Re: [openssl-dev] OpenSSL version 1.1.0 pre release 1 published

[Zoltan Arpadffy]

Hi,


zoli> May I ask you, if the new build will cover the long names issue (
zoli> symhacks.h ) too?

It's been pointed out to me by the vms-ports folks that it should be
possible to solve using the compiler's "#pragma names shortened"
rather than maintaining symhacks...  Then, it's just a matter of doing
the same thing manually when producing the SYMBOL_VECTOR for a
shareable image.  I'm also thinking that "#pragma names as_is" should
be norm and that we could produce upper case aliases in SYMBOL_VECTOR
(you know how that's done, right?).  Does that sound like a way
forward to you?


It is not my decision, but I don't like either of these approaches.

The code itself needs to be written that it is as much as possible portable.

It is not impossible to maintain a code base that uses up to 32 char  
long function names - without losing the readability of the code.
I agree that it requires some extra focus from the developers side -  
but coding a security software needs that (and even more) focus anyway.


Thanks,
Z

---
WebMail, polarhome.com

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 1 published

[Zoltan Arpadffy]

Hi,


zoli> > (unfortunately, "cpan install Text::Template" doesn't work because
zoli> > there's a lack of action lines in the test: target it its Makefile,
zoli> > and mms isn't too happy about that...)



That's tough, unfortunately...  I've only access to a V8.4 cluster
(Alpha and IA64), so I don't know how to help you further.  Of course,
there's the option to build perl from source, which isn't very hard at
all (I've done so a few times).


I do have access to VAX, Alpha and IA64 architectures... on range of  
7.3 to 8.3 OpenVMS versions.

Also I do have functional perl installed on them.
I am not the problem here, but ordinary developers that work on an old  
system developing for a legacy program and do not have SYSTEM rights -  
what is the common case.

The build solution should be designed to be usable by those developers too.


Well, the aim is to have a common structure to build from on all
architectures we claim to support.  You've seen for yourself how the
scripts for VMS builds were lagging behind, and quite frankly, it's
hellish to keep them up to date (I've completely dropped the ball for
1.1).  That's not something I'm willing to have us do all over again.


Absolutely agree with you. This is the way forward.

May I ask you, if the new build will cover the long names issue (  
symhacks.h ) too?


Thanks,
Z

---
WebMail, polarhome.com

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 1 published

[Zoltan Arpadffy]

Hi,


zoli> I am aware that having perl installed on a modern operating system is
zoli> not a very tough requirement - but experience shows that external
zoli> dependencies often cause problems on OpenVMS.

For perl, it's not that hard:  
http://sourceforge.net/projects/vmsperlkit/files/



(unfortunately, "cpan install Text::Template" doesn't work because
there's a lack of action lines in the test: target it its Makefile,
and mms isn't too happy about that...)



So, uhmm, nah.  Frankly, it's time (it's been time for long) for the
OpenVMS community to catch up with the rest of the world re open
source building...


Please, do not misunderstand me - I am on your side and I would be the  
most happy if that would work.


But there is a problem:
The files currently featured are kits for installing
Perl 5.22.1 on OpenVMS Alpha or Itanium v8.3 and later. (from the home  
page)... but many OpenVMS systems are not on v8.3 yet.


Here is an unofficial usage statistics for OpenSSL and Vim users

VAX - 7.1 or older  29.82 % (167)
VAX - 7.2 or newer  6.96 % (39)
Alpha - 7.2 or older5.54 % (31)
Alpha - 7.3 or newer29.64 % (166)
Itanium - 8.0 or newer  23.39 % (131)
I do not use OpenVMS3.57 % (20)
I do not know   1.07 % (6)
Total votes: 560

The most probable reason for keeping OpenVMS systems not updated is  
the HP's ECO packages availability as well the OpenVMS excellent  
backwards compatibility that allows old builds to run in new systems.


This is not good - I know. But this is a fact we need to face when we  
develop for this system.



Considering there's Alpha, IA64 and VSI is building VMS for x86_64,
and let's not forget pointer size options, the different possible
configurations is already not a small number, and will only increase.
How many variants of descrip.mms did you want?


One descript.mms file would be enough. Thank you for asking :)
MMS/MMK accepts parameters that could be used within the descript file  
making possible the different choices - if it is written on that way,  
especially that architecture and some other parameters can be  
successfully guessed within the MMS file.



zoli> > zoli> Do you need some help with coding, testing?

I'll have a branch in g...@github.com:levitte/openssl.git
I'll get back when it starts going live.


Thank you, Richard.
I am looking forward to help you.

Regards,
Z

---
WebMail, polarhome.com

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 1 published

[Zoltan Arpadffy]

Richard,


My plan for "new and shiny" is based on perl, running Configure and
have it generate a top level descrip.mms.  Requirements will be a perl
installation (minimum version 5.12) plus Text::Template.


Thank you for the information.

I am aware that having perl installed on a modern operating system is  
not a very tough requirement - but experience shows that external  
dependencies often cause problems on OpenVMS.


I would suggest to include/commit the perl scripts into the OpenSSL  
source code (for developers convenience only), but they should be ran  
and commit the OpenVMS descrip.mms build files matching the current  
code base - as a step in the OpenSSL source code release process.


Unix make files are also made in forehand. Right?

What is your opinion about this?



zoli> Do you need some help with coding, testing?

Yes please.


Please, let me know how... or should I just wait for the make files release?

Thank you.
Z

---
WebMail, polarhome.com

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 1 published

[Zoltan Arpadffy]

Thank you Richard.

What "slowly" means? Will you be able to commit the OpenVMS build  
scripts before the 1.1.0's release?


Do you need some help with coding, testing?
Should I try to repair the old build scripts?

Thanks,
Z



Quoting Richard Levitte :

The building scripts are not at all updated, it's beyond repair. I'm  
(slowly) working on a new solution that doesn't require the separate  
update hell...


Cheers
Richard

Zoltan Arpadffy  skrev: (21 december 2015 20:36:13 CET)

Hi,

I am sorry, but because of the relocation of the header files the 1.1.0
does
not build on OpenVMS.
Please, allow some time to fix the OpenVMS build scripts.

Thank you.
Regards,
Z

-Original Message-
From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of
OpenSSL
Sent: den 10 december 2015 16:02
To: OpenSSL Developer ML; OpenSSL User Support ML; OpenSSL Announce ML
Subject: [openssl-dev] OpenSSL version 1.1.0 pre release 1 published

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


  OpenSSL version 1.1.0 pre release 1 (alpha)
  ===

  OpenSSL - The Open Source toolkit for SSL/TLS
  http://www.openssl.org/

OpenSSL 1.1.0 is currently in alpha. OpenSSL 1.1.0 pre release 1 has
now
  been made available. For details of changes and known issues see the
  release notes at:

   http://www.openssl.org/news/openssl-1.1.0-notes.html

  Note: This OpenSSL pre-release has been provided for testing ONLY.
  It should NOT be used for security critical purposes.

 The alpha release is available for download via HTTP and FTP from the
following master locations (you can find the various FTP mirrors under
  http://www.openssl.org/source/mirror.html):

* http://www.openssl.org/source/
* ftp://ftp.openssl.org/source/

  The distribution file name is:

   o openssl-1.1.0-pre1.tar.gz
 Size: 4990889
 SHA1 checksum: a058b999e17e0c40988bd7b9b280c9876f62684e
 SHA256 checksum:
79da49c38464a19d1b328c2f4a3661849bd2eb3d54a37fdb6a56d9b8a18e87bd

  The checksums were calculated using the following commands:

   openssl sha1 openssl-1.1.0-pre1.tar.gz
   openssl sha256 openssl-1.1.0-pre1.tar.gz

 Please download and check this alpha release as soon as possible. Bug
reports
  should go to r...@openssl.org. Please check the release notes
  and mailing lists to avoid duplicate reports of known issues.

  Yours,

  The OpenSSL Project Team.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEcBAEBAgAGBQJWaYrRAAoJENnE0m0OYESRh5gIAJ8WrkPPV8CW2xWmtyIjAxpz
7FvvpxBWHaBgJcCrvNomh2JJupXa+enWCTsskIyH0+FtS85VeOKNvQg68xbCOvLl
I0dWxMNb8SCxuagvEje8xGEnf8by8pZdYaK8ERASlNoGVIgN8CwppiKnY8c1yRYn
Ti0dUZLyVZvT5Qm2Q3k4pOvfS/+rvFjHiuUllFzfHlp6mdk4573w5eneoTINQvRK
OC8iAnSiINQWQvuiavLVIgw7VFBD1WC2iKWuSA3+31YuM8CUpvbbnJHh2QUfGkIw
oNTkflxgQJhk/txwqvCSzZsVddhvQLZtiRZYQcG4WUuskygCENeieJGPOXN6ioI=
=LY4X
-END PGP SIGNATURE-
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev


--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev





---
WebMail, polarhome.com

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 1 published

[Zoltan Arpadffy]

Hi,

I am sorry, but because of the relocation of the header files the 1.1.0 does
not build on OpenVMS.
Please, allow some time to fix the OpenVMS build scripts.

Thank you.
Regards,
Z 

-Original Message-
From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of
OpenSSL
Sent: den 10 december 2015 16:02
To: OpenSSL Developer ML; OpenSSL User Support ML; OpenSSL Announce ML
Subject: [openssl-dev] OpenSSL version 1.1.0 pre release 1 published

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


   OpenSSL version 1.1.0 pre release 1 (alpha)
   ===

   OpenSSL - The Open Source toolkit for SSL/TLS
   http://www.openssl.org/

   OpenSSL 1.1.0 is currently in alpha. OpenSSL 1.1.0 pre release 1 has now
   been made available. For details of changes and known issues see the
   release notes at:

http://www.openssl.org/news/openssl-1.1.0-notes.html

   Note: This OpenSSL pre-release has been provided for testing ONLY.
   It should NOT be used for security critical purposes.

   The alpha release is available for download via HTTP and FTP from the
   following master locations (you can find the various FTP mirrors under
   http://www.openssl.org/source/mirror.html):

 * http://www.openssl.org/source/
 * ftp://ftp.openssl.org/source/

   The distribution file name is:

o openssl-1.1.0-pre1.tar.gz
  Size: 4990889
  SHA1 checksum: a058b999e17e0c40988bd7b9b280c9876f62684e
  SHA256 checksum:
79da49c38464a19d1b328c2f4a3661849bd2eb3d54a37fdb6a56d9b8a18e87bd

   The checksums were calculated using the following commands:

openssl sha1 openssl-1.1.0-pre1.tar.gz
openssl sha256 openssl-1.1.0-pre1.tar.gz

   Please download and check this alpha release as soon as possible. Bug
reports
   should go to r...@openssl.org. Please check the release notes
   and mailing lists to avoid duplicate reports of known issues.

   Yours,

   The OpenSSL Project Team.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEcBAEBAgAGBQJWaYrRAAoJENnE0m0OYESRh5gIAJ8WrkPPV8CW2xWmtyIjAxpz
7FvvpxBWHaBgJcCrvNomh2JJupXa+enWCTsskIyH0+FtS85VeOKNvQg68xbCOvLl
I0dWxMNb8SCxuagvEje8xGEnf8by8pZdYaK8ERASlNoGVIgN8CwppiKnY8c1yRYn
Ti0dUZLyVZvT5Qm2Q3k4pOvfS/+rvFjHiuUllFzfHlp6mdk4573w5eneoTINQvRK
OC8iAnSiINQWQvuiavLVIgw7VFBD1WC2iKWuSA3+31YuM8CUpvbbnJHh2QUfGkIw
oNTkflxgQJhk/txwqvCSzZsVddhvQLZtiRZYQcG4WUuskygCENeieJGPOXN6ioI=
=LY4X
-END PGP SIGNATURE-
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Getting Access Violation while testing "test sslv3 with client authentication"

[Zoltan Arpadffy]

Hi,

I am sorry for the late reply, but I was very busy nowadays with other issues.

Were there any errors during the build?

On polarhome's IA64 (running as SYSTEM user) is not possible to
reproduce the error:

SYSTEM@ia64$ <.test>tests.com test_ssl
%DCL-W-NOCOMD, no command on line - reenter with alphabetic first character
SYSTEM@ia64$ @<.test>tests.com test_ssl
@@@ TESTS.COM
---> TEST_SSL
test SSL protocol
%SEARCH-I-NOMATCHES, no strings matched
test sslv2
Available compression methods:
  NONE
SSLv2, cipher SSLv2 IDEA-CBC-MD5, 2048 bit RSA
1 handshakes of 256 bytes done
test sslv2 with server authentication
Available compression methods:
  NONE
server authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
SSLv2, cipher SSLv2 IDEA-CBC-MD5, 2048 bit RSA
1 handshakes of 256 bytes done
test sslv2 with client authentication
Available compression methods:
  NONE
client authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
SSLv2, cipher SSLv2 IDEA-CBC-MD5, 2048 bit RSA
1 handshakes of 256 bytes done
test sslv2 with both client and server authentication
Available compression methods:
  NONE
client authentication
server authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
SSLv2, cipher SSLv2 IDEA-CBC-MD5, 2048 bit RSA
1 handshakes of 256 bytes done
test sslv3
Available compression methods:
  NONE
SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
1 handshakes of 256 bytes done
test sslv3 with server authentication
Available compression methods:
  NONE
server authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
1 handshakes of 256 bytes done
test sslv3 with client authentication
Available compression methods:
  NONE
client authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
1 handshakes of 256 bytes done
test sslv3 with both client and server authentication
Available compression methods:
  NONE
client authentication
server authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
1 handshakes of 256 bytes done
test sslv2/sslv3
Available compression methods:
  NONE
TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
1 handshakes of 256 bytes done
test sslv2/sslv3 with server authentication
Available compression methods:
  NONE
server authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
1 handshakes of 256 bytes done
test sslv2/sslv3 with client authentication
Available compression methods:
  NONE
client authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
1 handshakes of 256 bytes done
test sslv2/sslv3 with both client and server authentication
Available compression methods:
  NONE
client authentication
server authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
1 handshakes of 256 bytes done
test sslv2 via BIO pair
Available compression methods:
  NONE
SSLv2, cipher SSLv2 IDEA-CBC-MD5, 2048 bit RSA
1 handshakes of 256 bytes done
test sslv2 with server authentication via BIO pair
Available compression methods:
  NONE
server authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
SSLv2, cipher SSLv2 IDEA-CBC-MD5, 2048 bit RSA
1 handshakes of 256 bytes done
test sslv2 with client authentication via BIO pair
Available compression methods:
  NONE
client authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
SSLv2, cipher SSLv2 IDEA-CBC-MD5, 2048 bit RSA
1 handshakes of 256 bytes done
test sslv2 with both client and server authentication via BIO pair
Available compression methods:
  NONE
client authentication
server authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
SSLv2, cipher SSLv2 IDEA-CBC-MD5, 2

[openssl-dev] [PATCH] install issue on OpenVMS in 1.0.0 branch

[Zoltan Arpadffy]

Hi,

during installation of 1.0.0 branch on OpenVMS the following error appears.

%COPY-E-OPENIN, error opening
IA64$DKA0:[WORK.OPENSSL-100-STABLE-SNAP-20150109.CRYPTO.SRP]SRP.H; as input
-RMS-E-DNF, directory not found
-SYSTEM-W-NOSUCHFILE, no such file

The solution is to apply the following patch.


 
SYSTEM@ia64$ mc DKA0:[UTIL]gdiff.exe -p [.crypto]install-crypto.com;1
[.crypto]install-crypto.com;4
*** [.crypto]install-crypto.com;1Wed Oct 15 11:00:38 2014
--- [.crypto]install-crypto.com;4Mon Jan 12 11:24:39 2015
*** $ sdirs := , -
*** 81,87 
 buffer, bio, stack, lhash, rand, err, -
 evp, asn1, pem, x509, x509v3, conf, txt_db, pkcs7, pkcs12, comp, ocsp,
-
 ui, krb5, -
!cms, pqueue, ts, jpake, srp, store, cmac
  $!
  $ exheader_ := crypto.h, opensslv.h, ebcdic.h, symhacks.h, ossl_typ.h
  $ exheader_'archd' := opensslconf.h
--- 81,87 
 buffer, bio, stack, lhash, rand, err, -
 evp, asn1, pem, x509, x509v3, conf, txt_db, pkcs7, pkcs12, comp, ocsp,
-
 ui, krb5, -
!cms, pqueue, ts, jpake, store
  $!
  $ exheader_ := crypto.h, opensslv.h, ebcdic.h, symhacks.h, ossl_typ.h
  $ exheader_'archd' := opensslconf.h
*** $ exheader_cms := cms.h
*** 139,147 
  $ exheader_pqueue := pqueue.h
  $ exheader_ts := ts.h
  $ exheader_jpake := jpake.h
- $ exheader_srp := srp.h
  $ exheader_store := store.h
- $ exheader_cmac := cmac.h
  $ libs := ssl_libcrypto
  $!
  $ exe_dir := [-.'archd'.exe.crypto]
--- 139,145 

Thank you.

Regards,
Z

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3653] [PATCH] 1.0.1k CFLAGS issue on OpenVMS

[Zoltan Arpadffy via RT]

Hi,
 
Unfortunately, the Matt's latest fix around CFLAGS define ( for making the
build work on Windows) does not help on OpenVMS.
The following path is needed.
SYSTEM@ia64$ mc DKA0:[UTIL]gdiff.exe -p []makevms.com;1 []makevms.com;2
*** []makevms.com;1 Wed Jan  7 16:00:30 2015
--- []makevms.com;2 Fri Jan  9 19:41:20 2015
*** $   if (CFLAGS .nes. "") then CFLAGS = C
*** 646,652 
  $   CFLAGS = CFLAGS+ "/DEFINE=ZLIB"
  $ endif
  $!
! $ WRITE H_FILE "#define CFLAGS"
  $ WRITE H_FILE "static const char cflags[] = ""compiler: ''CFLAGS'"";"
  $ WRITE H_FILE "#define PLATFORM ""platform: VMS ''ARCHD'
''VMS_VERSION'"""
  $ WRITE H_FILE "#define DATE ""built on: ''TIME'"" "
--- 646,652 
  $   CFLAGS = CFLAGS+ "/DEFINE=ZLIB"
  $ endif
  $!
! $ WRITE H_FILE "#define CFLAGS cflags"
  $ WRITE H_FILE "static const char cflags[] = ""compiler: ''CFLAGS'"";"
  $ WRITE H_FILE "#define PLATFORM ""platform: VMS ''ARCHD'
''VMS_VERSION'"""
  $ WRITE H_FILE "#define DATE ""built on: ''TIME'"" "
 
Please note, the 1.0.0 branch works fine.
 
Regards,
Z 

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [PATCH] 1.0.1k CFLAGS issue on OpenVMS

[Zoltan Arpadffy]

Hi,

 

Unfortunately, Matt's latest fix around CFLAGS define ( for making the build
work on Windows) does not help on OpenVMS.

The following additional patch is needed.

 

SYSTEM@ia64$ mc DKA0:[UTIL]gdiff.exe -p []makevms.com;1 []makevms.com;2

*** []makevms.com;1 Wed Jan  7 16:00:30 2015

--- []makevms.com;2 Fri Jan  9 19:41:20 2015

*** $   if (CFLAGS .nes. "") then CFLAGS = C

*** 646,652 

  $   CFLAGS = CFLAGS+ "/DEFINE=ZLIB"

  $ endif

  $!

! $ WRITE H_FILE "#define CFLAGS"

  $ WRITE H_FILE "static const char cflags[] = ""compiler: ''CFLAGS'"";"

  $ WRITE H_FILE "#define PLATFORM ""platform: VMS ''ARCHD'
''VMS_VERSION'"""

  $ WRITE H_FILE "#define DATE ""built on: ''TIME'"" "

--- 646,652 

  $   CFLAGS = CFLAGS+ "/DEFINE=ZLIB"

  $ endif

  $!

! $ WRITE H_FILE "#define CFLAGS cflags"

  $ WRITE H_FILE "static const char cflags[] = ""compiler: ''CFLAGS'"";"

  $ WRITE H_FILE "#define PLATFORM ""platform: VMS ''ARCHD'
''VMS_VERSION'"""

  $ WRITE H_FILE "#define DATE ""built on: ''TIME'"" "

 

Please note, the 1.0.0 branch works fine.

 

Regards,

Z 

___
openssl-dev mailing list
openssl-dev@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-dev

RE: VMS building rework

[Zoltan Arpadffy]

Hi Richard,

I absolutely welcome the idea, that the build needs to be improved on
OpenVMS.
You have my full support and I'll help as much I can appreciate time-wise.

Currently, I am struggling to include OpenVMS architectures into a jenkins
farm that would at least warn for anomalies as soon they appear.

Thank you for the positive initiative.

Regards,
Z 

-Original Message-
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org]
On Behalf Of Richard Levitte
Sent: den 14 augusti 2014 18:43
To: openssl-dev@openssl.org
Cc: s...@antinode.info; arpad...@polarhome.com
Subject: VMS building rework

Hey,

I've been thinking for the longest time that the VMS building system for VMS
needs to be remade from the ground up.  Time hasn't been with me, and I've
taken a fairly long pause, and I gave up VMS for a while, and...  I've got
plenty of less valid excuses that I'll keep for myself.

Time to take the bull by the horns, though.

Now that VMS seems to get a revival (if you haven't heard the news?
have a look here: http://vmssoftware.com/ ...) instead of certain death, it
might be time to update ourselves as well.

The current build system is based on the assumption that you have a the base
VMS installation with only a C compiler added.  No MMS, no MMK, no Perl, no
nothing.  The world doesn't look that way and hasn't for a long time, time
to catch up.

I've a fork of OpenSSL on github specifically for this, here:
https://github.com/levitte/openssl

Please join me, let's talk about what's needed, what tools we can expect
people to have available (more than just the basic operating system and a C
compiler), and what we can do, and make the needed changes.  Feel free to
fork my github repo, make changes and propose them.

(I've cc'd Steven M. Schweda and Zoltan Arpadffy, as they have been fairly
vocal as well as deservingly critical, and thereby hopefully interested, but
others are free to join as well)

Cheers,
Richard

-- 
Richard Levitte rich...@levitte.org
http://richard.levitte.org/

"Life is a tremendous celebration - and I'm invited!"
-- from a friend's blog, translated from Swedish
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: Netware support?

[Zoltan Arpadffy]

Hi,

I was working a lot with Netware some 10-15 years ago.
I wonder if you have some recent install media with ev. licence to  
donate to polarhome.com


I am building up a jenkins farm with polarhome servers that would  
build OpenSSL, Vim and other opensource projects and follow up CI.


That would help keep Netware among other systems on the edge of the  
OpenSSL support (like AIX, IRIX, OpenVMS etc)


Thank you.

Regards,
Z


Quoting Guenter :


Hi Rich,
On 13.08.2014 22:59, Salz, Rich wrote:

Is anyone willing to step up and maintain the Netware port?

If not, then we will probably remove it after the next release.
please dont do that! I maintained it in the past (and try to do in  
future as my time permits), and currently it still builds (except  
for asm support were ich had no time yet to fix this, but its only a  
build issue); we use OpenSSL with curl, Apache httpd, SVN and Perl.


greets, Gün.


__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org





---
WebMail, polarhome.com
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

RE: [openssl.org #3436] Platform strategy

[Zoltan Arpadffy]

You are most welcome.
This is the main purpose of polarhome.

I have been working few days with that setup and I see already that it  
will not be as smooth as somebody would guess, because java, git etc  
are not available, or supported on every system.


I have sent a preview to Tim, but when the builds will be established  
I'll make the link publicly available.


Regards,
Z


Quoting "Salz, Rich" :

...but can not let the less popular platforms decline, therefore I  
decided to

set up Jenkins builds on polarhome.com's 30+ rare operating systems and


Wow, that is really great.  Thank you!

As Ben said, we haven't decided on *anything* yet.

/r$

--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rs...@jabber.me; Twitter: RichSalz

:��I"Ϯ��r�m
(Z+�7�zZ)���1���x��hW^��^��%&jם.+-1�ځ��j:+v���h�




---
WebMail, polarhome.com
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: [openssl.org #3436] Platform strategy

[Zoltan Arpadffy]

Hi,

I absolutely agree, that other less popular platforms need support.

Unfortunately, reading the conversation in the last few days, I got a  
feeling that the OpenSSL core development is not willing to support  
those platforms in the main line, but will come up with a separate  
branch or other merging strategy keeping the core code clean.


Whatever this solution will be - I silently accept this decision -  
moreover understand the reasoning behind too.
...but can not let the less popular platforms decline, therefore I  
decided to set up Jenkins builds on polarhome.com's 30+ rare operating  
systems and run daily builds and tests feeding the core team with  
propper test data and eventually bugs from those environments right  
after a change occured in the main code.


This CI approach will improve the code quality generaly and reduce the  
gap between the less supported platforms code and the main code.


polarhome has AIX, HP-UX, OpenVMS, QNX Ultrix, IRIX and many other  
platforms and architectures that would be of interest.


The service will be soon publicly available.

Regards,
Z


Quoting hmbrand via RT :


In the new roadmap I read on platform strategy:
--8<---
Platform Strategy

Moving forward OpenSSL will adopt the following policy:

• There will be a defined set of primary platforms. The primary
platforms will be Linux and FreeBSD. A primary platform is one where
most development occurs.

• In addition there will be a list of secondary platforms which are
supported by the development team.

• Platform specific code will be moved out of the main codebase
(removing overuse of "ifdef").

• Legacy platforms that are unlikely to have wide deployment will be
removed from the code.

• Non-supported platforms requiring regular maintenance activities will
eventually be removed from the code after first seeking community owners
to support the platforms in platform specific repositories.

Necessary criteria for a platform to be included in the secondary
platform list includes:

• Currency, i.e. a platform is widely deployed and in current use

• Vendor support

• Available to the dev team, i.e. the dev team have access to a suitable
environment in which to test builds and deal with tickets and issues

• Dev team ownership, i.e. at least one person on the team is willing to
take some responsibility for a platform

In addition the secondary list will be as small as possible so as not to
spread the development team too thinly.

The secondary platforms are still to be defined but will be based on the
above criteria. For each primary/secondary platform, we should have, at
least, a continuous integration box and a dev machine we can access for
test/debug. We will seek support from the platform vendors or the
community to provide access to these platforms. The secondary platform
list will change over time, but an initial list will be produced within
three months.

The Platform Strategy will be phased in over a period of time based on
how quickly we can refactor the code.
-->8---

I think it is highly thinkable that the dev-team does not have access to
proprietary OS's like HP-UX or AIX. Personally I give a shit about AIX,
but I value HP-UX a lot and I might be the only one left still releasing
software-depots (what HP uses for binary distributions) for a lot of
OpenSource products for HP-UX back to 10.20, long dead and gone
according to HP itself.

Looking at the download-statistics, it is still used quite a lot
worldwide. Who am I to judge that. I just have access to development
boxes for HP-UX 10.20, 11.00, 11.11 (11iv1), 11.23 (11iv2 PA2), 11.23
(11iv2 ia64) and 11.31 (11iv3 ia64 and as I have a warm heart for
OpenSourse, with perl5 especially, I will try to continue to release
modern recent packages of heavily used OpenSource software for thes
OS's. OpenSSL is one of those (you can check that on
http://mirrors.develooper.com/hpux/ )

If you remove native code to support the OS versions the developers have
no access to or do not care about, you will make it harder for the
volunteers like me to post OpenSSL to those systems. We do this in our
free time, as the "big" vendors do not support the OS releases they have
declared end-of-life.

This ticket is a plea to keep the code related to HP-UX in place or at
least easily available: That might include *not* using libtool, as that
was once created to make linking on other systems than Linux easier, but
it only complicated things for those OSs and sometimes causes 100% fail
(AIX).

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org





---
WebMail, polarhome.com
__
OpenSSL Project http://www.openssl.org
Development Mailing List   

Very old release, unsupported platform

[Zoltan Arpadffy]

Hi,

I see that Rich is doing a fantastic job by cleaning up the backlog... 
I absolutely agree that very old releases cannot be supported, but what about 
the platforms?

I thought until now, that as long there are developers who are willing to 
develop for a certain platform and there is some community interest in using 
that - the platform will be supported as odd might it be in the Windows and 
Linux dominated World. 
  
I just started to wonder, will soon come the time when my patches will be also 
refused with the "unsupported platform" comment? 

Thank you.

Regards,
Z

-Original Message-
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On 
Behalf Of Rich Salz via RT
Sent: den 30 juni 2014 23:43
To: pwal...@au1.ibm.com
Cc: openssl-dev@openssl.org
Subject: [openssl.org #1610] OS400 patches

Very old release, unsupported platform. Closing ticket. G'day, mate.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

RE: MAYLOSEDATA3 in VMS build

[Zoltan Arpadffy]

Hi Richard,

> It seems that duplicating the check on the existence of MAYLOSEDATA3 in
the other building .com files would be the way to go.

I totally agree. 
I would even suggest to merge back the changes to the 1.0.1 and even to the
1.0.0 branch too.

Thanks,
Z


__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: MAYLOSEDATA3 in VMS build [was: OpenSSL version 1.0.1g v. VMS]

[Zoltan Arpadffy]

Hi Richard,

I could not find much more information about either, but on IA64  
platform HP C V7.3-020 on OpenVMS IA64 V8.4 produces such warnings.


Please check the following logs  
http://www.polarhome.com/openssl/BUILD100.LOG for 1.0.0m


Please, advice how to solve this issue.

Thank you,
Z

Quoting Richard Levitte :


I just stumbled on problems with MAYLOSEDATA3 while looking at other
stuff...  and I wonder, what exactly is it?  Sorry, I've been out of
it for quite a while, and I haven't dug through all talks there may
have been, so I may be missing something.

Thing is, looking at the docs for the latest compiler (v7.3), there is
no such warning message. There is MAYLOSEDATA and MAYLOSEDATA2, but no
MAYLOSEDATA3.  Is this a misunderstanding, a typo, or is there a
secret newer HP CC that I don't know about?

http://h71000.www7.hp.com/commercial/c/docs/decc_alpha_help_4.html#Ref504

In message <002401cf52e5$5791b8f0$06b52ad0$@com> on Tue, 8 Apr 2014  
06:45:18 +0200, "Zoltan Arpadffy"  said:


zoli> Right approach Steven.
zoli>
zoli> Mea culpa :(
zoli> I am terribly sorry proposing ignorance of MAYLOSEDATA3 while  
not testing on

zoli> older compilers.
zoli>
zoli> Thank you.
zoli> Regards,
zoli> Z
zoli>
zoli> -Original Message-
zoli> From: owner-openssl-...@openssl.org  
[mailto:owner-openssl-...@openssl.org]

zoli> On Behalf Of Steven M. Schweda
zoli> Sent: den 8 april 2014 05:12
zoli> To: openssl-dev@openssl.org
zoli> Subject: Re: OpenSSL version 1.0.1g v. VMS
zoli>
zoli> From: "Dr. Stephen Henson" 
zoli>
zoli> > Patch applied. Let me know of any problems.
zoli>
zoli>Thanks.  Sadly, I forgot one refinement, which would keep  
the warning
zoli> from the test out of the log.  If I could talk you into  
smoothing over that

zoli> blunder, then I'd be able to rest easy (for a while).
zoli>
zoli> --- ssl/ssl-lib.com;-1 2014-04-07 15:18:26 -0500
zoli> +++ ssl/ssl-lib.com2014-04-07 18:26:49 -0500
zoli> @@ -1024,6 +1024,8 @@
zoli>  $   THEN
zoli>  $!Not all compiler versions support MAYLOSEDATA3.
zoli>  $ OPT_TEST = "MAYLOSEDATA3"
zoli> +$ DEFINE /USER_MODE SYS$ERROR NL:
zoli> +$ DEFINE /USER_MODE SYS$OUTPUT NL:
zoli>  $ 'CC' /NOCROSS_REFERENCE /NOLIST /NOOBJECT -
zoli> /WARNINGS = DISABLE = ('OPT_TEST', EMPTYFILE) NL:
zoli>  $ IF ($SEVERITY)
zoli>
zoli>Sorry about the extra bother.
zoli>
zoli>
zoli>For the record (no action required (or even requested)), the only
zoli> remaining compiler warnings were:
zoli>
zoli> if (timeleft.tv_sec < 0) ^
zoli> %CC-I-QUESTCOMPARE, In this statement, the unsigned expression
zoli> "timeleft.tv_sec" is being compared with a relational operator to a
zoli> constant whose value is not greater than zero.  This might not  
be what  you

zoli> intended.
zoli> at line number 310 in file
zoli>  
ALP$DKC100:[UTILITY.SOURCE.OPENSSL.openssl-1_0_1g.crypto.bio]bss_dgram.c;1

zoli>
zoli>Around here, time_t tends to be unsigned.
zoli>
zoli>
zoli> if (*outlen <= 0)
zoli> ^
zoli> %CC-I-QUESTCOMPARE, In this statement, the unsigned expression  
"*outlen"
zoli> is being compared with a relational operator to a constant  
whose value is

zoli> not greater than zero.  This might not be what you intended.
zoli> at line number 180 in file
zoli>  
ALP$DKC100:[UTILITY.SOURCE.OPENSSL.openssl-1_0_1g.engines.ccgost]gost94_keyx

zoli> .c;1
zoli>
zoli>Around here, size_t tends to be unsigned.
zoli>
zoli>
zoli> if (size <= 0 || ((len = data[0])) !=  
(size -1))
zoli> ^ %CC-I-QUESTCOMPARE, In this  
statement, the
zoli> unsigned expression "size" is  being compared with a  
relational operator to
zoli> a constant whose value is  not greater than zero.  This might  
not be what

zoli> you intended.
zoli> at line number 1128 in file
zoli> ALP$DKC100:[UTILITY.SOURCE.OPENSSL.openssl-1_0_1g.ssl]t1_lib.c;1
zoli>
zoli>Here, "size" seems to be declared as unsigned:
zoli> unsigned short size;
zoli> making the "< 0" part of that test pointless everywhere.
zoli>
zoli>These are all Informational ("-I-") complaints, so they cause less
zoli> trouble than a real warning ("-W-").





---
WebMail, polarhome.com

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

[PATCH] 1.0.1h does not build nor test HEARBEAT bug on OpenVMS

[Zoltan Arpadffy]

Hi,

after some testing the new release I realized that 1.0.1h does not build nor 
run HEARBEAT bug unit test on OpenVMS.
The following patch corrects the problem.

Thanks,
Z


-

SYSTEM@ia64$ mc DKA0:[UTIL]gdiff.exe -p 
DKA0:[WORK.openssl-101h.test]maketests.com;1 
DKA0:[WORK.openssl-101h.test]maketests.com;2
*** dka0:[work.openssl-101h.test]maketests.com;1Thu Jun  5 10:44:33 2014
--- dka0:[work.openssl-101h.test]maketests.com;2Fri Jun  6 21:23:03 2014
*** $!   A-Com Computing, Inc.
*** 6,11 
--- 6,12 
  $!   b...@mail.all-net.net
  $!
  $!  Changes by Richard Levitte 
+ $! Zoltan Arpadffy 
  $!
  $!  This command files compiles and creates all the various different
  $!  "test" programs for the different types of encryption for OpenSSL.
*** $ TEST_FILES = "BNTEST,ECTEST,ECDSATEST,
*** 147,153 
   "RANDTEST,DHTEST,ENGINETEST,"+ -
   "BFTEST,CASTTEST,SSLTEST,EXPTEST,DSATEST,RSA_TEST,"+ -
   "EVP_TEST,IGETEST,JPAKETEST,SRPTEST,"+ -
!  "ASN1TEST"
  $! Should we add MTTEST,PQ_TEST,LH_TEST,DIVTEST,TABTEST as well?
  $!
  $! Additional directory information.
--- 148,154 
   "RANDTEST,DHTEST,ENGINETEST,"+ -
   "BFTEST,CASTTEST,SSLTEST,EXPTEST,DSATEST,RSA_TEST,"+ -
   "EVP_TEST,IGETEST,JPAKETEST,SRPTEST,"+ -
!  "ASN1TEST,HEARTBEAT_TEST"
  $! Should we add MTTEST,PQ_TEST,LH_TEST,DIVTEST,TABTEST as well?
  $!
  $! Additional directory information.
*** $ T_D_IGETEST:= [-.test]
*** 185,190 
--- 186,192 
  $ T_D_JPAKETEST  := [-.crypto.jpake]
  $ T_D_SRPTEST:= [-.crypto.srp]
  $ T_D_ASN1TEST   := [-.test]
+ $ T_D_HEARTBEAT_TEST := [-.test]
  $!
  $ TCPIP_PROGRAMS = ",,"
  $ IF COMPILER .EQS. "VAXC" THEN -
SYSTEM@ia64$ mc DKA0:[UTIL]gdiff.exe -p 
DKA0:[WORK.openssl-101h.test]tests.com;1 
DKA0:[WORK.openssl-101h.test]tests.com;4
*** dka0:[work.openssl-101h.test]tests.com;1Thu Jun  5 10:44:33 2014
--- dka0:[work.openssl-101h.test]tests.com;4Fri Jun  6 22:07:23 2014
*** $   tests := -
*** 56,62 
test_enc,test_x509,test_rsa,test_crl,test_sid,-
test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,-
test_ss,test_ca,test_engine,test_evp,test_ssl,test_tsa,test_ige,-
!   test_jpake,test_srp,test_cms
  $ endif
  $ tests = f$edit(tests,"COLLAPSE")
  $
--- 56,62 
test_enc,test_x509,test_rsa,test_crl,test_sid,-
test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,-
test_ss,test_ca,test_engine,test_evp,test_ssl,test_tsa,test_ige,-
!   test_jpake,test_srp,test_heartbeat,test_cms
  $ endif
  $ tests = f$edit(tests,"COLLAPSE")
  $
*** $   IGETEST :=  igetest
*** 95,100 
--- 95,101 
  $ JPAKETEST :=jpaketest
  $ SRPTEST :=  srptest
  $ ASN1TEST := asn1test
+ $   HEARTBEATTEST := heartbeat_test
  $!
  $ tests_i = 0
  $ loop_tests:
*** $ test_srp:
*** 366,371 
--- 367,376 
  $ write sys$output "Test SRP"
  $ mcr 'texe_dir''srptest'
  $ return
+ $ test_heartbeat:
+ $   write sys$output "Test HEARTBEAT"
+ $   mcr 'texe_dir''heartbeattest'
+ $   return
  $
  $
  $ exit:

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

RE: 1.0.0m problem on OpenVMS Alpha

[Zoltan Arpadffy]

Thank you.
This fixed the problem.

Regards,
Z

-Original Message-
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On 
Behalf Of Matt Caswell
Sent: den 6 juni 2014 15:54
To: openssl-dev@openssl.org
Subject: Re: 1.0.0m problem on OpenVMS Alpha

On 6 June 2014 14:42, Zoltan Arpadffy  wrote:
> Hi,
>
> the 1.0.0m fails to build on OpenVMS Alpha architecture.
>
>
> OPENSSL_assert(s->s3->wnum < INT_MAX); ^ 
> %CC-E-UNDECLARED, In this statement, "INT_MAX" is not declared.
> at line number 586 in file DKA300:[WORK.OPENSSL-100M.SSL]S3_PKT.C;1
>
> On IA64 and VAX it builds well.
>
> I'll return with the patch later today.

Hi Zoltan

This has already been fixed in git. Fix here:
https://github.com/openssl/openssl/commit/ccb0398da678b76445f7ff8350c6d5db14e6f7dd

Thanks

Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

1.0.0m problem on OpenVMS Alpha

[Zoltan Arpadffy]

Hi,

the 1.0.0m fails to build on OpenVMS Alpha architecture.


OPENSSL_assert(s->s3->wnum < INT_MAX);
^
%CC-E-UNDECLARED, In this statement, "INT_MAX" is not declared.
at line number 586 in file DKA300:[WORK.OPENSSL-100M.SSL]S3_PKT.C;1

On IA64 and VAX it builds well.

I'll return with the patch later today.

Regards,
Z

---
WebMail, polarhome.com

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: Start Contributing

[Zoltan Arpadffy]

Hi,

another area where OpenSSL needs competent contibution is testing.

Build OpenSSL on as many different platforms, architectures using as  
many different compilers as possible and turn off/on different  
swithes, features and test if it works.
In the beginning the UC tests would be enough, but adding and  
improving UC tests would be desirable too.


Let me know if you want to contibute and need access to some resources.

Regards,
Z

Quoting Matt Caswell :


On 23 April 2014 18:17, Daniel Hamacher  wrote:

Any suggestions on how to contribute. Are there specific requirements I need
to have?


Hi Daniel/Fedor/Paul

I am actively seeking people to help out on the OpenSSL Wiki.
Documentation is an area where OpenSSL has frequently been criticized
in the past and is an area where we can do something about it NOW.

To request an account, just drop an email to
wiki-ad...@opensslfoundation.com, and say what username you would
like.

As well as standard wiki content it is also possible to submit man
page fixes through the wiki (periodically I will bundle all submitted
changes up and submit them as a patch).

If coding is more your thing then I would suggest that you submit
patches through the normal route while the dev team go through their
reorg. I know that in the past these have not always been acted on,
but I for one am confident, following the recent announcements from
Steve M and Steve H, that things are going to change on that front.

Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org





---
WebMail, polarhome.com

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

RE: OpenSSL version 1.0.1g v. VMS

[Zoltan Arpadffy]

Right approach Steven.

Mea culpa :(
I am terribly sorry proposing ignorance of MAYLOSEDATA3 while not testing on
older compilers.

Thank you.
Regards,
Z  

-Original Message-
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org]
On Behalf Of Steven M. Schweda
Sent: den 8 april 2014 05:12
To: openssl-dev@openssl.org
Subject: Re: OpenSSL version 1.0.1g v. VMS

From: "Dr. Stephen Henson" 

> Patch applied. Let me know of any problems.

   Thanks.  Sadly, I forgot one refinement, which would keep the warning
from the test out of the log.  If I could talk you into smoothing over that
blunder, then I'd be able to rest easy (for a while).

--- ssl/ssl-lib.com;-1  2014-04-07 15:18:26 -0500
+++ ssl/ssl-lib.com 2014-04-07 18:26:49 -0500
@@ -1024,6 +1024,8 @@
 $   THEN
 $!Not all compiler versions support MAYLOSEDATA3.
 $ OPT_TEST = "MAYLOSEDATA3"
+$ DEFINE /USER_MODE SYS$ERROR NL:
+$ DEFINE /USER_MODE SYS$OUTPUT NL:
 $ 'CC' /NOCROSS_REFERENCE /NOLIST /NOOBJECT -
/WARNINGS = DISABLE = ('OPT_TEST', EMPTYFILE) NL:
 $ IF ($SEVERITY)

   Sorry about the extra bother.


   For the record (no action required (or even requested)), the only
remaining compiler warnings were:

if (timeleft.tv_sec < 0) ^
%CC-I-QUESTCOMPARE, In this statement, the unsigned expression
"timeleft.tv_sec" is being compared with a relational operator to a
constant whose value is not greater than zero.  This might not be what  you
intended.
at line number 310 in file
ALP$DKC100:[UTILITY.SOURCE.OPENSSL.openssl-1_0_1g.crypto.bio]bss_dgram.c;1

   Around here, time_t tends to be unsigned.


if (*outlen <= 0)
^
%CC-I-QUESTCOMPARE, In this statement, the unsigned expression "*outlen"
is being compared with a relational operator to a constant whose value is
not greater than zero.  This might not be what you intended.
at line number 180 in file
ALP$DKC100:[UTILITY.SOURCE.OPENSSL.openssl-1_0_1g.engines.ccgost]gost94_keyx
.c;1

   Around here, size_t tends to be unsigned.


if (size <= 0 || ((len = data[0])) != (size -1))
^ %CC-I-QUESTCOMPARE, In this statement, the
unsigned expression "size" is  being compared with a relational operator to
a constant whose value is  not greater than zero.  This might not be what
you intended.
at line number 1128 in file
ALP$DKC100:[UTILITY.SOURCE.OPENSSL.openssl-1_0_1g.ssl]t1_lib.c;1

   Here, "size" seems to be declared as unsigned:
unsigned short size;
making the "< 0" part of that test pointless everywhere.

   These are all Informational ("-I-") complaints, so they cause less
trouble than a real warning ("-W-").



   Steven M. Schweda   sms@antinode-info
   382 South Warwick Street(+1) 651-699-9818
   Saint Paul  MN  55105-2547
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

[PATCH] 1.0.2-beta2-dev fails to build on VMS

[Zoltan Arpadffy]

Hello,

I have tested today OPENSSL-1.0.2-STABLE-SNAP-20140402 and find out  
that it fails to build on OpenVMS.


The following patch is needed to make it work.


SYSTEM@ia64$ mc DKA0:[UTIL]gdiff -p [.crypto]crypto-lib.com;1   
[.crypto]crypto-lib.com;2

*** [.crypto]crypto-lib.com;1   Tue Feb 25 17:00:06 2014
--- [.crypto]crypto-lib.com;2   Wed Apr  2 19:41:45 2014
*** $ LIB_EVP_2 = "m_null,m_md2,m_md4,m_md5,
*** 292,298 
"bio_md,bio_b64,bio_enc,evp_err,e_null,"+ -
"c_all,c_allc,c_alld,evp_lib,bio_ok,"+-
"evp_pkey,evp_pbe,p5_crpt,p5_crpt2"
! $ LIB_EVP_3 = "e_old,pmeth_lib,pmeth_fn,pmeth_gn,m_sigver,evp_fips,"+ -
"e_aes_cbc_hmac_sha1,e_aes_cbc_hmac_sha256,e_rc4_hmac_md5"
  $ LIB_ASN1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ -
"a_print,a_type,a_set,a_dup,a_d2i_fp,a_i2d_fp,"+ -
--- 292,298 
"bio_md,bio_b64,bio_enc,evp_err,e_null,"+ -
"c_all,c_allc,c_alld,evp_lib,bio_ok,"+-
"evp_pkey,evp_pbe,p5_crpt,p5_crpt2"
! $ LIB_EVP_3 = "e_old,pmeth_lib,pmeth_fn,pmeth_gn,m_sigver,"+ -
"e_aes_cbc_hmac_sha1,e_aes_cbc_hmac_sha256,e_rc4_hmac_md5"
  $ LIB_ASN1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ -
"a_print,a_type,a_set,a_dup,a_d2i_fp,a_i2d_fp,"+ -

Please, commit this change before the 1.0.2 is released.

Thank you.

Regards,
Z

---
WebMail, polarhome.com

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: OpenSSL version 1.0.2 beta 1 released on AIX, IRIX, Solaris/SPARC

[Zoltan Arpadffy]

Hello,

Quoting Zoltan Arpadffy :


*Ultrix*

bash-2.05# uname -a
ULTRIX ultrix 4.5 0 VAX
bash-2.05# gcc --version
2.7.2
bash-2.05# what /bin/cc
/bin/cc:
crt0.c  9.1 ULTRIX  4/26/94
cc.c9.1 (ULTRIX)4/27/94
printf.c9.1 (ULTRIX)4/26/94
signal.c9.1 ULTRIX  4/26/94
getenv.c9.1 (ULTRIX)4/26/94
strncmp.c   9.1 (ULTRIX)4/26/94
strcmp.c9.1 (ULTRIX)4/26/94
calloc.c9.1 (ULTRIX)4/26/94
sprintf.c   9.1 (ULTRIX)4/26/94
fprintf.c   9.1 (ULTRIX)4/26/94
_locale.c   9.1 ULTRIX  4/26/94
flsbuf.c9.1 (ULTRIX)4/26/94
getstdiobuf.c   9.1 (ULTRIX)4/26/94
fclose.c9.1 (ULTRIX)4/26/94
data.c  9.1 (ULTRIX)4/26/94
malloc.c9.1 (ULTRIX)4/26/94

ultrix-gcc - it will take a "day" to build... but so far it looks  
nice and promising

...
gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include  -O3  
-DL_ENDIAN   -c  c_all.c
gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include  -O3  
-DL_ENDIAN   -c  c_allc.c
gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include  -O3  
-DL_ENDIAN   -c  c_alld.c


I'll come back with the update.


ultrix-gcc - FAILED

gcc -DMONOLITH -I.. -I../include  -O3 -DL_ENDIAN   -c  openssl.c
rm -f openssl
shlib_target=; if [ -n "" ]; then \
shlib_target=""; \
elif [ -n "" ]; then \
  FIPSLD_CC="gcc"; CC=/usr/local/ssl/fips-2.0/bin/fipsld; export CC  
FIPSLD_CC; \

fi; \
LIBRARIES="-L.. -lssl  -L.. -lcrypto" ; \
gmake -f ../Makefile.shared -e \
	APPNAME=openssl OBJECTS="openssl.o verify.o asn1pars.o req.o dgst.o  
dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o  
crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o  
gendsa.o genpkey.o s_server.o s_client.o speed.o s_time.o apps.o  
s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o  
pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o spkac.o smime.o cms.o  
rand.o engine.o ocsp.o prime.o ts.o srp.o" \

LIBDEPS=" $LIBRARIES " \
link_app.${shlib_target}
gmake[2]: Entering directory  
`/usr/users/0/work/openssl/openssl-1.0.2-stable-SNAP-20140226/apps'
( :; LIBDEPS="${LIBDEPS:--L.. -lssl  -L.. -lcrypto }";  
LDCMD="${LDCMD:-gcc}"; LDFLAGS="${LDFLAGS:--O3 -DL_ENDIAN}";  
LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e  
d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`;  
LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o  
${APPNAME:=openssl} openssl.o verify.o asn1pars.o req.o dgst.o dh.o  
dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o  
rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o  
gendsa.o genpkey.o s_server.o s_client.o speed.o s_time.o apps.o  
s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o  
pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o spkac.o smime.o cms.o  
rand.o engine.o ocsp.o prime.o ts.o srp.o ${LIBDEPS} )

collect2: ld returned 1 exit status
../libcrypto.a(eng_all.o)(.text+0x59): undefined reference to  
`ENGINE_load_gost'

gmake[2]: *** [link_app.] Error 1
gmake[2]: Leaving directory  
`/usr/users/0/work/openssl/openssl-1.0.2-stable-SNAP-20140226/apps'

gmake[1]: *** [openssl] Error 2
gmake[1]: Leaving directory  
`/usr/users/0/work/openssl/openssl-1.0.2-stable-SNAP-20140226/apps'

gmake: *** [build_apps] Error 1

Regards,
Z

---
WebMail, polarhome.com

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: OpenSSL version 1.0.2 beta 1 released on AIX, IRIX, Solaris/SPARC

[Zoltan Arpadffy]

Hello Andy,

you are right - in some cases I forgot to do make clean between two builds.

Now, I did a focused, thorough test based on  
openssl-1.0.2-stable-SNAP-20140226


Here are the results:

*IRIX*
bash-2.05b$ uname -a
IRIX64 irix 6.5 07202013 IP35
bash-2.05b$ gcc --version
gcc (GCC) 3.3

using make fails with all targets

mips4-sgi-irix64 - using gmake - OK
Note: got a warning ld64: WARNING 84: ../libssl.a is not used for  
resolving any symbol.


irix-gcc - using gmake - OK
irix-mips3-gcc - using gmake - OK
irix64-mips4-gcc - using gmake - OK

irix-cc - N/A
irix-mips3-cc - N/A
irix64-mips4-cc - N/A I do not have a licence (if anybody has a  
licence a donation would be warm welcome)



*Solaris/SPARC*

zoli@solaris$ uname -a
SunOS solaris 5.10 Generic_147147-26 sun4u sparc SUNW,Sun-Fire-V210 Solaris
zoli@solaris$ cc -V
cc: Sun C 5.12 SunOS_sparc 2011/11/16
zoli@solaris$ gcc --version
gcc (GCC) 4.8.0

solaris-sparcv9-cc - OK
solaris-sparcv9-gcc - OK
solaris64-sparcv9-cc - OK
solaris64-sparcv9-gcc - OK

*AIX*

# uname -a
AIX aix7 1 7 000ACFDE4C00 powerpc AIX
# gcc --version
gcc (GCC) 4.6.3

aix-gcc - OK
aix64-gcc - OK

I do not have cc on my AIX :(

*Tru64*
bash-2.05$ uname -a
OSF1 tru64.polarhome.com V5.1 2650 alpha alpha
bash-2.05$ cc -V
Compaq C V6.5-011 on HP Tru64 UNIX V5.1B (Rev. 2650)
Compiler Driver V6.5-003 (sys) cc Driver
bash-2.05$ gcc --version
2.9-gnupro-99r1

osf1-alpha-cc - using make FAILED
cc -I. -I.. -I../include  -DDSO_DLFCN -DHAVE_DLFCN_H -std1 -tune host  
-O4 -readonly_strings -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DGHASH_ASM -c  
-o alphacpuid.o alphacpuid.s
ar  r ../libcrypto.a cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o  
cpt_err.o ebcdic.o  uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o  
fips_ers.o alphacpuid.o

ar: Warning: creating ../libcrypto.a
LOCK:  -z ""
 || ar  r ../libcrypto.a fipscanister.o
sh: syntax error at line 1: `||' unexpected
*** Exit 2
Stop.
*** Exit 1
Stop.

osf1-alpha-cc - using gmake - OK
osf1-alpha-gcc - using gmake - FAILED

... in fact it was strange that did not allow the target, but it is  
accepted at the end


bash-2.05$ ./config -t
Operating system: alpha-dec-tru64
Configuring for tru64-alpha-cc
/usr/bin/perl ./Configure tru64-alpha-cc
bash-2.05$ ./config osf1-alpha-gcc
Operating system: alpha-dec-tru64
Configuring for tru64-alpha-cc
target already defined - tru64-alpha-cc (offending arg: osf1-alpha-gcc)
...
gcc -E $preproc > alphacpuid.s && rm $preproc)
gcc -I. -I.. -I../include  -DDSO_DLFCN -DHAVE_DLFCN_H -O3  
-DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DGHASH_ASM -c  -o alphacpuid.o  
alphacpuid.s

as0: Error: , line 0: alphacpuid.s: Successful
gmake[1]: *** [alphacpuid.o] Error 1
gmake[1]: Leaving directory  
`/usr/local/home/z/zoli/openssl-1.0.2-stable-SNAP-20140226/crypto'

gmake: *** [build_crypto] Error 1


*UnixWare*
bash-2.05a# uname -a
UnixWare unixware 5 7.1.4 i386 x86at SCO UNIX_SVR5
bash-2.05a# gcc --version
2.95.2

both unixware-7 and unixware-7-gcc target FAILED

gcc -I.. -I../.. -I../modes -I../asn1 -I../evp  
-I../../include  -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN  
-DHAVE_DLFCN_H -DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer  
-march=pentium -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT  
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM  
-DRMD160_ASM -DAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c sha_dgst.c

UX:as: ERROR: /var/tmp/ccYUTbOr.s:191:unknown instruction: bswapl
UX:as: ERROR: /var/tmp/ccYUTbOr.s:196:unknown instruction: bswapl
UX:as: ERROR: /var/tmp/ccYUTbOr.s:215:unknown instruction: bswapl
UX:as: ERROR: /var/tmp/ccYUTbOr.s:220:unknown instruction: bswapl
UX:as: ERROR: /var/tmp/ccYUTbOr.s:226:unknown instruction: bswapl
UX:as: ERROR: /var/tmp/ccYUTbOr.s:232:unknown instruction: bswapl
UX:as: ERROR: /var/tmp/ccYUTbOr.s:238:unknown instruction: bswapl
UX:as: ERROR: /var/tmp/ccYUTbOr.s:283:unknown instruction: bswapl
UX:as: ERROR: /var/tmp/ccYUTbOr.s:290:unknown instruction: bswapl
UX:as: ERROR: /var/tmp/ccYUTbOr.s:328:unknown instruction: bswapl
UX:as: ERROR: /var/tmp/ccYUTbOr.s:335:unknown instruction: bswapl
UX:as: ERROR: /var/tmp/ccYUTbOr.s:359:unknown instruction: bswapl
UX:as: ERROR: /var/tmp/ccYUTbOr.s:397:unknown instruction: bswapl
UX:as: ERROR: /var/tmp/ccYUTbOr.s:411:unknown instruction: bswapl
UX:as: ERROR: /var/tmp/ccYUTbOr.s:439:unknown instruction: bswapl
UX:as: ERROR: /var/tmp/ccYUTbOr.s:451:unknown instruction: bswapl
UX:as: ERROR: /var/tmp/ccYUTbOr.s:473:unknown instruction: bswapl
UX:as: ERROR: /var/tmp/ccYUTbOr.s:508:unknown instruction: bswapl
UX:as: ERROR: /var/tmp/ccYUTbOr.s:520:unknown instruction: bswapl
UX:as: ERROR: /var/tmp/ccYUTbOr.s:558:unknown instruction: bswapl
UX:as: ERROR: /var/tmp/ccYUTbOr.s:566:unknown instruction: bswapl
...too many errors
*** Error code 1 (bu21)
UX:make: ERROR: fatal error.
*** Error code 1 (bu21)
UX:make: ERROR: fatal error.
*** Error code 1 (bu21)
UX:make: ERROR: fatal error.

*SCO OpenServer*

bash-3.2# uname -a
SCO_SV sc

Re: [openssl.org #3269] 1.0.2 beta1 on UnixWare

[Zoltan Arpadffy]

Hello Andy,

I am sorry, but it did not help:

bash-2.05a# ./config -t
Operating system: i586-sco-unixware7
Configuring for unixware-7-gcc
/usr/bin/perl ./Configure unixware-7-gcc no-sse2
bash-2.05a# /usr/bin/perl ./Configure unixware-7-gcc no-sse2
Configuring for unixware-7-gcc
no-dane [experimental] OPENSSL_NO_DANE (skip dir)
no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128  
(skip dir)

no-gmp  [default]  OPENSSL_NO_GMP (skip dir)
no-jpake[experimental] OPENSSL_NO_JPAKE (skip dir)
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5
no-libunbound   [experimental] OPENSSL_NO_LIBUNBOUND (skip dir)
no-md2  [default]  OPENSSL_NO_MD2 (skip dir)
no-multiblock   [experimental] OPENSSL_NO_MULTIBLOCK (skip dir)
no-rc5  [default]  OPENSSL_NO_RC5 (skip dir)
no-rfc3779  [default]  OPENSSL_NO_RFC3779 (skip dir)
no-sctp [default]  OPENSSL_NO_SCTP (skip dir)
no-shared   [default]
no-sse2 [option]
no-ssl-trace[default]  OPENSSL_NO_SSL_TRACE (skip dir)
no-store[experimental] OPENSSL_NO_STORE (skip dir)
no-zlib [default]
no-zlib-dynamic [default]
IsMK1MF=0
CC=gcc
CFLAG =-DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN  
-DHAVE_DLFCN_H -DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer  
-march=pentium -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT  
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM  
-DRMD160_ASM -DAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM

EX_LIBS   =-lsocket -lnsl
CPUID_OBJ =x86cpuid.o
BN_ASM=bn-586.o co-586.o x86-mont.o x86-gf2m.o
DES_ENC   =des-586.o crypt586.o
AES_ENC   =aes-586.o
BF_ENC=bf-586.o
CAST_ENC  =cast-586.o
RC4_ENC   =rc4-586.o
RC5_ENC   =rc5-586.o
MD5_OBJ_ASM   =md5-586.o
SHA1_OBJ_ASM  =sha1-586.o sha256-586.o sha512-586.o
RMD160_OBJ_ASM=rmd-586.o
CMLL_ENC  =cmll-x86.o
MODES_OBJ =ghash-x86.o
ENGINES_OBJ   =
PROCESSOR =
RANLIB=true
ARFLAGS   =
PERL  =/usr/bin/perl
THIRTY_TWO_BIT mode
DES_PTR used
DES_RISC1 used
DES_UNROLL used
BN_LLONG mode
RC4_INDEX mode
RC4_CHUNK is undefined
e_os2.h => include/openssl/e_os2.h
making links in crypto...
crypto.h => ../include/openssl/crypto.h
opensslv.h => ../include/openssl/opensslv.h
opensslconf.h => ../include/openssl/opensslconf.h
ebcdic.h => ../include/openssl/ebcdic.h
symhacks.h => ../include/openssl/symhacks.h
ossl_typ.h => ../include/openssl/ossl_typ.h
making links in crypto/objects...
objects.h => ../../include/openssl/objects.h
obj_mac.h => ../../include/openssl/obj_mac.h
making links in crypto/md4...
md4.h => ../../include/openssl/md4.h
md4test.c => ../../test/md4test.c
md4.c => ../../apps/md4.c
making links in crypto/md5...
md5.h => ../../include/openssl/md5.h
md5test.c => ../../test/md5test.c
making links in crypto/sha...
sha.h => ../../include/openssl/sha.h
shatest.c => ../../test/shatest.c
sha1test.c => ../../test/sha1test.c
sha256t.c => ../../test/sha256t.c
sha512t.c => ../../test/sha512t.c
making links in crypto/mdc2...
mdc2.h => ../../include/openssl/mdc2.h
mdc2test.c => ../../test/mdc2test.c
making links in crypto/hmac...
hmac.h => ../../include/openssl/hmac.h
hmactest.c => ../../test/hmactest.c
making links in crypto/ripemd...
ripemd.h => ../../include/openssl/ripemd.h
rmdtest.c => ../../test/rmdtest.c
making links in crypto/whrlpool...
whrlpool.h => ../../include/openssl/whrlpool.h
wp_test.c => ../../test/wp_test.c
making links in crypto/des...
des.h => ../../include/openssl/des.h
des_old.h => ../../include/openssl/des_old.h
destest.c => ../../test/destest.c
making links in crypto/aes...
aes.h => ../../include/openssl/aes.h
making links in crypto/rc2...
rc2.h => ../../include/openssl/rc2.h
rc2test.c => ../../test/rc2test.c
making links in crypto/rc4...
rc4.h => ../../include/openssl/rc4.h
rc4test.c => ../../test/rc4test.c
making links in crypto/idea...
idea.h => ../../include/openssl/idea.h
ideatest.c => ../../test/ideatest.c
making links in crypto/bf...
blowfish.h => ../../include/openssl/blowfish.h
bftest.c => ../../test/bftest.c
making links in crypto/cast...
cast.h => ../../include/openssl/cast.h
casttest.c => ../../test/casttest.c
making links in crypto/camellia...
camellia.h => ../../include/openssl/camellia.h
making links in crypto/seed...
seed.h => ../../include/openssl/seed.h
making links in crypto/modes...
modes.h => ../../include/openssl/modes.h
making links in crypto/bn...
bn.h => ../../include/openssl/bn.h
bntest.c => ../../test/bntest.c
exptest.c => ../../test/exptest.c
making links in crypto/ec...
ec.h => ../../include/openssl/ec.h
ectest.c => ../../test/ectest.c
making links in crypto/rsa...
rsa.h => ../../include/openssl/rsa.h
rsa_test.c => ../../test/rsa_test.c
making links in crypto/dsa...
dsa.h => ../../include/openssl/dsa.h
dsatest.c => ../../test/dsatest.c
making links in crypto/ecdsa...
ecdsa.h => ../../include/openssl/ecdsa.h
ecdsat

Re: [openssl.org #3269] 1.0.2 beta1 on UnixWare

[Zoltan Arpadffy]

Hello,

On my UnixWare it look even worse
bash-2.05a# uname -a
UnixWare unixware 5 7.1.4 i386 x86at SCO UNIX_SVR5
bash-2.05a# gcc --version
2.95.2

both unixware-7 and unixware-7-gcc target FAILED
gcc -I. -I.. -I../include  -DOPENSSL_THREADS -D_REENTRANT  
-DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DFILIO_H -O3  
-fomit-frame-pointer -march=pentium -Wall -DOPENSSL_BN_ASM_PART_WORDS  
-DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m  
-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM  
-DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c -o x86cpuid.o x86cpuid.s

UX:as: ERROR: x86cpuid.s:232:invalid operand combination: pxor
UX:as: ERROR: x86cpuid.s:233:invalid operand combination: pxor
UX:as: ERROR: x86cpuid.s:234:invalid operand combination: pxor
UX:as: ERROR: x86cpuid.s:235:invalid operand combination: pxor
UX:as: ERROR: x86cpuid.s:236:invalid operand combination: pxor
UX:as: ERROR: x86cpuid.s:237:invalid operand combination: pxor
UX:as: ERROR: x86cpuid.s:238:invalid operand combination: pxor
UX:as: ERROR: x86cpuid.s:239:invalid operand combination: pxor
*** Error code 1 (bu21)
UX:make: ERROR: fatal error.
*** Error code 1 (bu21)
UX:make: ERROR: fatal error.

Regards,
Z

Quoting Tim Rice via RT :



Platform: UnixWare 7.1.4 MP4
OpenSSL 1.0.2 beta1

It looks like the latest assembler changes to sha and aes break
on USL assemblers.

--
making all in crypto/sha...
	cc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include   
-DOPENSSL_THREADS -Kthread -DDSO_DLFCN -DHAVE_DLFCN_H -D__i386__ -O  
-DFILIO_H -Kalloca -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT  
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM  
-DRMD160_ASM -DAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c -o  
sha256-586.o sha256-586.s
UX:as: ERROR: sha256-586.s:28:defined relocatable values from the  
same section required, op -

*** Error code 1 (bu21)
UX:make: ERROR: fatal error.
--

--
making all in crypto/aes...
	cc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include   
-DOPENSSL_THREADS -Kthread -DDSO_DLFCN -DHAVE_DLFCN_H -D__i386__ -O  
-DFILIO_H -Kalloca -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT  
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM  
-DRMD160_ASM -DAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c -o aes-586.o  
aes-586.s
UX:as: ERROR: aes-586.s:1003:defined relocatable values from the  
same section required, op -
UX:as: ERROR: aes-586.s:2195:defined relocatable values from the  
same section required, op -
UX:as: ERROR: aes-586.s:2251:defined relocatable values from the  
same section required, op -

*** Error code 1 (bu21)
UX:make: ERROR: fatal error.
--

It does not seem to like lines like
lealOPENSSL_ia32cap_P-.L001K256(%ebp),%edx

Thanks for your consideration.

--
Tim RiceMultitalents(707) 456-1146
t...@multitalents.net


__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org





---
WebMail, polarhome.com

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

RE: OpenSSL version 1.0.2 beta 1 released on AIX, IRIX, Solaris/SPARC

[Zoltan Arpadffy]

Hello,

Just for curiosity I tested on some less common Unix-es and architectures.

aix-gcc - OK
aix64-gcc - FAILED

-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM   -c -o
fips_ers.o fips_ers.c
ar -X64 r ../libcrypto.a cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o
cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o
fips_ers.o ppccpuid.o ppccap.o
ar: 0707-126 ppccap.o is not valid with the current object file mode.
Use the -X option to specify the desired object mode.
ar: 0707-126 ppccpuid.o is not valid with the current object file mode.
Use the -X option to specify the desired object mode.
make[1]: *** [../libcrypto.a] Error 2
make[1]: Leaving directory `/home/z/zoli/openssl-102-beta1.orig/crypto'
make: *** [build_crypto] Error 1

# uname -a
AIX aix7 1 7 000ACFDE4C00 powerpc AIX
# gcc --version
gcc (GCC) 4.6.3


---
On IRIX

mips4-sgi-irix64 - FAILS
gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include
-DOPENSSL_THREADS -D_SGI_MP_SOURCE -DDSO_DLFCN -DHAVE_DLFCN_H -mabi=n32 -O3
-DTERMIOS -DB_ENDIAN -DBN_DIV3W -DOPENSSL_BN_ASM_MONT -DSHA1_ASM
-DSHA256_ASM -DSHA512_ASM -DAES_ASM -c sha512.c
don't know how to make sha1-mips.o (bu42).
*** Error code 1 (bu21)
*** Error code 1 (bu21)

irix64-mips4-gcc - FAILS
gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include
-DOPENSSL_THREADS -D_SGI_MP_SOURCE -DDSO_DLFCN -DHAVE_DLFCN_H -mabi=64
-mips4 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W -DOPENSSL_BN_ASM_MONT -DSHA1_ASM
-DSHA256_ASM -DSHA512_ASM -DAES_ASM -c sha512.c
don't know how to make sha1-mips.o (bu42).
*** Error code 1 (bu21)
*** Error code 1 (bu21)

bash-2.05b$ gcc --version
gcc (GCC) 3.3
Copyright (C) 2003 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

bash-2.05b$ uname -a
IRIX64 irix 6.5 07202013 IP35

-

On Solaris/SPARC

solaris64-sparcv9-gcc - OK

solaris64-sparcv9-cc - OK

solaris-sparcv9-gcc - FAILS

make[2]: Entering directory
`/export/home/z/zoli/openssl-102-beta1.orig/apps'
( :; LIBDEPS="${LIBDEPS:--L.. -lssl  -L.. -lcrypto -lsocket -lnsl -ldl}";
LDCMD="${LDCMD:-gcc}"; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT
-DDSO_DLFCN -DHAVE_DLFCN_H -m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer
-Wall -DB_ENDIAN -DBN_DIV2W -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m
-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DGHASH_ASM}";
LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d |
uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`;
LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o
${APPNAME:=openssl} openssl.o verify.o asn1pars.o req.o dgst.o dh.o
dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o
rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o genpkey.o
s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o
version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o
pkeyutl.o spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o srp.o
${LIBDEPS} )
ld: fatal: file dhparam.o: wrong ELF class: ELFCLASS64
ld: fatal: file processing errors. No output written to openssl
collect2: error: ld returned 1 exit status
make[2]: *** [link_app.] Error 1
make[2]: Leaving directory `/export/home/z/zoli/openssl-102-beta1.orig/apps'
make[1]: *** [openssl] Error 2
make[1]: Leaving directory `/export/home/z/zoli/openssl-102-beta1.orig/apps'
make: *** [build_apps] Error 1

solaris-sparcv9-cc - FAILS

LIBDEPS=" $LIBRARIES -lsocket -lnsl -ldl" \
link_app.${shlib_target}
make[2]: Entering directory
`/export/home/z/zoli/openssl-102-beta1.orig/apps'
( :; LIBDEPS="${LIBDEPS:--L.. -lssl  -L.. -lcrypto -lsocket -lnsl -ldl}";
LDCMD=  "${LDCMD:-cc}";
LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -
DHAVE_DLFCN_H -xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa
-DB_ENDI  AN -DBN_DIV2W
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_AS
M -DSHA512_ASM -DMD5_ASM -DAES_ASM -DGHASH_ASM}"; LIBPATH=`for x in
$LIBDEPS; do   echo $x; done
| sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed
-e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS}
-o   ${APPNAME:=openssl}
openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o e
nc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o
dsa.o   dsaparam.o ec.o
ecparam.o x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client
.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o
ciph 

Re: [PATCH] OpenSSL version 1.0.2 beta 1 released - OpenVMS

[Zoltan Arpadffy]

Thank you Steve,
I tested your last commit on OpenVMS - it works perfect now.

Regards,
Z

Quoting "Dr. Stephen Henson" :


On Mon, Feb 24, 2014, Zoltan Arpadffy wrote:


Hello,

On OpenVMS does not build that smooth as expected.
Please, find attached the patch needed to build on IA64 or Alpha platform.

NOTE: This patch contains a very dirty #define that should not be needed,
but for some reason in v3_scts.c BN_ULLONG is not defined.
Please, see the comments in the patch.



The BN_ULLONG issue affected other platforms. Hopefully the fix I  
applied will

work for OpenVMS too.

I've applied the rest of your patch as is.

Let me know of any problems.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org





---
WebMail, polarhome.com

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

RE: OpenSSL version 1.0.2 beta 1 released

[Zoltan Arpadffy]

Hello,

I have tested to build on a HPUX box: HP-UX hpux-ia6 B.11.31 U ia64
0107668277 unlimited-user license

The hpux64-ia64-gcc build went perfect - all test passed.

>From other side the default target hpux64-ia64-cc using Bundled CC does not
build.
Wrong options are configured. 

cc -I. -I.. -I../include  -DOPENSSL_THREADS  -DDSO_DLFCN
-DHAVE_DLFCN_H -Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT
-DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM
-DAES_ASM -DGHASH_ASM -c cryptlib.c
(Bundled) cc: warning 922: "-Ae" is unsupported in the bundled compiler,
ignored.
(Bundled) cc: warning 922: "+O3" is unsupported in the bundled compiler,
ignored.
(Bundled) cc: warning 922: "+Olit=all" is unsupported in the bundled
compiler, ignored.

...and shortly the build is aborted with 
asm/md5-ia64.S:432: error 4126: invalid use of protected symbol
asm/md5-ia64.S:432: error 4001: syntax error
asm/md5-ia64.S:436: error 4126: invalid use of protected symbol
asm/md5-ia64.S:436: error 4001: syntax error

Is this a configuration issue? - or nobody cares about Bundled CC while gcc
works well?
Thank you.

Regards,
Z

-Original Message-
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org]
On Behalf Of OpenSSL
Sent: den 24 februari 2014 15:02
To: OpenSSL Developer ML; OpenSSL User Support ML; OpenSSL Announce ML
Subject: OpenSSL version 1.0.2 beta 1 released

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


   OpenSSL version 1.0.2 beta 1
   =

   OpenSSL - The Open Source toolkit for SSL/TLS
   http://www.openssl.org/

   OpenSSL 1.0.2 is currently in beta. OpenSSL 1.0.2 beta 1 has now
   been released.

   The beta release is available for download via HTTP and FTP from the
   following master locations (you can find the various FTP mirrors under
   http://www.openssl.org/source/mirror.html):

 * http://www.openssl.org/source/
 * ftp://ftp.openssl.org/source/

   The distribution file name is:

o openssl-1.0.2-beta1.tar.gz
  Size: 4901640
  MD5 checksum: 59e8a227d50851dbe8db2a754ea22be1
  SHA1 checksum: ecac4e7d59eec90ce1c5e75ac4ab4236637c321d

   The checksums were calculated using the following commands:

openssl md5 openssl-1.0.2-beta1.tar.gz
openssl sha1 openssl-1.0.2-beta1.tar.gz

   Please download and check this beta as soon as possible. Bug reports
   should go to openssl-b...@openssl.org. Please check the release notes
   and mailing lists to avoid duplicate reports of known issues.

   Yours,

   The OpenSSL Project Team.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUwtOb6LSm3vylcdZAQLOTgf8DN51+L5/DHCKBB2SNKk/C8NfY33oxers
059ZNH7J+i6dkC0c20LuxD88KODK5cZiqe9eCz8LTS3ChIaVnMjabEVGmgJamJH0
tg6GmhxpELK9svAGmJa3LvE0FteXk2R/62qR5FrYiIET3ZPJ9oaDfRpP4Zp+Arxf
jcsLRmwHkIwH4/gYxumluK3bmwZOffRbvwuFx9qOIAuEyQPq78fZfxGmtOTlnAyr
UlbBy/eWjAoXyEOiuaTroK/qfV3rhn+/mcVdC7zn3vVlDaalwzBBTL4pX3yuphFT
0wfEAJCyGzS2znBKYyFEoEbSKHhn0qWR1klm4s1hlnX8Sp6Mk6eecQ==
=tbPL
-END PGP SIGNATURE-
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

[PATCH] OpenSSL version 1.0.2 beta 1 released - OpenVMS

[Zoltan Arpadffy]

Hello,

On OpenVMS does not build that smooth as expected.
Please, find attached the patch needed to build on IA64 or Alpha platform.

NOTE: This patch contains a very dirty #define that should not be needed,
but for some reason in v3_scts.c BN_ULLONG is not defined.
Please, see the comments in the patch.

Thank you.

Regards,
Z
  
-Original Message-
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org]
On Behalf Of OpenSSL
Sent: den 24 februari 2014 15:02
To: OpenSSL Developer ML; OpenSSL User Support ML; OpenSSL Announce ML
Subject: OpenSSL version 1.0.2 beta 1 released

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


   OpenSSL version 1.0.2 beta 1
   =

   OpenSSL - The Open Source toolkit for SSL/TLS
   http://www.openssl.org/

   OpenSSL 1.0.2 is currently in beta. OpenSSL 1.0.2 beta 1 has now
   been released.

   The beta release is available for download via HTTP and FTP from the
   following master locations (you can find the various FTP mirrors under
   http://www.openssl.org/source/mirror.html):

 * http://www.openssl.org/source/
 * ftp://ftp.openssl.org/source/

   The distribution file name is:

o openssl-1.0.2-beta1.tar.gz
  Size: 4901640
  MD5 checksum: 59e8a227d50851dbe8db2a754ea22be1
  SHA1 checksum: ecac4e7d59eec90ce1c5e75ac4ab4236637c321d

   The checksums were calculated using the following commands:

openssl md5 openssl-1.0.2-beta1.tar.gz
openssl sha1 openssl-1.0.2-beta1.tar.gz

   Please download and check this beta as soon as possible. Bug reports
   should go to openssl-b...@openssl.org. Please check the release notes
   and mailing lists to avoid duplicate reports of known issues.

   Yours,

   The OpenSSL Project Team.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUwtOb6LSm3vylcdZAQLOTgf8DN51+L5/DHCKBB2SNKk/C8NfY33oxers
059ZNH7J+i6dkC0c20LuxD88KODK5cZiqe9eCz8LTS3ChIaVnMjabEVGmgJamJH0
tg6GmhxpELK9svAGmJa3LvE0FteXk2R/62qR5FrYiIET3ZPJ9oaDfRpP4Zp+Arxf
jcsLRmwHkIwH4/gYxumluK3bmwZOffRbvwuFx9qOIAuEyQPq78fZfxGmtOTlnAyr
UlbBy/eWjAoXyEOiuaTroK/qfV3rhn+/mcVdC7zn3vVlDaalwzBBTL4pX3yuphFT
0wfEAJCyGzS2znBKYyFEoEbSKHhn0qWR1klm4s1hlnX8Sp6Mk6eecQ==
=tbPL
-END PGP SIGNATURE-
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org


vms-102b1.tar.gz
Description: GNU Zip compressed data

RE: [openssl.org #3217] [PATCH] changes in 1.0.0l and 1.0.1f required for OpenVMS

[Zoltan Arpadffy]

Hello,

Sure, it is possible. 

Thank you Stephen for reminding me for gnu diff from antinode.info
I am happy to use it.


Patches for 1.0.0l

SYSTEM@ia64$ mc dka0:gdiff.exe  [.ssl]ssl-lib.com;1
[.ssl]ssl-lib.com;4
217c217
<   "s3_meth,s3_srvr,s3_clnt,s3_lib,s3_enc,s3_pkt,s3_both,"+ -
---
>   "s3_meth,s3_srvr,s3_clnt,s3_lib,s3_enc,s3_pkt,s3_both,s3_cbc,"+
-
860c860
< $ CCDISABLEWARNINGS = "" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
---
> $ CCDISABLEWARNINGS = "MAYLOSEDATA3" !!!
"LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
SYSTEM@ia64$ mc dka0:gdiff.exe  -u [.ssl]ssl-lib.com;1
[.ssl]ssl-lib.com;4
--- [.ssl]ssl-lib.com;1 Mon Jan  6 16:00:58 2014
+++ [.ssl]ssl-lib.com;4 Mon Jan  6 22:03:46 2014
@@ -214,7 +214,7 @@
 $! Define The Different SSL "library" Files.
 $!
 $ LIB_SSL = "s2_meth,s2_srvr,s2_clnt,s2_lib,s2_enc,s2_pkt,"+ -
-   "s3_meth,s3_srvr,s3_clnt,s3_lib,s3_enc,s3_pkt,s3_both,"+ -
+   "s3_meth,s3_srvr,s3_clnt,s3_lib,s3_enc,s3_pkt,s3_both,s3_cbc,"+
-
"s23_meth,s23_srvr,s23_clnt,s23_lib,s23_pkt,"+ -
"t1_meth,t1_srvr,t1_clnt,t1_lib,t1_enc,"+ -
"d1_meth,d1_srvr,d1_clnt,d1_lib,d1_pkt,"+ -
@@ -857,7 +857,7 @@
 $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
 $ CCEXTRAFLAGS = ""
 $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
+$ CCDISABLEWARNINGS = "MAYLOSEDATA3" !!!
"LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
 $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
 $!

SYSTEM@ia64$ mc dka0:gdiff.exe -u [.crypto]symhacks.h;1
[.crypto]symhacks.h;2
--- [.crypto]symhacks.h;1   Mon Jan  6 16:00:58 2014
+++ [.crypto]symhacks.h;2   Mon Jan  6 21:38:30 2014
@@ -186,6 +186,13 @@
 #undef ssl_parse_serverhello_renegotiate_ext
 #define ssl_parse_serverhello_renegotiate_ext
ssl_parse_serverhello_reneg_ext

+#undef ssl3_cbc_record_digest_supported
+#define ssl3_cbc_record_digest_supported
ssl3_cbc_record_digest_support
+#undef ssl_check_clienthello_tlsext_late
+#define ssl_check_clienthello_tlsext_late
ssl_check_clihello_tlsext_late
+#undef ssl_check_clienthello_tlsext_early
+#define ssl_check_clienthello_tlsext_early
ssl_check_clihello_tlsext_early
+
 /* Hack some long ENGINE names */
 #undef ENGINE_get_default_BN_mod_exp_crt
 #define ENGINE_get_default_BN_mod_exp_crt
ENGINE_get_def_BN_mod_exp_crt



-
Patches for 1.0.1f

SYSTEM@ia64$ mc dka0:gdiff.exe  -u [.ssl]ssl-lib.com;1
[.ssl]ssl-lib.com;3
--- [.ssl]ssl-lib.com;1 Mon Jan  6 14:47:42 2014
+++ [.ssl]ssl-lib.com;3 Mon Jan  6 21:09:13 2014
@@ -214,7 +214,7 @@
 $! Define The Different SSL "library" Files.
 $!
 $ LIB_SSL = "s2_meth,s2_srvr,s2_clnt,s2_lib,s2_enc,s2_pkt,"+ -
-   "s3_meth,s3_srvr,s3_clnt,s3_lib,s3_enc,s3_pkt,s3_both,"+ -
+   "s3_meth,s3_srvr,s3_clnt,s3_lib,s3_enc,s3_pkt,s3_both,s3_cbc,"+
-
"s23_meth,s23_srvr,s23_clnt,s23_lib,s23_pkt,"+ -
"t1_meth,t1_srvr,t1_clnt,t1_lib,t1_enc,"+ -
"d1_meth,d1_srvr,d1_clnt,d1_lib,d1_pkt,"+ -
@@ -857,7 +857,7 @@
 $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
 $ CCEXTRAFLAGS = ""
 $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
+$ CCDISABLEWARNINGS = "MAYLOSEDATA3" !!!
"LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
 $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
 $!

SYSTEM@ia64$ mc dka0:gdiff.exe -u [.crypto]symhacks.h;1
[.crypto]symhacks.h;2
--- [.crypto]symhacks.h;1   Mon Jan  6 14:47:42 2014
+++ [.crypto]symhacks.h;2   Mon Jan  6 21:39:30 2014
@@ -204,6 +204,12 @@
 #define SSL_CTX_set_next_protos_advertised_cb
SSL_CTX_set_next_protos_adv_cb
 #undef SSL_CTX_set_next_proto_select_cb
 #define SSL_CTX_set_next_proto_select_cb
SSL_CTX_set_next_proto_sel_cb
+#undef ssl3_cbc_record_digest_supported
+#define ssl3_cbc_record_digest_supported
ssl3_cbc_record_digest_support
+#undef ssl_check_clienthello_tlsext_late
+#define ssl_check_clienthello_tlsext_late
ssl_check_clihello_tlsext_late
+#undef ssl_check_clienthello_tlsext_early
+#define ssl_check_clienthello_tlsext_early
ssl_check_clihello_tlsext_early

 /* Hack some long ENGINE names */
 #undef ENGINE_get_default_BN_mod_exp_crt

--
Patches for the 1.0.2 

SYSTEM@ia64$  mc dka0:gdiff.exe  -u makevms.com;1 makevms.com;3
--- makevms.com;1   Fri Jan 11 16:09:33 2013
+++ makevms.com;3   Tue Jan  7 23:46:20 2014
@@ -242,7 +242,7 @@
 $ WRITE H_FILE "#ifndef OPENSSL_SYS_VMS"
 $ WRITE H_FILE "# define OPENSSL_SYS_VMS"
 $ WRITE H_FILE "#endif"
-$
+$!
 $! One of the

RE: [PATCH] changes required for OpenVMS in 1.0.2

[Zoltan Arpadffy]

Sorry... 

obviously I am very tired and too fast in typing.

 

The solution for the problem : 1. missing header file unbound.h 

#include 

 

.. is to simply #define  the OPENSSL_NO_LIBUNBOUND on OpenVMS  

 

*** makevms.com;1   Fri Jan 11 16:09:33 2013

--- makevms.com;3   Tue Jan  7 23:46:20 2014

*** $ WRITE H_FILE ""

*** 242,248 

  $ WRITE H_FILE "#ifndef OPENSSL_SYS_VMS"

  $ WRITE H_FILE "# define OPENSSL_SYS_VMS"

  $ WRITE H_FILE "#endif"

! $

  $! One of the best way to figure out what the list should be is to do

  $! the following on a Unix system:

  $!   grep OPENSSL_NO_ crypto/*/*.h ssl/*.h engines/*.h engines/*/*.h|grep
':# *if'|sed -e 's/^.*def //'|sort|uniq

--- 242,248 

  $ WRITE H_FILE "#ifndef OPENSSL_SYS_VMS"

  $ WRITE H_FILE "# define OPENSSL_SYS_VMS"

  $ WRITE H_FILE "#endif"

! $!

  $! One of the best way to figure out what the list should be is to do

  $! the following on a Unix system:

  $!   grep OPENSSL_NO_ crypto/*/*.h ssl/*.h engines/*.h engines/*/*.h|grep
':# *if'|sed -e 's/^.*def //'|sort|uniq

*** $ WRITE H_FILE "#define OPENSSL_NO_SETVB

*** 506,511 

--- 506,512 

  $ WRITE H_FILE "/* STCP support comes with TCPIP 5.7 ECO 2 "

  $ WRITE H_FILE " * enable on newer systems / 2012-02-24 arpadffy */"

  $ WRITE H_FILE "#define OPENSSL_NO_SCTP"

+ $ WRITE H_FILE "#define OPENSSL_NO_LIBUNBOUND"

  $ WRITE H_FILE ""

  $!

  $! Add in the common "crypto/opensslconf.h.in".

 

Whit this change OPENSSL-1.0.2-STABLE-SNAP-20140107 builds correctly and the
tests are passed as well on OpenVMS.

 

Thank you.

 

Regards,

Z

 

From: Zoltan Arpadffy [mailto:z...@polarhome.com] 
Sent: den 7 januari 2014 23:11
To: 'openssl-dev@openssl.org'
Subject: [PATCH] changes required for OpenVMS in 1.0.2 

 

Hello,

 

I have tested OPENSSL-1.0.2-STABLE-SNAP-20140107 and found the following
problems that are mostly corrected (except the missing header file) with the
patch below:

 

1. missing header file unbound.h 

#include 

.^

%CC-F-NOINCLFILEF, Cannot find file  specified in #include
directive.

at line number 15 in file
DKA0:[WORK.openssl-102-stable-SNAP-20140107.ssl]dnssec.c;1

 

I have looked closer the dnssec.c code, but the best is that the author
decides what to do.

 

2. missing files from the ssl-lib

 

*** [.ssl]ssl-lib.com;1 Fri Jan 11 16:09:33 2013

--- [.ssl]ssl-lib.com;7 Tue Jan  7 21:57:20 2014

*** $!

*** 214,228 

  $! Define The Different SSL "library" Files.

  $!

  $ LIB_SSL = "s2_meth,s2_srvr,s2_clnt,s2_lib,s2_enc,s2_pkt,"+ -

!   "s3_meth,s3_srvr,s3_clnt,s3_lib,s3_enc,s3_pkt,s3_both,"+ -

"s23_meth,s23_srvr,s23_clnt,s23_lib,s23_pkt,"+ -

!   "t1_meth,t1_srvr,t1_clnt,t1_lib,t1_enc,"+ -

"d1_meth,d1_srvr,d1_clnt,d1_lib,d1_pkt,"+ -

"d1_both,d1_enc,d1_srtp,"+ -

   "ssl_lib,ssl_err2,ssl_cert,ssl_sess,"+ -

!   "ssl_ciph,ssl_stat,ssl_rsa,"+ -

"ssl_asn1,ssl_txt,ssl_algs,"+ -

!   "bio_ssl,ssl_err,kssl,tls_srp,t1_reneg"

  $!

  $ COMPILEWITH_CC5 = ""

  $!

--- 214,228 

  $! Define The Different SSL "library" Files.

  $!

  $ LIB_SSL = "s2_meth,s2_srvr,s2_clnt,s2_lib,s2_enc,s2_pkt,"+ -

!   "s3_meth,s3_srvr,s3_clnt,s3_lib,s3_enc,s3_pkt,s3_both,s3_cbc,"+
-

"s23_meth,s23_srvr,s23_clnt,s23_lib,s23_pkt,"+ -

!   "t1_meth,t1_srvr,t1_clnt,t1_lib,t1_enc,t1_reneg,t1_trce,"+ -

"d1_meth,d1_srvr,d1_clnt,d1_lib,d1_pkt,"+ -

"d1_both,d1_enc,d1_srtp,"+ -

"ssl_lib,ssl_err2,ssl_cert,ssl_sess,"+ -

!   "ssl_ciph,ssl_conf,ssl_stat,ssl_rsa,"+ -

"ssl_asn1,ssl_txt,ssl_algs,"+ -

!   "bio_ssl,ssl_err,kssl,tls_srp,dnssec"

  $!

  $ COMPILEWITH_CC5 = ""

  $!

 

3. missing files from the crypto_lib.com

 

*** [.crypto]crypto-lib.com;1   Fri Jan 11 16:09:33 2013

--- [.crypto]crypto-lib.com;6   Tue Jan  7 20:36:15 2014

*** $ LIB_CAMELLIA = "camellia,cmll_misc,cml

*** 234,240 

"cmll_cfb,cmll_ctr,cmll_utl"

  $ LIB_SEED = "seed,seed_ecb,seed_cbc,seed_cfb,seed_ofb"

  $ LIB_MODES = "cbc128,ctr128,cts128,cfb128,ofb128,gcm128,"+ -

!   "ccm128,xts128"

  $ LIB_BN_ASM = "[.asm]vms.mar,vms-helper"

  $ IF F$TRNLNM("OPENSSL_NO_ASM") .OR. ARCH .NES. "VAX" THEN -

   LIB_BN_ASM = "bn_asm"

--- 234,240 

"cmll_cfb,cmll_ctr,cmll_utl"

  $ LIB_SEED = "seed,seed_ecb,seed_cbc,s

[PATCH] changes required for OpenVMS in 1.0.2

[Zoltan Arpadffy]

Hello,

 

I have tested OPENSSL-1.0.2-STABLE-SNAP-20140107 and found the following
problems that are mostly corrected (except the missing header file) with the
patch below:

 

1. missing header file unbound.h 

#include 

.^

%CC-F-NOINCLFILEF, Cannot find file  specified in #include
directive.

at line number 15 in file
DKA0:[WORK.openssl-102-stable-SNAP-20140107.ssl]dnssec.c;1

 

I have looked closer the dnssec.c code, but the best is that the author
decides what to do.

 

2. missing files from the ssl-lib

 

*** [.ssl]ssl-lib.com;1 Fri Jan 11 16:09:33 2013

--- [.ssl]ssl-lib.com;7 Tue Jan  7 21:57:20 2014

*** $!

*** 214,228 

  $! Define The Different SSL "library" Files.

  $!

  $ LIB_SSL = "s2_meth,s2_srvr,s2_clnt,s2_lib,s2_enc,s2_pkt,"+ -

!   "s3_meth,s3_srvr,s3_clnt,s3_lib,s3_enc,s3_pkt,s3_both,"+ -

"s23_meth,s23_srvr,s23_clnt,s23_lib,s23_pkt,"+ -

!   "t1_meth,t1_srvr,t1_clnt,t1_lib,t1_enc,"+ -

"d1_meth,d1_srvr,d1_clnt,d1_lib,d1_pkt,"+ -

"d1_both,d1_enc,d1_srtp,"+ -

   "ssl_lib,ssl_err2,ssl_cert,ssl_sess,"+ -

!   "ssl_ciph,ssl_stat,ssl_rsa,"+ -

"ssl_asn1,ssl_txt,ssl_algs,"+ -

!   "bio_ssl,ssl_err,kssl,tls_srp,t1_reneg"

  $!

  $ COMPILEWITH_CC5 = ""

  $!

--- 214,228 

  $! Define The Different SSL "library" Files.

  $!

  $ LIB_SSL = "s2_meth,s2_srvr,s2_clnt,s2_lib,s2_enc,s2_pkt,"+ -

!   "s3_meth,s3_srvr,s3_clnt,s3_lib,s3_enc,s3_pkt,s3_both,s3_cbc,"+
-

"s23_meth,s23_srvr,s23_clnt,s23_lib,s23_pkt,"+ -

!   "t1_meth,t1_srvr,t1_clnt,t1_lib,t1_enc,t1_reneg,t1_trce,"+ -

"d1_meth,d1_srvr,d1_clnt,d1_lib,d1_pkt,"+ -

"d1_both,d1_enc,d1_srtp,"+ -

"ssl_lib,ssl_err2,ssl_cert,ssl_sess,"+ -

!   "ssl_ciph,ssl_conf,ssl_stat,ssl_rsa,"+ -

"ssl_asn1,ssl_txt,ssl_algs,"+ -

!   "bio_ssl,ssl_err,kssl,tls_srp,dnssec"

  $!

  $ COMPILEWITH_CC5 = ""

  $!

