FW: RE: Problems using OpenSSL shared object on solaris 2.6
I will provide a broken example of the source to anyone who wants it. The example code has no real function it is just used to illustrate the problem. Contact me at [EMAIL PROTECTED] --ian > I have tried using static libraries and it works fine. But to distribute > the utility with > EXPORT functions I need to make it a shared object so a third party vendor > (shopping > cart) can use the utilities in their application software. > I plan to make the "interface" public but I have to remove the underlying > message protocol > code. I work for a payment services company and I am not allowed to > release that > information. > Sorry I am not "replying" in between the lines. I am using this mail list > through > http://marc.theaimsgroup.com/?l=openssl-users > and I can't seem to reply using it...only read. If you have a better > discussion site please > let me know. > > --ian > > >What if you build it into a static lib? Just wondering. Are you planning > to make your interface code public domain? > -- > > Sorry for the "double" I forgot to attach the working/broken example > > > OS : solaris 2.6 > openSSL : 0.9.5a and 0.9.6 > gcc 2.95.2 > ld (gnu binutils 2.10 and solaris native ld ) > > I am trying to use OpenSSL libraries to create a combined cryptographic > shared object > utility. A shared object is built using custom interface software calling > OpenSSL > functions for use in third party applications needing crytographic > capabilities. > The shared object exports only the custom interface to comply with US > crytographic > export regulations. > > Custom object files and the OpenSSL object files are linked to produce a > shared > object file which can be dynamically called by a third party application. > On solaris 2.6 : > OpenSSL 0.9.5a/0.9.6 compile and test correctly. > The combined shared object is correctly compiled and produces no compile > time errors when > linked into an executable application. The application will then not run > and solaris 2.6 states > "pfpro: Exec format error. Binary file is not executable." > A subsequent 'file' command states the executable is a valid ELF 32-bit > MSB executable. > > I have compiled the EXACT same code and makefile on solaris 2.7 and linux > Red Hat 6.x > and it works correctly. ONLY solaris 2.6 with the shared object linking > fails to produce > a valid binary. Linking the 'pfpro' binary with the static version of the > combined > library (custom interface + OpenSSL) produces a working executable on > solaris 2.6. > > I have tried various things to determine the problem. > > 1) I have used gcc and gnu linker. no dice > > 2) gcc and solaris linker. no dice > > 3) compiled the combined shared object and moved it to solaris 2.7 to link > with executable >and it works. So it seems the shared object is getting produced > correctly on sol 2.6 >its the linking with the executable that fails. > > 4) I have compiled the shared object and the binary on sol. 2.7 and moved > them >to a sol 2.6 box and everything works. > > 5) compiled the code on a solaris 2.5.1 box and everything works. > > 6) I have compiled OpenSSL 9.5a/9.6 on solaris 2.7 and moved them to link > in on solaris >2.6 and it fails to produce a valid executable. > > 7) finally I have produced the combined shared object with RSA 1.0 SSLC. > The executable > works correctly. Only the OpenSSL on solaris 2.6 fails. > > ALL results point to the inability of solaris 2.6 to link in the combined > OpenSSL and > custom interface shared object to produce a working binary executable. > solaris 2.6 will run an executable created on sol 2.7 but it will not > properly produce > the executable itself. > > so.any help would be greatly appreciated. I can use the RSA 1.0 > libraries, but I am > a huge proponent of open source and I would prefer to use OpenSSL. > > I hope I have fully explained the problem and my efforts. I have included > a "working" > version of this problem "ready" to compile. > > If you need any further clarification please contact me at > [EMAIL PROTECTED] > > Thank you in advance for your time and efforts. > > Sincerly, > Ian Cain > __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: SunOS 5.6 probs?
about random numbers.
I use sun 5.6 and there are ports of the linux /dev/urandom to sun 5.6
OR you can also use... cpu info to get a fairly random number.
This method will allow your code to port to other sun boxes without
having to install the /dev/urandom
prusage_t prusage;
prstatus_t prstatus;
prpsinfo_t prpsinfo;
int _fd;
// Processor status
ioctl(_fd, PIOCSTATUS, &prstatus);
// Processor info
ioctl(_fd, PIOCPSINFO, &prpsinfo);
char **ap = prpsinfo.pr_argv;
char **ep = prpsinfo.pr_envp;
// Processor usage
ioctl(_fd, PIOCUSAGE, &prusage);
I'm no mathmatician and if this method is subpar or if there is a better
way I'm all ears.
--ian
-Original Message-
From: Jason Scharlach [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 19, 2001 2:41 PM
To: [EMAIL PROTECTED]
Subject: Re: SunOS 5.6 probs?
Lutz
The openssl application does work just fine. I figured I would ask
here before I went and recompiled the debug on.
As for the not checking of return codes, I actually do have checks in
my code but I removed them to simplify what I was posting. Thanks for
the catch on ERR_print_errors! I've recompiled and I'm actually getting
a somewhat useful error now.
18686:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not
seeded:md_rand.c:474:You need to read the OpenSSL FAQ,
http://www.openssl.org/support/faq.html
It's a problem with random number generator. SunOS doesn't come with
any easy way of generating random number (that I know of) and this has
caused me issues in the past. I'm going to send out another post asking
about this issue. Thanks!
Jason
Lutz Jaenicke wrote:
>
> On Fri, Jan 19, 2001 at 04:05:19PM -0500, Jason Scharlach wrote:
> > Has anyone else had any issues with SunOS and openSSL?
>
> I don't have SunOS, but I also do not remember having seen reports about
> special problems with SunOS...
> Does the openssl application work? You can use "openssl s_client ..."
> to perform the connection test.
>
> > Any help/advice would be greatly appriciated!
> Compile with "-g", call your favorite debugger and check out why the
> segmentation fault occured.
>
> Let's discuss your code:
>
> > int main( void )
> > {
> > int sock;
> > struct sockaddr_in sSockAddr;
> > struct hostent *spHostEnt;
> >
> > SSL_CTX *ctx = NULL;
> > SSL_METHOD *meth = NULL;
> > SSL *ssl = NULL;
> >
> >
> > sSockAddr.sin_family = AF_INET;
> > sSockAddr.sin_port = htons( 443 );
> >
> > spHostEnt = gethostbyname( "www.csi.ca" );
>
> Here you do not check the return value. gethostbyname might return NULL
> because of a failure.
>
> > memcpy( &(sSockAddr.sin_addr.s_addr),
> > spHostEnt->h_addr_list[0],
> > spHostEnt->h_length );
> >
> > sock = socket( AF_INET, SOCK_STREAM, 0 );
> > connect( sock, (struct sockaddr *)&sSockAddr, sizeof( sSockAddr ));
>
> Here you do not check sock [socket() might fail] and you do not check the
> return value of connect() for failure.
>
> > SSLeay_add_ssl_algorithms();
> > meth = SSLv2_client_method();
> > SSL_load_error_strings();
> > ctx = SSL_CTX_new(meth);
> >
> > ssl = SSL_new( ctx );
> >
> > SSL_set_fd( ssl, sock );
> > ERR_print_errors();
>
> Of course, you did not check whether ctx and ssl have been successfully
> created. You do not check whether SSL_set_fd() was successfull.
> (I don't know whether this applies here, but at least some of the
> OpenSSL functions are "NULL proof": they simply return 0 for failure
> but do not set an error message because they suppose "nothing to be
done".)
>
> > printf( "SSL_connect: %d\n", SSL_connect( ssl ) );
> > ERR_print_errors();
>
> Aha, and here we go: ERR_print_errors() is actually called as:
> void ERR_print_errors(BIO *bp);
> with bp being the BIO to which the errors shall be reported. You do not
> specify bp, so of course ERR_print_errors() will try to put the error
message
> to an undefined location.
> Any good compiler should have warned you, that you did violate the
function
> prototype by not supplying "one argument of type BIO *".
> (Actually the other ERR_print_errors() call only did not segfault because
> nothing was to be reported.)
>
> You probably want to use ERR_print_errors_fp(stderr) (or set up the BIO
> for the error messages).
>
> Best regards,
> Lutz
> --
> Lutz Jaenicke [EMAIL PROTECTED]
> BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
> Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
> Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
__
RE: problems resolved w/o openssl shared libs.
talking to yourself is the first sign of insanity -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, February 05, 2001 1:27 PM To: [EMAIL PROTECTED] Subject: problems resolved w/o openssl shared libs. This has me stumped. Do libraries cache or something? I went through this at least 10 times and used a bash script to do it all - same session even - and suddenly it is runnning. I was damn careful to try to reporoduce EXACTLY what I did before. Perhaps there is somthing in the make install that doesn't work properly in all cases but I can not see anything. Clearly there does seem to be a repeatable problem with the installation of the shared libs. But this is totally unrelated to what I was running in to. The problem from the apache side is that gen_test_char found in src/main would not run and it complained about a missing library. The one thing I did differently is go into /usr/local and remove both ssl and apache before this latest rebuild. Perhaps there was something in the old ssl directory that triggered this but I doubt it and I can't see anything that should not be there. Anyway, if anyone has encountered anything like this I'd like to know. I'll be rebuilding on a regular basis I think and if I see anything I'll try to reproduce and track it down. If anyone else has any ideas please advise. Thanks __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Compiling problems on Windows NT
To Whom Ever Cares, I just finished compiling openssl 0.9.6 on win2k server and NT 4.0 server No problems. Used ml.exe assembler and Visual Studio 6.0 Heres what I did: 1a) downloaded openssl-0.9.6.tar.gz. Double clicked the file and used winzip 7.0 to extract the file in the c:\openssl-0.9.6 directory 1) installed Visual Studio 6.0 with command line executables enabled. the install program will ask you during the install. There is also a way to enable it after you have installed Studio. 2) downloaded the ml.exe assembler from http://www.pbq.com.au/home/hutch/masm.htm unzip'ed and ran the install program. 3) copied c:\masm32\ml.exe to a directory in my PATH 4) downloaded and installed ActiveState perl from activestate.com 5) followed the INSTALL.W32 read me file instructions for Visual Studio. 6) opened a command prompt (start->run) type in cmd and press return. 7) typed "c:\cd openssl-0.9.6 Visual C++ -- root_path> = c:\openssl-0.9.6\ Firstly you should run Configure: root_path> perl Configure VC-WIN32 Next you need to build the Makefiles and optionally the assembly language files: - If you are using MASM then run: ( *which I am :) root_path>ms\do_masm ( I have done some internal testing and the assembly version runs *significantly faster) - If you don't want to use the assembly language files at all then run: root_path> ms\do_ms Then from the VC++ environment at a prompt do: root_path> nmake -f ms\ntdll.mak If all is well it should compile and you will have some DLLs and executables in out32dll. If you want to try the tests then do: root_path> cd out32dll root_path> ..\ms\test Everything compiled GREAT and I had no problems what so ever. --ian -Original Message- From: Mark Swarbrick [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 07, 2001 2:12 PM To: [EMAIL PROTECTED] Subject: Re: Compiling problems on Windows NT Lots of luck to you - I tried to get it to compile on NT - spent weeks on it. Couldn't get it to work and couldn't find anyone with an answer. I finally gave up and compiled it on Linux and it works perfect on that platform. Julie Ruiz wrote: > Please could someone help me with the problem when I am compiling de > OpenSSL, it is urgent > What I am doing wrong??? > Can you help me with the installation??? > > I am trying to install the OpenSSL but it > fails. > I am working on Windows NT Workstation 4.0 so I installed the Mingw32 > package. GNU make and Perl for Win32 > > I followed the intructions for the win32 platform working with the GNU C > > (Mingw32) but when I try to compile the OpenSSL it fails and apears the > following messages: > > D:\openssl-0.9.6\ms>mingw32 > D:\openssl-0.9.6\ms>perl Configure Mingw32 > Configuring for Mingw32 > IsWindows=1 > unable to read opensslv.h:No such file or directory > Generating x86 for GNU assember > Bignum > Can't locate x86asm.pl in @INC (@INC contains: D:/Perl/lib > D:/Perl/site/lib . perlasm ../../perlasm) > at x86.pl line 4. > DES > Can't open perl script "des-586.pl": No such file or directory > crypt > Can't open perl script "crypt586.pl": No such file or directory > Blowfish > Can't locate x86asm.pl in @INC (@INC contains: D:/Perl/lib > D:/Perl/site/lib . perlasm ../../perlasm) > at bf-586.pl line 4. > CAST5 > Can't locate x86asm.pl in @INC (@INC contains: D:/Perl/lib > D:/Perl/site/lib . perlasm ../../perlasm) > at cast-586.pl line 7. > RC4 > El sistema no ha encontrado la ruta de acceso especificada. > Can't open perl script "rc4-586.pl": No such file or directory > MD5 > El sistema no ha encontrado la ruta de acceso especificada. > Can't open perl script "md5-586.pl": No such file or directory > SHA1 > El sistema no ha encontrado la ruta de acceso especificada. > Can't open perl script "sha1-586.pl": No such file or directory > RIPEMD160 > El sistema no ha encontrado la ruta de acceso especificada. > Can't open perl script "rmd-586.pl": No such file or directory > RC5\32 > El sistema no ha encontrado la ruta de acceso especificada. > Can't open perl script "rc5-586.pl": No such file or directory > Generating makefile > Can't open perl script "util\mkfiles.pl": No such file or directory > El sistema no ha encontrado la ruta de acceso especificada. > El sistema no ha encontrado la ruta de acceso especificada. > Generating DLL definition files > El sistema no ha encontrado la ruta de acceso especificada. > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTE
