Re: [openssl.org #2113] 1.0.0-beta4 build with mingw-w64's 32-bit compiler fails

Hi Roumen,

> Define NOCRYPT or try to define WIN32_LEAN_AND_MEAN for mingw-w64.sf.net 
> project 32 bit version.
> I think that is good WIN32_LEAN_AND_MEAN to be defined for mingw. I 
> confirm that openssl cross-compiles well with headers from mingw.org 
> project .
>   
Thanks for your hint - it was definitely the right direction. After
couple of tries it turned out that for 32-bit compiler provided by
mingw-w64.sf.net project it will be necessary to add a new config into
./Configure script.

Here is my proposal that works fine for me:

"mingw64_32", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall
-DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE:::MINGW32:-lws2_32 -lgdi32
-lcrypt32:THIRTY_TWO_BIT RC4_CHUNK_LL DES_INT
EXPORT_VAR_AS_FN:${x86_asm}:coff:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a",

So in the end we will have the following configs:
- mingw (32-bit compiler by mingw.org)
- mingw64 (64-bit compiler by mingw-w64.sf.net)
- mingw64_32 (32-bit compiler by mingw-w64.sf.net)

I you (or the relevant maintainer) find it sane I would appreciate to
see it in the next 1.0.0beta. I am ready to volunteer for a
documentation patch saying some info about mingw64_32 target.

FYI - for a successful build you need 32-bit mingw-w64 toolchain with

RE: [PATCH] Fixup compilation for gcc-aix target

Alon Bar-Lev hit a build problem and provided the following proposed
patch:
> diff -urNp openssl-1.0.0-beta4.org/ssl/ssltest.c 
> openssl-1.0.0-beta4/ssl/ssltest.c
> --- openssl-1.0.0-beta4.org/ssl/ssltest.c	2009-01-08 
> 01:44:27.000000000 +0200
> +++ openssl-1.0.0-beta4/ssl/ssltest.c	2009-11-21 
> 09:24:46.001175088 +0200
>  <at>  <at>  -143,6 +143,9  <at>  <at> 
>  #define _BSD_SOURCE 1		/* Or gethostname won't 
> be declared properly
>  				   on Linux and GNU platforms. */
>  
> +#define _XOPEN_SOURCE 500	/* Or isascii won't be declared 
> properly on
> +				   VMS (at least with DECompHP C).  */
> +
>  #include <assert.h>
>  #include <errno.h>
>  #include <limits.h>
>  <at>  <at>  -154,8 +157,6  <at>  <at> 
>  #define USE_SOCKETS
>  #include "e_os.h"
>  
> -#define _XOPEN_SOURCE 500	/* Or isascii won't be declared 
> properly on
> -				   VMS (at least with DECompHP C).  */
>  #include <ctype.h>
>  
>  #include <openssl/bio.h>

[openssl.org #2119] Patch for dgst Man Page

Patch to /doc/apps/dgst.pod based on lessons I learned last week.

Still love the project!

Cheers
--Mike

--

-- 

Michael J Smith, CISSP-ISSEP
rybolov <at> ryzhe.ath.cx
http://www.guerilla-ciso.com/ 

[openssl.org #2120] bug report

Hello, 

operating system: win xp sp3, 32 bits
openssl version: 1_0_0_beta3

If one calls:
EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(int id, int flags,const char *pem_str, const char *info)

with pem_str and/or info equal to NULL. 

When calling:

EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth)

following tests are valid (if NOT compiled in debug mode)
if (ameth->pem_str)
if (ameth->info)

and freeing ameth->pem_str and/or ameth->info throws an exception.

NL

      

Any errors of interest?

Script started on Wed Dec  2 05:54:45 2009
doctor.nl2k.ab.ca//usr/source/openssl-1.0.0-stable-SNAP-20091202$ egrep bsdi Con 
figure
"bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486
-Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-bsdi-x86-elf",   "gcc:-DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O2 -Wall
-g::${BSDthreads}::-ldl -lm -lc:THIRY_TWO_BIT_LONG RC4_CHUNK BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
doctor.nl2k.ab.ca//usr/source/openssl-1.0.0-stable-SNAP-20091202$ make test
Error opening certificate file ../certs/*.pem
134962536:error:02001002:system library:fopen:No such file or directory:bss_file.c:355:fopen('../certs/*.pem','r')
134962536:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:357:
error 40 at 0 depth lookup:proxy certificates not allowed, please set the appropriate flag
error 40 at 0 depth lookup:proxy certificates not allowed, please set the appropriate flag
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051:
134547616:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1051:

[openssl.org #2121] [PATCH] DTLS extensions

This patch enables the servername, renegotiation and session ticket extensions for DTLS. The TLS code is
reused and my former separate implementation of the renegotiation extension removed. The other not yet
implemented extensions are disabled.

Regards,
Robin

--- ssl/d1_clnt.c	1 Dec 2009 17:41:42 -0000	1.16.2.12
+++ ssl/d1_clnt.c	2 Dec 2009 15:02:43 -0000
 <at>  <at>  -286,16 +286,44  <at>  <at> 

 		case SSL3_ST_CR_CERT_A:
 		case SSL3_ST_CR_CERT_B:
+#ifndef OPENSSL_NO_TLSEXT
+			ret=ssl3_check_finished(s);
+			if (ret <= 0) goto end;
+			if (ret == 2)
+				{
+				s->hit = 1;
+				if (s->tlsext_ticket_expected)
+					s->state=SSL3_ST_CR_SESSION_TICKET_A;
+				else
+					s->state=SSL3_ST_CR_FINISHED_A;
+				s->init_num=0;
+				break;
+				}
+#endif
 			/* Check if it is anon DH or PSK */
 			if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
 			    !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))

[openssl.org #2122] bug report

Hi, 
am I missing something or following source code shows an OpenSSL bug 
(duplication is not well performed) ? 

NL 

OpenSSL version: 1.0.0 beta 3 and 1.0.0 beta 4
OS : Win 32 xp 
//------------------------------------------------------------------------- -------------------------------------------------- 
#include "openssl\ts.h" 
#include <iostream> 
int main(int argc, char* argv[]) 
{ 
        X509_ALGOR * algo = X509_ALGOR_new(); 
        ASN1_OBJECT_free(algo->algorithm); 
        algo->algorithm = OBJ_nid2obj(EVP_MD_nid(EVP_sha1())); 
        X509_ALGOR * new_alg = X509_ALGOR_dup(algo); 
        std::cout<<algo->algorithm->sn<<"\n"; 
        if(NULL == new_alg->algorithm->sn) 
        { 
                std::cout<<"Something wrong ? \n"; 
        } 
        else 
        { 
                std::cout<<"Ok \n"; 
        } 
        return 0; 
} //------------------------------------------------------------------------- -------------------------------------------------- 

      

[openssl.org #2123] Buggy openssl header causes compilation errors

Created from downstream bug report:

https://bugzilla.redhat.com/show_bug.cgi?id=543634

Description of problem:

The openssl/asn1.h header file is buggy. For a C program this causes compiler
warnings. For a C++ program this causes compiler errors, because C++ is a
strongly typed language.

Version-Release number of selected component (if applicable):

openssl-devel-1.0.0-0.13.beta4.fc12.x86_64

How reproducible:

Always.

Steps to Reproduce:

1. Compile the attatched test program:

https://bugzilla.redhat.com/attachment.cgi?id=375537

Actual results:

2. With gcc it compiles but gives warnings:

[ellert <at> localhost ~]$ LANG=C gcc -o test test.c -lssl
test.c: In function 'main':

openssl-0.9.8a - Why does the UNIX process display [error:00000000:lib(0):func(0):reason(0)]?

proposed patch for WINCE to the latest openssl cvs

hi,
i've made this patch to compile the latest openssl cvs on WINCE. i've
succesfully compiled the these dlls on Windows Mobile 6.x :
04/12/2009  10:49         1.222.144 libeay32.dll
04/12/2009  10:49           258.560 ssleay32.dll
04/12/2009  10:49            12.288 4758cca.dll
04/12/2009  10:49            10.752 aep.dll
04/12/2009  10:49             8.704 atalla.dll
04/12/2009  10:49            13.824 cswift.dll
04/12/2009  10:49             4.096 gmp.dll
04/12/2009  10:49            15.360 chil.dll
04/12/2009  10:49             7.168 nuron.dll
04/12/2009  10:49            15.872 sureware.dll
04/12/2009  10:49            12.288 ubsec.dll
04/12/2009  10:49             4.096 padlock.dll
compiled using nmake -f /ms/cedll.mak using these patches (just a
bunch of includes and fixing outdated stuff like winsock.lib instead
of ws2.lib). I'm using the WceCompat library, of which i'm a
contributor, so my patches are only related to compiling on WINCE
using that libc extension.

regards,
valerio

===================================================================
RCS file: /v/openssl/cvs/openssl/e_os.h,v
retrieving revision 1.100
diff -u -r1.100 e_os.h
--- e_os.h	26 Aug 2009 15:15:14 -0000	1.100
+++ e_os.h	4 Dec 2009 04:58:56 -0000
 <at>  <at>  -499,7 +499,8  <at>  <at> 
 #      endif
 #      if !defined(IPPROTO_IP)
          /* winsock[2].h was included already? */
-#        include <winsock.h>
+#        include <winsock2.h>
+#				 include <ws2tcpip.h>
 #      endif
 #      ifdef getservbyname
 #        undef getservbyname
===================================================================
RCS file: /v/openssl/cvs/openssl/crypto/bio/bss_fd.c,v
retrieving revision 1.7
diff -u -r1.7 bss_fd.c
--- crypto/bio/bss_fd.c	12 Feb 2006 23:11:30 -0000	1.7
+++ crypto/bio/bss_fd.c	4 Dec 2009 05:15:31 -0000
 <at>  <at>  -64,8 +64,26  <at>  <at> 
 #if defined(OPENSSL_NO_POSIX_IO)
 /*
  * One can argue that one should implement dummy placeholder for
- * BIO_s_fd here...
+ * BIO_s_fd here... NEEDED for WINCE
  */
+	BIO *BIO_new_fd(int fd,int close_flag)
+	{
+		return NULL;
+	}
+	int BIO_fd_non_fatal_error(int err)	
+	{
+		return 0;
+	}
+	int BIO_fd_should_retry(int i)	
+	{
+		return 0;
+	}
+	
+	BIO_METHOD *BIO_s_fd(void)
+	{
+		return NULL;
+	}
+	
 #else
 /*
  * As for unconditional usage of "UPLINK" interface in this module.
===================================================================
RCS file: /v/openssl/cvs/openssl/crypto/cms/cms.h,v
retrieving revision 1.29
diff -u -r1.29 cms.h
--- crypto/cms/cms.h	26 Nov 2009 18:57:39 -0000	1.29
+++ crypto/cms/cms.h	4 Dec 2009 05:10:10 -0000
 <at>  <at>  -55,6 +55,7  <at>  <at> 
 #ifndef HEADER_CMS_H
 #define HEADER_CMS_H

+#include <e_os.h>
 #include <openssl/x509.h>

 #ifdef OPENSSL_NO_CMS
===================================================================
RCS file: /v/openssl/cvs/openssl/util/pl/VC-32.pl,v
retrieving revision 1.63
diff -u -r1.63 VC-32.pl
--- util/pl/VC-32.pl	19 Nov 2009 22:29:03 -0000	1.63
+++ util/pl/VC-32.pl	4 Dec 2009 07:20:22 -0000
 <at>  <at>  -99,7 +99,7  <at>  <at> 
     }

     $cc='$(CC)';
-    $base_cflags=' /W3 /WX /GF /Gy /nologo -DUNICODE -D_UNICODE
-DOPENSSL_SYSNAME_WINCE -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32
-DNO_CHMOD -DOPENSSL_SMALL_FOOTPRINT';
+    $base_cflags=' /W3 /GF /Gy /nologo -DUNICODE -D_UNICODE
-DOPENSSL_SYSNAME_WINCE -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32
-DNO_CHMOD -DOPENSSL_SMALL_FOOTPRINT';
     $base_cflags.=" $wcecdefs";
     $base_cflags.=' -I$(WCECOMPAT)/include'		if (defined($ENV{'WCECOMPAT'}));
     $base_cflags.=' -I$(PORTSDK_LIBPATH)/../../include'	if
(defined($ENV{'PORTSDK_LIBPATH'}));
 <at>  <at>  -143,12 +143,12  <at>  <at> 
 $efile="/out:";
 $exep='.exe';
 if ($no_sock)		{ $ex_libs=''; }
-elsif ($FLAVOR =~ /CE/)	{ $ex_libs='winsock.lib'; }
+elsif ($FLAVOR =~ /CE/)	{ $ex_libs='ws2.lib'; }
 else			{ $ex_libs='ws2_32.lib'; }

 if ($FLAVOR =~ /CE/)
 	{
-	$ex_libs.=' $(WCECOMPAT)/lib/wcecompatex.lib'	if (defined($ENV{'WCECOMPAT'}));
+	$ex_libs.=' /NODEFAULTLIB:oldnames.lib coredll.lib corelibc.lib
$(WCECOMPAT)/lib/wcecompat.lib'	if (defined($ENV{'WCECOMPAT'}));
 	$ex_libs.=' $(PORTSDK_LIBPATH)/portlib.lib'	if
(defined($ENV{'PORTSDK_LIBPATH'}));
 	$ex_libs.=' /nodefaultlib:oldnames.lib coredll.lib corelibc.lib' if
($ENV{'TARGETCPU'} eq "X86");
 	}
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev <at> openssl.org
Automated List Manager                           majordomo <at> openssl.org