Re: Compile error with MinGW-w64
I am having some trouble compiling OpenSSL 1.0.1 with MinGW-w64 under MSYS with the following commands: ./Configure mingw64 shared make Error output: perl asm/sha1-x86_64.pl mingw64 sha1-x86_64.s gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -D_WINDLL -DOPENSSL_PIC -DOPENSSL_THREADS -D_MT -DDSO_WIN32 -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c -o sha1-x86_64.o sha1-x86_64.s sha1-x86_64.s: Assembler messages: sha1-x86_64.s:1824: Warning: end of file not at end of a line; newline inserted sha1-x86_64.s:2183: Error: number of operands mismatch for `rol' I've tested with MinGW-w64 4.5.2, 4.6.1 and 4.7.0 prerelease. Any ideas? Look into generated file, at lines in question. Run 'perl asm/sha1-x86_64.pl mingw64 sha1-x86_64.s' on another system (Windows or not, doesn't matter) and compare outputs... I can't reproduce the problem, so it's likely to be problem with your environment. You refer to 4.5.2, 4.6.1, 4.7.0. These sound like gcc versions, not MinGW, while problem is likely to be Perl or binutils... __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2775] [openssh 5.9p1-8] Segmentation fault libcrypto.so.1.0.0
Please, consider this bugreport: https://bugs.archlinux.org/task/29111 I can't reproduce the problem. Well, I didn't use archlinux binaries, but I could replace 1.0.0 libcrypto.so with 1.0.1 libcrypto.so on rhel and successfully run ssh... I've double-checked and can confirm that vpaes was used in my test... To analyze the problem one needs to identify the exact failing instruction and registers' content, strace output(*) is not useful in this case. Collect core file, run 'gdb /some/where/ssh core', issue 'disassemble' command and browse till you see the failing instruction, collect 'info reg'... Provided that address ends with 0x?d the failing instruction is likely to be 'movdqu (%edx),%xmm0' but one needs to be sure [that binutils did proper job]. If above is indeed failing instruction, then it's likely to be some memory corruption. The loop in question runs 'rounds' times and in order for this instruction to crash 'rounds' is very large, not 10, 12 or 14. (*) You flashed root password there. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2761] util/cygwin.sh: Fix runtime package name
Ping? Corinna On Mar 15 17:50, Corinna Vinschen via RT wrote: Hi, please apply the following patch to the util/cygwin.sh script to the 0.9.8 branch, the 1.0.1 branch, and trunk. The patch fixes the generated name for the runtime openssl package on Cygwin. So far it used the version number of OpenSSL for the package name, but with 1.0.1 this is wrong. Rather, the package name should reflect the shared library version, not the package version. Thanks, Corinna Index: util/cygwin.sh === RCS file: /home/cvs/cvsroot/src/openssl/util/cygwin.sh,v retrieving revision 1.10 diff -u -p -r1.10 cygwin.sh --- util/cygwin.sh24 Aug 2010 21:51:08 - 1.10 +++ util/cygwin.sh15 Mar 2012 08:20:47 - @@ -11,6 +11,7 @@ CONFIG_OPTIONS=--prefix=/usr shared zli INSTALL_PREFIX=/tmp/install/INSTALL VERSION= +SHLIB_VERSION_NUMBER= SUBVERSION=$1 function cleanup() @@ -28,6 +29,13 @@ function get_openssl_version() echoCheck value of variable VERSION in Makefile. exit 1 fi + eval `grep '^SHLIB_VERSION_NUMBER=' Makefile` + if [ -z ${SHLIB_VERSION_NUMBER} ] + then +echo Error: Couldn't retrieve OpenSSL shared lib version from Makefile. +echoCheck value of variable SHLIB_VERSION_NUMBER in Makefile. +exit 1 + fi } function base_install() @@ -124,7 +132,7 @@ strip usr/bin/*.exe usr/bin/*.dll usr/li chmod u-w usr/lib/engines/*.so # Runtime package -tar cjf libopenssl${VERSION//[!0-9]/}-${VERSION}-${SUBVERSION}.tar.bz2 \ +tar cjf libopenssl${SHLIB_VERSION_NUMBER//[!0-9]/}-${VERSION}-${SUBVERSION}.tar.bz2 \ usr/bin/cyg*dll # Base package find etc usr/bin/openssl.exe usr/bin/c_rehash usr/lib/engines usr/share/doc \ @@ -139,7 +147,7 @@ tar cjfT openssl-devel-${VERSION}-${SUBV ls -l openssl-${VERSION}-${SUBVERSION}.tar.bz2 ls -l openssl-devel-${VERSION}-${SUBVERSION}.tar.bz2 -ls -l libopenssl${VERSION//[!0-9]/}-${VERSION}-${SUBVERSION}.tar.bz2 +ls -l libopenssl${SHLIB_VERSION_NUMBER//[!0-9]/}-${VERSION}-${SUBVERSION}.tar.bz2 cleanup -- Corinna Vinschen Cygwin Project Co-Leader Red Hat __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org -- Corinna Vinschen Cygwin Project Co-Leader Red Hat __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2776] Use of bool as variable / argument in tasn_prn1.c
In the process of moving to a new compiler, we learned that OpenSSL 1.0.1 crypto\asn1\tasn_prn1.c has one use of bool as a function argument (in asn1_print_boolean_ctx()) and one as a local variable (in asn1_primitive_print()). Since bool is now seen as a defined type, the compiler errors out. http://cvs.openssl.org/chngview?cn=22299 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: openssl 1.0.1 and win32: assembler error: x86cpuid.asm
trying to compile openssl 1.0.1 on win32 with visual studio 2010 (SP1). I get the following error when assembling x86cpuid.asm: - perl crypto\x86cpuid.pl win32 /MD /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_STATIC_ENGINE tmp32dll\x86cpuid.asm ml /nologo /Cp /coff /c /Cx /Zi /Fotmp32dll\x86cpuid.obj tmp32dll\x86cpuid.asm Quoting INSTALL.W32: Note that NASM is now the only supported assembler. This means that MS assembler support doesn't get any regular testing, do use nasm. Though I'd appreciate if you can verify http://cvs.openssl.org/chngview?cn=22302. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2771] [BUG] Openssl 1.0.1 times out when connecting to Outlook Exchange 2007
A temporary workaround for this is to apply these two patches to OpenSSL 1.0.1: http://cvs.openssl.org/chngview?cn=22286 http://cvs.openssl.org/chngview?cn=22306 And recompile OpenSSL with -DOPENSSL_NO_TLS1_2_CLIENT (e.g. supplied as a command line option to config or Configure). I'm working on something better. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2771] [BUG] Openssl 1.0.1 times out when connecting to Outlook Exchange 2007
On Sun, Mar 25, 2012 at 01:52:22PM +0200, Stephen Henson via RT wrote: [steve - Sun Mar 25 13:11:30 2012]: I've done some more tests and it seems that the size of the client hello message is significant: all the options that work reduce the size of client hello. If you use the -debug option and check out the first message bytes 4 and 5 it seems those servers hang if the length exceeds 0xFF (using two bytes instead of one). If you use the option -servername very long string you can precisely control the size of the client hello. If you use that to make client hello long enough you get the hang with OpenSSL 1.0.0h and earlier as well. So I'm getting more and more reports of sites that have a problem since 1.0.1. They basicly fall in 2 categories: - They don't tolerate versions higher than TLS 1.0 - They don't like big packets. Of the 2nd case I have at least found people complain about those sites: - www.facebook.com - www.paypal.com - sourceforge.net Kurt __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org