Re: Compile error with MinGW-w64

2012-03-29 Thread Andy Polyakov 
 I am having some trouble compiling OpenSSL 1.0.1 with MinGW-w64 under
 MSYS with the following commands:
 ./Configure mingw64 shared
 make
 
 Error output:
 perl asm/sha1-x86_64.pl mingw64  sha1-x86_64.s
 gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -D_WINDLL
 -DOPENSSL_PIC -DOPENSSL_THREADS -D_MT -DDSO_WIN32 -DL_ENDIAN -O3 -Wall
 -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE -DOPENSSL_IA32_SSE2
 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m
 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM
 -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c  -o sha1-x86_64.o sha1-x86_64.s
 sha1-x86_64.s: Assembler messages:
 sha1-x86_64.s:1824: Warning: end of file not at end of a line; newline
 inserted
 sha1-x86_64.s:2183: Error: number of operands mismatch for `rol'
 
 I've tested with MinGW-w64 4.5.2, 4.6.1 and 4.7.0 prerelease.
 
 Any ideas?

Look into generated file, at lines in question. Run 'perl
asm/sha1-x86_64.pl mingw64  sha1-x86_64.s' on another system (Windows
or not, doesn't matter) and compare outputs... I can't reproduce the
problem, so it's likely to be problem with your environment. You refer
to 4.5.2, 4.6.1, 4.7.0. These sound like gcc versions, not MinGW, while
problem is likely to be Perl or binutils...
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: [openssl.org #2775] [openssh 5.9p1-8] Segmentation fault libcrypto.so.1.0.0

2012-03-29 Thread Andy Polyakov via RT 
 Please, consider this bugreport:
 
 https://bugs.archlinux.org/task/29111

I can't reproduce the problem. Well, I didn't use archlinux binaries,
but I could replace 1.0.0 libcrypto.so with 1.0.1 libcrypto.so on rhel
and successfully run ssh... I've double-checked and can confirm that
vpaes was used in my test...

To analyze the problem one needs to identify the exact failing
instruction and registers' content, strace output(*) is not useful in
this case. Collect core file, run 'gdb /some/where/ssh core', issue
'disassemble' command and browse till you see the failing instruction,
collect 'info reg'... Provided that address ends with 0x?d the
failing instruction is likely to be 'movdqu (%edx),%xmm0' but one needs
to be sure [that binutils did proper job]. If above is indeed failing
instruction, then it's likely to be some memory corruption. The loop in
question runs 'rounds' times and in order for this instruction to crash
'rounds' is very large, not 10, 12 or 14.

(*) You flashed root password there.


__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: [openssl.org #2761] util/cygwin.sh: Fix runtime package name

2012-03-29 Thread Corinna Vinschen via RT 
Ping?


Corinna


On Mar 15 17:50, Corinna Vinschen via RT wrote:
 Hi,
 
 
 please apply the following patch to the util/cygwin.sh script to
 the 0.9.8 branch, the 1.0.1 branch, and trunk.
 
 The patch fixes the generated name for the runtime openssl package
 on Cygwin.  So far it used the version number of OpenSSL for the
 package name, but with 1.0.1 this is wrong.  Rather, the package name
 should reflect the shared library version, not the package version.
 
 
 Thanks,
 Corinna
 
 
 Index: util/cygwin.sh
 ===
 RCS file: /home/cvs/cvsroot/src/openssl/util/cygwin.sh,v
 retrieving revision 1.10
 diff -u -p -r1.10 cygwin.sh
 --- util/cygwin.sh24 Aug 2010 21:51:08 -  1.10
 +++ util/cygwin.sh15 Mar 2012 08:20:47 -
 @@ -11,6 +11,7 @@ CONFIG_OPTIONS=--prefix=/usr shared zli
  INSTALL_PREFIX=/tmp/install/INSTALL
  
  VERSION=
 +SHLIB_VERSION_NUMBER=
  SUBVERSION=$1
  
  function cleanup()
 @@ -28,6 +29,13 @@ function get_openssl_version()
  echoCheck value of variable VERSION in Makefile.
  exit 1
fi
 +  eval `grep '^SHLIB_VERSION_NUMBER=' Makefile`
 +  if [ -z ${SHLIB_VERSION_NUMBER} ]
 +  then
 +echo Error: Couldn't retrieve OpenSSL shared lib version from Makefile.
 +echoCheck value of variable SHLIB_VERSION_NUMBER in Makefile.
 +exit 1
 +  fi
  }
  
  function base_install()
 @@ -124,7 +132,7 @@ strip usr/bin/*.exe usr/bin/*.dll usr/li
  chmod u-w usr/lib/engines/*.so
  
