[PATCH] ASN1_TIME_to_generalizedtime()

[Frederik Vermeulen]

The ASN1_TIME_to_generalizedtime() function in openssl 0.9.7 
generates a \0-terminated string instead of Z-terminated.

Problem becomes apparent when making an openssl
ocsp server and client communicate. The client
gives a OCSP_R_ERROR_IN_THISUPDATE_FIELD error.
 

Frederik


diff -ur openssl-0.9.7-orig/crypto/asn1/a_time.c openssl-0.9.7/crypto/asn1/a_time.c
--- openssl-0.9.7-orig/crypto/asn1/a_time.c Tue Nov 12 13:21:22 2002
+++ openssl-0.9.7/crypto/asn1/a_time.c  Tue Dec 31 15:13:48 2002
@@ -149,10 +149,10 @@
return NULL;
str = (char *)ret->data;
/* Work out the century and prepend */
if (t->data[0] >= '5') strcpy(str, "19");
else strcpy(str, "20");
 
-   BUF_strlcat(str, (char *)t->data, t->length+2);
+   strncpy(str+2, (char *)t->data, t->length);
 
return ret;
}
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

0.9.7 compilation problem with Borland C++ 5.5 and NASM 0.98.35

[Frédéric L. W. Meunier]

Windows XP Professional SP1 with all updates.

I used:

perl Configure BC-32 no-idea no-mdc2 no-rc5
ms\do_nasm.bat
make -f ms\bcb.mak

The error:

bcc32 -otmp32\x_all.obj -Iinc32 -Itmp32 -DWIN32_LEAN_AND_MEAN -q
-w-aus -w-par -w-inl -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32
-DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -O2 -ff -fp -DBN_ASM
-DMD5_ASM -DSHA1_ASM -DRMD160_ASM -DOPENSSL_NO_IDEA
-DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_KRB5  -c
.\crypto\x509\x_all.c
.\crypto\x509\x_all.c:
Error E2450 .\crypto\x509\x_all.c 72: Undefined structure 'ASN1_ITEM_st'
in function X509_verify
Error E2450 .\crypto\x509\x_all.c 72: Undefined structure 'ASN1_ITEM_st'
in function X509_verify
*** 2 errors in Compile ***

** error 1 ** deleting tmp32\x_all.obj

--
0@pervalidus.{net, dyndns.org}

-- 
http://fastmail.fm - Same, same, but different...
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #427] OpenSSL 0.9.7 FreeBSD/SPARC problems

[Kris Kennaway via RT]

On Wed, Jan 01, 2003 at 04:25:38AM +0100, Richard Levitte via RT wrote:
> 
> [[EMAIL PROTECTED] - Tue Dec 31 13:23:43 2002]:
> 
> > This patch appears to fix it (I stole the OpenBSD-sparc64 config
> > target).  OpenSSL builds and passes 'make test'.
> 
> Looks not too bad.  I'm a little worried with the following assumption, however.  
>Can you be sure that it doesn't hit any 32-bit platform?

FreeBSD does not support Sparc32 and probably never will.

Kris
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Certificate Request Error

[Lutz Jaenicke]

On Tue, Dec 31, 2002 at 08:00:52PM -0600, Kenneth R. Robinette wrote:
> I am getting an error with OpenSSL 0.9.7 when trying to generate a certificate.  It 
> appears that the uniqueIdentifier is no longer valid.  Is this correct?

>From the FAQ:
-snip--snip--snip--snip--snip--snip--snip--snip--snip--snip--snip--snip--snip-

* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?

For OpenSSL 0.9.7 the OID table was extended and corrected. In earlier
versions, uniqueIdentifier was incorrectly used for X.509 certificates.
The correct name according to RFC2256 (LDAP) is x500UniqueIdentifier.
Change your code to use the new name when compiling against OpenSSL 0.9.7.

-snip--snip--snip--snip--snip--snip--snip--snip--snip--snip--snip--snip--snip-

> uniqueIdentifier:unknown object type in 'policy' configuration 

The same change should be the reason for your problem.

Best regards,
Lutz
-- 
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #423] openssl-0.9.7-stable-SNAP-20021229: ldd problems

[Jeff A. Earickson via RT]

"man crle" on a Sun box. It is:

crle - configure runtime linking environment

which determines the search path for dynamic libs.  I had forgotten
that I had added /opt/openssl/lib to this path.  When I was testing
0.9.7 in various forms, I installed it in /opt/openssl-0.9.7, but
forgot to add the path via crle.  So I couldn't get dynamic loading
to work and was going nuts...

