adding Netware to the OPENSSL_SYS_BEOS_BONE part which #undefs AF_INET6 in b_sock.c work or do you need additional cases? yes, this works at first glance (cant tell more since I have finally a linkage prob so cant test ATM); with below patch compilation finishes: --- crypto/bio/b_sock.c.origMon Apr 27 21:30:36 2009 +++ crypto/bio/b_sock.c Wed Jul 22 16:37:44 2009 @@ -88,8 +88,8 @@ static int wsa_init_done=0; #endif -#if defined(OPENSSL_SYS_BEOS_BONE) -/* BONE's IP6 support is incomplete */ +#if defined(OPENSSL_SYS_BEOS_BONE) || defined(NETWARE_CLIB) +/* BONE's and NetWare's CLIB IP6 support is incomplete */ #undef AF_INET6 #endif Instead of changing every single case we could instead have an #ifdef OPENSSL_USE_IPV6 and set that in an appropriate way in a header file. yes, that would be fine - which header do you suggest? It must then be a header which is always included after the system headers, or else AF_INET6 would get defined again through the system headers, or? So I think its more save to change all '#ifdef AF_INET6' to '#if OPENSSL_USE_IPV6', and then in one header something like: #if defined(OPENSSL_SYS_BEOS_BONE) || defined(NETWARE_CLIB) /* BONE's and NetWare's CLIB IP6 support is incomplete */ #define OPENSSL_USE_IPV6 0 #endif #if !defined(OPENSSL_USE_IPV6) defined(AF_INET6) #define OPENSSL_USE_IPV6 1 #endif Günter. --- crypto/bio/b_sock.c.orig Mon Apr 27 21:30:36 2009 +++ crypto/bio/b_sock.c Wed Jul 22 16:37:44 2009 @@ -88,8 +88,8 @@ static int wsa_init_done=0; #endif -#if defined(OPENSSL_SYS_BEOS_BONE) -/* BONE's IP6 support is incomplete */ +#if defined(OPENSSL_SYS_BEOS_BONE) || defined(NETWARE_CLIB) +/* BONE's and NetWare's CLIB IP6 support is incomplete */ #undef AF_INET6 #endif
Re: OpenSSL 1.0.0 beta3 release
Hi Steve, Guenter schrieb: yes, this works at first glance (cant tell more since I have finally a linkage prob so cant test ATM); with below patch compilation finishes: now to the linkage prob which seems the last one with the NetWare CLIB platform: we have no gettimeofday() there, so we need a workaround. I've checked already through it some weeks ago (affects also now the 0.9.8 branch), but couldnt come up a good replacement; We have in CLIB some system timers with high resolutions, but these wrap after some hours, others after some days. Then we have the usual time() stuff with 1 sec resolution, and if a 1 sec resolution would do for what we need gettimeofday() for then I could just populate the timeval struct with the seconds only, and keep usec always 0; though I believe we need a better resolution or else OpenSSL's code would just use time(), or? Also, if we need a usec resolution then the secs dont matter - I mean here that they dont need to reflect a correct date = xxx seconds since 1970, or? Instead I could then just divide a timer value through its resolution to get the seconds, and would be able to do proper time diffs ... Günter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.0 beta3 release
Hi, in addition to the issue below I see another one when I try to build with ASM support: although the *.asm files get generated, the mk1mf.pl script seems no longer to put the asm objects nor the asm build rules into the generated makefile ... I've looked though the mk1mf.pl, but lost track somehow - the 0.9.8 one seemed more clear to me ... :) Gün. Guenter schrieb: HI Steve, Dr. Stephen Henson schrieb: OpenSSL version 1.0.0 Beta 3 OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ OpenSSL is currently in a release cycle. The second beta is now released. The beta release is available for download via HTTP and FTP from the following master locations (the various FTP mirrors you can find under http://www.openssl.org/source/mirror.html): I have still the prob with NetWare's broken Winsock IPv6 stack; currently it breaks in crypto/b_sock.c (gcc compiler): b_sock.c: In function `BIO_get_accept_socket': b_sock.c:728: dereferencing pointer to incomplete type b_sock.c:728: dereferencing pointer to incomplete type b_sock.c:729: dereferencing pointer to incomplete type or, with Metrowerks compiler: crypto\bio\b_sock.c:728: illegal use of incomplete struct/union/class 'struct sockaddr_in6' crypto\bio\b_sock.c:729: illegal use of incomplete struct/union/class 'struct sockaddr_in6' this is inside a '#ifdef AF_INET6' block. The problem is now that although AF_INET6 is indeed defined in the winsock2 header, the implementation is incomplete and broken. In the past I came over very similar prob also with Linux 2.2 kernel where structs were incomplete, and I'm asking me if it wouldnt make sense to add a var which disables IPv6 stuff on demand? F.e. something like DISABLE_IPV6, and then change all '#ifdef AF_INET6' across the sources to: #if !defined(DISABLE_IPV6) defined(AF_INET6) ... #endif This would make it possible to disable the IPv6 stuff for any platform which is known to broken with IPv6. Thoughts? Gün. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.0 beta3 release
HI Steve, Dr. Stephen Henson schrieb: OpenSSL version 1.0.0 Beta 3 OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ OpenSSL is currently in a release cycle. The second beta is now released. The beta release is available for download via HTTP and FTP from the following master locations (the various FTP mirrors you can find under http://www.openssl.org/source/mirror.html): I have still the prob with NetWare's broken Winsock IPv6 stack; currently it breaks in crypto/b_sock.c (gcc compiler): b_sock.c: In function `BIO_get_accept_socket': b_sock.c:728: dereferencing pointer to incomplete type b_sock.c:728: dereferencing pointer to incomplete type b_sock.c:729: dereferencing pointer to incomplete type or, with Metrowerks compiler: crypto\bio\b_sock.c:728: illegal use of incomplete struct/union/class 'struct sockaddr_in6' crypto\bio\b_sock.c:729: illegal use of incomplete struct/union/class 'struct sockaddr_in6' this is inside a '#ifdef AF_INET6' block. The problem is now that although AF_INET6 is indeed defined in the winsock2 header, the implementation is incomplete and broken. In the past I came over very similar prob also with Linux 2.2 kernel where structs were incomplete, and I'm asking me if it wouldnt make sense to add a var which disables IPv6 stuff on demand? F.e. something like DISABLE_IPV6, and then change all '#ifdef AF_INET6' across the sources to: #if !defined(DISABLE_IPV6) defined(AF_INET6) ... #endif This would make it possible to disable the IPv6 stuff for any platform which is known to broken with IPv6. Thoughts? Gün. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[PROPOSAL] add a switch to disable IPv6
All, I've another problem with the NetWare CLIB Winsock build of HEAD; currently it breaks in crypto/b_sock.c: b_sock.c: In function `BIO_get_accept_socket': b_sock.c:728: dereferencing pointer to incomplete type b_sock.c:728: dereferencing pointer to incomplete type b_sock.c:729: dereferencing pointer to incomplete type this is inside a '#ifdef AF_INET6' block. The problem is now that although AF_INET6 is indeed defined in the winsock2 header, the implementation is incomplete and broken. In the past I came over very similar prob also with Linux 2.2 kernel where structs were incomplete, and I'm asking me if it wouldnt make sense to add a var which disables IPv6 stuff on demand? F.e. something like DISABLE_IPV6, and then change all '#ifdef AF_INET6' across the sources to: #if !defined(DISABLE_IPV6) defined(AF_INET6) ... #endif This would make it possible to disable the IPv6 stuff for any platform which is known to broken with IPv6. Thoughts? Gün. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Query Regarding building wpa_suplicant wit OpenSSL support.
Hi Gaurav, Gaurav Halwasia -X (ghalwasi - at Cisco) schrieb: I want to have OpenSSL support in wpa_suplicant in order to get the support for the functionality needed for EAP-FAST in wpa_suplicant. For this I have downloaded the openssl-0.9.8d.tar.tar file and I have openssl-0.9.8d-tls-extensions.patch file with me. there are no *.tar.tar files for download - that is a bug with your browser; the release downloads are named tar.gz; also when you start into something new why dont you use latest 0.9.8k which includes already the tls extensions? 0.9.8d is nearly 3 years old, and there are reasons as f.e. security fixes why new versions are released. But I am not sure what exactly needs to be done now to build wpa_suplicant for EAP-FAST support. I am new to this. Can you please help me in this. first I'd suggest you download 0.9.8k (right-click--save-as should give you the right name): http://www.openssl.org/source/openssl-0.9.8k.tar.gz then extract this with: tar xvfz openssl-0.9.8k.tar.gz and build it for your platform (read the docu related to your platform for how to do that). Then read the docu of the wpa_suplicant package which should explain how to plugin OpenSSL. Günter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #1946] Resolved: [PATCH] NetWare fix compilr break in
Hi Steve, Stephen Henson via RT schrieb: According to our records, your request has been resolved. If you have any further questions or concerns, please respond to this message. sorry to bother again, but seems you have only applied to HEAD and 1.0.0-stable, but not yet to 0.9.8-stable [18268],[18269]: http://cvs.openssl.org/rlog?f=openssl/ssl/dtls1.h thanks, Gün. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #1954] [PATCH] NetWare fix for compilation break with nonexisting include
the NetWare CLIB platform has no strings.h header, and therefore compilation breaks in apps/apps.c (CVS HEAD): --- apps/apps.c.origWed May 13 13:32:45 2009 +++ apps/apps.c Fri Jun 12 15:05:42 2009 @@ -118,7 +118,7 @@ #include stdio.h #include stdlib.h #include string.h -#ifndef OPENSSL_SYSNAME_WIN32 +#if !defined(OPENSSL_SYSNAME_WIN32) !defined(NETWARE_CLIB) #include strings.h #endif #include sys/types.h Since this is not the first time that this problem occurs (see #1945), and most likely not the last time, it would probably make sense that we use something like: #ifdef HAVE_STRINGS_H #include strings.h #endif and define HAVE_STRINGS_H platform-dependent in e_os.h, and make sure that e_os.h is always first included. Just a thought. Günter, --- apps/apps.c.orig Wed May 13 13:32:45 2009 +++ apps/apps.c Fri Jun 12 15:05:42 2009 @@ -118,7 +118,7 @@ #include stdio.h #include stdlib.h #include string.h -#ifndef OPENSSL_SYSNAME_WIN32 +#if !defined(OPENSSL_SYSNAME_WIN32) !defined(NETWARE_CLIB) #include strings.h #endif #include sys/types.h
Re: [openssl.org #1949] mod_ssl/openssl failures when more than 85 CAs are configured
Hi, Roumen Petrov schrieb: In the past we can download a file with CA certificates ( ca-bundle.crt.tar.gz ) from mod_ssl site. Now file is removed but it contain more then 90 certificates (PEM format concatenated together). many use the Perl script I've hacked for cURL to create a ca-bundle.crt: http://curl.haxx.se/lxr/source/lib/mk-ca-bundle.pl I've also hacked a WSH script for Win32 users who might not have Perl: http://www.gknw.net/vb/scripts/mk-ca-bundle.vbs and also a PHP commandline version: http://www.gknw.net/php/phpscripts/mk-ca-bundle.phps I'm fine with contributing any of these scripts to the OpenSSL project if there's any interest. Günter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #1943] [PROPOSAL] rename uni2asc asc2uni because of naming conflict
Hi Steve, Guenter schrieb: Sure, we can do the renaming of the functions #ifdef'd for OPENSSL_SYS_NETWARE, no prob. find attached a new patch for 0.9.8-stable which renames conditionally for NetWare only. diff -ur openssl-0_9_8/apps/pkcs12.c openssl-0_9_8-patched/apps/pkcs12.c --- openssl-0_9_8/apps/pkcs12.c Wed Nov 05 19:36:35 2008 +++ openssl-0_9_8-patched/apps/pkcs12.c Mon Jun 15 01:42:13 2009 @@ -68,6 +68,12 @@ #include openssl/pem.h #include openssl/pkcs12.h +#ifdef OPENSSL_SYS_NETWARE +/* Rename these functions to avoid name clashes on NetWare OS */ +#define uni2asc OPENSSL_uni2asc +#define asc2uni OPENSSL_asc2uni +#endif + #define PROG pkcs12_main const EVP_CIPHER *enc; diff -ur openssl-0_9_8/crypto/pkcs12/p12_attr.c openssl-0_9_8-patched/crypto/pkcs12/p12_attr.c --- openssl-0_9_8/crypto/pkcs12/p12_attr.c Wed Nov 05 19:36:46 2008 +++ openssl-0_9_8-patched/crypto/pkcs12/p12_attr.c Mon Jun 15 01:44:07 2009 @@ -60,6 +60,12 @@ #include cryptlib.h #include openssl/pkcs12.h +#ifdef OPENSSL_SYS_NETWARE +/* Rename these functions to avoid name clashes on NetWare OS */ +#define uni2asc OPENSSL_uni2asc +#define asc2uni OPENSSL_asc2uni +#endif + /* Add a local keyid to a safebag */ int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, diff -ur openssl-0_9_8/crypto/pkcs12/p12_key.c openssl-0_9_8-patched/crypto/pkcs12/p12_key.c --- openssl-0_9_8/crypto/pkcs12/p12_key.c Wed Nov 05 19:36:46 2008 +++ openssl-0_9_8-patched/crypto/pkcs12/p12_key.c Mon Jun 15 01:45:14 2009 @@ -69,6 +69,12 @@ void h__dump (unsigned char *p, int len); #endif +#ifdef OPENSSL_SYS_NETWARE +/* Rename these functions to avoid name clashes on NetWare OS */ +#define uni2asc OPENSSL_uni2asc +#define asc2uni OPENSSL_asc2uni +#endif + /* PKCS12 compatible key/IV generation */ #ifndef min #define min(a,b) ((a) (b) ? (a) : (b)) diff -ur openssl-0_9_8/crypto/pkcs12/p12_utl.c openssl-0_9_8-patched/crypto/pkcs12/p12_utl.c --- openssl-0_9_8/crypto/pkcs12/p12_utl.c Wed Nov 05 19:36:47 2008 +++ openssl-0_9_8-patched/crypto/pkcs12/p12_utl.c Mon Jun 15 01:46:07 2009 @@ -60,6 +60,12 @@ #include cryptlib.h #include openssl/pkcs12.h +#ifdef OPENSSL_SYS_NETWARE +/* Rename these functions to avoid name clashes on NetWare OS */ +#define uni2asc OPENSSL_uni2asc +#define asc2uni OPENSSL_asc2uni +#endif + /* Cheap and nasty Unicode stuff */ unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen) diff -ur openssl-0_9_8/crypto/pkcs12/pkcs12.h openssl-0_9_8-patched/crypto/pkcs12/pkcs12.h --- openssl-0_9_8/crypto/pkcs12/pkcs12.h Wed Nov 05 19:36:47 2008 +++ openssl-0_9_8-patched/crypto/pkcs12/pkcs12.h Mon Jun 15 02:22:56 2009 @@ -232,9 +232,14 @@ const EVP_MD *md_type); int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, const EVP_MD *md_type); +#if defined(NETWARE) || defined(OPENSSL_SYS_NETWARE) +/* Rename these functions to avoid name clashes on NetWare OS */ +unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen); +char *OPENSSL_uni2asc(unsigned char *uni, int unilen); +#else unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen); char *uni2asc(unsigned char *uni, int unilen); - +#endif DECLARE_ASN1_FUNCTIONS(PKCS12) DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA) DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG)
Re: [openssl.org #1946] Resolved: [PATCH] NetWare fix compilr break in
Hi Steve, Stephen Henson via RT schrieb: According to our records, your request has been resolved. If you have any further questions or concerns, please respond to this message. I admit that I probably didnt test carefully enough; the NetWare CLIB builds get now with older SDK a redefine due to the fact that dtls1.h is used by some other C files which include the winsock header before dtls1.h and thus get the timeval struct defined via winsock2.h; so at the moment I see no other way than to check too for _WINSOCK2API_ : diff -ur openssl-0_9_8\ssl\dtls1.h openssl-0_9_8-patched\ssl\dtls1.h --- openssl-0_9_8\ssl\dtls1.h Fri Jun 05 17:05:10 2009 +++ openssl-0_9_8-patched\ssl\dtls1.h Mon Jun 15 01:34:57 2009 @@ -65,7 +65,7 @@ #ifdef OPENSSL_SYS_WIN32 /* Needed for struct timeval */ #include winsock.h -#elif defined(OPENSSL_SYS_NETWARE) +#elif (defined(OPENSSL_SYS_NETWARE) !defined(_WINSOCK2API_)) #include sys/timeval.h #endif this seems to work fine with all our 4 build flavours. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
need some clarification about the BN_LLONG define
