[openssl-dev] [openssl.org #4217] Fixing DJGPP port of openssl master branch.
Unfortunately the DJGPP port is badly brocken in the master branch. The provided patch shall fix the issues. Both patches will fix/improve the following issues: 1) In Configure: For some reason -DTERMIO is set but DJGPP has never offered TERMIO making the build fail. I have changed this to -DTERMIOS as is used to be. 2) In crypto/bio/bss_dgram.c: The superflous macro definitions of sock_write, sock_read and sock_puts enclosed by WATT32 have been removed. 3) In crypto/bio/bss_sock.c: Here the existing macro definitions for sock_write, sock_read and sock_puts are necessary and must be kept but they must be undefined before they can be defined. This is because newer versions of Watt-32 also redefine them. 4) In crypto/conf/conf_def.c: If this port is used on MS-DOS or FreeDOS it becomes necessary to check if the underlying file system supports long file names (aka LFN) or not. If it does not then file names with a leading dot like ".rnd" or ".ca_certs" are ilicit. In function def_load_bio, the macros IS_RANDFILE and IS_CERT_DIR are used to check if the file system offers LFN support so that the file names with leading dots are licit and can be used. If the tests fail then the new function dosify_filename is called and will substitute invalid characters in the file name by valid ones before using them. This check and the call of dosify_filename is enclosed by OPENSSL_SYS_MSDOS. 5) In e_os.h: In the DJGPP section the macros IS_RANDFILE and IS_CERT_DIR are defined. Also some auxiliar macros like HAS_LFN_SUPPORT and FILE_EXISTS are defined. Because neither MS-DOS nor FreeDOS provide 'egd' sockets, the DEVRANDOM_EGD macro is undefined. This shall inhibit the compilation of code that does not work on MS-DOS/FreeDOS. 6) In INSTALL.DJGPP: Update URL of WATT-32 library. I have checked the modified version of the master branch works on linux and Cygwin. They are no issues. This is no surprise because the changes are either enclosed by the __DJGPP__ or OPENSSL_SYS_MSDOS macros. If more informaton is required please mail me. I have attached the patch as gzip'ed file too. Regards, Juan M. Guerrero 2016-01-04 Juan Manuel Guerrero* Configurations/10-main.conf: Replaced -DTERMIO by -DTERMIOS in CFLAGS. * crypto/bio/bss_dgram.c [WATT32]: Remove obsolete redefinition of function names: sock_write, sock_read and sock_puts. * crypto/bio/bss_sock.c [WATT32]: For Watt-32 2.2.11 sock_write, sock_read and sock_puts are redefined to their private names so their names must be undefined first before they can be redefined again. * crypto/conf/conf_def.c (def_load_bio) [OPENSSL_SYS_MSDOS]: Call dosify_filename to replace leading dot if file system does not support it. (dosify_filename): Replace leading dot in passed file name if file system does not support LFN. * e_os.h [__DJGPP__]: Undefine macro DEVRANDOM_EGD. Neither MS-DOS nor FreeDOS provides 'egd' sockets. New macros IS_RANDFILE and IS_CERT_DIR are defined to identify the RANDFILE entry in openssl.cnf and the cert_dir entry in ssleay.conf. New macro RFILE that is defined either to ".rnd" or "_rnd" depending on if LFN support is available or not. * INSTALL.DJGPP: Update URL of WATT-32 library. diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index a82b95d..fad57a9 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -1299,7 +1299,7 @@ "DJGPP" => { inherit_from => [ asm("x86_asm") ], cc => "gcc", -cflags => "-I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall", +cflags => "-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall", sys_id => "MSDOS", lflags => "-L/dev/env/WATT_ROOT/lib -lwatt", bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", diff --git a/INSTALL.DJGPP b/INSTALL.DJGPP index 1047ec9..23aed6a 100644 --- a/INSTALL.DJGPP +++ b/INSTALL.DJGPP @@ -18,7 +18,7 @@ files to download, see the DJGPP "ZIP PICKER" page at "http://www.delorie.com/djgpp/zip-picker.html;. You also need to have the WATT-32 networking package installed before you try to compile - OpenSSL. This can be obtained from "http://www.bgnett.no/~giva/;. + OpenSSL. This can be obtained from "http://www.watt-32.net/;. The Makefile assumes that the WATT-32 code is in the directory specified by the environment variable WATT_ROOT. If you have watt-32 in directory "watt32" under your main DJGPP directory, specify diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index 5e934ce..ca318cf 100644
Re: [openssl-dev] [openssl-users] OPenssl and dependencies such as openssh
On Mon, Jan 04, 2016 at 07:22:04PM +, Viktor Dukhovni wrote: > On Mon, Jan 04, 2016 at 09:08:31AM -0700, The Doctor wrote: > > > if ((rc = fprintf(fd ,"%08x (%s)\n", SSLeay(), > > SSLeay_version(SSLEAY_VERSION))) <0) > > > > Could there be anything that is causing openssh not to see the new openssl > > 1.1 > > The above. The SSLeay names are gone. The new way is: > >if ((rc = fprintf(fd ,"%08x (%s)\n", OpenSSL_version_num(), >OpenSSL_version(OPENSSL_VERSION))) <0) > > I think it is likely prudent at this time to restore source- > backwards-compatible behaviour, by adding to : > > #if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < 0x1010L > # include > # define SSLeay OpenSSL_version_num > # define SSLeay_version OpenSSL_version > # define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER > # define SSLEAY_VERSION OPENSSL_VERSION > # define SSLEAY_CFLAGS OPENSSL_CFLAGS > # define SSLEAY_BUILT_ON OPENSSL_BUILT_ON > # define SSLEAY_PLATFORM OPENSSL_PLATFORM > # define SSLEAY_DIR OPENSSL_DIR > #endif /* OPENSSL_API_COMPAT */ > > Users who want to make sure they are avoiding interfaces that are > deprecated with 1.1.0 can set OPENSSL_API_COMPAT to 0x1010L or > higher as appropriate. That is one way. Can we get developers to come on baord so that we can launch a new era without incident? > > -- > Viktor. > ___ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Birthdate 29 Jan 1969 Redhill, Surrey, UK ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #4217] Fixing DJGPP port of openssl master branch.
Hi Juan, and thanks. I'm looking at your fix, and have a couple of questions: In messageon Mon, 04 Jan 2016 19:42:48 +, Juan Manuel Guerrero via RT said: rt> --- a/crypto/conf/conf_def.c rt> +++ b/crypto/conf/conf_def.c rt> @@ -87,6 +87,9 @@ static int def_load_bio(CONF *conf, BIO *bp, long *eline); rt> static int def_dump(const CONF *conf, BIO *bp); rt> static int def_is_number(const CONF *conf, char c); rt> static int def_to_int(const CONF *conf, char c); rt> +#ifdef OPENSSL_SYS_MSDOS rt> +static void dosify_filename(char *filename); rt> +#endif rt> rt> static CONF_METHOD default_method = { rt> "OpenSSL default", rt> @@ -370,6 +373,10 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) rt> if (!str_copy(conf, psection, &(v->value), start)) rt> goto err; rt> rt> +#ifdef OPENSSL_SYS_MSDOS rt> +if (IS_RANDFILE(v->name) || IS_CERT_DIR(v->name)) rt> +dosify_filename(v->value); rt> +#endif Why only a specific file and directory? Don't *all* file names have to be "dosified"? rt> + rt> +#ifdef OPENSSL_SYS_MSDOS rt> +static void dosify_filename(char *filename) rt> +{ rt> + if (filename && *filename && !HAS_LFN_SUPPORT(filename)) rt> + { rt> +char *slash; rt> +int length; rt> +for (length = 0; filename[length]; length++) rt> + ; rt> +for (slash = filename + length - 1; slash > filename && *slash != '/'; slash--) rt> + ; rt> + rt> +/* Leading dot not allowed on plain DOS. */ rt> +if (slash[0] == '.') rt> + slash[0] = '_'; rt> +else if (slash[1] == '.') rt> + slash[1] = '_'; rt> + } rt> +} rt> +#endif I don't know DJGPP at all, but I'd be surprised if there isn't a strrchr(), so what would you say about this: #ifdef OPENSSL_SYS_MSDOS static void dosify_filename(char *filename) { if (filename && *filename && !HAS_LFN_SUPPORT(filename)) { char *filenamestart = strrchr(filename, '/'); if (filenamestart) filenamestart++; else filenamestart = filename; /* Leading dot not allowed on plain DOS. */ if (filenamestart[0] == '.') slash[0] = '_'; } } #endif Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] OPenssl and dependencies such as openssh
On Tue, Jan 05, 2016 at 11:21:37AM +1100, Darren Tucker wrote: > On Tue, Jan 5, 2016 at 3:08 AM, The Doctor <doc...@doctor.nl2k.ab.ca> wrote: > > This might be a croosmail, but necessary. > > > > I did us openssl-SNAP-20160104 minorss erros and installed. > > installed onto what kind of system and where? > > > I tried openssh-SNAP-20160105 and the OpenSSL libraries cannot be found > > OpenSSH's config.log will have the details about what failed. > > My guess is that you built only a dynamic libcrypto.so and installed > it somewhere that your runtime linker can't find. Exactly how to fix > that will depend on what kind of system you have (eg /etc/ld.so.conf > on Linuxes). > Both libssl and libcrypto were build. In openssl , it was discovered that an old code was being used to find the libraries. > -- > Darren Tucker (dtucker at zip.com.au) > GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 > Good judgement comes with experience. Unfortunately, the experience > usually comes from bad judgement. > ___ > openssh-unix-dev mailing list > openssh-unix-...@mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Birthdate 29 Jan 1969 Redhill, Surrey, UK ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #4217] Fixing DJGPP port of openssl master branch.
Am 04.01.2016 21:22, schrieb Richard Levitte via RT: > Hi Juan, and thanks. > > I'm looking at your fix, and have a couple of questions: > > In messageon Mon, 04 > Jan 2016 19:42:48 +, Juan Manuel Guerrero via RT said: > > rt> --- a/crypto/conf/conf_def.c > rt> +++ b/crypto/conf/conf_def.c > rt> @@ -87,6 +87,9 @@ static int def_load_bio(CONF *conf, BIO *bp, long > *eline); > rt>static int def_dump(const CONF *conf, BIO *bp); > rt>static int def_is_number(const CONF *conf, char c); > rt>static int def_to_int(const CONF *conf, char c); > rt> +#ifdef OPENSSL_SYS_MSDOS > rt> +static void dosify_filename(char *filename); > rt> +#endif > rt> > rt>static CONF_METHOD default_method = { > rt>"OpenSSL default", > rt> @@ -370,6 +373,10 @@ static int def_load_bio(CONF *conf, BIO *in, long > *line) > rt>if (!str_copy(conf, psection,&(v->value), start)) > rt>goto err; > rt> > rt> +#ifdef OPENSSL_SYS_MSDOS > rt> +if (IS_RANDFILE(v->name) || IS_CERT_DIR(v->name)) > rt> +dosify_filename(v->value); > rt> +#endif > > Why only a specific file and directory? Don't *all* file names have > to be "dosified"? > > rt> + > rt> +#ifdef OPENSSL_SYS_MSDOS > rt> +static void dosify_filename(char *filename) > rt> +{ > rt> + if (filename&& *filename&& !HAS_LFN_SUPPORT(filename)) > rt> + { > rt> +char *slash; > rt> +int length; > rt> +for (length = 0; filename[length]; length++) > rt> + ; > rt> +for (slash = filename + length - 1; slash> filename&& *slash != > '/'; slash--) > rt> + ; > rt> + > rt> +/* Leading dot not allowed on plain DOS. */ > rt> +if (slash[0] == '.') > rt> + slash[0] = '_'; > rt> +else if (slash[1] == '.') > rt> + slash[1] = '_'; > rt> + } > rt> +} > rt> +#endif > > I don't know DJGPP at all, but I'd be surprised if there isn't a > strrchr(), so what would you say about this: > > #ifdef OPENSSL_SYS_MSDOS > static void dosify_filename(char *filename) > { > if (filename&& *filename&& !HAS_LFN_SUPPORT(filename)) { > char *filenamestart = strrchr(filename, '/'); > > if (filenamestart) > filenamestart++; > else > filenamestart = filename; > > /* Leading dot not allowed on plain DOS. */ > if (filenamestart[0] == '.') > slash[0] = '_'; > } > } > #endif > > Cheers, > Richard > Hi Richard, the implementation only reflected my personnal taste but the changes proposed by you are OK with me. Please inspect the patch and tell me if there are still some other issues that should be changed. Regards, Juan M. Guerrero 2016-01-04 Juan Manuel Guerrero * Configure: Replaced -DTERMIO by -DTERMIOS in CFLAGS. * crypto/bio/bss_dgram.c [WATT32]: Remove obsolete redefinition of function names: sock_write, sock_read and sock_puts. * crypto/bio/bss_sock.c [WATT32]: For Watt-32 2.2.11 sock_write, sock_read and sock_puts are redefined to their private names so their names must be undefined first before they can be redefined again. * crypto/conf/conf_def.c (def_load_bio) [OPENSSL_SYS_MSDOS]: Call dosify_filename to replace leading dot if file system does not support it. (dosify_filename): Replace leading dot in passed file name if file system does not support LFN. * e_os.h [__DJGPP__]: Undefine macro DEVRANDOM_EGD. Neither MS-DOS nor FreeDOS provide 'egd' sockets. New macro HAS_LEADING_DOT defined to identify those file names starting with a leading dot. New macro RFILE that is defined either to ".rnd" or "_rnd" depending on if LFN support is available or not. * INSTALL.DJGPP: Update URL of WATT-32 library. diff -aprNU5 openssl-SNAP-20160101.orig/Configurations/10-main.conf openssl-SNAP-20160101/Configurations/10-main.conf --- openssl-SNAP-20160101.orig/Configurations/10-main.conf 2015-12-19 10:12:42 +0100 +++ openssl-SNAP-20160101/Configurations/10-main.conf 2016-01-01 22:46:48 +0100 @@ -1297,11 +1297,11 @@ DJGPP "DJGPP" => { inherit_from => [ asm("x86_asm") ], cc => "gcc", -cflags => "-I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall", +cflags => "-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall", sys_id => "MSDOS", lflags => "-L/dev/env/WATT_ROOT/lib -lwatt", bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", perlasm_scheme => "a.out", }, diff -aprNU5 openssl-SNAP-20160101.orig/crypto/bio/bss_dgram.c
[openssl-dev] [openssl.org #4215] Results of regression for some apps
Hello! I found the following problems running my cipher suite with openssl 1.1.0 1. Some apps try to load the default config file twice. In case when we load an engine via the config file and the engine prevents itself from loading more than once, it causes errors. The attached patch contains fixes for the 'req' and 'ts' utilities, but may be there are some more utilities with specific config files. 2. The 'smime' utility erroneously regards the '-signer' option to be the name of input file. It's wrong when the utility uses this option in -verify mode. So the attached patch makes this option to be processed as string, not as input. 