1.0.1b, Win32, 64-bit MinGW
Hi, I use a 64-bit MinGW (gcc-4.7.0) compiler on Windows Vista64. = Issue 1 = Having run configure, make croaks with undefined references to `rc4_md5_enc' in libcrypto.a. I can find the rc4_md5_enc prototype in openssl-1.0.1b\crypto\evp\e_rc4_hmac_md5.c but that's all. How does one fix this problem ? One solution seems to be to supply the "no-asm" arg to configure. Is that the only solution ? = Issue 2 = My "gcc.exe" is actually called "x86_64-w64-mingw32-gcc.exe". That's not a problem - I just supply configure with the "os/compiler:x86_64-w64-mingw32-gcc" argument. But my 'ar.exe' and 'nm.exe' are also prefixed with "x86_64-w64-mingw32-". How do I tell configure about that ? (Currently, I just modify the Makefile that configure generates - but that's a bit of a nuisance. Perhaps the problem arises because there's also an "ar.exe" and "nm.exe" in the path ?) = Issue 3 = I always have to modify the generated include/openssl/ocsp.h by inserting: #if defined(OPENSSL_SYS_WINDOWS) #include #undef X509_NAME #undef X509_EXTENSIONS #undef X509_CERT_PAIR #undef PKCS7_ISSUER_AND_SERIAL #undef OCSP_REQUEST #undef OCSP_RESPONSE #endif near the beginning of that file. (All of those undeffed symbols have been defined by wincrypt.h. I don't know why my 32-bit builds are not similarly afflicted, as the 32-bit wincrypt.h also defines some, if not all, of those symbols. I haven't gone digging.) None of the above issues arise when I build with my 32-bit gcc-4.5.2. I can run simply: ./config no-shared zlib -I/usr/local/include -L/usr/local/lib && make and all goes fine. The actual command that I ran to finally build the x64 version was: ./config no-shared no-asm zlib os/compiler:x86_64-w64-mingw32-gcc -IC:/_64/msys/1.0/local_470/include -LC:/_64/msys/1.0/local_470/lib -lz -lws2_32 -lgdi32 -lcrypt32 --prefix=C:/_64/msys/1.0/local_470 I'd like to be able to leave out the "no-asm" switch, and I'd like to not have to make manual alterations to any of the generated files. Any pointers as to how that can be achieved would be most welcome. Cheers, Rob __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
[Win64] 'make install' error with 1.0.0e
Hi, Having successfully built (and tested) a static openssl-1.0.0e library using a mingw64 compiler (gcc-4.7.0) in the msys shell, make install croaks with: ## making install in apps... make[1]: Entering directory `/c/comp/openssl-1.0.0e/apps' installing openssl chmod: changing permissions of `C:/_64/msys/1.0/local_470/bin/openssl.new': Bad file number make[1]: *** [install] Error 1 make[1]: Leaving directory `/c/comp/openssl-1.0.0e/apps' make: *** [install_sw] Error 1 ## When I look in the destination directory (C:/_64/msys/1.0/local_470/bin/) I find that 'make install' has placed a file named 'openssl.new.exe' in there. What's the correct fix for this ? And what's the hack that will allow me to install the already-built openssl-1.0.0e without rebuilding from scratch ? The config command I ran was: ./config no-shared zlib os/compiler:x86_64-w64-mingw32-gcc -I/usr/local_470/include -L/usr/local_470/lib -lz -lws2_32 -lgdi32 -lcrypt32 --prefix=C:/_64/msys/1.0/local_470 After running that, in order for the build to succeed, I had to insert the following into the beginning of the generated include/openssl/ocsp.h: #if defined(OPENSSL_SYS_WINDOWS) #include #undef X509_NAME #undef X509_EXTENSIONS #undef X509_CERT_PAIR #undef PKCS7_ISSUER_AND_SERIAL #undef OCSP_REQUEST #undef OCSP_RESPONSE #endif Not sure if the first line of that actually provides the portability that's desired, but it works well enough for me. After that, all goes well ... until 'make install', that is ;-) Cheers, Rob __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
[MinGW] undefined reference to `ERR_unload_strings'
