Re: [openssl-users] CAPI-Engine doc
On 23/10/2018 17:22, Selva Nair wrote:
On Tue, Oct 23, 2018 at 10:38 AM Richard Oehlinger via openssl-users
wrote:
Hi!
I'm trying to get a handle on the CAPI engine, because I need to have a
secure Keystore on Windows. Furthermore I need it to work with Qt's
QSslKey, which fortunately can be constructed by EVP_PKEY *.
So far so good. The key is found, but when I try to use it in a SSL
connection i get following error:
error:80070063:lib(128):CAPI_RSA_SIGN:cant create hash object,
error:1409B006:SSL routines:ssl3_send_server_key_exchange:EVP lib
Which version of OpenSSL?
Trace Output is:
Setting debug file to C:\Users\user\AppData\Local\Temp\engine.txt
Opening certificate store MY
capi_get_key, contname={4EBA52A8-AB4B-47DB-B777-2B26351F324C},
provname=Microsoft Enhanced Cryptographic Provider v1.0, type=1
Called CAPI_rsa_sign()
This CSP cannot do SHA2 hashes so won't work unless you restrict
signature algorithms or set TLS version to 1.1. I believe OpenSSL
1.1.0 will try to load The ".. Enhanced RSA AES .. Provider" which
can handle SHA2 and may work. I say "may" because, if the key store is
a legacy hardware token, it also depends on signature algorithms supported
by the token and may be necessary to downgrade to TLS 1.1.
The above limitations are less severe in CNG ("CryptoAPI Next Generation")
on Windows 6.00 and later, where the old API and CSP names are actually
emulations on top of a new structure with much smaller "KSP" providers.
At the same time, the CNG emulation of the classic CryptoAPI functions
are limited to what was available in Windows 5.01 SP2 and 5.02 SP2, thus
much of the SHA-2 functionality is available only by calling the CNG
APIs directly on Windows >= 6.00, but the older APIs with a reference
to newer enum values introduced in Windows 5.01 SP3 or 5.02 SP2+Hotfix.
Put another way, Microsoft forked their crypto source tree sometime in
2004 or 2005, and anything added later was implemented differently in
the 5.0x and 6.0x code bases.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Reg issue in alert message
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Viktor Dukhovni > Sent: Tuesday, October 23, 2018 10:02 > > On Tue, Oct 23, 2018 at 01:29:27PM +0100, Matt Caswell wrote: > > > > So, I think client have set TLS_FALLBACK_SCSV in cipher suite list in > > > client hello. > > > > This suggests there is a bug in the client application. This can only > > happen if the client application calls SSL_CTX_set_mode() or > > SSL_set_mode() to set the SSL_MODE_SEND_FALLBACK_SCSV mode. > > I have a somewhat plausible, if dicey hunch: > > Perhaps some application developers got confused between > the similar functions SSL_CTX_set_session_cache_mode(3) > and SSL_CTX_set_mode(3) and called the wrong one? Certainly possible, but I wouldn't discount the possibility that someone simply thought setting SSL_MODE_SEND_FALLBACK_SCSV was the Right Thing. There was a fair bit of confusion around the Fallback SCSV when it first appeared (we had questions from customers that indicated they didn't understand it, and I had to read the ID to make sure I did). And, of course, TLS is mightly confusing in general. It is interesting to note that those two options happen to have the same value, though, particularly given the similarity of the two function names. This is one of those cases where C's weak type system is a problem. Though it would be nice if OpenSSL used enums rather than macros for these things. -- Michael Wojcik Distinguished Engineer, Micro Focus -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] CAPI-Engine doc
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Richard Oehlinger via openssl-users > Sent: Tuesday, October 23, 2018 10:38 > > I'm trying to get a handle on the CAPI engine, because I need to have a > secure Keystore on Windows. Furthermore I need it to work with Qt's > QSslKey, which fortunately can be constructed by EVP_PKEY *. What OpenSSL version are you using? Please remember to include this informtion in every question. (And, normally, we'd ask for the platform as well, but since CAPI is Windows-specific, we know that in this case.) > So far so good. The key is found, but when I try to use it in a SSL > connection i get following error: > > error:80070063:lib(128):CAPI_RSA_SIGN:cant create hash object, > error:1409B006:SSL routines:ssl3_send_server_key_exchange:EVP lib > > I use a current Windows 10. Do I need to use a different Algorithm in > order to work? Some googeling is indicating the provider might be wrong. I haven't looked at the CAPI engine code since 1.0.1j. At that time, I needed CAPI support and discovered there were various issues with the extant CAPI code, so I forked and rewrote it. That was some time back, obviously, and I'm afraid I never got around to pushing the changes back to openssl.org. (In fact, it was sufficiently long ago that I believe the organization was still reluctant to take contributions from people in the US at the time.) The biggest issue was with provider handling. CAPI is something of a braindead API in many ways - Microsoft's replacement, CNG, is somewhat better - and the provider stuff is one of them. When a key (including a "key" which is actually just a reference to a key contained in an HSM) is imported into one of the Windows key stores, it has to be associated with a provider, and that provider has to accommodate that type and size of key; otherwise the key is unusable. Then, when you try to use the key in CAPI, you have to specify the same provider - CAPI isn't smart enough to figure it out on its own. So my version of the CAPI engine has code to look up the key's provider and silently correct the provider type information in the engine's context structure if it's a mismatch. Beyond that, it appears that my changes included: - Support for building all the necessary functionality when using Microsoft Windows SDK 6.0A, which was one of my requirements at the time. - Supporting hashes other than SHA-1 for DSA. We have US Federal customers who needed fairly comprehensive DSA support. For most people this is likely a non-issue. - Forcing stack probes on for the callback functions, because my engine was being built outside the OpenSSL build process, but needed to match the calling convention of OpenSSL, which (at least in 1.0.1j) included stack-probe support. - A fix suggested by Steven Henson years ago on the mailing list to capi_get_key, but never (at least by 1.0.1j) picked up in the source code: If CryptGetUserKey returns NTE_NO_KEY, xor keyspec with 3 to flip the key type and try CryptGetUesrKey again. I think that's it, though it's possible I tweaked some other things and didn't call them out in the comments. I suppose I should check what the CAPI engine source looks like in 1.1.1, merge my changes in if feasible, and submit a PR. One of these days... Really, though, what we need is a new engine written to use CNG rather than CAPI. Though that would have the disadvantage of not supporting ancient Windows OS and SDK versions which, while unsupported by Microsoft, are still used in far too many places. -- Michael Wojcik Distinguished Engineer, Micro Focus -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] CAPI-Engine doc
On Tue, Oct 23, 2018 at 10:38 AM Richard Oehlinger via openssl-users
wrote:
>
> Hi!
>
> I'm trying to get a handle on the CAPI engine, because I need to have a
> secure Keystore on Windows. Furthermore I need it to work with Qt's
> QSslKey, which fortunately can be constructed by EVP_PKEY *.
>
> So far so good. The key is found, but when I try to use it in a SSL
> connection i get following error:
>
> error:80070063:lib(128):CAPI_RSA_SIGN:cant create hash object,
> error:1409B006:SSL routines:ssl3_send_server_key_exchange:EVP lib
Which version of OpenSSL?
> Trace Output is:
>
> Setting debug file to C:\Users\user\AppData\Local\Temp\engine.txt
> Opening certificate store MY
> capi_get_key, contname={4EBA52A8-AB4B-47DB-B777-2B26351F324C},
> provname=Microsoft Enhanced Cryptographic Provider v1.0, type=1
> Called CAPI_rsa_sign()
This CSP cannot do SHA2 hashes so won't work unless you restrict
signature algorithms or set TLS version to 1.1. I believe OpenSSL
1.1.0 will try to load The ".. Enhanced RSA AES .. Provider" which
can handle SHA2 and may work. I say "may" because, if the key store is
a legacy hardware token, it also depends on signature algorithms supported
by the token and may be necessary to downgrade to TLS 1.1.
Selva
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] CAPI-Engine doc
Hi!
I'm trying to get a handle on the CAPI engine, because I need to have a
secure Keystore on Windows. Furthermore I need it to work with Qt's
QSslKey, which fortunately can be constructed by EVP_PKEY *.
So far so good. The key is found, but when I try to use it in a SSL
connection i get following error:
error:80070063:lib(128):CAPI_RSA_SIGN:cant create hash object,
error:1409B006:SSL routines:ssl3_send_server_key_exchange:EVP lib
I use a current Windows 10. Do I need to use a different Algorithm in
order to work? Some googeling is indicating the provider might be wrong.
Regards,
Richard
I juse following code to load the key:
ENGINE *engine = ENGINE_by_id("dynamic");
assert(engine);
ENGINE_ctrl_cmd_string(engine, "SO_PATH", "./capi.dll", 0);
ENGINE_ctrl_cmd_string(engine, "LOAD", NULL, 0);
assert(ENGINE_init(engine));
assert(ENGINE_register_complete(engine));
ERR_load_ENGINE_strings();
assert(ENGINE_cmd_is_executable(engine, CAPI_CMD_DEBUG_LEVEL));
assert(ENGINE_ctrl(engine, CAPI_CMD_DEBUG_LEVEL, 2, nullptr, nullptr));
assert(ENGINE_ctrl(engine, CAPI_CMD_DEBUG_FILE, 0,
(void*)"C:\\Users\\user\\AppData\\Local\\Temp\\engine.txt", 0));
EVP_PKEY *key = ENGINE_load_private_key(engine, "localhost", NULL,
NULL);
if (!key)
{
cerr << "key is null";
return {};
}
QSslKey ssl_key(static_cast(key));
Trace Output is:
Setting debug file to C:\Users\user\AppData\Local\Temp\engine.txt
Opening certificate store MY
capi_get_key, contname={4EBA52A8-AB4B-47DB-B777-2B26351F324C},
provname=Microsoft Enhanced Cryptographic Provider v1.0, type=1
Called CAPI_rsa_sign()
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Reg issue in alert message
On Tue, Oct 23, 2018 at 01:29:27PM +0100, Matt Caswell wrote: > > So, I think client have set TLS_FALLBACK_SCSV in cipher suite list in > > client hello. > > This suggests there is a bug in the client application. This can only > happen if the client application calls SSL_CTX_set_mode() or > SSL_set_mode() to set the SSL_MODE_SEND_FALLBACK_SCSV mode. I have a somewhat plausible, if dicey hunch: Perhaps some application developers got confused between the similar functions SSL_CTX_set_session_cache_mode(3) and SSL_CTX_set_mode(3) and called the wrong one? It just so happens that we have: include/openssl/ssl.h:# define SSL_MODE_SEND_FALLBACK_SCSV 0x0080U include/openssl/ssl.h:# define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 which means that someone calling: SSL_CTX_set_mode(ctx, SSL_SESS_CACHE_NO_AUTO_CLEAR); instead of: SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_NO_AUTO_CLEAR); ends up doing exactly the wrong thing. Of course just as likely or more, the documentation of SSL_MODE_SEND_FALLBACK_SCSV may have been misunderstood, despite all the warnings. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Reg issue in alert message
On 23/10/2018 12:32, ramakrushna mishra wrote: > Hi Matt, > > Thanks for your response. > My client is built with openssl 1.0.0e 1.0.0e is very old and out of support. It should be considered insecure. You should upgrade this to a more recent version. > and server with openssl 1.1.1. > I have tried to collect information with wireshark, but I think as my > server and client are running on same machine , it is not capturing > anything. I have also tried with tshark on linux and got no traces again. > > I have this trouble both on nt64and linuxx86_64. Do we have any other > mechanism to capture the traces ? > > We have internal tracing enabled and I can see following information in > our tracing. Ok, the internal tracing is enough to see what is happening. > ** > [Mon Oct 22 02:53:58 2018] INTERNAL STATE OPERATION --- SSL State: 16 > before SSL initialization > [Mon Oct 22 02:53:58 2018] ID-0x024545f0 CTX-0x02458750 BIO-0x > BIO --- ctrl to [02457660] (6 bytes => 0 (0x0)) > > [Mon Oct 22 02:53:58 2018] ID-0x024545f0 CTX-0x02458750 BIO-0x > BIO --- contents of a BIO dump: > [Mon Oct 22 02:53:58 2018] INTERNAL STATE OPERATION --- > SSL_accept:before SSL initialization > [Mon Oct 22 02:53:58 2018] ID-0x024545f0 CTX-0x02458750 BIO-0x > BIO --- read to [02463953] (5 bytes => 5 (0x5)) > > [Mon Oct 22 02:53:58 2018] ID-0x024545f0 CTX-0x02458750 BIO-0x > BIO --- contents of a BIO dump: > - 16 03 01 00 b2 . > [Mon Oct 22 02:53:58 2018] ID-0x024545f0 CTX-0x02458750 BIO-0x > BIO --- read to [02463958] (178 bytes => 178 (0xB2)) > > [Mon Oct 22 02:53:58 2018] ID-0x024545f0 CTX-0x02458750 BIO-0x > BIO --- contents of a BIO dump: > - 01 00 00 ae 03 03 10 b1-1e 8f f0 07 d6 28 d9 02 .(.. > 0010 - b7 91 b4 3d 14 5a af 3e-09 96 2a cf ee 8b ca 30 ...=.Z.>..*0 > 0020 - cc 68 9f 2c 2e 6e 00 00-62 00 a5 00 a3 00 a1 00 .h.,.n..b... > 0030 - 9f 00 6b 00 6a 00 69 00-68 00 39 00 38 00 37 00 ..k.j.i.h.9.8.7. > 0040 - 36 00 9d 00 3d 00 35 00-a4 00 a2 00 a0 00 9e 00 6...=.5. > 0050 - 67 00 40 00 3f 00 3e 00-33 00 32 00 31 00 30 00 g.@.?.>.3.2.1.0. > 0060 - 9a 00 99 00 98 00 97 00-9c 00 3c 00 2f 00 96 00 ..<./... > 0070 - 05 00 04 00 16 00 13 00-10 00 0d 00 0a 00 15 00 > 0080 - 12 00 0f 00 0c 00 09 00-ff *56 00* 01 00 00 23 00 .V#. > 0090 - 23 00 00 00 0d 00 16 00-14 06 01 06 02 05 01 05 #... > 00a0 - 02 04 01 04 02 03 01 03-02 02 01 02 02 00 0f 00 > 00b0 - 01 01 .. > [Mon Oct 22 02:53:58 2018] INTERNAL STATE OPERATION --- > SSL_accept:before SSL initialization > [Mon Oct 22 02:53:58 2018] ID-0x024545f0 CTX-0x02458750 BIO-0x > BIO --- write to [024725E0] (7 bytes => 7 (0x7)) > > [Mon Oct 22 02:53:58 2018] ID-0x024545f0 CTX-0x02458750 BIO-0x > BIO --- contents of a BIO dump: > - 15 03 03 00 02 02 56 ..V > [Mon Oct 22 02:53:58 2018] INTERNAL STATE OPERATION --- write:fatal:unknown > [Mon Oct 22 02:53:58 2018] INTERNAL STATE OPERATION --- SSL_accept:error > in error > > In the above dump , "56 00 " is present in the cipher suites sent in > client hello. > So, I think client have set TLS_FALLBACK_SCSV in cipher suite list in > client hello. > However there is no earlier failure to this handshake. This suggests there is a bug in the client application. This can only happen if the client application calls SSL_CTX_set_mode() or SSL_set_mode() to set the SSL_MODE_SEND_FALLBACK_SCSV mode. This is incorrect if there has been no previously failed handshake at a higher protocol version. From the documentation: SSL_MODE_SEND_FALLBACK_SCSV Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications that reconnect with a downgraded protocol version; see draft-ietf-tls-downgrade-scsv-00 for details. DO NOT ENABLE THIS if your application attempts a normal handshake. Only use this in explicit fallback retries, following the guidance in draft-ietf-tls-downgrade-scsv-00. (Note the reference to draft-ietf-tls-downgrade-scsv-00 in the docs really should be updated to RFC7507 as that document is now known). > > As per your comment, client should only send it if it witnessed some > earlier failure. > In that case, I have following additional doubt. > > -- this set up is working when server is running with TLSv1.2 and only > failing when server has both TLSv1,2 and TLSv1.3 ( i.e with > openssl1.1.1). So are there any changes in openssl1.1.1 which will > effect this behavior when compared to openssl1.0.0e version ? The purpose of sending TLS_FALLBACK_SCSV is to signal to the server "I have attempted to connect to this server with
[openssl-users] Reg issue in alert message
Hi Matt, Thanks for your response. My client is built with openssl 1.0.0e and server with openssl 1.1.1. I have tried to collect information with wireshark, but I think as my server and client are running on same machine , it is not capturing anything. I have also tried with tshark on linux and got no traces again. I have this trouble both on nt64and linuxx86_64. Do we have any other mechanism to capture the traces ? We have internal tracing enabled and I can see following information in our tracing. ** [Mon Oct 22 02:53:58 2018] INTERNAL STATE OPERATION --- SSL State: 16 before SSL initialization [Mon Oct 22 02:53:58 2018] ID-0x024545f0 CTX-0x02458750 BIO-0x BIO --- ctrl to [02457660] (6 bytes => 0 (0x0)) [Mon Oct 22 02:53:58 2018] ID-0x024545f0 CTX-0x02458750 BIO-0x BIO --- contents of a BIO dump: [Mon Oct 22 02:53:58 2018] INTERNAL STATE OPERATION --- SSL_accept:before SSL initialization [Mon Oct 22 02:53:58 2018] ID-0x024545f0 CTX-0x02458750 BIO-0x BIO --- read to [02463953] (5 bytes => 5 (0x5)) [Mon Oct 22 02:53:58 2018] ID-0x024545f0 CTX-0x02458750 BIO-0x BIO --- contents of a BIO dump: - 16 03 01 00 b2. [Mon Oct 22 02:53:58 2018] ID-0x024545f0 CTX-0x02458750 BIO-0x BIO --- read to [02463958] (178 bytes => 178 (0xB2)) [Mon Oct 22 02:53:58 2018] ID-0x024545f0 CTX-0x02458750 BIO-0x BIO --- contents of a BIO dump: - 01 00 00 ae 03 03 10 b1-1e 8f f0 07 d6 28 d9 02 .(.. 0010 - b7 91 b4 3d 14 5a af 3e-09 96 2a cf ee 8b ca 30 ...=.Z.>..*0 0020 - cc 68 9f 2c 2e 6e 00 00-62 00 a5 00 a3 00 a1 00 .h.,.n..b... 0030 - 9f 00 6b 00 6a 00 69 00-68 00 39 00 38 00 37 00 ..k.j.i.h.9.8.7. 0040 - 36 00 9d 00 3d 00 35 00-a4 00 a2 00 a0 00 9e 00 6...=.5. 0050 - 67 00 40 00 3f 00 3e 00-33 00 32 00 31 00 30 00 g.@.?.>.3.2.1.0. 0060 - 9a 00 99 00 98 00 97 00-9c 00 3c 00 2f 00 96 00 ..<./... 0070 - 05 00 04 00 16 00 13 00-10 00 0d 00 0a 00 15 00 0080 - 12 00 0f 00 0c 00 09 00-ff *56 00* 01 00 00 23 00 .V#. 0090 - 23 00 00 00 0d 00 16 00-14 06 01 06 02 05 01 05 #... 00a0 - 02 04 01 04 02 03 01 03-02 02 01 02 02 00 0f 00 00b0 - 01 01 .. [Mon Oct 22 02:53:58 2018] INTERNAL STATE OPERATION --- SSL_accept:before SSL initialization [Mon Oct 22 02:53:58 2018] ID-0x024545f0 CTX-0x02458750 BIO-0x BIO --- write to [024725E0] (7 bytes => 7 (0x7)) [Mon Oct 22 02:53:58 2018] ID-0x024545f0 CTX-0x02458750 BIO-0x BIO --- contents of a BIO dump: - 15 03 03 00 02 02 56 ..V [Mon Oct 22 02:53:58 2018] INTERNAL STATE OPERATION --- write:fatal:unknown [Mon Oct 22 02:53:58 2018] INTERNAL STATE OPERATION --- SSL_accept:error in error In the above dump , "56 00 " is present in the cipher suites sent in client hello. So, I think client have set TLS_FALLBACK_SCSV in cipher suite list in client hello. However there is no earlier failure to this handshake. As per your comment, client should only send it if it witnessed some earlier failure. In that case, I have following additional doubt. -- this set up is working when server is running with TLSv1.2 and only failing when server has both TLSv1,2 and TLSv1.3 ( i.e with openssl1.1.1). So are there any changes in openssl1.1.1 which will effect this behavior when compared to openssl1.0.0e version ? Thanks and Regards, Ram Krushna On Mon, Oct 22, 2018 at 11:21 PM wrote: > Send openssl-users mailing list submissions to > openssl-users@openssl.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://mta.openssl.org/mailman/listinfo/openssl-users > or, via email, send a message with subject or body 'help' to > openssl-users-requ...@openssl.org > > You can reach the person managing the list at > openssl-users-ow...@openssl.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of openssl-users digest..." > > > Today's Topics: > >1. Re: What to do with deprecation errors (Salz, Rich) >2. Re: What to do with deprecation errors (Matt Caswell) >3. Re: To disable CBC ciphers (Jakob Bohm) >4. Reg issue in alert message (ramakrushna mishra) >5. Re: Reg issue in alert message (Matt Caswell) >6. Re: What to do with deprecation errors (Skip Carter) > > > -- > > Message: 1 > Date: Mon, 22 Oct 2018 02:08:23 + > From: "Salz, Rich" > To: Skip Carter , "openssl-users@openssl.org" > > Subject: Re: [openssl-users] What to do with deprecation errors > Message-ID: <8260bb64-b12e-4779-b9df-903d23e47...@akamai.com> > Content-Type: text/plain; charset="utf-8" > > >
Re: [openssl-users] How to compile 1.1.1 under Windows
I discovered that very same issue earlier today. Fix is in: commit 28361a0b821d36e3b19271b0a7909d5355b0990c (HEAD -> OpenSSL_1_1_1-stable, origin/OpenSSL_1_1_1-stable) Author: Richard Levitte Date: Tue Oct 23 10:15:12 2018 +0200 RAND: ensure INT32_MAX is defined This value is used to set DRBG_MAX_LENGTH Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/7467) (cherry picked from commit f81b043ad856d8b9af5239a4978f8bd4b965dab9) diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h index 5d9fb13ab..38614a85b 100644 --- a/crypto/rand/rand_lcl.h +++ b/crypto/rand/rand_lcl.h @@ -17,6 +17,8 @@ # include # include +# include "internal/numbers.h" + /* How many times to read the TSC as a randomness source. */ # define TSC_READ_COUNT 4 Cheers, Richard In message on Tue, 23 Oct 2018 03:31:53 -0700, Chris Clark said: > Next I tried an older stable snapshot > openssl-1.1.1-stable-SNAP-20181018 which configured without issue, but > I got a different compile result: > > cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 > /nologo /O2 /I "." /I "crypto\include" /I "include" -D"L_ENDIAN" > -D"OPENSSL_PIC" -D"OPENSSL_CPUID_OBJ" -D"OPENSSL_IA32_SSE2" > -D"OPENSSL_BN_ASM_MONT" -D"OPENSSL_BN_ASM_MONT5" > -D"OPENSSL_BN_ASM_GF2m" -D"SHA1_ASM" -D"SHA256_ASM" -D"SHA512_ASM" > -D"KECCAK1600_ASM" -D"RC4_ASM" -D"MD5_ASM" -D"AES_ASM" -D"VPAES_ASM" > -D"BSAES_ASM" -D"GHASH_ASM" -D"ECP_NISTZ256_ASM" -D"X25519_ASM" > -D"PADLOCK_ASM" -D"POLY1305_ASM" -D"OPENSSLDIR=\"C:\\Program > Files\\Common Files\\SSL\"" > -D"ENGINESDIR=\"C:\\openssl\\lib\\engines-1_1\"" -D"OPENSSL_SYS_WIN32" > -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" > -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" > -D"OPENSSL_USE_APPLINK" -D"NDEBUG" -c /Focrypto\rand\drbg_ctr.obj > "crypto\rand\drbg_ctr.c" > drbg_ctr.c > crypto\rand\drbg_ctr.c(399) : warning C4267: '=' : conversion from > 'size_t' to 'int', possible loss of data > crypto\rand\drbg_ctr.c(420) : error C2065: 'INT32_MAX' : undeclared identifier > crypto\rand\drbg_ctr.c(422) : error C2065: 'INT32_MAX' : undeclared identifier > crypto\rand\drbg_ctr.c(423) : error C2065: 'INT32_MAX' : undeclared identifier > crypto\rand\drbg_ctr.c(424) : error C2065: 'INT32_MAX' : undeclared identifier > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual > Studio 9.0\VC\BIN\amd64\cl.EXE"' : return code '0x2' > Stop. > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual > Studio 9.0\VC\BIN\amd64\nmake.exe"' : return code '0x2' > Stop. > On Tue, Oct 23, 2018 at 3:17 AM Chris Clark wrote: > > > > Thanks Richard. I downloaded the latest stable snapshot in order to > > bypass the UINT16_MAX definition bug, but this version fails to > > configure: > > > > C:\openssl-1.1.1-stable-SNAP-20181022>perl Configure VC-WIN64A > > --prefix=c:/openssl no-makedepend > > Can't locate OpenSSL/Glob.pm in @INC (you may need to install the > > OpenSSL::Glob module) (@INC contains: > > C:/openssl-1.1.1-stable-SNAP-20181022/util/perl c:/perl/site/lib > > c:/perl/lib .) at Configure line 20. > > BEGIN failed--compilation aborted at Configure line 20. > > > > > > I'll try some of the older stable snapshots. > > On Tue, Oct 23, 2018 at 2:22 AM Richard Levitte wrote: > > > > > > Silly me, I forgot we already fixed that bug: > > > > > > commit 6258e244bf702dc981c8ad63ab61133b8bbf2ba3 > > > Author: Richard Levitte > > > Date: Wed Sep 12 02:06:26 2018 +0200 > > > > > > crypto/sm2/sm2_sign.c: ensure UINT16_MAX is properly defined > > > > > > Fixes #7186 > > > > > > Reviewed-by: Tim Hudson > > > (Merged from https://github.com/openssl/openssl/pull/7193) > > > > > > (cherry picked from commit > > > 88ea3685e4bf30fc529fe46e19effc6317726de8) > > > > > > Cheers, > > > Richard > > > > > > In message <20181023.103453.1842719922424343673.levi...@openssl.org> on > > > Tue, 23 Oct 2018 10:34:53 +0200 (CEST), Richard Levitte > > > said: > > > > > > > That indicates we do things in the wrong order (foo.obj depends on > > > > foo.d, meaning foo.d gets "built" first), but that's a side issue. > > > > > > > > You found a bug in crypto\sm2\sm2_sign.c, thank you. Are you willing > > > > to write up a Github issue for it? > > > > > > > > In message > > > > on > > > > Tue, 23 Oct 2018 01:22:34 -0700, Chris Clark > > > > said: > > > > > > > > > Thank you Richard. Adding the "no-makedepend" avoided the fatal error > > > > > U1077, but now it fails due to an undeclared identifier: > > > > > > > > > > cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 /I > > > > > "." /I "crypto\include" /I "include" -D"L_ENDIAN" -D"OPENSSL_PIC" > > > > > -D"OPENSSL_CPUID_OBJ" -D"OPENSSL_IA32_SSE2" -D"OPENSSL_BN_ASM_MONT" > > > > > -D"OPENSSL_BN_ASM_MONT5" -D"OPENSSL_BN_ASM_GF2m" -D"SHA1_ASM" > > > > > -D"SHA256_ASM" -D"SHA512_ASM"
Re: [openssl-users] How to compile 1.1.1 under Windows
Richard, Moving Glob.pm into the main directory of the latest stable snapshot openssl-1.1.1-stable-SNAP-20181022 allowed it to bypass the missing Glob.pm message, but then it failed with the same set of "error C2065: 'INT32_MAX' : undeclared identifier" messages as the older openssl-1.1.1-stable-SNAP-20181018. On Tue, Oct 23, 2018 at 3:31 AM Chris Clark wrote: > > Next I tried an older stable snapshot > openssl-1.1.1-stable-SNAP-20181018 which configured without issue, but > I got a different compile result: > > cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 > /nologo /O2 /I "." /I "crypto\include" /I "include" -D"L_ENDIAN" > -D"OPENSSL_PIC" -D"OPENSSL_CPUID_OBJ" -D"OPENSSL_IA32_SSE2" > -D"OPENSSL_BN_ASM_MONT" -D"OPENSSL_BN_ASM_MONT5" > -D"OPENSSL_BN_ASM_GF2m" -D"SHA1_ASM" -D"SHA256_ASM" -D"SHA512_ASM" > -D"KECCAK1600_ASM" -D"RC4_ASM" -D"MD5_ASM" -D"AES_ASM" -D"VPAES_ASM" > -D"BSAES_ASM" -D"GHASH_ASM" -D"ECP_NISTZ256_ASM" -D"X25519_ASM" > -D"PADLOCK_ASM" -D"POLY1305_ASM" -D"OPENSSLDIR=\"C:\\Program > Files\\Common Files\\SSL\"" > -D"ENGINESDIR=\"C:\\openssl\\lib\\engines-1_1\"" -D"OPENSSL_SYS_WIN32" > -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" > -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" > -D"OPENSSL_USE_APPLINK" -D"NDEBUG" -c /Focrypto\rand\drbg_ctr.obj > "crypto\rand\drbg_ctr.c" > drbg_ctr.c > crypto\rand\drbg_ctr.c(399) : warning C4267: '=' : conversion from > 'size_t' to 'int', possible loss of data > crypto\rand\drbg_ctr.c(420) : error C2065: 'INT32_MAX' : undeclared identifier > crypto\rand\drbg_ctr.c(422) : error C2065: 'INT32_MAX' : undeclared identifier > crypto\rand\drbg_ctr.c(423) : error C2065: 'INT32_MAX' : undeclared identifier > crypto\rand\drbg_ctr.c(424) : error C2065: 'INT32_MAX' : undeclared identifier > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual > Studio 9.0\VC\BIN\amd64\cl.EXE"' : return code '0x2' > Stop. > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual > Studio 9.0\VC\BIN\amd64\nmake.exe"' : return code '0x2' > Stop. > On Tue, Oct 23, 2018 at 3:17 AM Chris Clark wrote: > > > > Thanks Richard. I downloaded the latest stable snapshot in order to > > bypass the UINT16_MAX definition bug, but this version fails to > > configure: > > > > C:\openssl-1.1.1-stable-SNAP-20181022>perl Configure VC-WIN64A > > --prefix=c:/openssl no-makedepend > > Can't locate OpenSSL/Glob.pm in @INC (you may need to install the > > OpenSSL::Glob module) (@INC contains: > > C:/openssl-1.1.1-stable-SNAP-20181022/util/perl c:/perl/site/lib > > c:/perl/lib .) at Configure line 20. > > BEGIN failed--compilation aborted at Configure line 20. > > > > > > I'll try some of the older stable snapshots. > > On Tue, Oct 23, 2018 at 2:22 AM Richard Levitte wrote: > > > > > > Silly me, I forgot we already fixed that bug: > > > > > > commit 6258e244bf702dc981c8ad63ab61133b8bbf2ba3 > > > Author: Richard Levitte > > > Date: Wed Sep 12 02:06:26 2018 +0200 > > > > > > crypto/sm2/sm2_sign.c: ensure UINT16_MAX is properly defined > > > > > > Fixes #7186 > > > > > > Reviewed-by: Tim Hudson > > > (Merged from https://github.com/openssl/openssl/pull/7193) > > > > > > (cherry picked from commit > > > 88ea3685e4bf30fc529fe46e19effc6317726de8) > > > > > > Cheers, > > > Richard > > > > > > In message <20181023.103453.1842719922424343673.levi...@openssl.org> on > > > Tue, 23 Oct 2018 10:34:53 +0200 (CEST), Richard Levitte > > > said: > > > > > > > That indicates we do things in the wrong order (foo.obj depends on > > > > foo.d, meaning foo.d gets "built" first), but that's a side issue. > > > > > > > > You found a bug in crypto\sm2\sm2_sign.c, thank you. Are you willing > > > > to write up a Github issue for it? > > > > > > > > In message > > > > on > > > > Tue, 23 Oct 2018 01:22:34 -0700, Chris Clark > > > > said: > > > > > > > > > Thank you Richard. Adding the "no-makedepend" avoided the fatal error > > > > > U1077, but now it fails due to an undeclared identifier: > > > > > > > > > > cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 /I > > > > > "." /I "crypto\include" /I "include" -D"L_ENDIAN" -D"OPENSSL_PIC" > > > > > -D"OPENSSL_CPUID_OBJ" -D"OPENSSL_IA32_SSE2" -D"OPENSSL_BN_ASM_MONT" > > > > > -D"OPENSSL_BN_ASM_MONT5" -D"OPENSSL_BN_ASM_GF2m" -D"SHA1_ASM" > > > > > -D"SHA256_ASM" -D"SHA512_ASM" -D"KECCAK1600_ASM" -D"RC4_ASM" > > > > > -D"MD5_ASM" -D"AES_ASM" -D"VPAES_ASM" -D"BSAES_ASM" -D"GHASH_ASM" > > > > > -D"ECP_NISTZ256_ASM" -D"X25519_ASM" -D"PADLOCK_ASM" -D"POLY1305_ASM" > > > > > -D"OPENSSLDIR=\"C:\\Program Files\\Common Files\\SSL\"" > > > > > -D"ENGINESDIR=\"C:\\openssl\\lib\\engines-1_1\"" -D"OPENSSL_SYS_WIN32" > > > > > -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" > > > > > -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" > > > > > -D"OPENSSL_USE_APPLINK" -D"NDEBUG" -c /Focrypto\sm2\sm2_sign.obj > > > > >
Re: [openssl-users] How to compile 1.1.1 under Windows
Next I tried an older stable snapshot openssl-1.1.1-stable-SNAP-20181018 which configured without issue, but I got a different compile result: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 /I "." /I "crypto\include" /I "include" -D"L_ENDIAN" -D"OPENSSL_PIC" -D"OPENSSL_CPUID_OBJ" -D"OPENSSL_IA32_SSE2" -D"OPENSSL_BN_ASM_MONT" -D"OPENSSL_BN_ASM_MONT5" -D"OPENSSL_BN_ASM_GF2m" -D"SHA1_ASM" -D"SHA256_ASM" -D"SHA512_ASM" -D"KECCAK1600_ASM" -D"RC4_ASM" -D"MD5_ASM" -D"AES_ASM" -D"VPAES_ASM" -D"BSAES_ASM" -D"GHASH_ASM" -D"ECP_NISTZ256_ASM" -D"X25519_ASM" -D"PADLOCK_ASM" -D"POLY1305_ASM" -D"OPENSSLDIR=\"C:\\Program Files\\Common Files\\SSL\"" -D"ENGINESDIR=\"C:\\openssl\\lib\\engines-1_1\"" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"OPENSSL_USE_APPLINK" -D"NDEBUG" -c /Focrypto\rand\drbg_ctr.obj "crypto\rand\drbg_ctr.c" drbg_ctr.c crypto\rand\drbg_ctr.c(399) : warning C4267: '=' : conversion from 'size_t' to 'int', possible loss of data crypto\rand\drbg_ctr.c(420) : error C2065: 'INT32_MAX' : undeclared identifier crypto\rand\drbg_ctr.c(422) : error C2065: 'INT32_MAX' : undeclared identifier crypto\rand\drbg_ctr.c(423) : error C2065: 'INT32_MAX' : undeclared identifier crypto\rand\drbg_ctr.c(424) : error C2065: 'INT32_MAX' : undeclared identifier NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\BIN\amd64\cl.EXE"' : return code '0x2' Stop. NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\BIN\amd64\nmake.exe"' : return code '0x2' Stop. On Tue, Oct 23, 2018 at 3:17 AM Chris Clark wrote: > > Thanks Richard. I downloaded the latest stable snapshot in order to > bypass the UINT16_MAX definition bug, but this version fails to > configure: > > C:\openssl-1.1.1-stable-SNAP-20181022>perl Configure VC-WIN64A > --prefix=c:/openssl no-makedepend > Can't locate OpenSSL/Glob.pm in @INC (you may need to install the > OpenSSL::Glob module) (@INC contains: > C:/openssl-1.1.1-stable-SNAP-20181022/util/perl c:/perl/site/lib > c:/perl/lib .) at Configure line 20. > BEGIN failed--compilation aborted at Configure line 20. > > > I'll try some of the older stable snapshots. > On Tue, Oct 23, 2018 at 2:22 AM Richard Levitte wrote: > > > > Silly me, I forgot we already fixed that bug: > > > > commit 6258e244bf702dc981c8ad63ab61133b8bbf2ba3 > > Author: Richard Levitte > > Date: Wed Sep 12 02:06:26 2018 +0200 > > > > crypto/sm2/sm2_sign.c: ensure UINT16_MAX is properly defined > > > > Fixes #7186 > > > > Reviewed-by: Tim Hudson > > (Merged from https://github.com/openssl/openssl/pull/7193) > > > > (cherry picked from commit 88ea3685e4bf30fc529fe46e19effc6317726de8) > > > > Cheers, > > Richard > > > > In message <20181023.103453.1842719922424343673.levi...@openssl.org> on > > Tue, 23 Oct 2018 10:34:53 +0200 (CEST), Richard Levitte > > said: > > > > > That indicates we do things in the wrong order (foo.obj depends on > > > foo.d, meaning foo.d gets "built" first), but that's a side issue. > > > > > > You found a bug in crypto\sm2\sm2_sign.c, thank you. Are you willing > > > to write up a Github issue for it? > > > > > > In message > > > on > > > Tue, 23 Oct 2018 01:22:34 -0700, Chris Clark > > > said: > > > > > > > Thank you Richard. Adding the "no-makedepend" avoided the fatal error > > > > U1077, but now it fails due to an undeclared identifier: > > > > > > > > cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 /I > > > > "." /I "crypto\include" /I "include" -D"L_ENDIAN" -D"OPENSSL_PIC" > > > > -D"OPENSSL_CPUID_OBJ" -D"OPENSSL_IA32_SSE2" -D"OPENSSL_BN_ASM_MONT" > > > > -D"OPENSSL_BN_ASM_MONT5" -D"OPENSSL_BN_ASM_GF2m" -D"SHA1_ASM" > > > > -D"SHA256_ASM" -D"SHA512_ASM" -D"KECCAK1600_ASM" -D"RC4_ASM" > > > > -D"MD5_ASM" -D"AES_ASM" -D"VPAES_ASM" -D"BSAES_ASM" -D"GHASH_ASM" > > > > -D"ECP_NISTZ256_ASM" -D"X25519_ASM" -D"PADLOCK_ASM" -D"POLY1305_ASM" > > > > -D"OPENSSLDIR=\"C:\\Program Files\\Common Files\\SSL\"" > > > > -D"ENGINESDIR=\"C:\\openssl\\lib\\engines-1_1\"" -D"OPENSSL_SYS_WIN32" > > > > -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" > > > > -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" > > > > -D"OPENSSL_USE_APPLINK" -D"NDEBUG" -c /Focrypto\sm2\sm2_sign.obj > > > > "crypto\sm2\sm2_sign.c" > > > > sm2_sign.c > > > > crypto\sm2\sm2_sign.c(70) : error C2065: 'UINT16_MAX' : undeclared > > > > identifier > > > > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual > > > > Studio 9.0\VC\BIN\amd64\cl.EXE"' : return code '0x2' > > > > Stop. > > > > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual > > > > Studio 9.0\VC\BIN\amd64\nmake.exe"' : return code '0x2' > > > > Stop. > > > > On Tue, Oct 23, 2018 at 12:19 AM Richard Levitte > > > > wrote: > > > > > > > > > > I suspect you'll find some kind of error message
Re: [openssl-users] How to compile 1.1.1 under Windows
Thanks Richard. I downloaded the latest stable snapshot in order to bypass the UINT16_MAX definition bug, but this version fails to configure: C:\openssl-1.1.1-stable-SNAP-20181022>perl Configure VC-WIN64A --prefix=c:/openssl no-makedepend Can't locate OpenSSL/Glob.pm in @INC (you may need to install the OpenSSL::Glob module) (@INC contains: C:/openssl-1.1.1-stable-SNAP-20181022/util/perl c:/perl/site/lib c:/perl/lib .) at Configure line 20. BEGIN failed--compilation aborted at Configure line 20. I'll try some of the older stable snapshots. On Tue, Oct 23, 2018 at 2:22 AM Richard Levitte wrote: > > Silly me, I forgot we already fixed that bug: > > commit 6258e244bf702dc981c8ad63ab61133b8bbf2ba3 > Author: Richard Levitte > Date: Wed Sep 12 02:06:26 2018 +0200 > > crypto/sm2/sm2_sign.c: ensure UINT16_MAX is properly defined > > Fixes #7186 > > Reviewed-by: Tim Hudson > (Merged from https://github.com/openssl/openssl/pull/7193) > > (cherry picked from commit 88ea3685e4bf30fc529fe46e19effc6317726de8) > > Cheers, > Richard > > In message <20181023.103453.1842719922424343673.levi...@openssl.org> on Tue, > 23 Oct 2018 10:34:53 +0200 (CEST), Richard Levitte said: > > > That indicates we do things in the wrong order (foo.obj depends on > > foo.d, meaning foo.d gets "built" first), but that's a side issue. > > > > You found a bug in crypto\sm2\sm2_sign.c, thank you. Are you willing > > to write up a Github issue for it? > > > > In message > > on > > Tue, 23 Oct 2018 01:22:34 -0700, Chris Clark said: > > > > > Thank you Richard. Adding the "no-makedepend" avoided the fatal error > > > U1077, but now it fails due to an undeclared identifier: > > > > > > cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 /I > > > "." /I "crypto\include" /I "include" -D"L_ENDIAN" -D"OPENSSL_PIC" > > > -D"OPENSSL_CPUID_OBJ" -D"OPENSSL_IA32_SSE2" -D"OPENSSL_BN_ASM_MONT" > > > -D"OPENSSL_BN_ASM_MONT5" -D"OPENSSL_BN_ASM_GF2m" -D"SHA1_ASM" > > > -D"SHA256_ASM" -D"SHA512_ASM" -D"KECCAK1600_ASM" -D"RC4_ASM" > > > -D"MD5_ASM" -D"AES_ASM" -D"VPAES_ASM" -D"BSAES_ASM" -D"GHASH_ASM" > > > -D"ECP_NISTZ256_ASM" -D"X25519_ASM" -D"PADLOCK_ASM" -D"POLY1305_ASM" > > > -D"OPENSSLDIR=\"C:\\Program Files\\Common Files\\SSL\"" > > > -D"ENGINESDIR=\"C:\\openssl\\lib\\engines-1_1\"" -D"OPENSSL_SYS_WIN32" > > > -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" > > > -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" > > > -D"OPENSSL_USE_APPLINK" -D"NDEBUG" -c /Focrypto\sm2\sm2_sign.obj > > > "crypto\sm2\sm2_sign.c" > > > sm2_sign.c > > > crypto\sm2\sm2_sign.c(70) : error C2065: 'UINT16_MAX' : undeclared > > > identifier > > > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual > > > Studio 9.0\VC\BIN\amd64\cl.EXE"' : return code '0x2' > > > Stop. > > > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual > > > Studio 9.0\VC\BIN\amd64\nmake.exe"' : return code '0x2' > > > Stop. > > > On Tue, Oct 23, 2018 at 12:19 AM Richard Levitte > > > wrote: > > > > > > > > I suspect you'll find some kind of error message in > > > > crypto\sm2\sm2_sign.d. I suspect that /showIncludes isn't supported > > > > in VS 2008. > > > > > > > > There is a workaround for this problem, and it's to use the > > > > 'no-makedepend' option: > > > > > > > > perl Configure VC-WIN64A --prefix=c:/openssl no-makedepend > > > > > > > > For a single build, that should be good enough. > > > > > > > > Cheers, > > > > Richard > > > > > > > > In message > > > > on > > > > Mon, 22 Oct 2018 23:50:46 -0700, Chris Clark > > > > said: > > > > > > > > > I am attempting to upgrade a project using OpenSSL 1.0.0h to version > > > > > 1.1.1 under Visual Studio 2008-SP1, but when I try to compile version > > > > > 1.1.1 for VC-WIN64A I get the following compile error: > > > > > > > > > >cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo > > > > > /O2 /I "." /I "crypto\include" /I "include" -D"L_ENDIAN" > > > > > -D"OPENSSL_PIC" -D"OPENSSL_CPUID_OBJ" -D"OPENSSL_IA32_SSE2" > > > > > -D"OPENSSL_BN_ASM_MONT" -D"OPENSSL_BN_ASM_MONT5" > > > > > -D"OPENSSL_BN_ASM_GF2m" -D"SHA1_ASM" -D"SHA256_ASM" -D"SHA512_ASM" > > > > > -D"KECCAK1600_ASM" -D"RC4_ASM" -D"MD5_ASM" -D"AES_ASM" -D"VPAES_ASM" > > > > > -D"BSAES_ASM" -D"GHASH_ASM" -D"ECP_NISTZ256_ASM" -D"X25519_ASM" > > > > > -D"PADLOCK_ASM" -D"POLY1305_ASM" -D"OPENSSLDIR=\"C:\\Program > > > > > Files\\Common Files\\SSL\"" > > > > > -D"ENGINESDIR=\"C:\\openssl\\lib\\engines-1_1\"" -D"OPENSSL_SYS_WIN32" > > > > > -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" > > > > > -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" > > > > > -D"OPENSSL_USE_APPLINK" -D"NDEBUG" /Zs /showIncludes > > > > > "crypto\sm2\sm2_sign.c" 2>&1 > crypto\sm2\sm2_sign.d > > > > > NMAKE : fatal error U1077: 'cl' : return code '0x2' > > > > > Stop. > > > > > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft
Re: [openssl-users] How to compile 1.1.1 under Windows
Silly me, I forgot we already fixed that bug: commit 6258e244bf702dc981c8ad63ab61133b8bbf2ba3 Author: Richard Levitte Date: Wed Sep 12 02:06:26 2018 +0200 crypto/sm2/sm2_sign.c: ensure UINT16_MAX is properly defined Fixes #7186 Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/7193) (cherry picked from commit 88ea3685e4bf30fc529fe46e19effc6317726de8) Cheers, Richard In message <20181023.103453.1842719922424343673.levi...@openssl.org> on Tue, 23 Oct 2018 10:34:53 +0200 (CEST), Richard Levitte said: > That indicates we do things in the wrong order (foo.obj depends on > foo.d, meaning foo.d gets "built" first), but that's a side issue. > > You found a bug in crypto\sm2\sm2_sign.c, thank you. Are you willing > to write up a Github issue for it? > > In message > on Tue, > 23 Oct 2018 01:22:34 -0700, Chris Clark said: > > > Thank you Richard. Adding the "no-makedepend" avoided the fatal error > > U1077, but now it fails due to an undeclared identifier: > > > > cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 /I > > "." /I "crypto\include" /I "include" -D"L_ENDIAN" -D"OPENSSL_PIC" > > -D"OPENSSL_CPUID_OBJ" -D"OPENSSL_IA32_SSE2" -D"OPENSSL_BN_ASM_MONT" > > -D"OPENSSL_BN_ASM_MONT5" -D"OPENSSL_BN_ASM_GF2m" -D"SHA1_ASM" > > -D"SHA256_ASM" -D"SHA512_ASM" -D"KECCAK1600_ASM" -D"RC4_ASM" > > -D"MD5_ASM" -D"AES_ASM" -D"VPAES_ASM" -D"BSAES_ASM" -D"GHASH_ASM" > > -D"ECP_NISTZ256_ASM" -D"X25519_ASM" -D"PADLOCK_ASM" -D"POLY1305_ASM" > > -D"OPENSSLDIR=\"C:\\Program Files\\Common Files\\SSL\"" > > -D"ENGINESDIR=\"C:\\openssl\\lib\\engines-1_1\"" -D"OPENSSL_SYS_WIN32" > > -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" > > -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" > > -D"OPENSSL_USE_APPLINK" -D"NDEBUG" -c /Focrypto\sm2\sm2_sign.obj > > "crypto\sm2\sm2_sign.c" > > sm2_sign.c > > crypto\sm2\sm2_sign.c(70) : error C2065: 'UINT16_MAX' : undeclared > > identifier > > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual > > Studio 9.0\VC\BIN\amd64\cl.EXE"' : return code '0x2' > > Stop. > > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual > > Studio 9.0\VC\BIN\amd64\nmake.exe"' : return code '0x2' > > Stop. > > On Tue, Oct 23, 2018 at 12:19 AM Richard Levitte > > wrote: > > > > > > I suspect you'll find some kind of error message in > > > crypto\sm2\sm2_sign.d. I suspect that /showIncludes isn't supported > > > in VS 2008. > > > > > > There is a workaround for this problem, and it's to use the > > > 'no-makedepend' option: > > > > > > perl Configure VC-WIN64A --prefix=c:/openssl no-makedepend > > > > > > For a single build, that should be good enough. > > > > > > Cheers, > > > Richard > > > > > > In message > > > on > > > Mon, 22 Oct 2018 23:50:46 -0700, Chris Clark > > > said: > > > > > > > I am attempting to upgrade a project using OpenSSL 1.0.0h to version > > > > 1.1.1 under Visual Studio 2008-SP1, but when I try to compile version > > > > 1.1.1 for VC-WIN64A I get the following compile error: > > > > > > > >cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo > > > > /O2 /I "." /I "crypto\include" /I "include" -D"L_ENDIAN" > > > > -D"OPENSSL_PIC" -D"OPENSSL_CPUID_OBJ" -D"OPENSSL_IA32_SSE2" > > > > -D"OPENSSL_BN_ASM_MONT" -D"OPENSSL_BN_ASM_MONT5" > > > > -D"OPENSSL_BN_ASM_GF2m" -D"SHA1_ASM" -D"SHA256_ASM" -D"SHA512_ASM" > > > > -D"KECCAK1600_ASM" -D"RC4_ASM" -D"MD5_ASM" -D"AES_ASM" -D"VPAES_ASM" > > > > -D"BSAES_ASM" -D"GHASH_ASM" -D"ECP_NISTZ256_ASM" -D"X25519_ASM" > > > > -D"PADLOCK_ASM" -D"POLY1305_ASM" -D"OPENSSLDIR=\"C:\\Program > > > > Files\\Common Files\\SSL\"" > > > > -D"ENGINESDIR=\"C:\\openssl\\lib\\engines-1_1\"" -D"OPENSSL_SYS_WIN32" > > > > -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" > > > > -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" > > > > -D"OPENSSL_USE_APPLINK" -D"NDEBUG" /Zs /showIncludes > > > > "crypto\sm2\sm2_sign.c" 2>&1 > crypto\sm2\sm2_sign.d > > > > NMAKE : fatal error U1077: 'cl' : return code '0x2' > > > > Stop. > > > > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual > > > > Studio 9.0\VC\BIN\amd64\nmake.exe"' : return code '0x2' > > > > Stop. > > > > > > > > My Command lines from the VS 2008 x64 Command Prompt are: > > > > perl Configure VC-WIN64A --prefix=c:/openssl > > > > nmake > > > > > > > > I also tried compiling the latest stable snapshot > > > > (openssl-1.1.1-stable-SNAP-20181022) with the same results. However > > > > version 1.1.0h compiles without error. Can anyone tell me what the > > > > problem is? > > > > > > > > Here is the configuration dump: > > > > > > > > Command line (with current working directory = .): > > > > c:\perl\bin\perl.exe Configure VC-WIN64A --prefix=c:/openssl > > > > Perl information: > > > > c:\perl\bin\perl.exe > > > > 5.24.3 for MSWin32-x64-multi-thread > > > >
Re: [openssl-users] How to compile 1.1.1 under Windows
That indicates we do things in the wrong order (foo.obj depends on foo.d, meaning foo.d gets "built" first), but that's a side issue. You found a bug in crypto\sm2\sm2_sign.c, thank you. Are you willing to write up a Github issue for it? In message on Tue, 23 Oct 2018 01:22:34 -0700, Chris Clark said: > Thank you Richard. Adding the "no-makedepend" avoided the fatal error > U1077, but now it fails due to an undeclared identifier: > > cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 /I > "." /I "crypto\include" /I "include" -D"L_ENDIAN" -D"OPENSSL_PIC" > -D"OPENSSL_CPUID_OBJ" -D"OPENSSL_IA32_SSE2" -D"OPENSSL_BN_ASM_MONT" > -D"OPENSSL_BN_ASM_MONT5" -D"OPENSSL_BN_ASM_GF2m" -D"SHA1_ASM" > -D"SHA256_ASM" -D"SHA512_ASM" -D"KECCAK1600_ASM" -D"RC4_ASM" > -D"MD5_ASM" -D"AES_ASM" -D"VPAES_ASM" -D"BSAES_ASM" -D"GHASH_ASM" > -D"ECP_NISTZ256_ASM" -D"X25519_ASM" -D"PADLOCK_ASM" -D"POLY1305_ASM" > -D"OPENSSLDIR=\"C:\\Program Files\\Common Files\\SSL\"" > -D"ENGINESDIR=\"C:\\openssl\\lib\\engines-1_1\"" -D"OPENSSL_SYS_WIN32" > -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" > -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" > -D"OPENSSL_USE_APPLINK" -D"NDEBUG" -c /Focrypto\sm2\sm2_sign.obj > "crypto\sm2\sm2_sign.c" > sm2_sign.c > crypto\sm2\sm2_sign.c(70) : error C2065: 'UINT16_MAX' : undeclared identifier > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual > Studio 9.0\VC\BIN\amd64\cl.EXE"' : return code '0x2' > Stop. > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual > Studio 9.0\VC\BIN\amd64\nmake.exe"' : return code '0x2' > Stop. > On Tue, Oct 23, 2018 at 12:19 AM Richard Levitte wrote: > > > > I suspect you'll find some kind of error message in > > crypto\sm2\sm2_sign.d. I suspect that /showIncludes isn't supported > > in VS 2008. > > > > There is a workaround for this problem, and it's to use the > > 'no-makedepend' option: > > > > perl Configure VC-WIN64A --prefix=c:/openssl no-makedepend > > > > For a single build, that should be good enough. > > > > Cheers, > > Richard > > > > In message > > on > > Mon, 22 Oct 2018 23:50:46 -0700, Chris Clark said: > > > > > I am attempting to upgrade a project using OpenSSL 1.0.0h to version > > > 1.1.1 under Visual Studio 2008-SP1, but when I try to compile version > > > 1.1.1 for VC-WIN64A I get the following compile error: > > > > > >cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo > > > /O2 /I "." /I "crypto\include" /I "include" -D"L_ENDIAN" > > > -D"OPENSSL_PIC" -D"OPENSSL_CPUID_OBJ" -D"OPENSSL_IA32_SSE2" > > > -D"OPENSSL_BN_ASM_MONT" -D"OPENSSL_BN_ASM_MONT5" > > > -D"OPENSSL_BN_ASM_GF2m" -D"SHA1_ASM" -D"SHA256_ASM" -D"SHA512_ASM" > > > -D"KECCAK1600_ASM" -D"RC4_ASM" -D"MD5_ASM" -D"AES_ASM" -D"VPAES_ASM" > > > -D"BSAES_ASM" -D"GHASH_ASM" -D"ECP_NISTZ256_ASM" -D"X25519_ASM" > > > -D"PADLOCK_ASM" -D"POLY1305_ASM" -D"OPENSSLDIR=\"C:\\Program > > > Files\\Common Files\\SSL\"" > > > -D"ENGINESDIR=\"C:\\openssl\\lib\\engines-1_1\"" -D"OPENSSL_SYS_WIN32" > > > -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" > > > -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" > > > -D"OPENSSL_USE_APPLINK" -D"NDEBUG" /Zs /showIncludes > > > "crypto\sm2\sm2_sign.c" 2>&1 > crypto\sm2\sm2_sign.d > > > NMAKE : fatal error U1077: 'cl' : return code '0x2' > > > Stop. > > > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual > > > Studio 9.0\VC\BIN\amd64\nmake.exe"' : return code '0x2' > > > Stop. > > > > > > My Command lines from the VS 2008 x64 Command Prompt are: > > > perl Configure VC-WIN64A --prefix=c:/openssl > > > nmake > > > > > > I also tried compiling the latest stable snapshot > > > (openssl-1.1.1-stable-SNAP-20181022) with the same results. However > > > version 1.1.0h compiles without error. Can anyone tell me what the > > > problem is? > > > > > > Here is the configuration dump: > > > > > > Command line (with current working directory = .): > > > c:\perl\bin\perl.exe Configure VC-WIN64A --prefix=c:/openssl > > > Perl information: > > > c:\perl\bin\perl.exe > > > 5.24.3 for MSWin32-x64-multi-thread > > > Enabled features: > > > aria > > > asm > > > async > > > autoalginit > > > autoerrinit > > > autoload-config > > > bf > > > blake2 > > > camellia > > > capieng > > > cast > > > chacha > > > cmac > > > cms > > > comp > > > ct > > > deprecated > > > des > > > dgram > > > dh > > > dsa > > > dso > > > dtls > > > dynamic-engine > > > ec > > > ec2m > > > ecdh > > > ecdsa > > > engine > > > err > > > filenames > > > gost > > > hw(-.+)? > > > idea > > > makedepend > > > md4 > > > mdc2 > > > multiblock > > > nextprotoneg > > > ocb > > > ocsp > > > pic > > > poly1305 > > > posix-io > > > psk > > > rc2 > > > rc4 > > > rdrand > > > rfc3779 > > >
Re: [openssl-users] How to compile 1.1.1 under Windows
Thank you Richard. Adding the "no-makedepend" avoided the fatal error U1077, but now it fails due to an undeclared identifier: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 /I "." /I "crypto\include" /I "include" -D"L_ENDIAN" -D"OPENSSL_PIC" -D"OPENSSL_CPUID_OBJ" -D"OPENSSL_IA32_SSE2" -D"OPENSSL_BN_ASM_MONT" -D"OPENSSL_BN_ASM_MONT5" -D"OPENSSL_BN_ASM_GF2m" -D"SHA1_ASM" -D"SHA256_ASM" -D"SHA512_ASM" -D"KECCAK1600_ASM" -D"RC4_ASM" -D"MD5_ASM" -D"AES_ASM" -D"VPAES_ASM" -D"BSAES_ASM" -D"GHASH_ASM" -D"ECP_NISTZ256_ASM" -D"X25519_ASM" -D"PADLOCK_ASM" -D"POLY1305_ASM" -D"OPENSSLDIR=\"C:\\Program Files\\Common Files\\SSL\"" -D"ENGINESDIR=\"C:\\openssl\\lib\\engines-1_1\"" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"OPENSSL_USE_APPLINK" -D"NDEBUG" -c /Focrypto\sm2\sm2_sign.obj "crypto\sm2\sm2_sign.c" sm2_sign.c crypto\sm2\sm2_sign.c(70) : error C2065: 'UINT16_MAX' : undeclared identifier NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\BIN\amd64\cl.EXE"' : return code '0x2' Stop. NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\BIN\amd64\nmake.exe"' : return code '0x2' Stop. On Tue, Oct 23, 2018 at 12:19 AM Richard Levitte wrote: > > I suspect you'll find some kind of error message in > crypto\sm2\sm2_sign.d. I suspect that /showIncludes isn't supported > in VS 2008. > > There is a workaround for this problem, and it's to use the > 'no-makedepend' option: > > perl Configure VC-WIN64A --prefix=c:/openssl no-makedepend > > For a single build, that should be good enough. > > Cheers, > Richard > > In message > on Mon, > 22 Oct 2018 23:50:46 -0700, Chris Clark said: > > > I am attempting to upgrade a project using OpenSSL 1.0.0h to version > > 1.1.1 under Visual Studio 2008-SP1, but when I try to compile version > > 1.1.1 for VC-WIN64A I get the following compile error: > > > >cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo > > /O2 /I "." /I "crypto\include" /I "include" -D"L_ENDIAN" > > -D"OPENSSL_PIC" -D"OPENSSL_CPUID_OBJ" -D"OPENSSL_IA32_SSE2" > > -D"OPENSSL_BN_ASM_MONT" -D"OPENSSL_BN_ASM_MONT5" > > -D"OPENSSL_BN_ASM_GF2m" -D"SHA1_ASM" -D"SHA256_ASM" -D"SHA512_ASM" > > -D"KECCAK1600_ASM" -D"RC4_ASM" -D"MD5_ASM" -D"AES_ASM" -D"VPAES_ASM" > > -D"BSAES_ASM" -D"GHASH_ASM" -D"ECP_NISTZ256_ASM" -D"X25519_ASM" > > -D"PADLOCK_ASM" -D"POLY1305_ASM" -D"OPENSSLDIR=\"C:\\Program > > Files\\Common Files\\SSL\"" > > -D"ENGINESDIR=\"C:\\openssl\\lib\\engines-1_1\"" -D"OPENSSL_SYS_WIN32" > > -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" > > -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" > > -D"OPENSSL_USE_APPLINK" -D"NDEBUG" /Zs /showIncludes > > "crypto\sm2\sm2_sign.c" 2>&1 > crypto\sm2\sm2_sign.d > > NMAKE : fatal error U1077: 'cl' : return code '0x2' > > Stop. > > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual > > Studio 9.0\VC\BIN\amd64\nmake.exe"' : return code '0x2' > > Stop. > > > > My Command lines from the VS 2008 x64 Command Prompt are: > > perl Configure VC-WIN64A --prefix=c:/openssl > > nmake > > > > I also tried compiling the latest stable snapshot > > (openssl-1.1.1-stable-SNAP-20181022) with the same results. However > > version 1.1.0h compiles without error. Can anyone tell me what the > > problem is? > > > > Here is the configuration dump: > > > > Command line (with current working directory = .): > > c:\perl\bin\perl.exe Configure VC-WIN64A --prefix=c:/openssl > > Perl information: > > c:\perl\bin\perl.exe > > 5.24.3 for MSWin32-x64-multi-thread > > Enabled features: > > aria > > asm > > async > > autoalginit > > autoerrinit > > autoload-config > > bf > > blake2 > > camellia > > capieng > > cast > > chacha > > cmac > > cms > > comp > > ct > > deprecated > > des > > dgram > > dh > > dsa > > dso > > dtls > > dynamic-engine > > ec > > ec2m > > ecdh > > ecdsa > > engine > > err > > filenames > > gost > > hw(-.+)? > > idea > > makedepend > > md4 > > mdc2 > > multiblock > > nextprotoneg > > ocb > > ocsp > > pic > > poly1305 > > posix-io > > psk > > rc2 > > rc4 > > rdrand > > rfc3779 > > rmd160 > > scrypt > > seed > > shared > > siphash > > sm2 > > sm3 > > sm4 > > sock > > srp > > srtp > > sse2 > > ssl > > static-engine > > stdio > > tests > > threads > > tls > > ts > > ui-console > > whirlpool > > tls1 > > tls1-method > > tls1_1 > > tls1_1-method > > tls1_2 > > tls1_2-method > > tls1_3 > > dtls1 > > dtls1-method > > dtls1_2 > > dtls1_2-method > > Disabled features: > > afalgeng[not-linux] > > asan
Re: [openssl-users] How to compile 1.1.1 under Windows
Sorry, I meant to say I'm upgrading from 1.1.0h. On Tue, Oct 23, 2018 at 12:20 AM Dr. Matthias St. Pierre wrote: > > Oh, I should have read your mail until the end: > > Are you upgrading from 1.0.0h or 1.1.0h? Your post mentions both versions. > > > -Ursprüngliche Nachricht- > > Von: openssl-users Im Auftrag von Dr. > > Matthias St. Pierre > > Gesendet: Dienstag, 23. Oktober 2018 09:17 > > An: openssl-users@openssl.org > > Betreff: Re: [openssl-users] How to compile 1.1.1 under Windows > > > > Hi, > > > > a lot of structures where made opaque going from 1.0.2 to 1.1.0. > > This means, you will have to make changes to your program source code > > to compile it against 1.1.0 or 1.1.1. > > > > For details, see https://www.openssl.org/docs/faq.html#PROG2 > > > > HTH, > > Matthias > > > > > > > -Ursprüngliche Nachricht- > > > Von: openssl-users Im Auftrag von > > > Chris Clark > > > Gesendet: Dienstag, 23. Oktober 2018 08:51 > > > An: openssl-users@openssl.org > > > Betreff: [openssl-users] How to compile 1.1.1 under Windows > > > > > > I am attempting to upgrade a project using OpenSSL 1.0.0h to version > > > 1.1.1 under Visual Studio 2008-SP1, but when I try to compile version > > > 1.1.1 for VC-WIN64A I get the following compile error: > > > > > >cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo > > > /O2 /I "." /I "crypto\include" /I "include" -D"L_ENDIAN" > > > -D"OPENSSL_PIC" -D"OPENSSL_CPUID_OBJ" -D"OPENSSL_IA32_SSE2" > > > -D"OPENSSL_BN_ASM_MONT" -D"OPENSSL_BN_ASM_MONT5" > > > -D"OPENSSL_BN_ASM_GF2m" -D"SHA1_ASM" -D"SHA256_ASM" -D"SHA512_ASM" > > > -D"KECCAK1600_ASM" -D"RC4_ASM" -D"MD5_ASM" -D"AES_ASM" -D"VPAES_ASM" > > > -D"BSAES_ASM" -D"GHASH_ASM" -D"ECP_NISTZ256_ASM" -D"X25519_ASM" > > > -D"PADLOCK_ASM" -D"POLY1305_ASM" -D"OPENSSLDIR=\"C:\\Program > > > Files\\Common Files\\SSL\"" > > > -D"ENGINESDIR=\"C:\\openssl\\lib\\engines-1_1\"" -D"OPENSSL_SYS_WIN32" > > > -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" > > > -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" > > > -D"OPENSSL_USE_APPLINK" -D"NDEBUG" /Zs /showIncludes > > > "crypto\sm2\sm2_sign.c" 2>&1 > crypto\sm2\sm2_sign.d > > > NMAKE : fatal error U1077: 'cl' : return code '0x2' > > > Stop. > > > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual > > > Studio 9.0\VC\BIN\amd64\nmake.exe"' : return code '0x2' > > > Stop. > > > > > > My Command lines from the VS 2008 x64 Command Prompt are: > > > perl Configure VC-WIN64A --prefix=c:/openssl > > > nmake > > > > > > I also tried compiling the latest stable snapshot > > > (openssl-1.1.1-stable-SNAP-20181022) with the same results. However > > > version 1.1.0h compiles without error. Can anyone tell me what the > > > problem is? > > > > > > Here is the configuration dump: > > > > > > Command line (with current working directory = .): > > > c:\perl\bin\perl.exe Configure VC-WIN64A --prefix=c:/openssl > > > Perl information: > > > c:\perl\bin\perl.exe > > > 5.24.3 for MSWin32-x64-multi-thread > > > Enabled features: > > > aria > > > asm > > > async > > > autoalginit > > > autoerrinit > > > autoload-config > > > bf > > > blake2 > > > camellia > > > capieng > > > cast > > > chacha > > > cmac > > > cms > > > comp > > > ct > > > deprecated > > > des > > > dgram > > > dh > > > dsa > > > dso > > > dtls > > > dynamic-engine > > > ec > > > ec2m > > > ecdh > > > ecdsa > > > engine > > > err > > > filenames > > > gost > > > hw(-.+)? > > > idea > > > makedepend > > > md4 > > > mdc2 > > > multiblock > > > nextprotoneg > > > ocb > > > ocsp > > > pic > > > poly1305 > > > posix-io > > > psk > > > rc2 > > > rc4 > > > rdrand > > > rfc3779 > > > rmd160 > > > scrypt > > > seed > > > shared > > > siphash > > > sm2 > > > sm3 > > > sm4 > > > sock > > > srp > > > srtp > > > sse2 > > > ssl > > > static-engine > > > stdio > > > tests > > > threads > > > tls > > > ts > > > ui-console > > > whirlpool > > > tls1 > > > tls1-method > > > tls1_1 > > > tls1_1-method > > > tls1_2 > > > tls1_2-method > > > tls1_3 > > > dtls1 > > > dtls1-method > > > dtls1_2 > > > dtls1_2-method > > > Disabled features: > > > afalgeng[not-linux] > > > asan[default] OPENSSL_NO_ASAN > > > crypto-mdebug [default] OPENSSL_NO_CRYPTO_MDEBUG > > > crypto-mdebug-backtrace [default] OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE > > > devcryptoeng[default] OPENSSL_NO_DEVCRYPTOENG > > > ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 > > > egd [default] OPENSSL_NO_EGD > > > external-tests [default]
Re: [openssl-users] How to compile 1.1.1 under Windows
Oh, I should have read your mail until the end: Are you upgrading from 1.0.0h or 1.1.0h? Your post mentions both versions. > -Ursprüngliche Nachricht- > Von: openssl-users Im Auftrag von Dr. > Matthias St. Pierre > Gesendet: Dienstag, 23. Oktober 2018 09:17 > An: openssl-users@openssl.org > Betreff: Re: [openssl-users] How to compile 1.1.1 under Windows > > Hi, > > a lot of structures where made opaque going from 1.0.2 to 1.1.0. > This means, you will have to make changes to your program source code > to compile it against 1.1.0 or 1.1.1. > > For details, see https://www.openssl.org/docs/faq.html#PROG2 > > HTH, > Matthias > > > > -Ursprüngliche Nachricht- > > Von: openssl-users Im Auftrag von Chris > > Clark > > Gesendet: Dienstag, 23. Oktober 2018 08:51 > > An: openssl-users@openssl.org > > Betreff: [openssl-users] How to compile 1.1.1 under Windows > > > > I am attempting to upgrade a project using OpenSSL 1.0.0h to version > > 1.1.1 under Visual Studio 2008-SP1, but when I try to compile version > > 1.1.1 for VC-WIN64A I get the following compile error: > > > >cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo > > /O2 /I "." /I "crypto\include" /I "include" -D"L_ENDIAN" > > -D"OPENSSL_PIC" -D"OPENSSL_CPUID_OBJ" -D"OPENSSL_IA32_SSE2" > > -D"OPENSSL_BN_ASM_MONT" -D"OPENSSL_BN_ASM_MONT5" > > -D"OPENSSL_BN_ASM_GF2m" -D"SHA1_ASM" -D"SHA256_ASM" -D"SHA512_ASM" > > -D"KECCAK1600_ASM" -D"RC4_ASM" -D"MD5_ASM" -D"AES_ASM" -D"VPAES_ASM" > > -D"BSAES_ASM" -D"GHASH_ASM" -D"ECP_NISTZ256_ASM" -D"X25519_ASM" > > -D"PADLOCK_ASM" -D"POLY1305_ASM" -D"OPENSSLDIR=\"C:\\Program > > Files\\Common Files\\SSL\"" > > -D"ENGINESDIR=\"C:\\openssl\\lib\\engines-1_1\"" -D"OPENSSL_SYS_WIN32" > > -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" > > -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" > > -D"OPENSSL_USE_APPLINK" -D"NDEBUG" /Zs /showIncludes > > "crypto\sm2\sm2_sign.c" 2>&1 > crypto\sm2\sm2_sign.d > > NMAKE : fatal error U1077: 'cl' : return code '0x2' > > Stop. > > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual > > Studio 9.0\VC\BIN\amd64\nmake.exe"' : return code '0x2' > > Stop. > > > > My Command lines from the VS 2008 x64 Command Prompt are: > > perl Configure VC-WIN64A --prefix=c:/openssl > > nmake > > > > I also tried compiling the latest stable snapshot > > (openssl-1.1.1-stable-SNAP-20181022) with the same results. However > > version 1.1.0h compiles without error. Can anyone tell me what the > > problem is? > > > > Here is the configuration dump: > > > > Command line (with current working directory = .): > > c:\perl\bin\perl.exe Configure VC-WIN64A --prefix=c:/openssl > > Perl information: > > c:\perl\bin\perl.exe > > 5.24.3 for MSWin32-x64-multi-thread > > Enabled features: > > aria > > asm > > async > > autoalginit > > autoerrinit > > autoload-config > > bf > > blake2 > > camellia > > capieng > > cast > > chacha > > cmac > > cms > > comp > > ct > > deprecated > > des > > dgram > > dh > > dsa > > dso > > dtls > > dynamic-engine > > ec > > ec2m > > ecdh > > ecdsa > > engine > > err > > filenames > > gost > > hw(-.+)? > > idea > > makedepend > > md4 > > mdc2 > > multiblock > > nextprotoneg > > ocb > > ocsp > > pic > > poly1305 > > posix-io > > psk > > rc2 > > rc4 > > rdrand > > rfc3779 > > rmd160 > > scrypt > > seed > > shared > > siphash > > sm2 > > sm3 > > sm4 > > sock > > srp > > srtp > > sse2 > > ssl > > static-engine > > stdio > > tests > > threads > > tls > > ts > > ui-console > > whirlpool > > tls1 > > tls1-method > > tls1_1 > > tls1_1-method > > tls1_2 > > tls1_2-method > > tls1_3 > > dtls1 > > dtls1-method > > dtls1_2 > > dtls1_2-method > > Disabled features: > > afalgeng[not-linux] > > asan[default] OPENSSL_NO_ASAN > > crypto-mdebug [default] OPENSSL_NO_CRYPTO_MDEBUG > > crypto-mdebug-backtrace [default] OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE > > devcryptoeng[default] OPENSSL_NO_DEVCRYPTOENG > > ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 > > egd [default] OPENSSL_NO_EGD > > external-tests [default] OPENSSL_NO_EXTERNAL_TESTS > > fuzz-libfuzzer [default] OPENSSL_NO_FUZZ_LIBFUZZER > > fuzz-afl[default] OPENSSL_NO_FUZZ_AFL > > heartbeats [default] OPENSSL_NO_HEARTBEATS > > md2 [default] OPENSSL_NO_MD2 (skip crypto\md2) > > msan[default] OPENSSL_NO_MSAN > > rc5 [default] OPENSSL_NO_RC5 (skip crypto\rc5) > >
Re: [openssl-users] How to compile 1.1.1 under Windows
I suspect you'll find some kind of error message in crypto\sm2\sm2_sign.d. I suspect that /showIncludes isn't supported in VS 2008. There is a workaround for this problem, and it's to use the 'no-makedepend' option: perl Configure VC-WIN64A --prefix=c:/openssl no-makedepend For a single build, that should be good enough. Cheers, Richard In message on Mon, 22 Oct 2018 23:50:46 -0700, Chris Clark said: > I am attempting to upgrade a project using OpenSSL 1.0.0h to version > 1.1.1 under Visual Studio 2008-SP1, but when I try to compile version > 1.1.1 for VC-WIN64A I get the following compile error: > >cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo > /O2 /I "." /I "crypto\include" /I "include" -D"L_ENDIAN" > -D"OPENSSL_PIC" -D"OPENSSL_CPUID_OBJ" -D"OPENSSL_IA32_SSE2" > -D"OPENSSL_BN_ASM_MONT" -D"OPENSSL_BN_ASM_MONT5" > -D"OPENSSL_BN_ASM_GF2m" -D"SHA1_ASM" -D"SHA256_ASM" -D"SHA512_ASM" > -D"KECCAK1600_ASM" -D"RC4_ASM" -D"MD5_ASM" -D"AES_ASM" -D"VPAES_ASM" > -D"BSAES_ASM" -D"GHASH_ASM" -D"ECP_NISTZ256_ASM" -D"X25519_ASM" > -D"PADLOCK_ASM" -D"POLY1305_ASM" -D"OPENSSLDIR=\"C:\\Program > Files\\Common Files\\SSL\"" > -D"ENGINESDIR=\"C:\\openssl\\lib\\engines-1_1\"" -D"OPENSSL_SYS_WIN32" > -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" > -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" > -D"OPENSSL_USE_APPLINK" -D"NDEBUG" /Zs /showIncludes > "crypto\sm2\sm2_sign.c" 2>&1 > crypto\sm2\sm2_sign.d > NMAKE : fatal error U1077: 'cl' : return code '0x2' > Stop. > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual > Studio 9.0\VC\BIN\amd64\nmake.exe"' : return code '0x2' > Stop. > > My Command lines from the VS 2008 x64 Command Prompt are: > perl Configure VC-WIN64A --prefix=c:/openssl > nmake > > I also tried compiling the latest stable snapshot > (openssl-1.1.1-stable-SNAP-20181022) with the same results. However > version 1.1.0h compiles without error. Can anyone tell me what the > problem is? > > Here is the configuration dump: > > Command line (with current working directory = .): > c:\perl\bin\perl.exe Configure VC-WIN64A --prefix=c:/openssl > Perl information: > c:\perl\bin\perl.exe > 5.24.3 for MSWin32-x64-multi-thread > Enabled features: > aria > asm > async > autoalginit > autoerrinit > autoload-config > bf > blake2 > camellia > capieng > cast > chacha > cmac > cms > comp > ct > deprecated > des > dgram > dh > dsa > dso > dtls > dynamic-engine > ec > ec2m > ecdh > ecdsa > engine > err > filenames > gost > hw(-.+)? > idea > makedepend > md4 > mdc2 > multiblock > nextprotoneg > ocb > ocsp > pic > poly1305 > posix-io > psk > rc2 > rc4 > rdrand > rfc3779 > rmd160 > scrypt > seed > shared > siphash > sm2 > sm3 > sm4 > sock > srp > srtp > sse2 > ssl > static-engine > stdio > tests > threads > tls > ts > ui-console > whirlpool > tls1 > tls1-method > tls1_1 > tls1_1-method > tls1_2 > tls1_2-method > tls1_3 > dtls1 > dtls1-method > dtls1_2 > dtls1_2-method > Disabled features: > afalgeng[not-linux] > asan[default] OPENSSL_NO_ASAN > crypto-mdebug [default] OPENSSL_NO_CRYPTO_MDEBUG > crypto-mdebug-backtrace [default] OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE > devcryptoeng[default] OPENSSL_NO_DEVCRYPTOENG > ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 > egd [default] OPENSSL_NO_EGD > external-tests [default] OPENSSL_NO_EXTERNAL_TESTS > fuzz-libfuzzer [default] OPENSSL_NO_FUZZ_LIBFUZZER > fuzz-afl[default] OPENSSL_NO_FUZZ_AFL > heartbeats [default] OPENSSL_NO_HEARTBEATS > md2 [default] OPENSSL_NO_MD2 (skip crypto\md2) > msan[default] OPENSSL_NO_MSAN > rc5 [default] OPENSSL_NO_RC5 (skip crypto\rc5) > sctp[default] OPENSSL_NO_SCTP > ssl-trace [default] OPENSSL_NO_SSL_TRACE > ubsan [default] OPENSSL_NO_UBSAN > unit-test [default] OPENSSL_NO_UNIT_TEST > weak-ssl-ciphers[default] OPENSSL_NO_WEAK_SSL_CIPHERS > zlib[default] > zlib-dynamic[default] > ssl3[default] OPENSSL_NO_SSL3 > ssl3-method [default] OPENSSL_NO_SSL3_METHOD > Config target attributes: > AR => "lib", > ARFLAGS => "/nologo", > AS => "nasm", > ASFLAGS => "-g", > CC => "cl", > CFLAGS => "/W3 /wd4090 /nologo /O2", > CPP => "\$(CC) /EP /C", > HASHBANGPERL =>
Re: [openssl-users] How to compile 1.1.1 under Windows
Hi, a lot of structures where made opaque going from 1.0.2 to 1.1.0. This means, you will have to make changes to your program source code to compile it against 1.1.0 or 1.1.1. For details, see https://www.openssl.org/docs/faq.html#PROG2 HTH, Matthias > -Ursprüngliche Nachricht- > Von: openssl-users Im Auftrag von Chris > Clark > Gesendet: Dienstag, 23. Oktober 2018 08:51 > An: openssl-users@openssl.org > Betreff: [openssl-users] How to compile 1.1.1 under Windows > > I am attempting to upgrade a project using OpenSSL 1.0.0h to version > 1.1.1 under Visual Studio 2008-SP1, but when I try to compile version > 1.1.1 for VC-WIN64A I get the following compile error: > >cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo > /O2 /I "." /I "crypto\include" /I "include" -D"L_ENDIAN" > -D"OPENSSL_PIC" -D"OPENSSL_CPUID_OBJ" -D"OPENSSL_IA32_SSE2" > -D"OPENSSL_BN_ASM_MONT" -D"OPENSSL_BN_ASM_MONT5" > -D"OPENSSL_BN_ASM_GF2m" -D"SHA1_ASM" -D"SHA256_ASM" -D"SHA512_ASM" > -D"KECCAK1600_ASM" -D"RC4_ASM" -D"MD5_ASM" -D"AES_ASM" -D"VPAES_ASM" > -D"BSAES_ASM" -D"GHASH_ASM" -D"ECP_NISTZ256_ASM" -D"X25519_ASM" > -D"PADLOCK_ASM" -D"POLY1305_ASM" -D"OPENSSLDIR=\"C:\\Program > Files\\Common Files\\SSL\"" > -D"ENGINESDIR=\"C:\\openssl\\lib\\engines-1_1\"" -D"OPENSSL_SYS_WIN32" > -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" > -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" > -D"OPENSSL_USE_APPLINK" -D"NDEBUG" /Zs /showIncludes > "crypto\sm2\sm2_sign.c" 2>&1 > crypto\sm2\sm2_sign.d > NMAKE : fatal error U1077: 'cl' : return code '0x2' > Stop. > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual > Studio 9.0\VC\BIN\amd64\nmake.exe"' : return code '0x2' > Stop. > > My Command lines from the VS 2008 x64 Command Prompt are: > perl Configure VC-WIN64A --prefix=c:/openssl > nmake > > I also tried compiling the latest stable snapshot > (openssl-1.1.1-stable-SNAP-20181022) with the same results. However > version 1.1.0h compiles without error. Can anyone tell me what the > problem is? > > Here is the configuration dump: > > Command line (with current working directory = .): > c:\perl\bin\perl.exe Configure VC-WIN64A --prefix=c:/openssl > Perl information: > c:\perl\bin\perl.exe > 5.24.3 for MSWin32-x64-multi-thread > Enabled features: > aria > asm > async > autoalginit > autoerrinit > autoload-config > bf > blake2 > camellia > capieng > cast > chacha > cmac > cms > comp > ct > deprecated > des > dgram > dh > dsa > dso > dtls > dynamic-engine > ec > ec2m > ecdh > ecdsa > engine > err > filenames > gost > hw(-.+)? > idea > makedepend > md4 > mdc2 > multiblock > nextprotoneg > ocb > ocsp > pic > poly1305 > posix-io > psk > rc2 > rc4 > rdrand > rfc3779 > rmd160 > scrypt > seed > shared > siphash > sm2 > sm3 > sm4 > sock > srp > srtp > sse2 > ssl > static-engine > stdio > tests > threads > tls > ts > ui-console > whirlpool > tls1 > tls1-method > tls1_1 > tls1_1-method > tls1_2 > tls1_2-method > tls1_3 > dtls1 > dtls1-method > dtls1_2 > dtls1_2-method > Disabled features: > afalgeng[not-linux] > asan[default] OPENSSL_NO_ASAN > crypto-mdebug [default] OPENSSL_NO_CRYPTO_MDEBUG > crypto-mdebug-backtrace [default] OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE > devcryptoeng[default] OPENSSL_NO_DEVCRYPTOENG > ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 > egd [default] OPENSSL_NO_EGD > external-tests [default] OPENSSL_NO_EXTERNAL_TESTS > fuzz-libfuzzer [default] OPENSSL_NO_FUZZ_LIBFUZZER > fuzz-afl[default] OPENSSL_NO_FUZZ_AFL > heartbeats [default] OPENSSL_NO_HEARTBEATS > md2 [default] OPENSSL_NO_MD2 (skip crypto\md2) > msan[default] OPENSSL_NO_MSAN > rc5 [default] OPENSSL_NO_RC5 (skip crypto\rc5) > sctp[default] OPENSSL_NO_SCTP > ssl-trace [default] OPENSSL_NO_SSL_TRACE > ubsan [default] OPENSSL_NO_UBSAN > unit-test [default] OPENSSL_NO_UNIT_TEST > weak-ssl-ciphers[default] OPENSSL_NO_WEAK_SSL_CIPHERS > zlib[default] > zlib-dynamic[default] > ssl3[default] OPENSSL_NO_SSL3 > ssl3-method [default] OPENSSL_NO_SSL3_METHOD > Config target attributes: > AR => "lib", > ARFLAGS => "/nologo", > AS => "nasm", > ASFLAGS => "-g", > CC => "cl", > CFLAGS => "/W3 /wd4090 /nologo
Re: [openssl-users] s_server -www -tls1_3: Firefox/Chrome not working
I suppose Facebook reports 50% because their mobile apps uses their SSL library Fizz with Tls 1.3 https://thehackernews.com/2018/08/fizz-tls-ssl-library.html I'm curious seeing your telemetry info now. Chrome 70 was released last week, and FireFox 63 today, with TLS 1.3 support regards Le mer. 12 sept. 2018 à 16:41, Viktor Dukhovni a écrit : > > > > On Sep 12, 2018, at 10:20 AM, Benjamin Kaduk via openssl-users < > openssl-users@openssl.org> wrote: > > > > IIUC, only Firefox nightly as of approximately today will support the > final > > RFC 8446 version; I haven't looked into Chrome yet. > > From the Firefox TLS 1.3 blog entry: > > > https://blog.mozilla.org/security/2018/08/13/tls-1-3-published-in-firefox-today/ > > What Now? > > TLS 1.3 is already widely deployed: both Firefox and Chrome have fielded > “draft” versions. Firefox 61 is already shipping draft-28, which is > essentially the same as the final published version (just with a different > version number). We expect to ship the final version in Firefox 63, > scheduled for October 2018. Cloudflare, Google, and Facebook are running it > on their servers today. Our telemetry shows that around 5% of Firefox > connections are TLS 1.3. Cloudflare reports similar numbers, and Facebook > reports that an astounding 50+% of their traffic is already TLS 1.3! > > -- > Viktor. > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] How to compile 1.1.1 under Windows
I am attempting to upgrade a project using OpenSSL 1.0.0h to version 1.1.1 under Visual Studio 2008-SP1, but when I try to compile version 1.1.1 for VC-WIN64A I get the following compile error: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 /I "." /I "crypto\include" /I "include" -D"L_ENDIAN" -D"OPENSSL_PIC" -D"OPENSSL_CPUID_OBJ" -D"OPENSSL_IA32_SSE2" -D"OPENSSL_BN_ASM_MONT" -D"OPENSSL_BN_ASM_MONT5" -D"OPENSSL_BN_ASM_GF2m" -D"SHA1_ASM" -D"SHA256_ASM" -D"SHA512_ASM" -D"KECCAK1600_ASM" -D"RC4_ASM" -D"MD5_ASM" -D"AES_ASM" -D"VPAES_ASM" -D"BSAES_ASM" -D"GHASH_ASM" -D"ECP_NISTZ256_ASM" -D"X25519_ASM" -D"PADLOCK_ASM" -D"POLY1305_ASM" -D"OPENSSLDIR=\"C:\\Program Files\\Common Files\\SSL\"" -D"ENGINESDIR=\"C:\\openssl\\lib\\engines-1_1\"" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"OPENSSL_USE_APPLINK" -D"NDEBUG" /Zs /showIncludes "crypto\sm2\sm2_sign.c" 2>&1 > crypto\sm2\sm2_sign.d NMAKE : fatal error U1077: 'cl' : return code '0x2' Stop. NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\BIN\amd64\nmake.exe"' : return code '0x2' Stop. My Command lines from the VS 2008 x64 Command Prompt are: perl Configure VC-WIN64A --prefix=c:/openssl nmake I also tried compiling the latest stable snapshot (openssl-1.1.1-stable-SNAP-20181022) with the same results. However version 1.1.0h compiles without error. Can anyone tell me what the problem is? Here is the configuration dump: Command line (with current working directory = .): c:\perl\bin\perl.exe Configure VC-WIN64A --prefix=c:/openssl Perl information: c:\perl\bin\perl.exe 5.24.3 for MSWin32-x64-multi-thread Enabled features: aria asm async autoalginit autoerrinit autoload-config bf blake2 camellia capieng cast chacha cmac cms comp ct deprecated des dgram dh dsa dso dtls dynamic-engine ec ec2m ecdh ecdsa engine err filenames gost hw(-.+)? idea makedepend md4 mdc2 multiblock nextprotoneg ocb ocsp pic poly1305 posix-io psk rc2 rc4 rdrand rfc3779 rmd160 scrypt seed shared siphash sm2 sm3 sm4 sock srp srtp sse2 ssl static-engine stdio tests threads tls ts ui-console whirlpool tls1 tls1-method tls1_1 tls1_1-method tls1_2 tls1_2-method tls1_3 dtls1 dtls1-method dtls1_2 dtls1_2-method Disabled features: afalgeng[not-linux] asan[default] OPENSSL_NO_ASAN crypto-mdebug [default] OPENSSL_NO_CRYPTO_MDEBUG crypto-mdebug-backtrace [default] OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE devcryptoeng[default] OPENSSL_NO_DEVCRYPTOENG ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 egd [default] OPENSSL_NO_EGD external-tests [default] OPENSSL_NO_EXTERNAL_TESTS fuzz-libfuzzer [default] OPENSSL_NO_FUZZ_LIBFUZZER fuzz-afl[default] OPENSSL_NO_FUZZ_AFL heartbeats [default] OPENSSL_NO_HEARTBEATS md2 [default] OPENSSL_NO_MD2 (skip crypto\md2) msan[default] OPENSSL_NO_MSAN rc5 [default] OPENSSL_NO_RC5 (skip crypto\rc5) sctp[default] OPENSSL_NO_SCTP ssl-trace [default] OPENSSL_NO_SSL_TRACE ubsan [default] OPENSSL_NO_UBSAN unit-test [default] OPENSSL_NO_UNIT_TEST weak-ssl-ciphers[default] OPENSSL_NO_WEAK_SSL_CIPHERS zlib[default] zlib-dynamic[default] ssl3[default] OPENSSL_NO_SSL3 ssl3-method [default] OPENSSL_NO_SSL3_METHOD Config target attributes: AR => "lib", ARFLAGS => "/nologo", AS => "nasm", ASFLAGS => "-g", CC => "cl", CFLAGS => "/W3 /wd4090 /nologo /O2", CPP => "\$(CC) /EP /C", HASHBANGPERL => "/usr/bin/env perl", LD => "link", LDFLAGS => "/nologo /debug", MT => "mt", MTFLAGS => "-nologo", RANLIB => "CODE(0x65aff0)", RC => "rc", aes_asm_src => "aes-x86_64.s vpaes-x86_64.s bsaes-x86_64.s aesni-x86_64.s aesni-sha1-x86_64.s aesni-sha256-x86_64.s aesni-mb-x86_64.s", aes_obj => "aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o", apps_aux_src => "win32_init.c", apps_init_src => "../ms/applink.c", apps_obj => "win32_init.o", aroutflag => "/out:", asflags => "-Ox -f win64 -DNEAR", asoutflag => "-o ", bf_asm_src => "bf_enc.c", bf_obj => "bf_enc.o", bin_cflags => "/Zi /Fdapp.pdb",