 

3. missing files from the crypto_lib.com

 

*** [.crypto]crypto-lib.com;1   Fri Jan 11 16:09:33 2013

--- [.crypto]crypto-lib.com;6   Tue Jan  7 20:36:15 2014

*** $ LIB_CAMELLIA = "camellia,cmll_misc,cml

*** 234,240 

"cmll_cfb,cmll_ctr,cmll_utl"

  $ LIB_SEED = "seed,seed_ecb,seed_cbc,seed_cfb,seed_ofb"

  $ LIB_MODES = "cbc128,ctr128,cts128,cfb128,ofb128,gcm128,"+ -

!   "ccm128,xts128"

  $ LIB_BN_ASM = "[.asm]vms.mar,vms-helper"

  $ IF F$TRNLNM("OPENSSL_NO_ASM") .OR. ARCH .NES. "VAX" THEN -

   LIB_BN_ASM = "bn_asm"

--- 234,240 

"cmll_cfb,cmll_ctr,cmll_utl"

  $ LIB_SEED = "seed,seed_ecb,seed_cbc,seed_cfb,seed_ofb"

  $ LIB_MODES = "cbc128,ctr128,cts128,cfb128,ofb128,gcm128,"+ -

!   "ccm128,xts128,wrap128"

  $ LIB_BN_ASM = "[.asm]vms.mar,vms-helper"

  $ IF F$TRNLNM("OPENSSL_NO_ASM") .OR. ARCH .NES. "VAX" THEN -

   LIB_BN_ASM = "bn_asm"

*** $ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa

*** 256,263 

"dsa_err,dsa_ossl,dsa_depr,dsa_ameth,dsa_pmeth,dsa_prn"

  $ LIB_ECDSA = "ecs_lib,ecs_asn1,ecs_ossl,ecs_sign,ecs_vrf,ecs_err"

  $ LIB_DH = "dh_asn1,dh_gen,dh_key,dh_lib,dh_check,dh_err,dh_depr,"+ -

!   "dh_ameth,dh_pmeth,dh_prn,dh_rfc5114"

! $ LIB_ECDH = "ech_lib,ech_ossl,ech_key,ech_err"

  $ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ -

"dso_openssl,dso_win32,dso_vms,dso_beos"

  $ LIB_ENGINE = "eng_err,eng_lib,eng_list,eng_init,eng_ctrl,"+ -

--- 256,263 

"dsa_err,dsa_ossl,dsa_depr,dsa_ameth,dsa_pmeth,dsa_prn"

  $ LIB_ECDSA = "ecs_lib,ecs_asn1,ecs_ossl,ecs_sign,ecs_vrf,ecs_err"

  $ LIB_DH = "dh_asn1,dh_gen,dh_key,dh_lib,dh_check,dh_err,dh_depr,"+ -

!   "dh_ameth,dh_pmeth,dh_prn,dh_rfc5114,dh_kdf"

! $ LIB_ECDH = "ech_lib,ech_ossl,ech_key,ech_err,ech_kdf"

  $ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ -

"dso_openssl,dso_win32,dso_vms,dso_beos"

  $ LIB_ENGINE = "eng_err,eng_lib,eng_list,eng_init,eng_ctrl,"+ -

*** $ LIB_UI = "ui_err,ui_lib,ui_openssl,ui_

*** 337,343 

  $ LIB_KRB5 = "krb5_asn"

  $ LIB_CMS = "cms_lib,cms_asn1,cms_att,cms_io,cms_smime,cms_err,"+ -

"cms_sd,cms_dd,cms_cd,cms_env,cms_enc,cms_ess,"+ -

!   "cms_pwri"

  $ LIB_PQUEUE = "pqueue"

  $ LIB_TS = "ts_err,ts_req_utils,ts_req_print,ts_rsp_utils,ts_rsp_print,"+
-

"ts_rsp_sign,ts_rsp_verify,ts_verify_ctx,ts_lib,ts_conf,"+ -

--- 337,343 

  $ LIB_KRB5 = "krb5_asn"

  $ LIB_CMS = "cms_lib,cms_asn1,cms_att,cms_io,cms_smime,cms_err,"+ -

"cms_sd,cms_dd,cms_cd,cms_env,cms_enc,cms_ess,"+ -

!   "cms_pwri,cms_kari"

  $ LIB_PQUEUE = "pqueue"

  $ LIB_TS = "ts_err,ts_req_utils,ts_req_print,ts_rsp_utils,ts_rsp_print,"+
-

"ts_rsp_sign,ts_rsp_verify,ts_verify_ctx,ts_lib,ts_conf,"+ -

 

4. fixing symhacks.h for long function manes

 

*** [.crypto]symhacks.h;1   Fri Jan 11 16:09:33 2013

--- [.crypto]symhacks.h;5   Tue Jan  7 22:18:17 2014

***

*** 21

[openssl.org #3217] [PATCH] changes in 1.0.0l and 1.0.1f required for OpenVMS

[Zoltan Arpadffy via RT]

Hello,
 
Thank you for releasing 1.0.0l and 1.0.1f.
I tested them right away (that I haven't done for more than a year) found
that there are needed some changes in order to make the it work under
OpenVMS.
 
1.  I have tested for the very first time with HP C V7.3-020 on OpenVMS IA64
V8.4 and found that among few older informational messages there were many
warning in the code like.
 
Compiling The o_dir.c File.  (LIBRARY,LIB)
 
  l -= p + 1 - r;
...^
%CC-W-MAYLOSEDATA3, In this statement, "p+1-r" has a larger data size than
int.  Assignment can result in data loss.
at line number 170 in file DKA0:[WORK.openssl-100l.crypto]LPdir_vms.c;1
 
I know that these issues are in the code for ages, but my personal opinion
is that for a security software these warnings need to be addressed  (if a
compiler has detected a warning) to improve the code quality. 
Now, I just disabled the MAYLOSEDATA3 warning by configuring them in the
openvms *.com files like:
$ CCDISABLEWARNINGS = "MAYLOSEDATA3" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"

In order to see clearly the important errors and warnings.
I can provide the full list if needed.
 
2. Problem with undefined references
file: DKA0:[WORK.openssl-100k.IA64.EXE.SSL]SSL_LIBSSL32.OLB;1
%ILINK-W-NUDFSYMS, 5 undefined symbols:
%ILINK-I-UDFSYM,SSL3_CBC_COPY_MAC
%ILINK-I-UDFSYM,SSL3_CBC_DIGEST_RECORD
%ILINK-I-UDFSYM,SSL3_CBC_RECORD_DIGEST_SUPPORTE
%ILINK-I-UDFSYM,SSL3_CBC_REMOVE_PADDING
%ILINK-I-UDFSYM,TLS1_CBC_REMOVE_PADDING
%ILINK-W-USEUNDEF, undefined symbol TLS1_CBC_REMOVE_PADDING referenced
 
.occur because  the s3_cbc file is not compiled at all during OpenVMS build.
The solution is to add the s3_cbc file to ssl-lib.com like in the following
patch:

File DKA0:ssl-lib.com;1
  217   "s3_meth,s3_srvr,s3_clnt,s3_lib,s3_enc,s3_pkt,s3_both,"+
-
  218   "s23_meth,s23_srvr,s23_clnt,s23_lib,s23_pkt,"+ -
**
File DKA0:ssl-lib.com;4
  217
"s3_meth,s3_srvr,s3_clnt,s3_lib,s3_enc,s3_pkt,s3_both,s3_cbc,"+ -
  218   "s23_meth,s23_srvr,s23_clnt,s23_lib,s23_pkt,"+ -

 
3. The external identifier name exceeds 31 characters type of problems
int ssl_check_clienthello_tlsext_early(SSL *s);
^
%CC-W-LONGEXTERN, The external identifier name exceeds 31 characters;
truncated to "SSL_CHECK_CLIENTHELLO_TLSEXT_EA".
at line number 1069 in file DKA0:[WORK.openssl-100k.ssl]ssl_locl.h;1
 
The solution is to add them to crypto/symhacks.h like below:

File DKA0:symhacks.h;2
  189   #undef ssl3_cbc_record_digest_supported
  190   #define ssl3_cbc_record_digest_supported
ssl3_cbc_record_digest_support
  191   #undef ssl_check_clienthello_tlsext_late
  192   #define ssl_check_clienthello_tlsext_late
ssl_check_clihello_tlsext_late
  193   #undef ssl_check_clienthello_tlsext_early
  194   #define ssl_check_clienthello_tlsext_early
ssl_check_clihello_tlsext_early
  195
  196   /* Hack some long ENGINE names */
**
File DKA0:symhacks.h;1
  189   /* Hack some long ENGINE names */

 
Please, note these patches above are valid for both 1.0.0l and 1.0.1f
 
After this release 1.0.0l builds and passes all tests on VAX, Alpha (32 and
64 bit) and Itanium (32 and 64 bit) as well as 1.0.1f (except on VAX,
because of already discussed reasons)
 
Maybe it is noteworthy to add that tests on VMS are aborted if any failure
occur. On one server I did not have perl installed (that happens rather
often in OpenVMS environment ) therefore I changed test/tests.com that
test_cms be the last one  (that will fail anyway because of lack of perl)
giving chance for all other tests to perform.
 
Thank you.
 
Regards,
Z 

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

[PATCH] changes in 1.0.0l and 1.0.1f required for OpenVMS

[Zoltan Arpadffy]

Hello,

 

Thank you for releasing 1.0.0l and 1.0.1f.

I tested them right away (that I haven't done for more than a year) found
that there are needed some changes in order to make the it work under
OpenVMS.

 

1.  I have tested for the very first time with HP C V7.3-020 on OpenVMS IA64
V8.4 and found that among few older informational messages there were many
warning in the code like.

 

Compiling The o_dir.c File.  (LIBRARY,LIB)

 

  l -= p + 1 - r;

...^

%CC-W-MAYLOSEDATA3, In this statement, "p+1-r" has a larger data size than
int.  Assignment can result in data loss.

at line number 170 in file DKA0:[WORK.openssl-100l.crypto]LPdir_vms.c;1

 

I know that these issues are in the code for ages, but my personal opinion
is that for a security software these warnings need to be addressed  (if a
compiler has detected a warning) to improve the code quality. 

Now, I just disabled the MAYLOSEDATA3 warning by configuring them in the
openvms *.com files like:

$ CCDISABLEWARNINGS = "MAYLOSEDATA3" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"


In order to see clearly the important errors and warnings.

I can provide the full list if needed.

 

2. Problem with undefined references

file: DKA0:[WORK.openssl-100k.IA64.EXE.SSL]SSL_LIBSSL32.OLB;1

%ILINK-W-NUDFSYMS, 5 undefined symbols:

%ILINK-I-UDFSYM,SSL3_CBC_COPY_MAC

%ILINK-I-UDFSYM,SSL3_CBC_DIGEST_RECORD

%ILINK-I-UDFSYM,SSL3_CBC_RECORD_DIGEST_SUPPORTE

%ILINK-I-UDFSYM,SSL3_CBC_REMOVE_PADDING

%ILINK-I-UDFSYM,TLS1_CBC_REMOVE_PADDING

%ILINK-W-USEUNDEF, undefined symbol TLS1_CBC_REMOVE_PADDING referenced

 

.occur because  the s3_cbc file is not compiled at all during OpenVMS build.

The solution is to add the s3_cbc file to ssl-lib.com like in the following
patch:



File DKA0:ssl-lib.com;1

  217   "s3_meth,s3_srvr,s3_clnt,s3_lib,s3_enc,s3_pkt,s3_both,"+
-

  218   "s23_meth,s23_srvr,s23_clnt,s23_lib,s23_pkt,"+ -

**

File DKA0:ssl-lib.com;4

  217
"s3_meth,s3_srvr,s3_clnt,s3_lib,s3_enc,s3_pkt,s3_both,s3_cbc,"+ -

  218   "s23_meth,s23_srvr,s23_clnt,s23_lib,s23_pkt,"+ -



 

3. The external identifier name exceeds 31 characters type of problems

int ssl_check_clienthello_tlsext_early(SSL *s);

^

%CC-W-LONGEXTERN, The external identifier name exceeds 31 characters;
truncated to "SSL_CHECK_CLIENTHELLO_TLSEXT_EA".

at line number 1069 in file DKA0:[WORK.openssl-100k.ssl]ssl_locl.h;1

 

The solution is to add them to crypto/symhacks.h like below:



File DKA0:symhacks.h;2

  189   #undef ssl3_cbc_record_digest_supported

  190   #define ssl3_cbc_record_digest_supported
ssl3_cbc_record_digest_support

  191   #undef ssl_check_clienthello_tlsext_late

  192   #define ssl_check_clienthello_tlsext_late
ssl_check_clihello_tlsext_late

  193   #undef ssl_check_clienthello_tlsext_early

  194   #define ssl_check_clienthello_tlsext_early
ssl_check_clihello_tlsext_early

  195

  196   /* Hack some long ENGINE names */

**

File DKA0:symhacks.h;1

  189   /* Hack some long ENGINE names */



 

Please, note these patches above are valid for both 1.0.0l and 1.0.1f

 

After this release 1.0.0l builds and passes all tests on VAX, Alpha (32 and
64 bit) and Itanium (32 and 64 bit) as well as 1.0.1f (except on VAX,
because of already discussed reasons)

 

Maybe it is noteworthy to add that tests on VMS are aborted if any failure
occur. On one server I did not have perl installed (that happens rather
often in OpenVMS environment ) therefore I changed test/tests.com that
test_cms be the last one  (that will fail anyway because of lack of perl)
giving chance for all other tests to perform.

 

Thank you.

 

Regards,

Z