Hi, Building recent openssl (0.9.8n, 0.9.8o) from source in the MSYS shell with the MinGW port of 6cc-3.4.5. When trying to build a shared library (dll), I do './config --shared && make'. Everything is fine until, during the 'make' stage, we switch to the 'engines' directory: make[1]: Entering directory `/c/_32/comp/openssl-0.9.8o/engines' [snip - e_4758cca.o, e_aep.o, e_atalla.o, e_cswift.o, e_gmp.o, e_chil.o, e_nuron.o, e_sureware.o, e_ubsec.o and e_capi.o were successfully compiled at this stage] make[2]: Entering directory `/c/_32/comp/openssl-0.9.8o/engines' e_4758cca.o:e_4758cca.c:(.text+0x40): undefined reference to `ERR_unload_strings' e_4758cca.o:e_4758cca.c:(.text+0x53): undefined reference to `ERR_unload_strings' e_4758cca.o:e_4758cca.c:(.text+0x75): undefined reference to `CRYPTO_free' e_4758cca.o:e_4758cca.c:(.text+0xb5): undefined reference to `DSO_load' [snip other similar errors] e_4758cca.o:e_4758cca.c:(.text+0x1724): undefined reference to `ENGINE_set_cmd_defns' e_4758cca.o:e_4758cca.c:(.text+0x173e): undefined reference to `ERR_get_next_error_library' e_4758cca.o:e_4758cca.c:(.text+0x176a): undefined reference to `ERR_load_strings' e_4758cca.o:e_4758cca.c:(.text+0x177d): undefined reference to `ERR_load_strings' e_4758cca.o:e_4758cca.c:(.text+0x14fd): undefined reference to `CRYPTO_free' collect2: ld returned 1 exit status make[2]: *** [link_o.cygwin] Error 1 make[2]: Leaving directory `/c/_32/comp/openssl-0.9.8o/engines' make[1]: *** [lib] Error 2 make[1]: Leaving directory `/c/_32/comp/openssl-0.9.8o/engines' make: *** [build_engines] Error 1 Any idea as to what's going wrong here ? The actual command that's causing the failures seems to be missing from the output. And there's that odd reference to link_o.cygwin near the end - what on earth is that ? (This is a native win32 build - not cygwin.) Cheers, Rob __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL FIPS 1.1.2 on Windows
- Original Message - From: "Dr. Stephen Henson" <[EMAIL PROTECTED]> To: Sent: Friday, March 14, 2008 10:09 PM Subject: Re: OpenSSL FIPS 1.1.2 on Windows On Fri, Mar 14, 2008, Sisyphus wrote: Rather than digging, I opted for simply linking to my openssl-0.9.8g (static) libcrypto.a by entering the 'test' directory and running: You can't modify the build process in any way or it violates the security policy and the resulting library is not validated. Heh ... but if I don't modify the build process, then it won't build. (Not much security in that :-) The 2 executables that threw up this problem for me are created in a directory named 'test'. Does that mean they are merely part of the test suite ? Does 'make test' run ok for you ? Cheers, Rob __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL FIPS 1.1.2 on Windows
- Original Message - From: "Sisyphus" <[EMAIL PROTECTED]> . . Yet I still get those "undefined references" (posted earlier in this thread) when the attempt is made to build fips_desmoves.exe during the 'make' stage. Looks like I'll have to go digging. Rather than digging, I opted for simply linking to my openssl-0.9.8g (static) libcrypto.a by entering the 'test' directory and running: gcc -o fips_desmovs.exe -I.. -I../include -DOPENSSL_SYSNAME_MINGW32 -DOPENSSL_THREADS -DDSO_WIN32 -DOPENSSL_NO_KRB5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -mno-cygwin -Wall -D_WIN32_WINNT=0x333 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM fips_desmovs.o -LC:/_32/msys/1.0/local/ssl/lib -lcrypto -LC:/home/rob/mingw_vista/i686-pc-mingw32/lib -lwsock32 -lgdi32 (I found I had to specify -lcrypto *before* -lgdi32 in that command.) With that done, 'cd' to the top level and re-run make. A similar problem arose with the building of fips_aesavs.exe, and the same workaround was used. After that, all proceeded smoothly to conclusion. Cheers, Rob __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL FIPS 1.1.2 on Windows
- Original Message - From: "Dr. Stephen Henson" <[EMAIL PROTECTED]> To: Sent: Friday, March 14, 2008 5:24 AM Subject: Re: OpenSSL FIPS 1.1.2 on Windows On Thu, Mar 13, 2008, Scholl, Ben M. wrote: Would you please explain how to "properly" install the MingW environment? I started with a fresh installed and updated instance of Windows XP Pro SP2 and installed a the version of MingW and MSYS as specified in the docs. What else was I supposed to do and how was I supposed to configure the environment? I've just gone through this process here. I've done the following: Download MinGW-5.1.3.exe from SourceForge. Donwload MSYS-1.0.10.exe from SourceForge. Run MingW-5.1.3.exe. Select "download and install" from first Dialog. Select "current version". When it asks for a list of components select "MinGW base tools", "g++ compiler" and "MinGW make". It should install successfully. Run MSYS-1.0.10.exe and when the post install window comes up tell it where you installed MinGW. Select menu option MingW->MSYS->msys Do: tar xvzf /path/to/openssl-fips-1.1.2.tar.gz cd openssl-fips-1.1.2 ./config fips make make install Strange - I can't see that you've done anything siginificantly different to what I've done. I've got MSYS 1.0.11, and my gcc-3.4.5 was built from ource - but they've been serving me quite well. (They've built openssl, zlib, expat, gmp and mpfr, to name a few.) Yet I still get those "undefined references" (posted earlier in this thread) when the attempt is made to build fips_desmoves.exe during the 'make' stage. Looks like I'll have to go digging. Cheers, Rob __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL FIPS 1.1.2 on Windows
- Original Message - From: "Saju Paul" <[EMAIL PROTECTED]> To: Sent: Friday, March 14, 2008 12:11 AM Subject: RE: OpenSSL FIPS 1.1.2 on Windows Here is a clue...you need to have openssl 0.9.7m built & installed on the system you are attempting the FIPS build on. I have openssl-0.9.8g. Is it just a matter of linking to those libs ? What would be the requisite './config' command ? Cheers, Rob __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL FIPS 1.1.2 on Windows
- Original Message - From: "Scholl, Ben M." <[EMAIL PROTECTED]> To: Sent: Tuesday, March 11, 2008 5:06 AM Subject: OpenSSL FIPS 1.1.2 on Windows Hello OpenSSL Team, I am having difficulty building OpenSSL FIPS 1.1.2 on Windows. I am following the directions in the latest User Guide http://www.openssl.org/docs/fips/UserGuide-1.1.1.pdf>, and I am running into errors with Section 4.3.1 Item 5. I also tried the same procedure with OpenSSL FIPS 1.1.1 and have received the same results. My configuration is as follows: - Freshly installed and updated Windows XP SP2. - Installed MingW version 5.1.3 I think I've got the same. I've got gcc-3.4.5. (I think that's what the 5.1.3 installer provides.) - Installed MSYS version 1.0.10 I have version 1.0.11. I don't think that will make a difference in this case ... but one can never really be sure :-) - Installed MSYSDTK version 1.0.1 (For Perl) I haven't installed that - but I do have a perl-5.10.0 that's visible courtesy of my msys etc/fstab file. - Obtained openssl-fips-1.1.2.tar.gz from openssl.org Same here - Un-tarred openssl-fips.1.1.2.tar.gz per instructions (Section 4.3.1 Item 3) The ./config fips command appears to succeed with the following note: Configured for mingw. Same. I ran simply './config'. However I get a different error during make. For me, the make process runs for quite a long time, but when it comes to build desmovs.exe, I get 18 undefined references as follows: + gcc -o fips_desmovs.exe -I.. -I../include -DOPENSSL_SYSNAME_MINGW32 -DOPENSSL_THREADS -DDSO_WIN32 -DOPENSSL_NO_KRB5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -mno-cygwin -Wall -D_WIN32_WINNT=0x333 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM fips_desmovs.o -LC:/_32/msys/1.0/local/lib -lwsock32 -lgdi32 fips_desmovs.o:fips_desmovs.c:(.text+0xda): undefined reference to `EVP_des_ede3_cfb1' fips_desmovs.o:fips_desmovs.c:(.text+0x1b7): undefined reference to `EVP_des_ede3_cbc' fips_desmovs.o:fips_desmovs.c:(.text+0x1d7): undefined reference to `EVP_des_ede3_ofb' fips_desmovs.o:fips_desmovs.c:(.text+0x1e1): undefined reference to `EVP_des_ede3_cfb64' fips_desmovs.o:fips_desmovs.c:(.text+0x205): undefined reference to `EVP_CipherInit' fips_desmovs.o:fips_desmovs.c:(.text+0x23d): undefined reference to `EVP_des_ede3_cfb8' fips_desmovs.o:fips_desmovs.c:(.text+0x244): undefined reference to `EVP_des_ecb' fips_desmovs.o:fips_desmovs.c:(.text+0x24b): undefined reference to `EVP_des_cfb1' fips_desmovs.o:fips_desmovs.c:(.text+0x252): undefined reference to `EVP_des_ede3_ecb' fips_desmovs.o:fips_desmovs.c:(.text+0x259): undefined reference to `EVP_des_cfb8' fips_desmovs.o:fips_desmovs.c:(.text+0x260): undefined reference to `EVP_des_ofb' fips_desmovs.o:fips_desmovs.c:(.text+0x267): undefined reference to `EVP_des_cbc' fips_desmovs.o:fips_desmovs.c:(.text+0x26e): undefined reference to `EVP_des_cfb64' fips_desmovs.o:fips_desmovs.c:(.text+0x292): undefined reference to `ERR_print_errors_fp' fips_desmovs.o:fips_desmovs.c:(.text+0xaea): undefined reference to `DES_set_odd_parity' fips_desmovs.o:fips_desmovs.c:(.text+0xaf5): undefined reference to `DES_set_odd_parity' fips_desmovs.o:fips_desmovs.c:(.text+0xb00): undefined reference to `DES_set_odd_parity' fips_desmovs.o:fips_desmovs.c:(.text+0x1bee): undefined reference to `ERR_load_crypto_strings' collect2: ld returned 1 exit status It may be relevant that, in addition to my etc/fstab file pointing to the location of perl and mingw, it also points to an existing openssl build. Here's what that file contains: c:/home/rob/mingw_vista/i686-pc-mingw32 /mingw c:/perl510_M/5.10.0 /perl c:/_32/msys/1.0/local/ssl /openssl I don't know if the inclusion of 'openssl' in that file has any bearing on the differences we're seeing. Nor do I know why you're getting the error you get - unless it *is* related to the absence of a locatable openssl installation. And I don't know what's needed to resolve those undefined references that I'm getting - though I would think that others on this list might know the answer to that one. Cheers, Rob __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Net ssleay on Active Perl
- Original Message - From: "Norm Bumbieris" <[EMAIL PROTECTED]> To: Sent: Saturday, February 23, 2008 4:42 PM Subject: Net ssleay on Active Perl Dear Users I am presently trying to insert Net ssleay V1.32 into Active Perl V5.8.0 build 805 for Windows XP SP2. I downloaded the relevant zip file, however, I am having real problems getting it to compile and install. It appears that there is somewhere out there a module for Active Perls PPM however I have been unable to find a repository with it and a location if known would be greatly appreciated. I have already managed to successfully download and compile openssl V0.9.8G. You can get Net-SSLeay-1.32 from the uwinnipeg rep: ppm install http://theoryx5.uwinnipeg.ca/ppms/Net-SSLeay.ppd I'm not sure whether that will work with the openssl that you have compiled. (During the 'ppm install' you'll be prompted to install a pre-built openssl, which you might need to do if you want that ppm to work.) I built Net-SSLeay against 0.9.8g a few days ago. To get it to build, I discarded the Makefile.PL that shipped with the Net-SSLeay-1.32 source and used this one instead: use ExtUtils::MakeMaker; WriteMakefile( PREREQ_PM => { 'Sub::Uplevel' => '0', 'Test::Exception' => '0', 'Array::Compare' => '0', 'Tree::DAG_Node' => '0', 'Test::Warn' => '0', 'MIME::Base64' =>0, }, NAME => 'Net::SSLeay', INC => '-IC:/_32/msys/local/ssl/include', LIBS => ['-LC:/_32/msys/local/ssl/lib -lssl -lcrypto -LC:/_32/msys/local/lib -lz'], VERSION_FROM => 'lib/Net/SSLeay.pm', ); If you amend the INC setting to point to the location of your openssl includes, and amend the LIBS settings to reflect the name and location of the import/static libraries on your box, then it will probably work for you. I had actually built a static openssl lib using MinGW, but I think things will be (generically) the same with your perl and openssl. You can ignore the -LC:/_32/msys/local/lib -lz' unless you built your openssl with zlib compression support. Even then, if you built a dynamic openssl (dll) you can probably still ignore it. (If you get linking errors relating to 'compress' and 'deflate' then you'll know you need to link to libz.lib.) If you want to go that way (instead of the ppm route), but have trouble getting that Makefile.PL to work, feel free to get back to us. Cheers, Rob __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to build with zlib support
- Original Message - From: <[EMAIL PROTECTED]> . . You may just use: $ ./Configure zlib --with-zlib-lib=/path --with-zlib-include=/path mingw It still can't find zlib. I eventually found that the following works: ./config no-shared zlib -I/usr/local/include -L/usr/local/lib -lz --prefix=/usr/local/depot/static (One or more of those arguments may be unnecessary.) I should have tried that earlier - and probably would have done so if I had been able to find the "-Ixxx" option mentioned in the documentation. Thanks Marek. Cheers, Rob __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to build with zlib support