---
Jeff A. Earickson, Ph.D
Senior UNIX Sysadmin and Email Guru
Information Technology Services
Colby College, 4214 Mayflower Hill,
Waterville ME, 04901-8842
phone: 207-872-3659 (fax = 3076)
---

On Wed, 1 Jan 2003, Richard Levitte via RT wrote:

> Date: Wed,  1 Jan 2003 03:51:31 +0100 (MET)
> From: Richard Levitte via RT <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: [openssl.org #423] openssl-0.9.7-stable-SNAP-20021229: ldd
> problems
>
>
> [[EMAIL PROTECTED] - Tue Dec 31 21:28:06 2002]:
>
> > Arrgh  nevermind.  I figured out that if I do a "crle" and add the
> > directory of the library, then my problems go away.  Maybe "make
> > install"
> > could suggest this step...
>
> Out of curiosity, what's a "crle"?
>
> --
> Richard Levitte
>

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #427] OpenSSL 0.9.7 FreeBSD/SPARC problems

[Andy Polyakov via RT]

> > > This patch appears to fix it (I stole the OpenBSD-sparc64 config
> > > target).  OpenSSL builds and passes 'make test'.
> >
> > Looks not too bad.  I'm a little worried with the following assumption, however.  
>Can you be sure that it doesn't hit any 32-bit platform?
> 
> FreeBSD does not support Sparc32 and probably never will.

"Probably never" is not exactly reassuring:-) I mean I see no reason why
we should feel discouraged to recognize that it's sparc64. What does
uname -m return on your machine? But most of all I wonder do we really
have to have separate lines for NetBSD, FreeBSD and OpenBSD? Why can't
we unify those lines to asteriskBSD-platform? In which case sparc64
recognition becomes a must as other flavors do support non-UltraSPARCs.

Here is another question. Is v9 the only supported ABI on *BSD-sparc64
platforms? In other words is it possible to run 32-bit SPARC apps on
64-bit SPARC platform? Is it possible to generate 32-bit apps on 64-bit
platform?

A.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #427] OpenSSL 0.9.7 FreeBSD/SPARC problems

[Kris Kennaway via RT]

On Wed, Jan 01, 2003 at 02:13:55PM +0100, Andy Polyakov via RT wrote:
> 
> > > > This patch appears to fix it (I stole the OpenBSD-sparc64 config
> > > > target).  OpenSSL builds and passes 'make test'.
> > >
> > > Looks not too bad.  I'm a little worried with the following assumption, however. 
> Can you be sure that it doesn't hit any 32-bit platform?
> > 
> > FreeBSD does not support Sparc32 and probably never will.
> 
> "Probably never" is not exactly reassuring:-) I mean I see no reason why
> we should feel discouraged to recognize that it's sparc64. What does
> uname -m return on your machine? But most of all I wonder do we really
> have to have separate lines for NetBSD, FreeBSD and OpenBSD? Why can't
> we unify those lines to asteriskBSD-platform? In which case sparc64
> recognition becomes a must as other flavors do support non-UltraSPARCs.

Well, the information is currently obtained via a sysctl, which
returns (on sparc)

enigma# sysctl hw.model
hw.model: Sun Microsystems UltraSparc-II

By comparison, here's what it does on an i386 box:

> sysctl hw.model
hw.model: Pentium III/Pentium III Xeon/Celeron

This sysctl (and its output format) is a FreeBSD-ism.

> Here is another question. Is v9 the only supported ABI on *BSD-sparc64
> platforms? In other words is it possible to run 32-bit SPARC apps on
> 64-bit SPARC platform? Is it possible to generate 32-bit apps on 64-bit
> platform?

As far as I know, the answers are yes, no and no.

Kris 
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #427] OpenSSL 0.9.7 FreeBSD/SPARC problems

[Richard Levitte - VMS Whacker]

In message <[EMAIL PROTECTED]> on Wed,  1 Jan 2003 14:13:55 
+0100 (MET), "Andy Polyakov via RT" <[EMAIL PROTECTED]> said:

rt> uname -m return on your machine? But most of all I wonder do we really
rt> have to have separate lines for NetBSD, FreeBSD and OpenBSD? Why can't
rt> we unify those lines to asteriskBSD-platform? In which case sparc64
rt> recognition becomes a must as other flavors do support non-UltraSPARCs.