  # Runtime package
 -tar cjf libopenssl${VERSION//[!0-9]/}-${VERSION}-${SUBVERSION}.tar.bz2 \
 +tar cjf 
 libopenssl${SHLIB_VERSION_NUMBER//[!0-9]/}-${VERSION}-${SUBVERSION}.tar.bz2 \
   usr/bin/cyg*dll
  # Base package
  find etc usr/bin/openssl.exe usr/bin/c_rehash usr/lib/engines usr/share/doc \
 @@ -139,7 +147,7 @@ tar cjfT openssl-devel-${VERSION}-${SUBV
  
  ls -l openssl-${VERSION}-${SUBVERSION}.tar.bz2
  ls -l openssl-devel-${VERSION}-${SUBVERSION}.tar.bz2
 -ls -l libopenssl${VERSION//[!0-9]/}-${VERSION}-${SUBVERSION}.tar.bz2
 +ls -l 
 libopenssl${SHLIB_VERSION_NUMBER//[!0-9]/}-${VERSION}-${SUBVERSION}.tar.bz2
  
  cleanup
  
 
 -- 
 Corinna Vinschen
 Cygwin Project Co-Leader
 Red Hat
 
 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   openssl-dev@openssl.org
 Automated List Manager   majord...@openssl.org

-- 
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat


__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: [openssl.org #2776] Use of bool as variable / argument in tasn_prn1.c

2012-03-29 Thread Andy Polyakov via RT 
 In the process of moving to a new compiler, we learned that OpenSSL
 1.0.1 crypto\asn1\tasn_prn1.c has one use of bool as a function
 argument (in asn1_print_boolean_ctx()) and one as a local variable
 (in asn1_primitive_print()).  Since bool is now seen as a defined
 type, the compiler errors out.

http://cvs.openssl.org/chngview?cn=22299


__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: openssl 1.0.1 and win32: assembler error: x86cpuid.asm

2012-03-29 Thread Andy Polyakov 
 trying to compile openssl 1.0.1 on win32 with visual studio 2010
 (SP1). I get the following error when assembling x86cpuid.asm:
 
 -
 perl crypto\x86cpuid.pl win32 /MD /Ox /O2 /Ob2 -DOPENSSL_THREADS
 -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32
 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE
 -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM
 -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
 -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5
 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_STATIC_ENGINE tmp32dll\x86cpuid.asm
 
   ml /nologo /Cp /coff /c /Cx /Zi /Fotmp32dll\x86cpuid.obj 
 tmp32dll\x86cpuid.asm

Quoting INSTALL.W32:

Note that NASM is now the only supported assembler.

This means that MS assembler support doesn't get any regular testing, do
use nasm. Though I'd appreciate if you can verify
http://cvs.openssl.org/chngview?cn=22302.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

[openssl.org #2771] [BUG] Openssl 1.0.1 times out when connecting to Outlook Exchange 2007

2012-03-29 Thread Stephen Henson via RT 
A temporary workaround for this is to apply these two patches to OpenSSL
1.0.1:

http://cvs.openssl.org/chngview?cn=22286
http://cvs.openssl.org/chngview?cn=22306

And recompile OpenSSL with -DOPENSSL_NO_TLS1_2_CLIENT (e.g. supplied as
a command line option to config or Configure). I'm working on something
better.

Steve.
-- 
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: [openssl.org #2771] [BUG] Openssl 1.0.1 times out when connecting to Outlook Exchange 2007

2012-03-29 Thread Kurt Roeckx 
On Sun, Mar 25, 2012 at 01:52:22PM +0200, Stephen Henson via RT wrote:
  [steve - Sun Mar 25 13:11:30 2012]:
  
  I've done some more tests and it seems that the size of the client hello
  message is significant: all the options that work reduce the size of
  client hello. If you use the -debug option and check out the first
  message bytes 4 and 5 it seems those servers hang if the length exceeds
  0xFF (using two bytes instead of one).
  
 
 If you use the option -servername very long string you can precisely
 control the size of the client hello. If you use that to make client
 hello long enough you get the hang with OpenSSL 1.0.0h and earlier as well.

So I'm getting more and more reports of sites that have a problem
since 1.0.1.  They basicly fall in 2 categories:
- They don't tolerate versions higher than TLS 1.0
- They don't like big packets.

Of the 2nd case I have at least found people complain about those
sites:
- www.facebook.com
- www.paypal.com
- sourceforge.net


Kurt

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org