[openssl.org #1654] OpenSSL Build errors in Windows XP Professional

2008-03-14 Thread Rich O'Brien via RT 
We need the following required files for DataWire development.
 
/libeay32.dll
/ssleay32.dll
/libssl32.dll
 
We installed,
ActivePerl
 
We have VisualStudio 2005 Professional
 
We ran
> ms\do_ms
 
  _  

C:\Dev\DataWire\openssl-0.9.8g>ms\do_ms
 
C:\Dev\DataWire\openssl-0.9.8g>perl util\mkfiles.pl  1>MINFO
 
C:\Dev\DataWire\openssl-0.9.8g>perl util\mk1mf.pl no-asm VC-WIN32
1>ms\nt.mak
 
C:\Dev\DataWire\openssl-0.9.8g>perl util\mk1mf.pl dll no-asm VC-WIN32
1>ms\ntdll.mak
 
C:\Dev\DataWire\openssl-0.9.8g>perl util\mk1mf.pl no-asm VC-CE  1>ms\ce.mak
%OSVERSION% is not defined at util/pl/VC-32.pl line 41.
Compilation failed in require at util\mk1mf.pl line 138.
 
C:\Dev\DataWire\openssl-0.9.8g>perl util\mk1mf.pl dll no-asm VC-CE
1>ms\cedll.mak
%OSVERSION% is not defined at util/pl/VC-32.pl line 41.
Compilation failed in require at util\mk1mf.pl line 138.
 
C:\Dev\DataWire\openssl-0.9.8g>perl util\mkdef.pl 32 libeay
1>ms\libeay32.def
 
C:\Dev\DataWire\openssl-0.9.8g>perl util\mkdef.pl 32 ssleay
1>ms\ssleay32.def

  _  

 
But we get a fatal error on our nmake call below,
 
  _  

C:\Dev\DataWire\openssl-0.9.8g>nmake -f ms\ntdll.mak
 
Microsoft (R) Program Maintenance Utility Version 8.00.50727.762
Copyright (C) Microsoft Corporation.  All rights reserved.
 
Building OpenSSL
perl util/copy.pl .\crypto\buildinf.h tmp32dll\buildinf.h
Copying: ./crypto/buildinf.h to tmp32dll/buildinf.h
cl /Fotmp32dll\uplink.obj -Iinc32 -Itmp32dll /MD /Ox /O2 /Ob2 /W3
/WX /G
s0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN
-DDS
O_WIN32 -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
-DOPENSSL_SYSNAME
_WINNT -DUNICODE -D_UNICODE -DOPENSSL_USE_APPLINK -I. /Fdout32dll
-DOPENSSL_NO_C
AMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2
-DOPENSSL_NO_TLSEXT
 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -D_WINDLL  -c ms\uplink.c
uplink.c
ms\uplink.c(11) : fatal error C1083: Cannot open include file: 'windows.h':
No s
uch file or directory
NMAKE : fatal error U1077: '"C:\Program Files\Microsoft Visual Studio
8\VC\BIN\c
l.EXE"' : return code '0x2'
Stop.
  _  

 
We have a windows.h resource file, but it is dated from 1998 from our
VisualStudio 2003 install. 
 
We tried as suggested in support  "7. Why does the OpenSSL compilation fail
on Win32 with VC?" but same result.
 
  _  

C:\Dev\DataWire\openssl-0.9.8g>VSVARS32.BAT
Setting environment for using Microsoft Visual Studio 2005 x86 tools.
 
C:\Dev\DataWire\openssl-0.9.8g>nmake -f ms\ntdll.mak
 
Microsoft (R) Program Maintenance Utility Version 8.00.50727.762
Copyright (C) Microsoft Corporation.  All rights reserved.
 
Building OpenSSL
cl /Fotmp32dll\uplink.obj -Iinc32 -Itmp32dll /MD /Ox /O2 /Ob2 /W3
/WX /G
s0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN
-DDS
O_WIN32 -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
-DOPENSSL_SYSNAME
_WINNT -DUNICODE -D_UNICODE -DOPENSSL_USE_APPLINK -I. /Fdout32dll
-DOPENSSL_NO_C
AMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2
-DOPENSSL_NO_TLSEXT
 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -D_WINDLL  -c ms\uplink.c
uplink.c
ms\uplink.c(11) : fatal error C1083: Cannot open include file: 'windows.h':
No s
uch file or directory
NMAKE : fatal error U1077: '"C:\Program Files\Microsoft Visual Studio
8\VC\BIN\c
l.EXE"' : return code '0x2'
Stop.

  _  

 
Any suggestions?
 
Thanks in advance.
 
Rich O'Brien

970 W Valley Parkway, #456
Escondido, CA 92025
[EMAIL PROTECTED]
(760) 291-0081 Main
(760) 807-1590 Cell/Mobile
(760) 291-0070 FAX 
  _  

*** The information in this message may be proprietary and/or confidential,
and protected from disclosure. If the reader of this message is not the
intended recipient, or an employee or agent responsible for delivering this
message to the intended recipient, you are hereby notified that any
dissemination, distribution or copying of this communication is strictly
prohibited. If you have received this communication in error, please notify
1stTransaction Corporation immediately by replying to this message and
deleting it from your computer. ***
 




We need the 
following required files for DataWire development.
 
/libeay32.dll/ssleay32.dll/libssl32.dll
 
We 
installed,
ActivePerl
 
We have VisualStudio 
2005 Professional
 
We 
ran
> 
ms\do_ms
 



C:\Dev\DataWire\openssl-0.9.8g>ms\do_ms
 
C:\Dev\DataWire\openssl-0.9.8g>perl 
util\mkfiles.pl  1>MINFO
 
C:\Dev\DataWire\openssl-0.9.8g>perl 
util\mk1mf.pl no-asm VC-WIN32  1>ms\nt.mak
 
C:\Dev\DataWire\openssl-0.9.8g>perl 
util\mk1mf.pl dll no-asm VC-WIN32  1>ms\ntdll.mak
 
C:\Dev\DataWire\openssl-0.9.8g>perl 
util\mk1mf.pl no-asm VC-CE  1>ms\ce.mak%OSVERSION% is not defined at 
util/pl/VC-32.pl line 41.Compilation failed in require at util\mk1mf.pl line 
138.
 
C:\Dev\DataWire\openssl-0.9.8g>perl 
util\mk1mf.pl dll no-asm VC-CE  1>ms\cedll.mak%OSVERSION% is not 
defined at util/pl/VC-32.pl line 41.Compilation failed in require at 
util\mk1

RE: [openssl.org #1649] openssl-fips-test-1.2.0 bug

2008-03-14 Thread 电磁波 


Hi OpenSSL Developers,

Thank you for your advise.

I tried to use the latest source via 
ftp://ftp.openssl.org/snapshot/openssl-0.9.8-fips-test-SNAP-20080312.tar.gz and 
followed the instructions to build fips openssl.

Below is what I get:
[EMAIL PROTECTED] pwd
/home/boqian/fips/openssl-0.9.8-fips-test-SNAP-20080312/apps
[EMAIL PROTECTED] ldd openssl
libssl.so.0.9.8 =>  
/home/boqian/fips/openssl-0.9.8-fips-test-SNAP-20080312/libssl.so.0.9.8
libcrypto.so.0.9.8 =>   
/home/boqian/fips/openssl-0.9.8-fips-test-SNAP-20080312/libcrypto.so.0.9.8
libdl.so.1 =>   /usr/lib/hpux32/libdl.so.1
libc.so.1 =>/usr/lib/hpux32/libc.so.1
libcrypto.so.0.9.8 =>   
/home/boqian/fips/openssl-0.9.8-fips-test-SNAP-20080312/libcrypto.so.0.9.8
libdl.so.1 =>   /usr/lib/hpux32/libdl.so.1
[EMAIL PROTECTED] ./openssl version
OpenSSL 0.9.8h-fips-dev xx XXX 
[EMAIL PROTECTED] ./openssl ecparam -out eckey_secp112r1.pem -name secp112r1 
-genkey
[EMAIL PROTECTED] ./openssl ec -in eckey_secp112r1.pem -des3 -out 
key_out_secp112r1.pem -passout pass:pass
read EC key
unable to load Key
3859:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong 
tag:tasn_dec.c:1294:
3859:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 
error:tasn_dec.c:830:
3859:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 
error:tasn_dec.c:748:Field=n, Type=RSA
3859:error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib:d2i_pr.c:99:
3859:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 
lib:pem_pkey.c:125:
[EMAIL PROTECTED] cat eckey_secp112r1.pem
-BEGIN EC PARAMETERS-
BgUrgQQABg==
-END EC PARAMETERS-
-BEGIN RSA PRIVATE KEY-
MD4CAQEEDr3zMZRjZsucD7xiGhqioAcGBSuBBAAGoSADHgAEK/bKhjxrqyPcKi3D
1H6BkcdBkiCx43oLyRyY9g==
-END RSA PRIVATE KEY-

It seems this bug has not been fixed.
In fact, after I try to modify crypto/pem/pem_all.c, the problem disappears.
Original:
int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
   unsigned char *kstr, int klen,
   pem_password_cb *cb, void *u)
{
if (FIPS_mode())
return PEM_write_PKCS8PrivateKey(fp, x, enc,
(char *)kstr, klen, cb, u);
else
return PEM_ASN1_write((i2d_of_void *)i2d_PrivateKey,
(((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),
fp,(char *)x,enc,kstr,klen,cb,u);
}

Modification:
int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
   unsigned char *kstr, int klen,
   pem_password_cb *cb, void *u)
{
if (FIPS_mode())
return PEM_write_PKCS8PrivateKey(fp, x, enc,
(char *)kstr, klen, cb, u);
else
return PEM_ASN1_write((i2d_of_void *)i2d_PrivateKey,
(((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:((x)->type == 
EVP_PKEY_EC)?PEM_STRING_ECPRIVATEKEY:PEM_STRING_RSA),
fp,(char *)x,enc,kstr,klen,cb,u);
}

Hope it is helpful. 
Thank you!



> Subject: [openssl.org #1649] openssl-fips-test-1.2.0 bug
> From: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> CC: openssl-dev@openssl.org
> Date: Sat, 8 Mar 2008 13:27:16 +0100
>
>> [EMAIL PROTECTED] - Fri Mar 07 09:30:15 2008]:
>>
>>
>> 2)
>> [EMAIL PROTECTED] pwd
>> /home/boqian/fips/openssl-fips-0.9.8f-dev
>> [EMAIL PROTECTED] ./Configure hpux-cc fipscanisterbuild
>>
>
> You should do:
>
> ./config fipscanisterbuild
>
>>
>> It shows the eckey_secp112r1.pem file's format may be wrong.
>> Is there any workaround? Could you investigate this problem?
>> Thank you and looking forward to your reply!
>>
>
> The 1.2 module has been submitted for validation and the code is now
> frozen. We can't modify that at this stage.
>
> However you can use the 1.2 test tarball to generate the FIPS module and
> then use a later version of OpenSSL 0.9.8-fips to produce the libraries.
> I suggest you see if your problem applies to that version too. If so
> we'll fix it.
>
> See the documentation for details about how to link 0.9.8-fips against
> the test FIPS module.
>
> Note that the EC implementation is not part of the FIPS modules so will
> not be an approved algorithm in FIPS mode.
>
> Well nothing has been validated yet as testing isn't complete...

_
手机也能上 MSN 聊天了,快来试试吧!
http://mobile.msn.com.cn/
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated Lis