I'd be happy to unify them if you can guarantee they will never differ
in any way that's important to us...

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #427] OpenSSL 0.9.7 FreeBSD/SPARC problems

[Richard Levitte - VMS Whacker via RT]

In message <[EMAIL PROTECTED]> on Wed,  1 Jan 2003 14:13:55 
+0100 (MET), "Andy Polyakov via RT" <[EMAIL PROTECTED]> said:

rt> uname -m return on your machine? But most of all I wonder do we really
rt> have to have separate lines for NetBSD, FreeBSD and OpenBSD? Why can't
rt> we unify those lines to asteriskBSD-platform? In which case sparc64
rt> recognition becomes a must as other flavors do support non-UltraSPARCs.

I'd be happy to unify them if you can guarantee they will never differ
in any way that's important to us...

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #423] openssl-0.9.7-stable-SNAP-20021229: lddproblems

[Richard Levitte - VMS Whacker]

In message <[EMAIL PROTECTED]> on Wed,  1 Jan 2003 13:36:23 +0100 
(MET), "Jeff A. Earickson via RT" <[EMAIL PROTECTED]> said:

rt> "man crle" on a Sun box. It is:

Not on the machine I currently have access to :-):

$ man crle 
No manual entry for crle.

rt> crle - configure runtime linking environment
rt> 
rt> which determines the search path for dynamic libs.  I had forgotten
rt> that I had added /opt/openssl/lib to this path.  When I was testing
rt> 0.9.7 in various forms, I installed it in /opt/openssl-0.9.7, but
rt> forgot to add the path via crle.  So I couldn't get dynamic loading
rt> to work and was going nuts...

Can you recommend some piece of text that should be output?

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #423] openssl-0.9.7-stable-SNAP-20021229: ldd problems

[Richard Levitte - VMS Whacker via RT]

In message <[EMAIL PROTECTED]> on Wed,  1 Jan 2003 13:36:23 +0100 
(MET), "Jeff A. Earickson via RT" <[EMAIL PROTECTED]> said:

rt> "man crle" on a Sun box. It is:

Not on the machine I currently have access to :-):

$ man crle 
No manual entry for crle.

rt> crle - configure runtime linking environment
rt> 
rt> which determines the search path for dynamic libs.  I had forgotten
rt> that I had added /opt/openssl/lib to this path.  When I was testing
rt> 0.9.7 in various forms, I installed it in /opt/openssl-0.9.7, but
rt> forgot to add the path via crle.  So I couldn't get dynamic loading
rt> to work and was going nuts...

Can you recommend some piece of text that should be output?

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #427] OpenSSL 0.9.7 FreeBSD/SPARC problems

[Andy Polyakov]

> > I mean I see no reason why
> > we should feel discouraged to recognize that it's sparc64. What does
> > uname -m return on your machine? But most of all I wonder do we really
> > have to have separate lines for NetBSD, FreeBSD and OpenBSD? Why can't
> > we unify those lines to asteriskBSD-platform? In which case sparc64
> > recognition becomes a must as other flavors do support non-UltraSPARCs.
> 
> Well, the information is currently obtained via a sysctl, which
> returns (on sparc)
> 
> enigma# sysctl hw.model
> hw.model: Sun Microsystems UltraSparc-II

Does it mean that 'uname -m' doesn't work? Never did? Never will? Going
to seize any time soon? But even if sysctl is the only option, we still
can map *UltraSparc* to sparc64 and I think we should favor it as it's
denoting ABI and is therefore less confusing.

As for asteriskBSD. Can you test if './Configure OpenBSD-sparc64' works
on your FreeBSD machine?

A.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #428] Patch for unused files

[Gisle Vanem]

"Richard Levitte via RT" <[EMAIL PROTECTED]> said:
> 
> Which OpenSSL version are you refering to?

The latest SNAP-shot.



__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

wrong read() prototype

[Gisle Vanem]

In latest 0.9.8 snapshot, some test-files include a protype for read(). 
Unfortunately this protype doesn't match the one in djgpp's . 

Can we not removed this prototype?
The required system headers are included already I think.
Here is a patch to make it compile for djgpp:

---
--- ./crypto/md4/md4.c.org  Wed Nov 13 16:00:50 2002
+++ ./crypto/md4/md4.c  Tue Dec 31 18:45:54 2002
@@ -64,7 +64,7 @@

 void do_fp(FILE *f);
 void pt(unsigned char *md);
-#ifndef _OSD_POSIX
+#if !defined(_OSD_POSIX) && !defined(__DJGPP__)
 int read(int, void *, unsigned int);
 #endif

--- ./crypto/md5/md5.c.org  Fri Jun  4 22:00:22 1999
+++ ./crypto/md5/md5.c  Tue Dec 31 18:49:44 2002
@@ -64,7 +64,7 @@

 void do_fp(FILE *f);
 void pt(unsigned char *md);
-#ifndef _OSD_POSIX
+#if !defined(_OSD_POSIX) && !defined(__DJGPP__)
 int read(int, void *, unsigned int);
 #endif

--- ./crypto/ripemd/rmd160.c.orgFri Jun  4 22:00:28 1999
+++ ./crypto/ripemd/rmd160.cTue Dec 31 18:51:50 2002
@@ -64,7 +64,7 @@

 void do_fp(FILE *f);
 void pt(unsigned char *md);
-#ifndef _OSD_POSIX
+#if !defined(_OSD_POSIX) && !defined(__DJGPP__)
 int read(int, void *, unsigned int);
 #endif
---

Gisle V.


__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #427] OpenSSL 0.9.7 FreeBSD/SPARC problems

[Kris Kennaway]

On Wed, Jan 01, 2003 at 03:00:09PM +0100, Andy Polyakov wrote:
> > > I mean I see no reason why
> > > we should feel discouraged to recognize that it's sparc64. What does
> > > uname -m return on your machine? But most of all I wonder do we really
> > > have to have separate lines for NetBSD, FreeBSD and OpenBSD? Why can't
> > > we unify those lines to asteriskBSD-platform? In which case sparc64
> > > recognition becomes a must as other flavors do support non-UltraSPARCs.
> > 
> > Well, the information is currently obtained via a sysctl, which
> > returns (on sparc)
> > 
> > enigma# sysctl hw.model
> > hw.model: Sun Microsystems UltraSparc-II
> 
> Does it mean that 'uname -m' doesn't work? Never did? Never will? Going
> to seize any time soon? But even if sysctl is the only option, we still
> can map *UltraSparc* to sparc64 and I think we should favor it as it's
> denoting ABI and is therefore less confusing.

uname -m returns "sparc64".  I assume that the use of the hw.model
sysctl is so different x86 CPUs can be distinguished for purposes of
asm support (they all return "i386" from uname -m).

> As for asteriskBSD. Can you test if './Configure OpenBSD-sparc64' works
> on your FreeBSD machine?

It does at this point in time (I copied the OpenBSD-sparc64 target to
FreeBSD-sparc64), but of course there are no guarantees they will not
diverge at some point.

Kris




msg14715/pgp0.pgp
Description: PGP signature

Re: [openssl.org #427] OpenSSL 0.9.7 FreeBSD/SPARC problems

[Andy Polyakov]

> rt> uname -m return on your machine? But most of all I wonder do we really
> rt> have to have separate lines for NetBSD, FreeBSD and OpenBSD? Why can't
> rt> we unify those lines to asteriskBSD-platform? In which case sparc64
> rt> recognition becomes a must as other flavors do support non-UltraSPARCs.
> 
> I'd be happy to unify them if you can guarantee they will never differ
> in any way that's important to us...

"You" who? Me? I just wondered if it was possible as it does seem
unnecessary to *me* from first sight. I know too little about those BSDs
to guarantee anything. At least at this point... Well, even if I knew
everything I probably wouldn't be able to quarantee anything anyway:-)
What one can do is to introduce asteriskBSD-platform lines and challenge
NetBSD, FreeBSD and OpenBSD developers to verify that './Configure
asteriskBSD-`uname -m`' works and feels comfortable for them. A.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #428] Patch for unused files

[Richard Levitte - VMS Whacker]

In message <009101c2b19e$766254a0$[EMAIL PROTECTED]> on Wed, 1 Jan 2003 15:02:44 
+0100, "Gisle Vanem" <[EMAIL PROTECTED]> said:

giva> "Richard Levitte via RT" <[EMAIL PROTECTED]> said:
giva> > 
giva> > Which OpenSSL version are you refering to?
giva> 
giva> The latest SNAP-shot.