All, some longer time ago I posted a patch to remove the BN_LLONG define for NetWare CLIB builds. This was for two reasons: I could remove the dependency on CodeWarrior's runtime library + I was able to build with gcc where I had no CLIB-based runtime at all. I assumed that the BN_LLONG define controls whether OpenSSL either uses 64-bit arith from the OS, or some own replacements; and compilation went fine without BN_LLONG defined. Some time later I found that the bnllong test at least produced another output as what I got with the LIBC builds where BN_LLONG is defined; but unfortunately I was very short with time, and my mail account was busted and even more worse I couldnt subscribe with my new account - so all these things held me up looking further into it. Now due to a couple of recent changes I see that currently all 3 branches HEAD, 1_0_0 and 0_9_8 are broken for NetWare, and one of these breaks is that compilation for CLIB does no longer work without having BN_LLONG defined with 0_9_8 branch: d1_pkt.c: In function `dtls1_read_bytes': d1_pkt.c:760: incompatible type for argument 3 of `dtls1_buffer_record' make[1]: *** [d1_pkt.o] Error 1 though branches 1_0_0 and HEAD compile fine; I think because the prototype is different: static int dtls1_buffer_record(SSL *s, record_pqueue *q, unsigned char *priority); while with 0_9_8 we have: static int dtls1_buffer_record(SSL *s, record_pqueue *q, PQ_64BIT priority); line 760 / 0_9_8 and line 803 / 1_0_0 and HEAD is: dtls1_buffer_record(s, (s-d1-buffered_app_data), 0); maybe the prototype from 1_0_0/HEAD needs backported to 0_9_8 branch? Then I would also like to get some clarification about the BN_LLONG define, and if its valid to compile without this define for a 32-bit platform? thanks, Günter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #1943] [PROPOSAL] rename uni2asc asc2uni because of naming conflict
Hi Steve, Stephen Henson via RT schrieb: Renaming global functions on a stable branch isn't something we normally do due to binary compatibility issues. Could this stuff be conditional for Netware at least in 0.9.8? sure, though I thought since the tests are anyway called by openssl-own scripts this wouldnt be an issue ... Also no idea yet how to do it conditional? Some hacking in the generated makefiles you have in mind? Günter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #1943] [PROPOSAL] rename uni2asc asc2uni because of naming conflict
Hi Steve, Stephen Henson via RT schrieb: Renaming global functions on a stable branch isn't something we normally do due to binary compatibility issues. Could this stuff be conditional for Netware at least in 0.9.8? sure, though I thought since the tests are anyway called by openssl-own scripts this wouldnt be an issue ... Also no idea yet how to do it conditional? Some hacking in the generated makefiles you have in mind? Günter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #1943] [PROPOSAL] rename uni2asc asc2uni because of naming conflict
Hi Steve, Guenter schrieb: sure, though I thought since the tests are anyway called by openssl-own scripts this wouldnt be an issue ... Also no idea yet how to do it conditional? Some hacking in the generated makefiles you have in mind? sorry, I had just the other bug in mind which Norm posted about renaming the tests. Sure, we can do the renaming of the functions #ifdef'd for OPENSSL_SYS_NETWARE, no prob. Günter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #1943] [PROPOSAL] rename uni2asc asc2uni because of naming conflict
Hi Steve, Guenter schrieb: sure, though I thought since the tests are anyway called by openssl-own scripts this wouldnt be an issue ... Also no idea yet how to do it conditional? Some hacking in the generated makefiles you have in mind? sorry, I had just the other bug in mind which Norm posted about renaming the tests. Sure, we can do the renaming of the functions #ifdef'd for OPENSSL_SYS_NETWARE, no prob. Günter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #1946] [PATCH] NetWare fix compilr break in
Hi, NetWare compile of openssl-0.9.8-stable breaks in ssl/s2_meth.c with: outinc_nw_libc\openssl\dtls1.h:217: illegal use of incomplete struct/union/ outinc_nw_libc\openssl\dtls1.h:217: class 'struct timeval' find below / attached the patch against openssl-0.9.8-stable-SNAP-20090601 which fixes this issue: --- ssl/dtls1.h.origFri May 29 15:04:04 2009 +++ ssl/dtls1.h Mon Jun 01 18:37:20 2009 @@ -65,6 +65,8 @@ #ifdef OPENSSL_SYS_WIN32 /* Needed for struct timeval */ #include winsock.h +#elif defined(OPENSSL_SYS_NETWARE) +#include sys/timeval.h #endif #ifdef __cplusplus --- ssl/dtls1.h.orig Fri May 29 15:04:04 2009 +++ ssl/dtls1.h Mon Jun 01 18:37:20 2009 @@ -65,6 +65,8 @@ #ifdef OPENSSL_SYS_WIN32 /* Needed for struct timeval */ #include winsock.h +#elif defined(OPENSSL_SYS_NETWARE) +#include sys/timeval.h #endif #ifdef __cplusplus
Re: [openssl.org #1946] [PATCH] NetWare fix compile break in ssl/s2_meth.c
find below / attached the patch against openssl-0.9.8-stable-SNAP-20090601 which fixes this issue: --- ssl/dtls1.h.orig Fri May 29 15:04:04 2009 +++ ssl/dtls1.h Mon Jun 01 18:37:20 2009 @@ -65,6 +65,8 @@ #ifdef OPENSSL_SYS_WIN32 /* Needed for struct timeval */ #include winsock.h +#elif defined(OPENSSL_SYS_NETWARE) +#include sys/timeval.h #endif #ifdef __cplusplus same patch applies cleanly to openssl-1.0.0-stable-SNAP-20090601 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
bf_enc.c:118: warning: array subscript is above array bounds
Hi, when I build OpenSSL 0.9.8-stable on SuSE 11.1 x86_64 I see a couple of warnings like: bf_enc.c:118: warning: array subscript is above array bounds beside the array warnings there are some more but probably less important warnings: bn_div.c: In function ‘BN_div’: bn_div.c:339: warning: unused variable ‘qh’ bn_div.c:339: warning: unused variable ‘ql’ bn_div.c: In function ‘BN_div_no_branch’: bn_div.c:563: warning: unused variable ‘qh’ bn_div.c:563: warning: unused variable ‘ql’ asm/x86_64-gcc.c:98:1: warning: sqr redefined In file included from asm/x86_64-gcc.c:1: asm/../bn_lcl.h:347:1: warning: this is the location of the previous definition full build log can be viewed here: http://svwe10.itex.at/~hacki/openssl-0.9.8-stable-SNAP-20090601_build_x86_64.txt Günter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #1943] [PROPOSAL] rename uni2asc asc2uni because of naming conflict
in NetWare we have the uni2asc() and asc2uni() functions provided by the OS. This problem was already brought to this lists attention by Verdon Walker from Novell (original NetWare port author) mid of 2002: http://www.mail-archive.com/openssl-dev@openssl.org/msg12289.html unfortunately this was not changed up to now. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #1944] [PATCH] mingw32 fix compiler warning
Hi, find below a simple patch against openssl-0.9.8k which kills a gcc compiler warning about missing braces ... --- openssl-0.9.8k.orig/crypto/dso/dso_win32.c 2006-01-15 18:28:35.0 +0100 +++ openssl-0.9.8k/crypto/dso/dso_win32.c 2009-05-24 01:51:09.0 +0200 @@ -327,8 +327,8 @@ memset(result, 0, sizeof(struct file_st)); position = IN_DEVICE; - if(filename[0] == '\\' filename[1] == '\\' - || filename[0] == '/' filename[1] == '/') + if((filename[0] == '\\' filename[1] == '\\') + || (filename[0] == '/' filename[1] == '/')) { position = IN_NODE; filename += 2; __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #1945] [PATCH] NetWare fix for compilation break with nonexisting include
the NetWare CLIB platform has no strings.h header, and therefore compilation breaks in crypto/o_str.c: --- crypto/o_str.c.orig Sat Mar 29 15:22:50 2008 +++ crypto/o_str.c Mon May 18 20:52:04 2009 @@ -60,7 +60,9 @@ #include e_os.h #include o_str.h -#if !defined(OPENSSL_IMPLEMENTS_strncasecmp) !defined(OPENSSL_SYSNAME_WIN32) +#if !defined(OPENSSL_IMPLEMENTS_strncasecmp) \ +!defined(OPENSSL_SYSNAME_WIN32) \ +!defined(NETWARE_CLIB) # include strings.h #endif __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[PATCH] NetWare fix compilr break in
Hi, NetWare compile of openssl-0.9.8-stable breaks in ssl/s2_meth.c with: outinc_nw_libc\openssl\dtls1.h:217: illegal use of incomplete struct/union/ outinc_nw_libc\openssl\dtls1.h:217: class 'struct timeval' find below / attached the patch against openssl-0.9.8-stable-SNAP-20090601 which fixes this issue: --- ssl/dtls1.h.origFri May 29 15:04:04 2009 +++ ssl/dtls1.h Mon Jun 01 18:37:20 2009 @@ -65,6 +65,8 @@ #ifdef OPENSSL_SYS_WIN32 /* Needed for struct timeval */ #include winsock.h +#elif defined(OPENSSL_SYS_NETWARE) +#include sys/timeval.h #endif #ifdef __cplusplus --- ssl/dtls1.h.orig Fri May 29 15:04:04 2009 +++ ssl/dtls1.h Mon Jun 01 18:37:20 2009 @@ -65,6 +65,8 @@ #ifdef OPENSSL_SYS_WIN32 /* Needed for struct timeval */ #include winsock.h +#elif defined(OPENSSL_SYS_NETWARE) +#include sys/timeval.h #endif #ifdef __cplusplus
Re: [openssl.org #1943] [PROPOSAL] rename uni2asc asc2uni because of naming conflict
Added attached patches against 0.9.8-stable and 1.0.0-stable. diff -ur openssl-0.9.8-stable-SNAP-20090531.orig/apps/pkcs12.c openssl-0.9.8-stable-SNAP-20090531/apps/pkcs12.c --- openssl-0.9.8-stable-SNAP-20090531.orig/apps/pkcs12.c 2008-11-06 06:01:11.0 +1100 +++ openssl-0.9.8-stable-SNAP-20090531/apps/pkcs12.c 2009-06-01 10:49:47.859375000 +1000 @@ -929,7 +929,7 @@ av = sk_ASN1_TYPE_value(attr-value.set, 0); switch(av-type) { case V_ASN1_BMPSTRING: - value = uni2asc(av-value.bmpstring-data, + value = OPENSSL_uni2asc(av-value.bmpstring-data, av-value.bmpstring-length); BIO_printf(out, %s\n, value); OPENSSL_free(value); diff -ur openssl-0.9.8-stable-SNAP-20090531.orig/crypto/pkcs12/p12_attr.c openssl-0.9.8-stable-SNAP-20090531/crypto/pkcs12/p12_attr.c --- openssl-0.9.8-stable-SNAP-20090531.orig/crypto/pkcs12/p12_attr.c 2008-11-06 06:01:21.0 +1100 +++ openssl-0.9.8-stable-SNAP-20090531/crypto/pkcs12/p12_attr.c 2009-06-01 10:49:44.796875000 +1000 @@ -139,7 +139,7 @@ ASN1_TYPE *atype; if (!(atype = PKCS12_get_attr(bag, NID_friendlyName))) return NULL; if (atype-type != V_ASN1_BMPSTRING) return NULL; - return uni2asc(atype-value.bmpstring-data, + return OPENSSL_uni2asc(atype-value.bmpstring-data, atype-value.bmpstring-length); } diff -ur openssl-0.9.8-stable-SNAP-20090531.orig/crypto/pkcs12/p12_key.c openssl-0.9.8-stable-SNAP-20090531/crypto/pkcs12/p12_key.c --- openssl-0.9.8-stable-SNAP-20090531.orig/crypto/pkcs12/p12_key.c 2008-11-06 06:01:21.0 +1100 +++ openssl-0.9.8-stable-SNAP-20090531/crypto/pkcs12/p12_key.c 2009-06-01 10:44:00.109375000 +1000 @@ -84,7 +84,7 @@ if(!pass) { unipass = NULL; uniplen = 0; - } else if (!asc2uni(pass, passlen, unipass, uniplen)) { + } else if (!OPENSSL_asc2uni(pass, passlen, unipass, uniplen)) { PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE); return 0; } diff -ur openssl-0.9.8-stable-SNAP-20090531.orig/crypto/pkcs12/p12_utl.c openssl-0.9.8-stable-SNAP-20090531/crypto/pkcs12/p12_utl.c --- openssl-0.9.8-stable-SNAP-20090531.orig/crypto/pkcs12/p12_utl.c 2008-11-06 06:01:21.0 +1100 +++ openssl-0.9.8-stable-SNAP-20090531/crypto/pkcs12/p12_utl.c 2009-06-01 10:49:41.484375000 +1000 @@ -62,7 +62,7 @@ /* Cheap and nasty Unicode stuff */ -unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen) +unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen) { int ulen, i; unsigned char *unitmp; @@ -81,7 +81,7 @@ return unitmp; } -char *uni2asc(unsigned char *uni, int unilen) +char *OPENSSL_uni2asc(unsigned char *uni, int unilen) { int asclen, i; char *asctmp; diff -ur openssl-0.9.8-stable-SNAP-20090531.orig/crypto/pkcs12/pkcs12.h openssl-0.9.8-stable-SNAP-20090531/crypto/pkcs12/pkcs12.h --- openssl-0.9.8-stable-SNAP-20090531.orig/crypto/pkcs12/pkcs12.h 2008-11-06 06:01:21.0 +1100 +++ openssl-0.9.8-stable-SNAP-20090531/crypto/pkcs12/pkcs12.h 2009-06-01 10:49:38.765625000 +1000 @@ -232,8 +232,8 @@ const EVP_MD *md_type); int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, const EVP_MD *md_type); -unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen); -char *uni2asc(unsigned char *uni, int unilen); +unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen); +char *OPENSSL_uni2asc(unsigned char *uni, int unilen); DECLARE_ASN1_FUNCTIONS(PKCS12) DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA) diff -ur openssl-1.0.0-stable-SNAP-20090531.orig/apps/pkcs12.c openssl-1.0.0-stable-SNAP-20090531/apps/pkcs12.c --- openssl-1.0.0-stable-SNAP-20090531.orig/apps/pkcs12.c 2008-11-06 05:38:51.0 +1100 +++ openssl-1.0.0-stable-SNAP-20090531/apps/pkcs12.c 2009-06-01 11:08:55.09375 +1000 @@ -923,7 +923,7 @@ av = sk_ASN1_TYPE_value(attr-value.set, 0); switch(av-type) { case V_ASN1_BMPSTRING: - value = uni2asc(av-value.bmpstring-data, + value = OPENSSL_uni2asc(av-value.bmpstring-data, av-value.bmpstring-length); BIO_printf(out, %s\n, value); OPENSSL_free(value); diff -ur openssl-1.0.0-stable-SNAP-20090531.orig/crypto/pkcs12/p12_attr.c openssl-1.0.0-stable-SNAP-20090531/crypto/pkcs12/p12_attr.c --- openssl-1.0.0-stable-SNAP-20090531.orig/crypto/pkcs12/p12_attr.c 2008-11-06 05:39:00.0 +1100 +++ openssl-1.0.0-stable-SNAP-20090531/crypto/pkcs12/p12_attr.c 2009-06-01 11:08:43.62500 +1000 @@ -139,7 +139,7 @@ ASN1_TYPE *atype; if (!(atype = PKCS12_get_attr(bag, NID_friendlyName))) return NULL; if (atype-type != V_ASN1_BMPSTRING) return NULL; - return uni2asc(atype-value.bmpstring-data, + return OPENSSL_uni2asc(atype-value.bmpstring-data, atype-value.bmpstring-length); } diff -ur openssl-1.0.0-stable-SNAP-20090531.orig/crypto/pkcs12/p12_key.c
Re: [PROPOSAL] rename uni2asc asc2uni because of naming conflict
Hi, Ger Hobbelt schrieb: It's advised to register this at the OpenSSL issue tracker by forwarding this to r...@openssl.org It's no guarantee to get serviced pronto, but at least it'll get the attention of the core devs when they have time. (The jury is still undecided on the statistics, but providing a patch as attachment /may/ help getting served. Also mention it's clashing under Netware in the subject header to make this particular bit pop up on the RT screens more prominently.) sure, no prob, also creating a patch is no prob; though I was hoping that Steve (who seems to have written these functions 10 years ago) would comment a bit on them: why were these two functions not prefixed with PKCS12_ like all other functions from the beginning on? Where they perhaps never meant for exporting but as internal functions only? A patch would depend on this info I think. thanks, Gün. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[PATCH] netware fix for compile break nonexisting include
Hi, the NetWare CLIB platform has no strings.h header, and therefore compilation breaks in crypto/o_str.c: --- crypto/o_str.c.orig Sat Mar 29 15:22:50 2008 +++ crypto/o_str.c Mon May 18 20:52:04 2009 @@ -60,7 +60,9 @@ #include e_os.h #include o_str.h -#if !defined(OPENSSL_IMPLEMENTS_strncasecmp) !defined(OPENSSL_SYSNAME_WIN32) +#if !defined(OPENSSL_IMPLEMENTS_strncasecmp) \ +!defined(OPENSSL_SYSNAME_WIN32) \ +!defined(NETWARE_CLIB) # include strings.h #endif thanks, Günter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[PATCH] mingw32 fix compiler warning
Hi, find below a simple patch against openssl-0.9.8k which kills a gcc compiler warning about missing braces ... --- openssl-0.9.8k.orig/crypto/dso/dso_win32.c 2006-01-15 18:28:35.0 +0100 +++ openssl-0.9.8k/crypto/dso/dso_win32.c 2009-05-24 01:51:09.0 +0200 @@ -327,8 +327,8 @@ memset(result, 0, sizeof(struct file_st)); position = IN_DEVICE; - if(filename[0] == '\\' filename[1] == '\\' - || filename[0] == '/' filename[1] == '/') + if((filename[0] == '\\' filename[1] == '\\') + || (filename[0] == '/' filename[1] == '/')) { position = IN_NODE; filename += 2; greets, Günter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[PROPOSAL] rename uni2asc asc2uni because of naming conflict
Hi all, in NetWare we have the uni2asc() and asc2uni() functions provided by the OS. This problem was already brought to this lists attention by Verdon Walker from Novell (original NetWare port author) mid of 2002: http://www.mail-archive.com/openssl-dev@openssl.org/msg12289.html unfortunately this was not changed up to now. Now we are on the latest Subversion which can make use of the Serf library, and again we get the naming clashes. Any chance that the functions get renamed? thanks, Günter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Question about tlsext option with 0.9.8 (Steve?)
Hi Steve, just curious why enable-tlsext isnt enabled by default in 0.9.8 branch as it is with 0.9.9... is it some policy about introducing new features in stable branch? Thanks, Guenter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Question about ca-bundle.crt
Hi, there are some recommened methods for creating a ca-bundle.crt most use the openssl commandline with something like: openssl x509 -fingerprint -text -in infile -inform PEM outfile which produces a bunch of text info beside the PEM certs itself. Now I would like to know: - is anything of the text info relevant for the CA lookup for openssl? - is the lookup faster if I ommit the text info, and only write out the PEM certs? - is the fingerprint of any use for the lookup process? F.e. if I create a ca-bundle.crt with text info the file is ~542kb (114 CAs); if I create a ca-bundle.crt without text then its only ~183kb... Thanks, Guenter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Question about ca-bundle.crt
Hi Steve, None of text info (including fingerprint) is used during the lookup process. Omitting it makes the file shorter and makes it slightly quicker to read initially but has no effect after that. thanks for your quick reply! Guenter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
[PROPOSAL] provide 7z snapshot archives for download
Hi, the 7-Zip archiver has recently become very popular because of its good compression rate; f.e. recent snapshot is about 34% smaller when packed with 7z compared to tar.gz: -rw-r--r-- 1 root root 2484981 Jan 5 17:28 openssl-SNAP-20080105.7z -rw-r--r-- 1 root root 3781438 Jan 5 17:27 openssl-SNAP-20080105.tar.gz For Linux there's a 7za source and binary commandline available from here: http://p7zip.sourceforge.net/ The Win32 GUI and commandline version is available from here: http://www.7-zip.org/ I dont want to propose here to just replace tar.gz with 7z, but I think it would be cool if we could have most recent snapshot additionally in 7z format. Guenter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #1611] [PATCH] NetWare platform OpenSSL 0.9.8g
Hi Steve, Patches applied. thanks again - just tested with latest 0.9.9-dev snapshot, and all builds to completion! That's very great!! Copying is now down with the perl script copy.pl to avoid some problems with using copy. ok, not yet checked the install target, but will soon do Well the WIN32 build (and mk1mf.pl) didn't include some of the latest assembly language files. The AES_ASM_OBJ string needed to be added in another place to avoid it adding the object suffix. aahh... I've now updated the WIN32 build system to use AES and some of the other assembly language files for SHA2 as well. You might want to do something similar for the netware build. yes, sure! I've added the two new ones sha256 and sha512 to the NetWare build system, and also added Andy's autodetection of nasm - nasmw: http://194.242.35.79/downloads/openssl/netware-openssl-SNAP-20080104.diff now what's not clear to me is how the other sources get aware of existance of the sha2* asm objects? They get created and compiled, but I didnt see a new define like -DSHA2_ASM which tells the *.c files to plugin the asm stuff... greets, Guenter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #1611] [PATCH] NetWare platform OpenSSL 0.9.8g
Hi Steve, Applied. thanks again! There are a couple of new ones which I'd initially omitted from the Windows build: -DSHA256_ASM and -DSHA512_ASM. ok - then I need these also in netware.pl - see patch below and attached: --- netware.pl.orig Fri Jan 04 13:05:02 2008 +++ netware.pl Fri Jan 04 20:33:27 2008 @@ -332,7 +332,8 @@ $whirlpool_asm_src=crypto${o}whrlpool${o}asm${o}wp-nw.asm; $cpuid_asm_obj=\$(OBJ_D)${o}x86cpuid-nw${obj}; $cpuid_asm_src=crypto${o}x86cpuid-nw.asm; - $cflags.= -DOPENSSL_CPUID_OBJ -DBN_ASM -DOPENSSL_BN_ASM_PART_WORDS -DMD5_ASM -DSHA1_ASM -DWHIRLPOOL_ASM; + $cflags.= -DOPENSSL_CPUID_OBJ -DBN_ASM -DOPENSSL_BN_ASM_PART_WORDS -DMD5_ASM -DWHIRLPOOL_ASM; + $cflags.= -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM; $cflags.= -DAES_ASM -DRMD160_ASM; } else Creating the things in the batch file seems a bit of a hack and they could be handled in the makefile in the same way as the Unix build. The Configure script also works out things like CFLAGS for the relevant options. The WIN32 build partly duplicates this functionality, it should really just pick up whatever options the Configure script has decided. hmm, since the configure script is written in Perl I was also already thinking if we could work with that only If I have next some spare time I will give it a try, and try to figure out what's adaptable from Unix world thanks, Guen. netware.pl.diff Description: Binary data
[PATCH] crypto/perlasm/x86nasm.pl fix cast asm
Hi, due to recent changes in 0.9.9-dev to x86nasm.pl the cast nasm output is now broken; when external labes are defined only the first appears in the asm code - but the cast asm contains 4 external labes at the top: extern CAST_S_table0 extern CAST_S_table1 extern CAST_S_table2 extern CAST_S_table3 here's the patch which seems to fix that: --- x86nasm.pl.orig Fri Dec 21 12:09:02 2007 +++ x86nasm.pl Fri Dec 21 12:30:36 2007 @@ -125,7 +125,7 @@ sub ::comment { foreach (@_) { push(@out,\t; $_\n); } } sub ::external_label -{ push(@out,${drdecor}extern\t.::LABEL($_[0],$nmdecor.$_[0]).\n); } +{ foreach (@_) { push(@out,${drdecor}extern\t.::LABEL($_,$nmdecor.$_).\n); } } sub ::public_label { push(@out,${drdecor}global\t.::LABEL($_[0],$nmdecor.$_[0]).\n); } the patch might have fuzz because I need to apply another patch for coff output (as posted already earlier - #1611). thanks, Guenter. x86nasm.pl.diff Description: Binary data
Re: [openssl.org #1611] [PATCH] NetWare platform OpenSSL 0.9.8g
Hi, would be great if someone could take a look at my patches for both 0.9.8.next and 0.9.9-dev which I posted to RT #1611 before they're out of sync again... 95% is anyway only netware-build related, only few common files are touched. thanks! Guenter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
[openssl.org #1628] [PATCH] crypto/perlasm/x86nasm.pl fix cast asm
Hi, due to recent changes in 0.9.9-dev to x86nasm.pl the cast nasm output is now broken; when external labes are defined only the first appears in the asm code - but the cast asm contains 4 external labes at the top: extern CAST_S_table0 extern CAST_S_table1 extern CAST_S_table2 extern CAST_S_table3 here's the patch which seems to fix that: --- x86nasm.pl.orig Fri Dec 21 12:09:02 2007 +++ x86nasm.pl Fri Dec 21 12:30:36 2007 @@ -125,7 +125,7 @@ sub ::comment { foreach (@_) { push(@out,\t; $_\n); } } sub ::external_label -{ push(@out,${drdecor}extern\t.::LABEL($_[0],$nmdecor.$_[0]).\n); } +{ foreach (@_) { push(@out,${drdecor}extern\t.::LABEL($_,$nmdecor.$_).\n); } } sub ::public_label { push(@out,${drdecor}global\t.::LABEL($_[0],$nmdecor.$_[0]).\n); } the patch might have fuzz because I need to apply another patch for coff output (as posted already earlier - #1611). thanks, Guenter. x86nasm.pl.diff Description: Binary data
Re: [openssl.org #1627] Compilation of 0.9.8g failed on WinXP/VS2005
Hi Andy, http://cvs.openssl.org/chngview?cn=16832. nice hack, and useful for me too; I copied the lines you used into a separate script: my $ver=`nasm -v`; my $vew=`nasmw -v`; # pick newest version $asm=($ver gt $vew?nasm:nasmw). -f win32; print We use: $asm\n\n; however when nasm.exe is not found it looks like this: C:\test_perltestnasm.pl 'nasm' is not recognized as an internal or external command, operable program or batch file. We use: nasmw -f win32 therefore I'd suggest to modify this to catch the stderr output: my $ver=`nasm -v 2NULL`; my $vew=`nasmw -v 2NULL`; # pick newest version $asm=($ver gt $vew?nasm:nasmw). -f win32; Guenter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #1627] Compilation of 0.9.8g failed on WinXP/VS2005
Hi Andy, therefore I'd suggest to modify this to catch the stderr output: my $ver=`nasm -v 2NULL`; my $vew=`nasmw -v 2NULL`; # pick newest version $asm=($ver gt $vew?nasm:nasmw). -f win32; sorry, of course should be: my $ver=`nasm -v 2NUL`; my $vew=`nasmw -v 2NUL`; Guenter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #1611] [PATCH] NetWare platform OpenSSL 0.9.8g
Hi Steve, Patches applied. thanks very much! I didn't include the change to mk1mf.pl that changed the install command for the include files though. The *.[ch] version is needed in WIN32 to include applink.c hmmm, since I compile on Win32 too I wonder how this actually works; cmd.exe at least bails out at this Let me know if that's a problem, or any other issues. can we perhaps split it into two lines? one for *.h and one for *.c would do in any case and another small issue I have not found the solution for: I addded for 0.9.9-dev the AES assembler code in mk1mf.pl, but for whatever reason it doesnt work correctly although I just copied the stuff over from 0.9.8x where it is already implemented this code: +AES_ASM_OBJ=$aes_asm_obj +AES_ASM_SRC=$aes_asm_src + if (($aes_asm_obj ne ) ($_ eq CRYPTO)) + { + $lib_obj =~ s/\s(\S*\/aes_core\S*)/ \$(AES_ASM_OBJ)/; + $lib_obj =~ s/\s\S*\/aes_cbc\S*//; + $rules.=do_asm_rule($aes_asm_obj,$aes_asm_src); + } gives me in my makefile: ... $(OBJ_D)\aes_ige.o $(OBJ_D)\$(AES_ASM_OBJ).o $(OBJ_D)\cmll_ecb.o \ ... while all other asm stuff gets properly replaced. f.e.: ... $(OBJ_D)\c_ecb.o $(CAST_ENC_OBJ) $(OBJ_D)\c_cfb64.o \ ... Do you have an idea what I'm missing here? greets, Guen. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
[PATCH] crypto/perlasm/x86nasm.pl fix cast asm
Hi, due to recent changes to x86nasm.pl the cast nasm output is now broken; when external labes are defined only the first appears in the asm code - but the cast asm contains 4 external labes at the top: extern CAST_S_table0 extern CAST_S_table1 extern CAST_S_table2 extern CAST_S_table3 here's the patch which seems to fix that: --- x86nasm.pl.orig Fri Dec 21 12:09:02 2007 +++ x86nasm.pl Fri Dec 21 12:30:36 2007 @@ -125,7 +125,7 @@ sub ::comment { foreach (@_) { push(@out,\t; $_\n); } } sub ::external_label -{ push(@out,${drdecor}extern\t.::LABEL($_[0],$nmdecor.$_[0]).\n); } +{ foreach (@_) { push(@out,${drdecor}extern\t.::LABEL($_,$nmdecor.$_).\n); } } sub ::public_label { push(@out,${drdecor}global\t.::LABEL($_[0],$nmdecor.$_[0]).\n); } the patch might have fuzz because I need to apply another patch for coff output (as posted already earlier). thanks, Guenter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Administrivia and seasons greetings
Hi Lutz, Replies to active tickets are handled automatically. I've a ticket open where I posted a couple of times updates: http://rt.openssl.org/index.html?q=1611 but nothing of these appear here on the list - although they are properly listed with #1611... can you tell me what I'm probably doing wrong? thanks, Guenter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: hello
Hi Ohad, 'hello' is not a very appropriate subject for list posts and I would like to know 2 things : 1.how can I create the.rnd file at temp folder and not under C:\ 2.how can I change the value of : commonName_default = local_machine_name whice is located at : [ req_distinguished_name ] to hold the computer name . you can change these things in your openssl.cnf; 1.) --- RANDFILE= $ENV::HOME/.rnd +++ RANDFILE= $ENV::TEMP/.rnd 2.) commonName_default = $ENV::USERDOMAIN HTH, Guenter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [PATCH] NetWare platform
Hi Andy, No, this particular instruction is not a problem, as it's essentially different ways to encode same thing (for reference, gnu assembler also uses shorter encoding). But it's right track, because it appears that metrowerks gets into trouble when the value exceeds 127. It fails to recognize that in this case compact encoding means sign extension. Most notably elsewhere nasm generates 8B94248000, mov edx,[esp+0x80], while metrowerks generates 8B542480, which disassembles as mov edx,[esp-0xff80]. edx is then dereferenced and written to, which causes unpredicted behavior, such as crash some place else. bingo! You nailed down the issue here! Its exactly that place. Since I'm clueless what you meant with 'removing padding in rmd-586.pl', for a test I did just replace the 'mov edx,[128+esp]' with the byte sequence NASM generated (at 2 places in the asm file), and with that the test suite successfully completed. Even though it's possible to work around this particular problem (by removing padding in rmd-586.pl), it's probably more appropriate to simply scrap metrowerks assembler support. Because one can't know when the bug strikes again and it's nothing but absurd to wait for this to happen. A. well, I can fully understand your point of view; but since the support for the Metrowerks assembler is anyway already in the sources for years, I would really like to keep that. It's anyway always recommened to run the test suite, and it seems that this reveals problems with the asm code, if any. Can you perhaps propose a patch which I could try? Then I would also like to do some performance measurements; how can I do that? I would like to compare the GNU / NASM / Metrowerks builds. thanks, Guenter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [PATCH] NetWare platform
Hi Andy, Is it possible to link object modules compiled with nasm with object modules compiled with codewarrior? It might appear as silly question, but I know nothing about netware, while it sounds like some of netware development environments are cross-compile... yes. There are a couple of different ways to compile for NetWare platform: - Metrowerks CodeWarrior C (official compiler, commercial) runing on Win32; produces COFF object code, and can be linked with NASM COFF object code. - gcc cross-compiler running on either Win32 or Linux; produces ELF object code, and can be linked with NASM ELF object code. - native Linux gcc + nlmconv (binutils); that's basically same as with cross-compiler, but lack of C++. It's not about amount, but rather about not willing to support something that is commonly tested. With nasm one can at least assume that it has same qualities on all platforms, and it's commonly tested on some other platform. yes, I understand. thanks for your reply! Guenter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [PATCH] NetWare platform
Hi Andy, How come you were having trouble with .text segment alignment then? I I dont know... mean if it's vanilla NASM COFF, then you shouldn't have had problem... How old is your nasm version? Could you check this and maybe test more up-to-date version? Or is it non-vanilla COFF? plain vanilla COFF and latest nasm versions; check self: D:\openssl-SNAP-20071203\crypto\aes\asmaes-586.pl nw-nasm a-nw.asm D:\openssl-SNAP-20071203\crypto\aes\asmnasmw -v NASM version 0.99.06 compiled on Nov 1 2007 D:\openssl-SNAP-20071203\crypto\aes\asmnasmw -s -f coff a-nw.asm -o a-nw.o a-nw.asm:4: error: standard COFF does not support section alignment specificatio n D:\openssl-SNAP-20071203\crypto\aes\asme:\nasm-2.00rc1\nasm -v NASM version 2.00rc1 compiled on Nov 16 2007 D:\openssl-SNAP-20071203\crypto\aes\asme:\nasm-2.00rc1\nasm -s -f coff a-nw.asm -o a-nw.o a-nw.asm:4: error: standard COFF does not support section alignment specificatio n ELF even on Win32? Then on Win32, do you compile under cygwin or mingw? Or in other words is there working GNU make? The point is that HEAD plain Win32 OS with gnu make, no further autoconf tools required. branch has certain support for cross-compilation, effectively meaning that Unix-like build procedure can be applied (as opposite to generating flat make-file and running some strange scripts), which is chosen to be preferred. This in turn means that I'd appreciate if you could explore this possibility. Basically read INSTALL.W32, look for cross-compile and see if HEAD can be adapted for this even for netware. A. The Linux cross-builds are already non-mk1mf builds, and the libs are not an issue; but the executables like openssl.nlm are a bit a pain to get these properly created with configure-like builds; its better to control the exported symbols with export files - but if I use configure builds then just all symbols get exported as usual on Linux, and that's not what makes me happy since it might give naming clashes; so for now I would like to continue to use the working mk1mf builds on Win32. Also there's another problem were only with the 'official' Metrowerks compiler I can control struct alignments; gcc learned this only recently with 4.1.x version I think, but the available NetWare-cross gcc is still version 3.2.3 Another issue is that unless my patches go into HEAD I always have to patch around all few days to syncronize with the recent changes in HEAD; and that on two build platforms is a real pain... so once my other required patches are in HEAD I can certainly better look into any remaining issues or improvements such as trying a cross-build with MingW MSYS. here's my latest patch against recent snapshot: http://194.242.35.79/downloads/openssl/netware-openssl-SNAP-20071203.diff while trying to add the AES asm support I found that currently in HEAD the AES asm part is missing in mk1mf.pl - my patch does also add this part which I copied over from 0.9.8-stable where its included; however it seems that I'm missing something since it doesnt work: while I get the asm build rules in the netware makefile - somewhere else where the crypt library object files are build up there happens something strange = the asm object file is wrong; it gets prefixed with $(OBJ_D) and suffixed with '.o' which is wrong in this case; I've not yet found where this happens... thanks, Guenter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [PATCH] NetWare platform
Hi, while trying to add the AES asm support I found that currently in HEAD the AES asm part is missing in mk1mf.pl - my patch does also add this part which I copied over from 0.9.8-stable where its included; however it seems that I'm missing something since it doesnt work: while I get the asm build rules in the netware makefile - somewhere else where the crypt library object files are build up there happens something strange = the asm object file is wrong; it gets prefixed with $(OBJ_D) and suffixed with '.o' which is wrong in this case; I've not yet found where this happens... ok, of course this happens in mk1mf.pl too with the regex I've copied over from 0.9.8-stable - but I cant currently figure out why the regex fails; without AES asm I get in the makefile: $(OBJ_D)\aes_ctr.o $(OBJ_D)\aes_ige.o $(OBJ_D)\aes_core.o \ $(OBJ_D)\aes_cbc.o $(OBJ_D)\cmll_ecb.o $(OBJ_D)\cmll_ofb.o \ while with AES asm enabled I get: $(OBJ_D)\aes_ctr.o $(OBJ_D)\aes_ige.o $(OBJ_D)\$(AES_ASM_OBJ).o \ $(OBJ_D)\cmll_ecb.o $(OBJ_D)\cmll_ofb.o $(OBJ_D)\cmll_cfb.o \ wich explains the prob; however I cant see why the replacement regex in mk1mf.pl fails in this case; this is what I copied over: if (($aes_asm_obj ne ) ($_ eq CRYPTO)) { $lib_obj =~ s/\s(\S*\/aes_core\S*)/ \$(AES_ASM_OBJ)/; $lib_obj =~ s/\s\S*\/aes_cbc\S*//; $rules.=do_asm_rule($aes_asm_obj,$aes_asm_src); } all the other regex substitutes work fine Guenter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [PATCH] NetWare platform
Hi Andy, Could you define crashes? Does application exit with an error code or does application abnormally terminate so that OS offers to or does create a core dump (or whatever it's called in NetWare)? core dump. Does it mean that the C code in these two cases is compiled with same compiler and same compiler flags? In other words can you confirm that replacing single object file, one compiled with nasm with one compiled with metrowerks, triggers the fault? yes. Output seems to be 16-bit and cover whole file (as opposite to disassembling executable segment only). In other words it's pretty worthless. Could you see you ndisasm manual and look for 32-bit flag and disassemble code only. Former is absolutely crucial to use, presuming that it will synchronize at same instruction early enough. Please regenerate disassembler listings. A. done; and I believe the issue shows already up in the first lines at 0014: Metrowerks: http://www.gknw.net/test/openssl/0.9.8-stable/mwasm/rm-nw.dis NASM: http://www.gknw.net/test/openssl/0.9.8-stable/nasm/rm-nw.dis the asm code is: sub esp,108 NASM produces for that: 0014 81EC6C00 sub esp,0x6c while Metrowerks code is: 0014 83EC6Csub esp,byte +0x6c I've 3 different versions of the Metrowerks Assembler, and all produce same wrong code here... no idea yet how to tell the stupid assembler to deal properly with that... any hints what I should test welcome! thanks, Guenter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [PATCH] NetWare platform
Hi Andy, I assume ABEND.LOG is answer to this question... yup. But you still have to confirm that the fault is actually triggered by metrowerks assembler module. see my other post I just sent. On related note question is what prevents you from always using nasm? Or rather do we actually need to support for metrowerks assembler? Basically if there is one working configuration for netware, what do we need second one for? well, that wasnt my idea, but it was 'historically'. I guess The Novell folks who did the initial OpenSSL port just started with the Metrowerks Assembler since its part of the Compiler package, and developers got this package delivered; probably also for debugging reasons since Metrowerks CodeWarrior comes with an IDE with source-level debugger; though at the moment I dont have that IDE installed, but use commandline tools only which is far more flexible reagrding path settings etc. Bottom line. I'd rather consider omitting metrowerks assembler support. A. probably if there's no way to work around the issue; but currently it seems that only 2 out of the 13 asm files are affected - that are ripemd and aes (the rc4 fix I recently posted seems to work - and the aes code wasnt used at all up to now). BTW. can you tell me for what the CPUID asm code is good for? Well, I can imagine what it does, but I'm curious for what its used thanks for your replies! Guenter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [PATCH] NetWare platform
Hi all, but when using the CodeWarrior assembler then there's still one file broken: mwasmnlm -maxerrors 20 -o crypto/rc4/asm/r4-nw.o crypto/rc4/asm/r4-nw.asm ### mwasmnlm Assembler: #File: crypto\rc4\asm\r4-nw.asm # - # 112: lea esi,BYTE PTR [1+esi] # Error: # Invalid operand size ### mwasmnlm Driver Error: # The tool did not produce any output while compiling the file # 'crypto\rc4\asm\r4-nw.asm' Errors caused tool to abort. ok, I think I found the place were to fix this: --- rc4-586.pl.orig Thu Apr 26 22:00:56 2007 +++ rc4-586.plMon Nov 26 21:56:37 2007 @@ -143,7 +143,7 @@ movz ($ty,BP(0,$dat,$ty)); add(LB($xx),1); xor(LB($ty),BP(0,$inp)); - lea($inp,BP(1,$inp)); + lea($inp,DWP(1,$inp)); movz ($tx,BP(0,$dat,$xx)); cmp($inp,wparam(1)); mov(BP(-1,$out,$inp),LB($ty)); can someone with ASM insight please comment on the correctness of this patch? While the above patch seems to work -- at least all tests pass with that, I've still another problem with CodeWarrior Assembler in the ripemd asm code; with the tests it crashes while executing the command: openssl2 verify -CAfile \openssl\test_out\cert.tmp /openssl/certs/RegTP-5R.pem When I compile with nasm all works fine here are the asm files which get generated from the perlasm stuff: asm code for NASM (working): http://www.gknw.net/test/openssl/0.9.8-stable/nasm/rm-nw.asm object code disassembled with ndisasm: http://www.gknw.net/test/openssl/0.9.8-stable/nasm/rm-nw.dis asm code for Metrowerks Assembler (abending): http://www.gknw.net/test/openssl/0.9.8-stable/mwasm/rm-nw.asm object code disassembled with ndisasm: http://www.gknw.net/test/openssl/0.9.8-stable/mwasm/rm-nw.dis server abend log: http://www.gknw.net/test/openssl/0.9.8-stable/ABEND.LOG dump from binary: http://www.gknw.net/test/openssl/0.9.8-stable/openssl2.txt any hints greatly appreciated!! thanks, Guenter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
[PATCH] util/mk1mf.pl install target
Hi, when trying to use the install target of a mk1mf generated Makefile foudn that this breaks because there's a copy line which uses Unix syntax, and I would like to ask two questions: 1) since mk1mf.pl is meant for Win32 usage only, why is there Unix shell syntax used? 2) the line in question should only copy headers to the include folder, why are C files specified too? I would like to propose this patch: --- util/mk1mf.pl.orig Wed Nov 28 00:45:40 2007 +++ util/mk1mf.pl Thu Nov 29 04:05:50 2007 @@ -523,7 +523,7 @@ \$(MKDIR) \$(INSTALLTOP)${o}include \$(MKDIR) \$(INSTALLTOP)${o}include${o}openssl \$(MKDIR) \$(INSTALLTOP)${o}lib - \$(CP) \$(INCO_D)${o}*.\[ch\] \$(INSTALLTOP)${o}include${o}openssl + \$(CP) \$(INCO_D)${o}*.h \$(INSTALLTOP)${o}include${o}openssl \$(CP) \$(BIN_D)$o\$(E_EXE)$exep \$(INSTALLTOP)${o}bin \$(CP) apps${o}openssl.cnf \$(INSTALLTOP) $extra_install thanks, Guenter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [PATCH] NetWare platform
Hi Peter, Comment out the align directive. All that's doing is making sure the code is aligned with the machine cache boundaries for performance. Unfortunately the COFF object format used on Netware doesn't support that or at least that's what the assembler says. It should still run fine without that, just maybe a bit slower. thanks very much! That solved the COFF issue; and I was now able to create a patch which solves this so far; also I found while being on the asm stuff that the Metrowerks Assembler build is also already broken for 0.9.8; this patch below tries to fix both the Metrowerks and NASM issue... - well, almost: --- x86nasm.pl.orig Wed Jul 25 14:01:40 2007 +++ x86nasm.pl Mon Nov 26 18:59:45 2007 @@ -92,6 +92,8 @@ { my $tmp=___; %ifdef __omf__ sectioncodeuse32 class=code align=64 +%elifdef __coff__ +section.text code %else section.text code align=64 %endif @@ -102,9 +104,11 @@ sub ::function_begin_B { my $func=$under.shift; + my $global=(($::mwerks)?.:).global; + my $align=(($::mwerks)?.:).align; my $tmp=___; -global $func -align 16 +$global$func +$align 16 $func: ___ push(@out,$tmp); @@ -213,7 +217,7 @@ sub ::public_label { $label{$_[0]}=${under}${_[0]} if (!defined($label{$_[0]})); -push(@out,global\t$label{$_[0]}\n); +push(@out,(($::mwerks)?.:).global\t$label{$_[0]}\n); } sub ::label @@ -235,7 +239,7 @@ { push(@out,(($::mwerks)?.long\t:dd\t).join(',',@_).