3. The 'cms' and 'smime' utilities do not accept the '-inform smime' options. It may be a bug or not a bug (files in SMIME format are accepted) but it is definitely an incompatibility. Thank you! -- SY, Dmitry Belyavsky diff --git a/apps/req.c b/apps/req.c index a0da788..9235b2b 100644 --- a/apps/req.c +++ b/apps/req.c @@ -377,13 +377,14 @@ int req_main(int argc, char **argv) BIO_printf(bio_err, "Error getting passwords\n"); goto end; } - +if (template != default_config_file) +{ if (verbose) BIO_printf(bio_err, "Using configuration from %s\n", template); req_conf = app_load_config(template); if (!app_load_modules(req_conf)) goto end; - +} if (req_conf != NULL) { p = NCONF_get_string(req_conf, NULL, "oid_file"); if (p == NULL) diff --git a/apps/smime.c b/apps/smime.c index 551a8fd..a1dde89 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -115,7 +115,7 @@ OPTIONS smime_options[] = { {"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"}, {"binary", OPT_BINARY, '-', "Don't translate message to text"}, {"certfile", OPT_CERTFILE, '<', "Other certificates file"}, -{"signer", OPT_SIGNER, '<', "Signer certificate file"}, +{"signer", OPT_SIGNER, 's', "Signer certificate file"}, {"recip", OPT_RECIP, '<', "Recipient certificate file for decryption"}, {"in", OPT_IN, '<', "Input file"}, {"inform", OPT_INFORM, 'F', "Input format SMIME (default), PEM or DER"}, diff --git a/apps/ts.c b/apps/ts.c index 00b5e53..c1a3b05 100644 --- a/apps/ts.c +++ b/apps/ts.c @@ -319,10 +319,11 @@ int ts_main(int argc, char **argv) goto end; } +if (configfile != default_config_file) { conf = load_config_file(configfile); if (!app_load_modules(conf)) goto end; - +} /* Check parameter consistency and execute the appropriate function. */ switch (mode) { default: ___ openssl-bugs-mod mailing list openssl-bugs-...@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4216] ocsp 1.1.0/1.0.2 incompatibility
Hello, I found an incompatibility in behavior of the 'ocsp' utility in the 1.0.2 and 1.1.0 versions. The command line openssl ocsp -issuer cacert.pem -CAfile cacert.pem -md_gost94 -cert cert1.pem -sha1 -cert cert2.pem -reqout request.der returns an error in 1.1.0: ocsp: Digest must be before -cert or -serial ocsp: Use -help for summary. This command line worked well in 1.0.2. Thank you! -- SY, Dmitry Belyavsky ___ openssl-bugs-mod mailing list openssl-bugs-...@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] OPenssl and dependencies such as openssh
This might be a croosmail, but necessary. I did us openssl-SNAP-20160104 minorss erros and installed. I tried openssh-SNAP-20160105 and the OpenSSL libraries cannot be found In the openssh configuration file I see # Determine OpenSSL library version { $as_echo "$as_me:${as_lineno-$LINENO}: checking OpenSSL library versi on" >&5 $as_echo_n "checking OpenSSL library version... " >&6; } if test "$cross_compiling" = yes; then : { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5 $as_echo "$as_me: WARNING: cross compiling: not checking" >&2;} else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include #include #define DATA "conftest.ssllibver" int main () { FILE *fd; int rc; fd = fopen(DATA,"w"); if(fd == NULL) exit(1); if ((rc = fprintf(fd ,"%08x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0) exit(1); exit(0); ; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ssl_library_ver=`cat conftest.ssllibver` # Check version is supported. case "$ssl_library_ver" in 0090[0-7]*|009080[0-5]*) as_fn_error $? "OpenSSL >= 0.9.8f requi red (have \"$ssl_library_ver\")" "$LINENO" 5 ;; *) ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssl_l ibrary_ver" >&5 $as_echo "$ssl_library_ver" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: not fo und" >&5 $as_echo "not found" >&6; } as_fn_error $? "OpenSSL library not found." "$LINENO" 5 fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi Could there be anything that is causing openssh not to see the new openssl 1.1 and are any other dependent serverware affacted? -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Happy Christmas 2015 and Merry New Year 2016 ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev