RE: OpenSSL compilation errors in Windows

[Nagalakshmi V J]

Hi Sergio,

We are using OpenSSL APIs in our product code. We are not making any changes in 
OpenSSL. Our product code is a C++ code and it makes use of openSSL APIs for 
some functionality.

This compilation error we are getting in Linux and windows platforms. But in 
Linux, we have a '-fpermissive' flag which is suppressing those errors as 
warnings and so compilation is getting successful.

The issue here is in Windows , we are not able to find alternative flag for 
-'fpermissive' in Visual studio and due to that compilation is unsuccessful. It 
would be helpful if anyone suggests some option to get the compilation 
successful.

Thanks and regards,
Nagalakshmi

From: Sergio NNX 
Sent: Monday, September 30, 2019 9:06 PM
To: Dr. Matthias St. Pierre ; Nagalakshmi V J 
; Michael Mueller 
Cc: openssl-users@openssl.org; Umamaheswari Nagarajan 

Subject: Re: OpenSSL compilation errors in Windows

** This mail has been sent from an external source **

Ciao.

I haven't had a chance to compile the exact OpenSSL version using g++ compiler 
as stated by the user/poster.

If this user is using a modified or altered version of OpenSSL provided source 
code, is there support available? Don't get me wrong, I don't mind helping out 
but .

I'll try to compile OpenSSL source code this evening and I'll post my findings 
here.

Regards.

Sergio.


From: openssl-users 
mailto:openssl-users-boun...@openssl.org>> 
on behalf of Dr. Matthias St. Pierre 
mailto:matthias.st.pie...@ncp-e.com>>
Sent: Tuesday, 1 October 2019 12:28 AM
To: Nagalakshmi V J 
mailto:nagalakshm...@altran.com>>; Michael Mueller 
mailto:abaci@gmail.com>>
Cc: openssl-users@openssl.org 
mailto:openssl-users@openssl.org>>; Umamaheswari 
Nagarajan 
mailto:umamaheswari.nagara...@altran.com>>
Subject: AW: OpenSSL compilation errors in Windows


> OpenSSL code is compiling without any issues. When it is used from our 
> product code and while compiling using C++ compiler, the issue is seen.



As I wrote previously, the error you posted was caused  by the fact that you 
are compiling Ansi C (a.k.a ISO/IEC 9899:1990, a.k.a C90) source code

using a C++ compiler. While C permits a cast from 'void *' to 'anytype *', C++ 
doesn't allow it without an explicit cast.



Only the *public* OpenSSL headers are guaranteed to be includable by a C++ 
compiler (they contain the necessary ` extern "C" ` blocks, etc.),

not the internal headers. Including *internal* headers is neither supported nor 
possible with a C++ compiler. And as Matt Caswell already told you,

there are no compatibility guarantees for those headers.



Matthias







=
Please refer to https://northamerica.altran.com/email-disclaimer
for important disclosures regarding this electronic communication.
=

Re: EVP_aes_256_xts() problems with multiple calls to EVP_CipherUpdate

[Thulasi Goriparthi]

Agree that XTS specific deviation should have been documented similar to
some of the AEAD ciphers with EVP interface.

Thanks,
Thulasi.

On Tue, 1 Oct 2019 at 08:46, Norm Green 
wrote:

> Could be, but that's not how EVP_CipherUpdate is documented to work.  If
> this is an XTS mode limitation and not a bug, shouldn't the limitation be
> documented on a man page somewhere?  And shouldn't my second call to
> EVP_CipherUpdate fail?
>
> Norm Green
>
>
> On 9/30/2019 8:04 PM, Thulasi Goriparthi wrote:
>
> As 512 byte blocks are independently encrypted, they should be decrypted
> similarly. This is how XTS mode is defined.
> i.e Try to decrypt 512 byte blocks separately with two CipherUpdates.
>
> Thanks,
> Thulasi.
>
> On Tue, 1 Oct 2019 at 06:43, Norm Green 
> wrote:
>
>> Hi all,
>>
>> I'm using OpenSSL 1.1.1d on Linux with the cipher EVP_aes_256_xts() in
>> order to write database/disk encryption software.
>>
>> When encrypting, I have problems if I call EVP_CipherUpdate() and
>> encrypt the data in chunks. Encrypting only works when I encrypt the
>> entire payload with one and only one call to EVP_CipherUpdate.
>>
>> If I try to break the data into chunks (and make more than one call to
>> EVP_CipherUpdate), then decrypting the data produces garbage after the
>> first chunk that was encrypted
>> When decrypting, I always decrypt all data in one call to
>> EVP_CipherUpdate .
>>
>> For example, when encrypting 1024 bytes, this pseudo-code sequence works:
>>
>> char payload[1024];
>> char encrypted[1024];
>> int destSize = sizeof(encrypted);
>> EVP_CipherInit_ex();
>> EVP_CipherUpdate(ctx, encrypted, , payload, sizeof(payload));
>> EVP_CipherFinal(); (produces no additional data)
>>
>> However if I break the 1024 payload into 2 x 512 byte chunks, decrypting
>> the entire 1024 bytes of cipher text produces garbage every time:
>>
>> char payload[1024];
>> char encrypted[1024];
>> int destSize = sizeof(encrypted);
>> EVP_CipherInit_ex();
>> EVP_CipherUpdate(ctx, encrypted, , payload, 512); // first chunk
>> destSize -= 512;
>> EVP_CipherUpdate(ctx, [512], , [512], 512);
>> // second chunk
>> EVP_CipherFinal(); (produces no additional data)
>>
>> I have a short C program that demonstrates the problem that I can post
>> if necessary.
>>
>> Can anyone explain what's going on?
>>
>> Norm Green
>> CTO, GemTalk Systems Inc.
>>
>
>

Re: EVP_aes_256_xts() problems with multiple calls to EVP_CipherUpdate

[Norm Green]

Could be, but that's not how EVP_CipherUpdate is documented to work.  If 
this is an XTS mode limitation and not a bug, shouldn't the limitation 
be documented on a man page somewhere?  And shouldn't my second call to 
EVP_CipherUpdate fail?


Norm Green


On 9/30/2019 8:04 PM, Thulasi Goriparthi wrote:
As 512 byte blocks are independently encrypted, they should be 
decrypted similarly. This is how XTS mode is defined.

i.e Try to decrypt 512 byte blocks separately with two CipherUpdates.

Thanks,
Thulasi.

On Tue, 1 Oct 2019 at 06:43, Norm Green > wrote:


Hi all,

I'm using OpenSSL 1.1.1d on Linux with the cipher
EVP_aes_256_xts() in
order to write database/disk encryption software.

When encrypting, I have problems if I call EVP_CipherUpdate() and
encrypt the data in chunks. Encrypting only works when I encrypt the
entire payload with one and only one call to EVP_CipherUpdate.

If I try to break the data into chunks (and make more than one
call to
EVP_CipherUpdate), then decrypting the data produces garbage after
the
first chunk that was encrypted
When decrypting, I always decrypt all data in one call to
EVP_CipherUpdate .

For example, when encrypting 1024 bytes, this pseudo-code sequence
works:

char payload[1024];
char encrypted[1024];
int destSize = sizeof(encrypted);
EVP_CipherInit_ex();
EVP_CipherUpdate(ctx, encrypted, , payload, sizeof(payload));
EVP_CipherFinal(); (produces no additional data)

However if I break the 1024 payload into 2 x 512 byte chunks,
decrypting
the entire 1024 bytes of cipher text produces garbage every time:

char payload[1024];
char encrypted[1024];
int destSize = sizeof(encrypted);
EVP_CipherInit_ex();
EVP_CipherUpdate(ctx, encrypted, , payload, 512); //
first chunk
destSize -= 512;
EVP_CipherUpdate(ctx, [512], , [512],
512);
// second chunk
EVP_CipherFinal(); (produces no additional data)

I have a short C program that demonstrates the problem that I can
post
if necessary.

Can anyone explain what's going on?

Norm Green
CTO, GemTalk Systems Inc.

Re: EVP_aes_256_xts() problems with multiple calls to EVP_CipherUpdate

[Thulasi Goriparthi]

As 512 byte blocks are independently encrypted, they should be decrypted
similarly. This is how XTS mode is defined.
i.e Try to decrypt 512 byte blocks separately with two CipherUpdates.

Thanks,
Thulasi.

On Tue, 1 Oct 2019 at 06:43, Norm Green 
wrote:

> Hi all,
>
> I'm using OpenSSL 1.1.1d on Linux with the cipher EVP_aes_256_xts() in
> order to write database/disk encryption software.
>
> When encrypting, I have problems if I call EVP_CipherUpdate() and
> encrypt the data in chunks. Encrypting only works when I encrypt the
> entire payload with one and only one call to EVP_CipherUpdate.
>
> If I try to break the data into chunks (and make more than one call to
> EVP_CipherUpdate), then decrypting the data produces garbage after the
> first chunk that was encrypted
> When decrypting, I always decrypt all data in one call to EVP_CipherUpdate
> .
>
> For example, when encrypting 1024 bytes, this pseudo-code sequence works:
>
> char payload[1024];
> char encrypted[1024];
> int destSize = sizeof(encrypted);
> EVP_CipherInit_ex();
> EVP_CipherUpdate(ctx, encrypted, , payload, sizeof(payload));
> EVP_CipherFinal(); (produces no additional data)
>
> However if I break the 1024 payload into 2 x 512 byte chunks, decrypting
> the entire 1024 bytes of cipher text produces garbage every time:
>
> char payload[1024];
> char encrypted[1024];
> int destSize = sizeof(encrypted);
> EVP_CipherInit_ex();
> EVP_CipherUpdate(ctx, encrypted, , payload, 512); // first chunk
> destSize -= 512;
> EVP_CipherUpdate(ctx, [512], , [512], 512);
> // second chunk
> EVP_CipherFinal(); (produces no additional data)
>
> I have a short C program that demonstrates the problem that I can post
> if necessary.
>
> Can anyone explain what's going on?
>
> Norm Green
> CTO, GemTalk Systems Inc.
>

EVP_aes_256_xts() problems with multiple calls to EVP_CipherUpdate

[Norm Green]

Hi all,

I'm using OpenSSL 1.1.1d on Linux with the cipher EVP_aes_256_xts() in 
order to write database/disk encryption software.


When encrypting, I have problems if I call EVP_CipherUpdate() and 
encrypt the data in chunks. Encrypting only works when I encrypt the 
entire payload with one and only one call to EVP_CipherUpdate.


If I try to break the data into chunks (and make more than one call to 
EVP_CipherUpdate), then decrypting the data produces garbage after the 
first chunk that was encrypted

When decrypting, I always decrypt all data in one call to EVP_CipherUpdate .

For example, when encrypting 1024 bytes, this pseudo-code sequence works:

char payload[1024];
char encrypted[1024];
int destSize = sizeof(encrypted);
EVP_CipherInit_ex();
EVP_CipherUpdate(ctx, encrypted, , payload, sizeof(payload));
EVP_CipherFinal(); (produces no additional data)

However if I break the 1024 payload into 2 x 512 byte chunks, decrypting 
the entire 1024 bytes of cipher text produces garbage every time:


char payload[1024];
char encrypted[1024];
int destSize = sizeof(encrypted);
EVP_CipherInit_ex();
EVP_CipherUpdate(ctx, encrypted, , payload, 512); // first chunk
destSize -= 512;
EVP_CipherUpdate(ctx, [512], , [512], 512); 
// second chunk

EVP_CipherFinal(); (produces no additional data)

I have a short C program that demonstrates the problem that I can post 
if necessary.


Can anyone explain what's going on?

Norm Green
CTO, GemTalk Systems Inc.

Issue in upgrading code related to CAPI Engine for accessing Windows certificate Store(Windows7) (upgrade from 1.0.2p to 1.1.1c)

[manoj upadhyay]

Hi All,
I am facinmg issue while upgrading my OpenSSL version from 1.0.2p to 1.1.1c.
I am facing the issue where "ENGINE_by_id("capi")" is not returning proper 
pointer. I want to access windows certificate store with certificate and keys.

Snippet of my working code in 1.0.2p:(This is working fine)
This is working fine and I am able to get the Private key.
--
  ENGINE_load_capi()
  ce = ENGINE_by_id("capi");
  if (NULL == ce)
  {
 ENGINE_cleanup();
 return E_LOAD_FAILED;
  }
  if (!ENGINE_init(ce)||!ENGINE_register_STORE(ce) )
  {
 ENGINE_cleanup();
 ce = NULL;
 return E_INIT_FAILED;
  }
 (void)ENGINE_ctrl_cmd(ce,"store_flags",0, NULL, NULL, 0);
 (void)ENGINE_ctrl_cmd(ce,"store_name" ,0, (void*)storeName, NULL, 0);
 privateKey  = ENGINE_load_private_key(ce,"certname", 0, 0);


I can see that few CAPI API is deprecated in 1.1.1c, but they can be enabled by 
following configuration(Based on engine.h)
> "perl Configure debug-VC-WIN64A no-asm enable-capieng no-shared 
> no-dynamic-engine --api=1.0.0"
Code from 1.1.1c:
---



  ENGINE_load_capi()
  ce = ENGINE_by_id("capi");   < "perl Configure debug-VC-WIN64A no-asm

Code:
  int rc = 0;
  ENGINE_load_builtin_engines();
  ce= ENGINE_by_id("dynamic"); <<==Engine Pointer with no valid data
  rc = ENGINE_ctrl_cmd_string(ce, "SO_PATH", "c://mylib//capi.dll", 0); if (! 
rc) return ERROR_RC;
  rc=  ENGINE_ctrl_cmd_string(ce, "LOAD", NULL, 0); if (! rc) return ERROR_RC;
  rc = ENGINE_register_complete(ce); if (! rc) return ERROR_RC;
  rc = ERR_load_ENGINE_strings(); if (! rc) return ERROR_RC;

  if (NULL == ce)
  {
 ENGINE_cleanup();
 return LOAD_E_FAILED;
  }
if (!ENGINE_init(ce))
  {
 ENGINE_cleanup();
 sCapiEngine = NULL;
 return INIT_E_FAILED;
  }
  ENGINE_register_complete(ce);
  (void)ENGINE_ctrl_cmd(ce,"store_flags",0, NULL, NULL, 0);
  (void)ENGINE_ctrl_cmd(ce,"store_name" ,0, (void*)storeName, NULL, 0);
  privateKey  = ENGINE_load_private_key(ce,"certname", 0, 0); 
<

Re: full-chain ocsp stapling

[Jeremy Harris]

On 30/09/2019 17:02, Matt Caswell wrote:
> openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem \
> -url http://ocsp.myhost.com/ -resp_text -respout resp.der

Ah, I hadn't realised that -cert could be given multiple times.
-- 
Thanks,
  Jeremy

Re: full-chain ocsp stapling

[Matt Caswell]

On 30/09/2019 14:49, Jeremy Harris wrote:
> Looking at implementing the above, under TLSv1.3 and (at least
> initially) server-side.  I'm currently using
> 
> SSL_CTX_set_tlsext_status_cb()
> SSL_set_tlsext_status_ocsp_resp(   a DER blob )
> 
> and the problem is: will this accept a
> (DER-wrapped, basicresp-wrapped) stack of singleresp
> where the stack has >1 element?

It's an OCSPResponse object (see RFC2560) - represented by the OCSP_RESPONSE
type in OpenSSL. That can itself wrap a BasicOCSPResponse which can contain
multiple SingleResponses.

> 
> If so, and that is the preferred way to load such
> a stapling, how can such a blob be constructed?

If you want to construct it from scratch you might want to take a look at how
the ocsp app does it:

https://github.com/openssl/openssl/blob/84f471ecab76a16281a16c53d259bbcae358816f/apps/ocsp.c#L1146-L1287


> 
> I have separate PEM files for each ocsp resp for
> the certificate chain, currently.  Converting
> to DER and pulling out the singleresp is feasible;
> it's building a multi-resp blob that looks hard.
> 
> Alternatively, can SSL_set_tlsext_status_ocsp_resp()
> be called repeatedly, with distinct blobs for the
> stapling chain elements?  The manpage does not suggest it
> so it seems unlikely.

No, this isn't possible.

> 
> Alternatively^2, is there some way to get such a blob from
> a tool (openssl ocsp, or similar) ready built?   For this
> purpose, I am the CA.
> 

Yes, you can do this. For example see the "respout" option in the ocsp command.

>From the examples in the ocsp man page:

Send a query to an OCSP responder with URL http://ocsp.myhost.com/ save the
response to a file, print it out in text form, and verify the response:

openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem \
-url http://ocsp.myhost.com/ -resp_text -respout resp.der

Read in an OCSP response and print out text form:

openssl ocsp -respin resp.der -text -noverify

https://www.openssl.org/docs/man1.1.1/man1/openssl-ocsp.html

Matt

Re: OpenSSL compilation errors in Windows

[Sergio NNX]

Ciao.

I haven't had a chance to compile the exact OpenSSL version using g++ compiler 
as stated by the user/poster.

If this user is using a modified or altered version of OpenSSL provided source 
code, is there support available? Don't get me wrong, I don't mind helping out 
but .

I'll try to compile OpenSSL source code this evening and I'll post my findings 
here.

Regards.

Sergio.


From: openssl-users  on behalf of Dr. 
Matthias St. Pierre 
Sent: Tuesday, 1 October 2019 12:28 AM
To: Nagalakshmi V J ; Michael Mueller 

Cc: openssl-users@openssl.org ; Umamaheswari 
Nagarajan 
Subject: AW: OpenSSL compilation errors in Windows


> OpenSSL code is compiling without any issues. When it is used from our 
> product code and while compiling using C++ compiler, the issue is seen.



As I wrote previously, the error you posted was caused  by the fact that you 
are compiling Ansi C (a.k.a ISO/IEC 9899:1990, a.k.a C90) source code

using a C++ compiler. While C permits a cast from ‘void *’ to ‘anytype *’, C++ 
doesn’t allow it without an explicit cast.



Only the *public* OpenSSL headers are guaranteed to be includable by a C++ 
compiler (they contain the necessary ` extern “C” ` blocks, etc.),

not the internal headers. Including *internal* headers is neither supported nor 
possible with a C++ compiler. And as Matt Caswell already told you,

there are no compatibility guarantees for those headers.



Matthias

AW: OpenSSL compilation errors in Windows

[Dr. Matthias St. Pierre]

> OpenSSL code is compiling without any issues. When it is used from our 
> product code and while compiling using C++ compiler, the issue is seen.

As I wrote previously, the error you posted was caused  by the fact that you 
are compiling Ansi C (a.k.a ISO/IEC 9899:1990, a.k.a C90) source code
using a C++ compiler. While C permits a cast from ‘void *’ to ‘anytype *’, C++ 
doesn’t allow it without an explicit cast.

Only the *public* OpenSSL headers are guaranteed to be includable by a C++ 
compiler (they contain the necessary ` extern “C” ` blocks, etc.),
not the internal headers. Including *internal* headers is neither supported nor 
possible with a C++ compiler. And as Matt Caswell already told you,
there are no compatibility guarantees for those headers.

Matthias

full-chain ocsp stapling

[Jeremy Harris]

Looking at implementing the above, under TLSv1.3 and (at least
initially) server-side.  I'm currently using

SSL_CTX_set_tlsext_status_cb()
SSL_set_tlsext_status_ocsp_resp(   a DER blob )

and the problem is: will this accept a
(DER-wrapped, basicresp-wrapped) stack of singleresp
where the stack has >1 element?

If so, and that is the preferred way to load such
a stapling, how can such a blob be constructed?

I have separate PEM files for each ocsp resp for
the certificate chain, currently.  Converting
to DER and pulling out the singleresp is feasible;
it's building a multi-resp blob that looks hard.


Alternatively, can SSL_set_tlsext_status_ocsp_resp()
be called repeatedly, with distinct blobs for the
stapling chain elements?  The manpage does not suggest it
so it seems unlikely.


Alternatively^2, is there some way to get such a blob from
a tool (openssl ocsp, or similar) ready built?   For this
purpose, I am the CA.
-- 
Cheers,
  Jeremy

Re: Regarding using OpenSSL along with optee

[Dr Paul Dale]

I’m not aware of any such work having been undertaken.

OpenSSL 3.0 will definitely be sufficiently modular to support this.  1.1.1 a 
little less so but it might be possible.
If anyone is willing to take this up, I’d suggest targeting OpenSSL 3.0.
At the moment we are busy with FIPS and the 3.0 architectural changes.


Pauli
-- 
Dr Paul Dale | Distinguished Architect | Cryptographic Foundations 
Phone +61 7 3031 7217
Oracle Australia




> On 30 Sep 2019, at 8:13 pm, Nagesh shamnur  wrote:
> 
> Dear OpenSSL Group,
> Greetings. I was checking for the support for Trusted 
> Execution Environment (TEE) in OpenSSL. I could see that the current design 
> is modular enough to support it. But sadly, I was unable to find the relevant 
> code changes adapting any TEE implementation such as op-tee in the version 
> 1.1.1d. Can someone guide me if such a code changes are available.
>  
> Regards,
> Nagesh S

Re: Regarding using OpenSSL along with optee

[Salz, Rich via openssl-users]

>Greetings. I was checking for the support for Trusted 
> Execution Environment (TEE) in OpenSSL.

I’m curious – what do you think would be required?

RE: OpenSSL compilation errors in Windows

[Nagalakshmi V J]

Hi Michael,

OpenSSL code is compiling without any issues. When it is used from our product 
code and while compiling using C++ compiler, the issue is seen.

We also don’t use the ‘warning as errors’ and warning level 3 we are using 
currently.

Thanks and regards,
Nagalakshmi

From: Michael Mueller 
Sent: Monday, September 30, 2019 4:05 PM
To: Nagalakshmi V J 
Cc: openssl-users@openssl.org; Umamaheswari Nagarajan 

Subject: Re: OpenSSL compilation errors in Windows

** This mail has been sent from an external source **

We compile using Visual Studio. We don't use 'warnings as errors' and selected 
a warning level that minimized warnings. The 'make test' runs cleanly.



On Mon, Sep 30, 2019, 3:16 AM Nagalakshmi V J 
mailto:nagalakshm...@altran.com>> wrote:

Hi,

I am using openssl 1.1.c from our product code. While compiling the code, I am 
getting the errors which can be suppressed as warnings using -fpermissive flag 
in Linux (gcc/g++). In windows, I am getting the same compilation errors in 
visual studio (2005). Would like to know the alternative of -fpermissive flag 
that can be used in visual studio to suppress the errors.

I tried adding the flags such as '/fpermissive' , '/Ze' in module 
properties->C/C++->command Line->Additional options. But it did not resolve the 
problem.

Getting the errors like below. ssl/packet_locl.h(429) : error C2440: '=' : 
cannot convert from 'void *' to 'unsigned char 'Conversion from 'void' to 
pointer to non-'void' requires an explicit cast



Since it is giving error in Openssl code, we cannot make any code changes 
there. Has anyone faced this kind of issue?

Please let me know how to resolve this issue.



Thanks and regards,
Nagalakshmi

=
Please refer to https://northamerica.altran.com/email-disclaimer
for important disclosures regarding this electronic communication.
=
=
Please refer to https://northamerica.altran.com/email-disclaimer
for important disclosures regarding this electronic communication.
=

Re: OpenSSL compilation errors in Windows

[Matt Caswell]

On 30/09/2019 11:56, Nagalakshmi V J wrote:

> In our code, We included “ssl_locl.h” which in turn includes packet_locl.h. 
> Any
> way to avoid this kind of error?

Don't include "ssl_locl.h"!!! This is an internal header file and relying on it
is likely to cause problems for you. There are no stability guarantees if you
use internal stuff. For example commit b5acbf9148 just renamed that file to
ssl_local.h. That change will be in OpenSSL 1.1.1e - so your code will break at
that point if you upgrade.

Anything in your code that relies on that internal data will need to be
rewritten to use the public APIs instead.

Matt


> 
>  
> 
> Thanks and regards,
> 
> Nagalakshmi
> 
>  
> 
> -Original Message-
> From: Dr. Matthias St. Pierre 
> Sent: Monday, September 30, 2019 2:10 PM
> To: Nagalakshmi V J ; openssl-users@openssl.org
> Cc: Umamaheswari Nagarajan 
> Subject: AW: OpenSSL compilation errors in Windows
> 
>  
> 
> ** This mail has been sent from an external source **
> 
>  
> 
>  
> 
>> Getting the errors like below. ssl/packet_locl.h(429) : error C2440:
> 
>> '=' : cannot convert from 'void *' to 'unsigned char 'Conversion from
> 
>> 'void' to pointer to non-'void' requires an explicit cast
> 
>  
> 
> Is it possible that your error message was copied incorrectly? Line 429 is an
> assignment from 'void *' to 'unsigned char*', not to 'unsigned char'.
> 
>  
> 
> Such an assignment is allowed in C (and the type is implicitly converted), but
> not in C++. Is it possible, that you are including this header in a module
> compiled with a C++ compiler? Note that this is an internal header file and 
> not
> meant to be included by third party software.
> 
>  
> 
> HTH,
> 
> Matthias
> 
>  
> 
>  
> 
>  
> 
>  
> 
>  
> 
>  
> 
> Dr. Matthias St. Pierre
> 
> Senior Software Engineer
> 
> matthias.st.pie...@ncp-e.com 
> 
> Phone: +49 911 9968-0
> 
> www.ncp-e.com 
> 
>  
> 
> Headquarters Germany: NCP engineering GmbH • Dombuehler Str. 2 • 90449 •
> Nuremberg North American HQ: NCP engineering Inc. • 678 Georgia Ave. •
> Sunnyvale, CA 94085 East Coast Office: NCP engineering Inc. • 601 Cleveland
> Str., Suite 501-25 • Clearwater, FL 33755
> 
>  
> 
> Authorized representatives: Peter Soell, Patrick Oliver Graf, Beate Dietrich
> Registry Court: Lower District Court of Nuremberg Commercial register No.: HRB
> 7786 Nuremberg, VAT identification No.: DE 133557619
> 
>  
> 
> This e-mail message including any attachments is for the sole use of the
> intended recipient(s) and may contain privileged or confidential information.
> Any unauthorized review, use, disclosure or distribution is prohibited. If you
> are not the intended recipient, please immediately contact the sender by reply
> e-mail and delete the original message and destroy all copies thereof.
> 
> Von: openssl-users  > Im Auftrag von Nagalakshmi V J
> 
> Gesendet: Montag, 30. September 2019 08:44
> 
> An: openssl-users@openssl.org 
> 
> Cc: Umamaheswari Nagarajan  >
> 
> Betreff: OpenSSL compilation errors in Windows
> 
>  
> 
> Hi,
> 
> I am using openssl 1.1.c from our product code. While compiling the code, I am
> getting the errors which can be suppressed as warnings using -fpermissive flag
> in Linux (gcc/g++). In windows, I am getting the same compilation errors in
> visual studio (2005). Would like to know the alternative of -fpermissive flag
> that can be used in visual studio to suppress the errors.
> 
> I tried adding the flags such as '/fpermissive' , '/Ze' in module
> properties->C/C++->command Line->Additional options. But it did not resolve 
> the
> problem.
> 
> Getting the errors like below. ssl/packet_locl.h(429) : error C2440: '=' :
> cannot convert from 'void *' to 'unsigned char 'Conversion from 'void' to
> pointer to non-'void' requires an explicit cast
> 
>  
> 
> Since it is giving error in Openssl code, we cannot make any code changes 
> there.
> Has anyone faced this kind of issue?
> 
> Please let me know how to resolve this issue.
> 
>  
> 
>  
> 
>  
> 
> Thanks and regards,
> 
> Nagalakshmi
> 
>  
> 
> =
> 
> Please refer to https://northamerica.altran.com/email-disclaimer
> 
> for important disclosures regarding this electronic communication.
> 
> =
> 
> =
> Please refer to https://northamerica.altran.com/email-disclaimer
> for important disclosures regarding this electronic communication.
> =

RE: OpenSSL compilation errors in Windows

[Nagalakshmi V J]

Hi Matthias,



Yes that's right. The error message is



..\..\OpenSSL\openssl-1.1.1c\crypto\../ssl/packet_locl.h(429) : error C2440: 
'=' : cannot convert from 'void *' to 'unsigned char *' Conversion from 'void*' 
to pointer to non-'void' requires an explicit cast



Sorry, it was missed by mistake. So how can we avoid this?



In our code, We included “ssl_locl.h” which in turn includes packet_locl.h. Any 
way to avoid this kind of error?



Thanks and regards,

Nagalakshmi



-Original Message-
From: Dr. Matthias St. Pierre 
Sent: Monday, September 30, 2019 2:10 PM
To: Nagalakshmi V J ; openssl-users@openssl.org
Cc: Umamaheswari Nagarajan 
Subject: AW: OpenSSL compilation errors in Windows



** This mail has been sent from an external source **





> Getting the errors like below. ssl/packet_locl.h(429) : error C2440:

> '=' : cannot convert from 'void *' to 'unsigned char 'Conversion from

> 'void' to pointer to non-'void' requires an explicit cast



Is it possible that your error message was copied incorrectly? Line 429 is an 
assignment from 'void *' to 'unsigned char*', not to 'unsigned char'.



Such an assignment is allowed in C (and the type is implicitly converted), but 
not in C++. Is it possible, that you are including this header in a module 
compiled with a C++ compiler? Note that this is an internal header file and not 
meant to be included by third party software.



HTH,

Matthias













Dr. Matthias St. Pierre

Senior Software Engineer

matthias.st.pie...@ncp-e.com

Phone: +49 911 9968-0

www.ncp-e.com



Headquarters Germany: NCP engineering GmbH • Dombuehler Str. 2 • 90449 • 
Nuremberg North American HQ: NCP engineering Inc. • 678 Georgia Ave. • 
Sunnyvale, CA 94085 East Coast Office: NCP engineering Inc. • 601 Cleveland 
Str., Suite 501-25 • Clearwater, FL 33755



Authorized representatives: Peter Soell, Patrick Oliver Graf, Beate Dietrich 
Registry Court: Lower District Court of Nuremberg Commercial register No.: HRB 
7786 Nuremberg, VAT identification No.: DE 133557619



This e-mail message including any attachments is for the sole use of the 
intended recipient(s) and may contain privileged or confidential information. 
Any unauthorized review, use, disclosure or distribution is prohibited. If you 
are not the intended recipient, please immediately contact the sender by reply 
e-mail and delete the original message and destroy all copies thereof.

Von: openssl-users 
mailto:openssl-users-boun...@openssl.org>> 
Im Auftrag von Nagalakshmi V J

Gesendet: Montag, 30. September 2019 08:44

An: openssl-users@openssl.org

Cc: Umamaheswari Nagarajan 
mailto:umamaheswari.nagara...@altran.com>>

Betreff: OpenSSL compilation errors in Windows



Hi,

I am using openssl 1.1.c from our product code. While compiling the code, I am 
getting the errors which can be suppressed as warnings using -fpermissive flag 
in Linux (gcc/g++). In windows, I am getting the same compilation errors in 
visual studio (2005). Would like to know the alternative of -fpermissive flag 
that can be used in visual studio to suppress the errors.

I tried adding the flags such as '/fpermissive' , '/Ze' in module 
properties->C/C++->command Line->Additional options. But it did not resolve the 
problem.

Getting the errors like below. ssl/packet_locl.h(429) : error C2440: '=' : 
cannot convert from 'void *' to 'unsigned char 'Conversion from 'void' to 
pointer to non-'void' requires an explicit cast



Since it is giving error in Openssl code, we cannot make any code changes 
there. Has anyone faced this kind of issue?

Please let me know how to resolve this issue.







Thanks and regards,

Nagalakshmi



=

Please refer to https://northamerica.altran.com/email-disclaimer

for important disclosures regarding this electronic communication.

=

=
Please refer to https://northamerica.altran.com/email-disclaimer
for important disclosures regarding this electronic communication.
=

Re: OpenSSL compilation errors in Windows

[Michael Mueller]

We compile using Visual Studio. We don't use 'warnings as errors' and
selected a warning level that minimized warnings. The 'make test' runs
cleanly.



On Mon, Sep 30, 2019, 3:16 AM Nagalakshmi V J 
wrote:

> Hi,
>
> I am using openssl 1.1.c from our product code. While compiling the code,
> I am getting the errors which can be suppressed as warnings using
> -fpermissive flag in Linux (gcc/g++). In windows, I am getting the same
> compilation errors in visual studio (2005). Would like to know the
> alternative of -fpermissive flag that can be used in visual studio to
> suppress the errors.
>
> I tried adding the flags such as '/fpermissive' , '/Ze' in module
> properties->C/C++->command Line->Additional options. But it did not resolve
> the problem.
>
> *Getting the errors like below. ssl/packet_locl.h(429) : error C2440: '='
> : cannot convert from 'void *' to 'unsigned char **'Conversion from 'void**'
> to pointer to non-'void' requires an explicit cast*
>
>
>
> Since it is giving error in Openssl code, we cannot make any code changes
> there. Has anyone faced this kind of issue?
>
> Please let me know how to resolve this issue.
>
>
>
>
>
>
>
> *Thanks and regards,*
>
> *Nagalakshmi*
>
>
> =
> Please refer to https://northamerica.altran.com/email-disclaimer
> for important disclosures regarding this electronic communication.
> =
>

Regarding using OpenSSL along with optee

[Nagesh shamnur]

Dear OpenSSL Group,
Greetings. I was checking for the support for Trusted Execution 
Environment (TEE) in OpenSSL. I could see that the current design is modular 
enough to support it. But sadly, I was unable to find the relevant code changes 
adapting any TEE implementation such as op-tee in the version 1.1.1d. Can 
someone guide me if such a code changes are available.

Regards,
Nagesh S

AW: OpenSSL compilation errors in Windows

[Dr. Matthias St. Pierre]

> Getting the errors like below. ssl/packet_locl.h(429) : error C2440: '=' : 
> cannot convert from 'void *' to 'unsigned char 'Conversion from 'void' to 
> pointer to non-'void' requires an explicit cast

Is it possible that your error message was copied incorrectly? Line 429 is an 
assignment from 'void *' to 'unsigned char*', not to 'unsigned char'.

Such an assignment is allowed in C (and the type is implicitly converted), but 
not in C++. Is it possible, that you are including this header in a module 
compiled with a C++ compiler? Note that this is an internal header file and not 
meant to be included by third party software.

HTH,
Matthias




Von: openssl-users  Im Auftrag von 
Nagalakshmi V J
Gesendet: Montag, 30. September 2019 08:44
An: openssl-users@openssl.org
Cc: Umamaheswari Nagarajan 
Betreff: OpenSSL compilation errors in Windows

Hi,
I am using openssl 1.1.c from our product code. While compiling the code, I am 
getting the errors which can be suppressed as warnings using -fpermissive flag 
in Linux (gcc/g++). In windows, I am getting the same compilation errors in 
visual studio (2005). Would like to know the alternative of -fpermissive flag 
that can be used in visual studio to suppress the errors.
I tried adding the flags such as '/fpermissive' , '/Ze' in module 
properties->C/C++->command Line->Additional options. But it did not resolve the 
problem.
Getting the errors like below. ssl/packet_locl.h(429) : error C2440: '=' : 
cannot convert from 'void *' to 'unsigned char 'Conversion from 'void' to 
pointer to non-'void' requires an explicit cast

Since it is giving error in Openssl code, we cannot make any code changes 
there. Has anyone faced this kind of issue?
Please let me know how to resolve this issue.



Thanks and regards,
Nagalakshmi

=
Please refer to https://northamerica.altran.com/email-disclaimer
for important disclosures regarding this electronic communication.
=

OpenSSL compilation errors in Windows

[Nagalakshmi V J]

Hi,

I am using openssl 1.1.c from our product code. While compiling the code, I am 
getting the errors which can be suppressed as warnings using -fpermissive flag 
in Linux (gcc/g++). In windows, I am getting the same compilation errors in 
visual studio (2005). Would like to know the alternative of -fpermissive flag 
that can be used in visual studio to suppress the errors.

I tried adding the flags such as '/fpermissive' , '/Ze' in module 
properties->C/C++->command Line->Additional options. But it did not resolve the 
problem.

Getting the errors like below. ssl/packet_locl.h(429) : error C2440: '=' : 
cannot convert from 'void *' to 'unsigned char 'Conversion from 'void' to 
pointer to non-'void' requires an explicit cast



Since it is giving error in Openssl code, we cannot make any code changes 
there. Has anyone faced this kind of issue?

Please let me know how to resolve this issue.



Thanks and regards,
Nagalakshmi

=
Please refer to https://northamerica.altran.com/email-disclaimer
for important disclosures regarding this electronic communication.
=