Please name it.  The reason that I ask you is that the changes you
propose are already present in 0.9.7 and 0.9.8-dev.

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #428] Patch for unused files

[Richard Levitte - VMS Whacker]

In message <[EMAIL PROTECTED]> on Wed, 01 Jan 2003 
15:19:23 +0100 (CET), Richard Levitte - VMS Whacker <[EMAIL PROTECTED]> said:

levitte> In message <009101c2b19e$766254a0$[EMAIL PROTECTED]> on Wed, 1 Jan 2003 
15:02:44 +0100, "Gisle Vanem" <[EMAIL PROTECTED]> said:
levitte> 
levitte> giva> "Richard Levitte via RT" <[EMAIL PROTECTED]> said:
levitte> giva> > 
levitte> giva> > Which OpenSSL version are you refering to?
levitte> giva> 
levitte> giva> The latest SNAP-shot.
levitte> 
levitte> Please name it.  The reason that I ask you is that the changes you
levitte> propose are already present in 0.9.7 and 0.9.8-dev.

Or is your patch a reverse patch?

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #430] segementation fault with openssl 0.9.7

[Patrik Karlsson via RT]

Hi,

I have trouble running the following command with openssl version 0.9.7
openssl ca -policy policy_anything -out newcert.pem \
-passin pass:whatever -key whatever -extensions xpserver_ext \
-extfile xpextensions -infiles newreq.pem

It works fine with the 0.9.7-beta3 release but all later releases seem to
segfault. The segfault occures in the CONF_modules_unload when sk_num is
called the results returned differ. In beta3 the result returned is 0x2
whilst in the 0.9.7 release the eax register contains the following value
0x4212dfd8.

If this is a known problem, sorry for taking up your time.

Regards,
Patrik Karlsson

-- 
Patrik Karlsson, [EMAIL PROTECTED]
http://www.cqure.net

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #428] Patch for unused files

[Gisle Vanem]

"Richard Levitte - VMS Whacker" <[EMAIL PROTECTED]> said:

> levitte> Please name it.  The reason that I ask you is that the changes you
> levitte> propose are already present in 0.9.7 and 0.9.8-dev.
> 
> Or is your patch a reverse patch?

No, not a reverse patch. The snapshot I diff'ed against was 
openssl-SNAP-20021229.tar.gz. Is there another snapshot
branch? 

Gisle V.


__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #425] Build error on Windows NT4?

[Andy Polyakov via RT]

> > cl ... -c .\crypto\asn1\n_pkey.c
> > .\crypto\asn1\n_pkey.c(96) : error C2370: 'NETSCAPE_ENCRYPTED_PKEY_it' :
> > redefinition; different storage class
> > .\crypto\asn1\n_pkey.c(93) : see declaration of
> > 'NETSCAPE_ENCRYPTED_PKEY_it'
> 
> Strange, I checked VC++ 6.0 SP3 and had no problems. What version of
> VC++ are you using?

First of all I want to make it clear that I do *not* have environment
for VC-WIN32 build. All I say here is based on experinence not related
to OpenSSL.

How does one tell VC++SP level? I couldn't find a way. It's probably
more appropriate to ask for version number returned by cl. Mine says
12.00.8804...

In either case I believe it's OPENSSL_EXTERN which is "responsible" for
this. On Windows OPENSLL_EXTERN is[?]/can be defined as "extern
_declspec(dllimport)" and the problem must be that n_pkey.c refers to
same variable as both local and OPENSSL_EXTERN. The catch is that
_decspec(dllimport) is [and has to be] treated differently. Most notably
"_declspec(dllimport) int i; int foo(){return i;}" effectively compiles
as "int *_i; int foo() {return *_i;}." As you can see generated machine
code has to be substantially different from one generated for plain "int
i; int foo(){return i;}" and this is what the compiler must be
complaining about. At the very least if I try to compile "int
i;_declspec(dllimport) int i;" I get the very same error code, C2370.

A.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #427] OpenSSL 0.9.7 FreeBSD/SPARC problems

[Andy Polyakov]

> > > I'd be happy to unify them if you can guarantee they will never differ
> > > in any way that's important to us...
> > 
> > "You" who? Me? I just wondered if it was possible as it does seem
> > unnecessary to *me* from first sight.

The sentence is confusing... First "it" above means "unified config
lines for *BSD" and second "it" means "separate config lines for
FreeBSD, NetBSD and OpenBSD."

> > What one can do is to introduce asteriskBSD-platform lines and challenge
> > NetBSD, FreeBSD and OpenBSD developers to verify that './Configure
> > asteriskBSD-`uname -m`' works and feels comfortable for them. A.
> 
> You mean have them cooperate?  That is an interesting concept :-).

Oh! I see! Sorry for asking:-) OK, my final statement is then whatever
we do, I'd *prefer* to see sparc64 as it is less confusing. A.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #425] Build error on Windows NT4?

[Jeffrey Altman]

Andy Polyakov via RT wrote:

  

  cl ... -c .\crypto\asn1\n_pkey.c
.\crypto\asn1\n_pkey.c(96) : error C2370: 'NETSCAPE_ENCRYPTED_PKEY_it' :
redefinition; different storage class
.\crypto\asn1\n_pkey.c(93) : see declaration of
'NETSCAPE_ENCRYPTED_PKEY_it'
  

Strange, I checked VC++ 6.0 SP3 and had no problems. What version of
VC++ are you using?

  
  
First of all I want to make it clear that I do *not* have environment
for VC-WIN32 build. All I say here is based on experinence not related
to OpenSSL.

How does one tell VC++SP level? I couldn't find a way. It's probably
more appropriate to ask for version number returned by cl. Mine says
12.00.8804...

In either case I believe it's OPENSSL_EXTERN which is "responsible" for
this. On Windows OPENSLL_EXTERN is[?]/can be defined as "extern
_declspec(dllimport)" and the problem must be that n_pkey.c refers to
same variable as both local and OPENSSL_EXTERN. The catch is that
_decspec(dllimport) is [and has to be] treated differently. Most notably
"_declspec(dllimport) int i; int foo(){return i;}" effectively compiles
as "int *_i; int foo() {return *_i;}." As you can see generated machine
code has to be substantially different from one generated for plain "int
i; int foo(){return i;}" and this is what the compiler must be
complaining about. At the very least if I try to compile "int
i;_declspec(dllimport) int i;" I get the very same error code, C2370.

A.
  

I've built 0.9.7 with VC 6.0 SP3 as well as VC 7.0 without incident.
 I'm wondering if there are any Environment Variables defined that
might be altering the build environment.

Also, it would be useful to know which makefile is being used.

Re: [openssl.org #428] Patch for unused files

[Richard Levitte - VMS Whacker]

In message <015701c2b1a4$1dcef310$[EMAIL PROTECTED]> on Wed, 1 Jan 2003 15:43:14 
+0100, "Gisle Vanem" <[EMAIL PROTECTED]> said:

giva> "Richard Levitte - VMS Whacker" <[EMAIL PROTECTED]> said:
giva> 
giva> > levitte> Please name it.  The reason that I ask you is that the changes you
giva> > levitte> propose are already present in 0.9.7 and 0.9.8-dev.
giva> > 
giva> > Or is your patch a reverse patch?
giva> 
giva> No, not a reverse patch. The snapshot I diff'ed against was 
giva> openssl-SNAP-20021229.tar.gz. Is there another snapshot
giva> branch? 

OK, this is very odd.  Can you check against the two attached
archives?  In those files, it looks like the result of your proposed
patch.

The two archives are from the main trunk (openssl-0.9.8-dev.tar) and
the 0.9.7 branch (openssl-0.9.7a-dev.tar).

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.



openssl-0.9.8-dev.tar
Description: Binary data


openssl-0.9.7a-dev.tar
Description: Binary data

Re: [openssl.org #428] Patch for unused files

[Gisle Vanem]

"Richard Levitte - VMS Whacker" <[EMAIL PROTECTED]> said:

> OK, this is very odd.  Can you check against the two attached
> archives?  In those files, it looks like the result of your proposed
> patch.

No, the files in you attachment are wrong. It's quite simple; 
'DSA_generate_parameters()' should have 7 parameters (not 6 as now). 
Look at the protype in  and implementation in
crypto/dsa/dsa_depr.c

Similarily for 'X509V3_EXT_print_fp()' should have 4 args (not 3).
Since one of us is confused, here is the patch again.

-
--- ./crypto/dsa/dsagen.c.orig
+++ ./crypto/dsa/dsagen.c
@@ -103,7 +103,7 @@
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);

memcpy(seed_buf,seed,20);
+   dsa=DSA_generate_parameters(1024,seed,20,&counter,&h,cb,bio_err);
-   dsa=DSA_generate_parameters(1024,seed,20,&counter,&h,cb);

if (dsa == NULL)
DSA_print(bio_err,dsa,0);

--- ./crypto/x509v3/v3conf.c.orig
+++ ./crypto/x509v3/v3conf.c
@@ -118,7 +118,7 @@
printf("%s", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
if(ext->critical) printf(",critical:\n");
else printf(":\n");
+   X509V3_EXT_print_fp(stdout, ext, 0, 0);
-   X509V3_EXT_print_fp(stdout, ext, 0);
printf("\n");

}
-

Gisle V.



__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #428] Patch for unused files

[Richard Levitte - VMS Whacker]

In message <02f301c2b1ea$4da5a480$[EMAIL PROTECTED]> on Thu, 2 Jan 2003 00:05:39 
+0100, "Gisle Vanem" <[EMAIL PROTECTED]> said:

giva> "Richard Levitte - VMS Whacker" <[EMAIL PROTECTED]> said:
giva> 
giva> > OK, this is very odd.  Can you check against the two attached
giva> > archives?  In those files, it looks like the result of your proposed
giva> > patch.
giva> 
giva> No, the files in you attachment are wrong. It's quite simple; 
giva> 'DSA_generate_parameters()' should have 7 parameters (not 6 as now). 
giva> Look at the protype in  and implementation in
giva> crypto/dsa/dsa_depr.c

*looks again*

Gngnn  OK, I see what I missed...  It's quite unusual to have
the + lines before the corresponding - lines...  I'm used to the other
way around, and completely missed checking the sign more closely...

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #428] Patch for unused files

[Richard Levitte via RT]

Patch applied.

This ticket is now resolved.

[[EMAIL PROTECTED] - Tue Dec 31 16:42:29 2002]:

> The files.
>   ./crypto/dsa/dsagen.c
>   ./crypto/x509v3/v3conf.c
> 
> seems no longer used (reference from makefiles). But some functions
> have
> wrong number of arguments. The files should IMHO be removed or
> corrected.
> 
> Here is a patch:
> -
> --- ./crypto/dsa/dsagen.c.orig
> +++ ./crypto/dsa/dsagen.c
> @@ -103,7 +103,7 @@
> bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
> 
> memcpy(seed_buf,seed,20);
> +
> dsa=DSA_generate_parameters(1024,seed,20,&counter,&h,cb,bio_err);
> -   dsa=DSA_generate_parameters(1024,seed,20,&counter,&h,cb);
> 
> if (dsa == NULL)
> DSA_print(bio_err,dsa,0);
> 
> --- ./crypto/x509v3/v3conf.c.orig
> +++ ./crypto/x509v3/v3conf.c
> @@ -118,7 +118,7 @@
> printf("%s", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
> if(ext->critical) printf(",critical:\n");
> else printf(":\n");
> +   X509V3_EXT_print_fp(stdout, ext, 0, 0);
> -   X509V3_EXT_print_fp(stdout, ext, 0);
> printf("\n");
> 
> }
> -
> 
> Gisle V.
> 
> 
> __
> OpenSSL Project http://www.openssl.org
> Development Mailing List   [EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]


-- 
Richard Levitte
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #427] OpenSSL 0.9.7 FreeBSD/SPARC problems

[Richard Levitte - VMS Whacker]

In message <[EMAIL PROTECTED]> on Wed, 1 Jan 2003 06:11:24 -0800, 
Kris Kennaway <[EMAIL PROTECTED]> said:

kris> uname -m returns "sparc64".  I assume that the use of the hw.model
kris> sysctl is so different x86 CPUs can be distinguished for purposes of
kris> asm support (they all return "i386" from uname -m).

Quick question, what does uname -m answer on an Alpha?  "alpha"?  In
that case, would the following patch do (it's similar in spirit to the
NetbBSD tests)?

Index: config
===
RCS file: /e/openssl/cvs/openssl/config,v
retrieving revision 1.95.2.16
diff -u -u -r1.95.2.16 config
--- config  6 Dec 2002 16:45:11 -   1.95.2.16
+++ config  1 Jan 2003 23:53:44 -
@@ -196,7 +196,7 @@
echo "${MACHINE}-whatever-bsdi"; exit 0
;;
 
-FreeBSD:*)
+FreeBSD:*:*:*386*)
 VERS=`echo ${RELEASE} | sed -e 's/[-(].*//'`
 MACH=`sysctl -n hw.model`
 ARCH='whatever'
@@ -205,7 +205,6 @@
*486*   ) MACH="i486" ;;
Pentium\ II*) MACH="i686" ;;
Pentium*) MACH="i586" ;;
-   Alpha*  ) MACH="alpha";;
*   ) MACH="$MACHINE" ;;
 esac
 case ${MACH} in
@@ -214,6 +213,10 @@
 echo "${MACH}-${ARCH}-freebsd${VERS}"; exit 0
 ;;
 
+FreeBSD:*)
+   echo "${MACHINE}-whatever-freebsd"; exit 0
+   ;;
+
 NetBSD:*:*:*386*)
 echo "`(/usr/sbin/sysctl -n hw.model || /sbin/sysctl -n hw.model) | sed 
's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0
;;
@@ -640,6 +643,7 @@
   *86*-*-solaris2) OUT="solaris-x86-$CC" ;;
   *-*-sunos4) OUT="sunos-$CC" ;;
   alpha*-*-freebsd*) OUT="FreeBSD-alpha" ;;
+  sparc64-*-freebsd*) OUT="FreeBSD-sparc64" ;;
   *-freebsd[3-9]*) OUT="FreeBSD-elf" ;;
   *-freebsd[1-2]*) OUT="FreeBSD" ;;
   *86*-*-netbsd) OUT="NetBSD-x86" ;;

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #425] Build error on Windows NT4?

[Stephen Henson via RT]

[[EMAIL PROTECTED] - Wed Jan  1 18:40:53 2003]:

> > > cl ... -c .\crypto\asn1\n_pkey.c
> > > .\crypto\asn1\n_pkey.c(96) : error C2370:
>'NETSCAPE_ENCRYPTED_PKEY_it' :
> > > redefinition; different storage class
> > > .\crypto\asn1\n_pkey.c(93) : see declaration of
> > > 'NETSCAPE_ENCRYPTED_PKEY_it'
> >
> > Strange, I checked VC++ 6.0 SP3 and had no problems. What version of
> > VC++ are you using?
> 
> First of all I want to make it clear that I do *not* have environment
> for VC-WIN32 build. All I say here is based on experinence not related
> to OpenSSL.
> 
> How does one tell VC++SP level? I couldn't find a way. It's probably
> more appropriate to ask for version number returned by cl. Mine says
> 12.00.8804...
> 

Well the version is in the about box of visual studio. Not sure about
the SP level, I just know I installed SP3 on this box and I'll try SP5
when I can find time to download the 100Mb or so of it...

I also have cl version 12.00.8804 BTW

> In either case I believe it's OPENSSL_EXTERN which is "responsible"
>for
> this. On Windows OPENSLL_EXTERN is[?]/can be defined as "extern
> _declspec(dllimport)" and the problem must be that n_pkey.c refers to
> same variable as both local and OPENSSL_EXTERN. The catch is that
> _decspec(dllimport) is [and has to be] treated differently. Most
>notably
> "_declspec(dllimport) int i; int foo(){return i;}" effectively
>compiles
> as "int *_i; int foo() {return *_i;}." As you can see generated
>machine
> code has to be substantially different from one generated for plain
>"int
> i; int foo(){return i;}" and this is what the compiler must be
> complaining about. At the very least if I try to compile "int
> i;_declspec(dllimport) int i;" I get the very same error code, C2370.
> 
> A.
> 

I was a little puzzled by the original report. Because it seems to be
complaining about the NETSCAPE_ENCRYPTED_PKEY_it variable whereas under
Win32 this should in fact be a function. 

Win32 should #define OPENSSL_EXPORT_VAR_AS_FUNCTION which causes a
different part of asn1t.h to be used. This should end up being written
to opensslconf.h when perl Configure VC-WIN32 is initially called.

So the original poster might want to check to see if this is the case...

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]