\n); } sub ::align -{ push(@out,.) if ($::mwerks); push(@out,align\t$_[0]\n);} +{ push(@out,(($::mwerks)?.:).align\t$_[0]\n); } sub ::picmeup { my($dst,$sym)[EMAIL PROTECTED]; with that I'm now able to produce NASM ELF obj for gcc and COFF obj for CodeWarrior compiler; but when using the CodeWarrior assembler then there's still one file broken: mwasmnlm -maxerrors 20 -o crypto/rc4/asm/r4-nw.o crypto/rc4/asm/r4-nw.asm ### mwasmnlm Assembler: #File: crypto\rc4\asm\r4-nw.asm # - # 112: lea esi,BYTE PTR [1+esi] # Error: # Invalid operand size ### mwasmnlm Driver Error: # The tool did not produce any output while compiling the file # 'crypto\rc4\asm\r4-nw.asm' Errors caused tool to abort. when I replace the BYTE with DWORD it works, but the crazy thing is that in the same file there's few lines up exactly the same line with DWORD: @L002loop1: add bl,cl mov edx,DWORD PTR [ebx*4+edi] mov DWORD PTR [ebx*4+edi],ecx mov DWORD PTR [eax*4+edi],edx add edx,ecx inc al and edx,255 mov edx,DWORD PTR [edx*4+edi] xor dl,BYTE PTR [esi] lea esi,DWORD PTR [1+esi] ; here's correct usage of DWORD mov ecx,DWORD PTR [eax*4+edi] cmp esi,DWORD PTR [24+esp] mov BYTE PTR [esi*1+ebp-1],dl jb @L002loop1 jmp @L004done .align 16 @L001RC4_CHAR: movzx ecx,BYTE PTR [eax*1+edi] @L005cloop1: add bl,cl movzx edx,BYTE PTR [ebx*1+edi] mov BYTE PTR [ebx*1+edi],cl mov BYTE PTR [eax*1+edi],dl add dl,cl movzx edx,BYTE PTR [edx*1+edi] add al,1 xor dl,BYTE PTR [esi] lea esi,BYTE PTR [1+esi]; here's the line 112 which uses BYTE with lea movzx ecx,BYTE PTR [eax*1+edi] cmp esi,DWORD PTR [24+esp] mov BYTE PTR [esi*1+ebp-1],dl jb @L005cloop1 I think that this is also a problem within x86nasm.pl, however not yet found where to fix -- somebody who has a hint for me? please let me know if the above patch is acceptable so far. thanks, Guenter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
tar warning when extracting SNAP-20071123 and later
Hi, since openssl-SNAP-20071123.tar.gz and later I get at the end of extraction: openssl-SNAP-20071126/util/x86asm.sh tar: A lone zero block at 36520 is this 'normal'? This doesnt happen with openssl-SNAP-20071122.tar.gz though... thanks, Guenter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [PATCH] NetWare platform
Hi all, but when using the CodeWarrior assembler then there's still one file broken: mwasmnlm -maxerrors 20 -o crypto/rc4/asm/r4-nw.o crypto/rc4/asm/r4-nw.asm ### mwasmnlm Assembler: #File: crypto\rc4\asm\r4-nw.asm # - # 112: lea esi,BYTE PTR [1+esi] # Error: # Invalid operand size ### mwasmnlm Driver Error: # The tool did not produce any output while compiling the file # 'crypto\rc4\asm\r4-nw.asm' Errors caused tool to abort. ok, I think I found the place were to fix this: --- rc4-586.pl.orig Thu Apr 26 22:00:56 2007 +++ rc4-586.pl Mon Nov 26 21:56:37 2007 @@ -143,7 +143,7 @@ movz ($ty,BP(0,$dat,$ty)); add(LB($xx),1); xor(LB($ty),BP(0,$inp)); - lea($inp,BP(1,$inp)); + lea($inp,DWP(1,$inp)); movz ($tx,BP(0,$dat,$xx)); cmp($inp,wparam(1)); mov(BP(-1,$out,$inp),LB($ty)); can someone with ASM insight please comment on the correctness of this patch? thanks, Guenter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [PATCH] NetWare platform - next trial
Hi, Comment out the align directive. All that's doing is making sure the code is aligned with the machine cache boundaries for performance. Unfortunately the COFF object format used on Netware doesn't support that or at least that's what the assembler says. It should still run fine without that, just maybe a bit slower. ok, just tested with SNAP-20071126, and few of my old issues are already fixed now; so here's what remains: --- openssl-SNAP-20071126.orig/crypto/perlasm/x86nasm.pl2007-11-24 18:00:16.0 +0100 +++ openssl-SNAP-20071126/crypto/perlasm/x86nasm.pl 2007-11-26 23:09:17.0 +0100 @@ -94,6 +94,8 @@ { my $tmp=___; %ifdef __omf__ sectioncodeuse32 class=code align=64 +%elifdef __coff__ +section.text code %else section.text code align=64 %endif diff -ur openssl-SNAP-20071126.orig/crypto/rc4/asm/rc4-586.pl openssl-SNAP-20071126/crypto/rc4/asm/rc4-586.pl --- openssl-SNAP-20071126.orig/crypto/rc4/asm/rc4-586.pl2007-04-26 23:00:56.0 +0200 +++ openssl-SNAP-20071126/crypto/rc4/asm/rc4-586.pl 2007-11-26 23:09:17.0 +0100 @@ -143,7 +143,7 @@ movz ($ty,BP(0,$dat,$ty)); add(LB($xx),1); xor(LB($ty),BP(0,$inp)); - lea($inp,BP(1,$inp)); + lea($inp,DWP(1,$inp)); movz ($tx,BP(0,$dat,$xx)); cmp($inp,wparam(1)); mov(BP(-1,$out,$inp),LB($ty)); but now I get a new issue: mwasmnlm -maxerrors 20 -o crypto\des\asm\d-nw.o .\crypto\des\asm\d-nw.asm ### mwasmnlm Assembler: #File: crypto\des\asm\d-nw.asm # #1147: call @L_DES_encrypt2_begin # Error: ^ # Unknown identifier, @L_DES_encrypt2_begin ### mwasmnlm Assembler: #1151: call @L_DES_encrypt2_begin # Error: ^ # Unknown identifier, @L_DES_encrypt2_begin ### mwasmnlm Assembler: #1155: call @L_DES_encrypt2_begin # Error: ^ # Unknown identifier, @L_DES_encrypt2_begin ### mwasmnlm Assembler: #1266: call @L_DES_encrypt2_begin # Error: ^ # Unknown identifier, @L_DES_encrypt2_begin ### mwasmnlm Assembler: #1270: call @L_DES_encrypt2_begin # Error: ^ # Unknown identifier, @L_DES_encrypt2_begin ### mwasmnlm Assembler: #1274: call @L_DES_encrypt2_begin # Error: ^ # Unknown identifier, @L_DES_encrypt2_begin ### mwasmnlm Assembler: #1366: call @L_DES_encrypt1_begin # Error: ^ # Unknown identifier, @L_DES_encrypt1_begin ### mwasmnlm Assembler: #1410: call @L_DES_encrypt1_begin # Error: ^ # Unknown identifier, @L_DES_encrypt1_begin ### mwasmnlm Assembler: #1426: call @L_DES_encrypt1_begin # Error: ^ # Unknown identifier, @L_DES_encrypt1_begin ### mwasmnlm Assembler: #1451: call @L_DES_encrypt1_begin # Error: ^ # Unknown identifier, @L_DES_encrypt1_begin ### mwasmnlm Assembler: #1548: call @L_DES_encrypt3_begin # Error: ^ # Unknown identifier, @L_DES_encrypt3_begin ### mwasmnlm Assembler: #1592: call @L_DES_encrypt3_begin # Error: ^ # Unknown identifier, @L_DES_encrypt3_begin ### mwasmnlm Assembler: #1608: call @L_DES_decrypt3_begin # Error: ^ # Unknown identifier, @L_DES_decrypt3_begin ### mwasmnlm Assembler: #1633: call @L_DES_decrypt3_begin # Error: ^ # Unknown identifier, @L_DES_decrypt3_begin ### mwasmnlm Driver Error: # The tool did not produce any output while compiling the file # 'crypto\des\asm\d-nw.asm' Errors caused tool to abort. make: *** [crypto\des\asm\d-nw.o] Error 1 with SNAP-20071122 all files were previously compilable with my fix. thanks, Guenter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [PATCH] NetWare platform - next trial
@L_RC5_32_encrypt_begin # Error: ^^^ # Unknown identifier, @L_RC5_32_encrypt_begin ### mwasmnlm Assembler: # 466: call @L_RC5_32_encrypt_begin # Error: ^^^ # Unknown identifier, @L_RC5_32_encrypt_begin ### mwasmnlm Assembler: # 482: call @L_RC5_32_decrypt_begin # Error: ^^^ # Unknown identifier, @L_RC5_32_decrypt_begin ### mwasmnlm Assembler: # 507: call @L_RC5_32_decrypt_begin # Error: ^^^ # Unknown identifier, @L_RC5_32_decrypt_begin ### mwasmnlm Driver Error: # The tool did not produce any output while compiling the file # 'crypto\rc5\asm\r5-nw.asm' Errors caused tool to abort. make: *** [crypto/rc5/asm/r5-nw.o] Error 1 with SNAP-20071122 + my fix all files were previously compilable with Metrowerks Assembler. thanks, Guenter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [PATCH] NetWare platform
Hi Steve, Can you please send this to the request tracker so it doesn't get mislaid? See http://www.openssl.org/support/rt.html did that about 2 hours ago, but it doesnt show up yet on the tracker overview. It would be great if you could include a patch for 0.9.9-dev too. Do I assume right that at ftp://ftp.openssl.org/snapshot/ those archives with naming openssl-SNAP-2007mmdd.tar.gz are the 0.9.9-dev? thanks, Guenter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [PATCH] NetWare platform
Hi, eflash See http://www.openssl.org/support/rt.html eflash did that about 2 hours ago, but it doesnt show up yet on the tracker overview. The moderator needs to wake up ;-). Ahh yes - I assumed a machine behind, hehe... eflash It would be great if you could include a patch for 0.9.9-dev too. eflash Do I assume right that at ftp://ftp.openssl.org/snapshot/ eflash those archives with naming openssl-SNAP-2007mmdd.tar.gz are the 0.9.9-dev? Yes. ok, I made so far good progress with that, and could finally create a patch there too; but I've a problem with one ASM file; here's the error with nasm: nasmw -s -f coff -o crypto\md5\asm\m5-nw.o .\crypto\md5\asm\m5-nw.asm .\crypto\md5\asm\m5-nw.asm:4: error: standard COFF does not support section alignment specification make: *** [crypto\md5\asm\m5-nw.o] Error 1 and here's the error with same file when used Metrowerks CodeWarrior Assembler: mwasmnlm -maxerrors 20 -o crypto\md5\asm\m5-nw.o .\crypto\md5\asm\m5-nw.asm ### mwasmnlm Assembler: #File: crypto\md5\asm\m5-nw.asm # - # 2: global md5_block_asm_data_order # Error: ^^ # Undefined macro or opcode: global ### mwasmnlm Assembler: # 3: align 16 # Error: ^ # Undefined macro or opcode: align ### mwasmnlm Driver Error: # The tool did not produce any output while compiling the file 'crypto\md5\asm\m5-nw.asm' Errors caused tool to abort. make: *** [crypto\md5\asm\m5-nw.o] Error 1 however when I build with gcc then I use ELF format, and dont have this problem. since I'm not an ASM wizzard I would need some help with that issue... thanks in advance! Guenter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]