- Original Message - From: <[EMAIL PROTECTED]> . . How do I tell ./config where zlib.h is located ? With Configure you may add something like: --with-zlib-lib=/path --with-zlib-include=/path I find that when I run ./config the operating system "i686-whatever-mingw" is detected. And that seems to work quite well in general. If I run /Configure I usually get a message requesting that I specify the OS/compiler. I'm also given a list of options, but I don't see "i686-whatever-mingw" mentioned anywhere in that list. Consequently I've been avoiding ./Configure , preferring instead to run ./config. Is there anything to be gained by running Configure instead of config ? I tried: ./config no-shared zlib --with-zlib-include=/usr/local/include --with-zlib-lib=/usr/local/lib --prefix/usr/local/depot/static I also tried: ./config no-shared zlib --with-zlib-include=/c/_32/msys//local/include --with-zlib-lib=/c/_32/msys/local/lib --prefix/usr/local/depot/static zlib.h is in C:/_32/msys/local/include (and the msys shell regards that location as /usr/local/include) so either incantation should work. However, I always end up with the error "zlib.h: No such file or directory" - followed by a number of syntax errors arising from the inability to find zlib.h. When I look at the actual gcc command that is being run I don't see an -I switch that includes the relevant location for zlib.h so I guess it's no surprise that zlib.h can't be found. I've also tried "CPPFLAGS=-I/usr/local/include" - which usually works for me (wrt other libraries), but no joy in this instance. I suspect that if I were to place zlib.h in my MinGW/include folder and libz.a in MinGW/lib folder, then it would work. But I would prefer (if possible) to be able to build without doing that. Cheers, Rob __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: 'make test' error - "I am unable to access the ./demoCA/newcerts directory"
- Original Message - From: "C K KIRAN-KNTX36" <[EMAIL PROTECTED]> To: Sent: Tuesday, January 22, 2008 7:27 PM Subject: RE: 'make test' error - "I am unable to access the ./demoCA/newcerts directory" Try just touching those directories. Hopefully that should fix your problem. The problem i guess here is that, your make is running some test cases to generate some kind of certificates and its failing. Regards, Kiran --- I ran: - [EMAIL PROTECTED] /c/_32/comp/openssl-0.9.8g $ touch test [EMAIL PROTECTED] /c/_32/comp/openssl-0.9.8g $ cd test [EMAIL PROTECTED] /c/_32/comp/openssl-0.9.8g/test $ touch demoCA [EMAIL PROTECTED] /c/_32/comp/openssl-0.9.8g/test $ cd demoCA [EMAIL PROTECTED] /c/_32/comp/openssl-0.9.8g/test/demoCA $ touch newcerts [EMAIL PROTECTED] /c/_32/comp/openssl-0.9.8g/test/demoCA $ cd ../.. [EMAIL PROTECTED] /c/_32/comp/openssl-0.9.8g - I'm not all that familiar with 'touch' - but I guess that's what you meant for me to do. However, when I re-run 'make test' I get the same error. Just prior to the error quoted in the subject line of this thread I get: -- Loading 'screen' into random state -./demoCA/newcerts: Invalid argument done -- Could it be that the real cause of the problem is that "Invalid argument" ? Cheers, Rob __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
How to build with zlib support
Hi, No doubt a dumb question, but I couldn't work out how to build openssl with zlib support. I know about the 'no-zlib', 'zlib', and 'zlib-dynamic' options - and I guess I can use the -lxxx and -Lxxx options to specify libz and its location, but all my attempts to build with zlib support are failing because zlib.h can't be found. How do I tell ./config where zlib.h is located ? Cheers, Rob __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
'make test' error - "I am unable to access the ./demoCA/newcerts directory"
Hi, I'm building openssl-0.9.8g on Windows Vista in the msys shell using (the mingw port of) gcc-3.4.5. I've successfully run './config no-shared' and 'make', but 'make test' throws up the following: - You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. - Country Name (2 letter code) [AU]:AU Organization Name (eg, company) []:Dodgy Brothers Common Name (eg, YOUR name) []:Dodgy CA Using configuration from CAss.cnf Loading 'screen' into random state -./demoCA/newcerts: Invalid argument done I am unable to access the ./demoCA/newcerts directory make[1]: *** [test_ca] Error 1 The ./demoCA/newcerts directory exists (but is empty). On Windows XP, the error does not occur and 'make test' runs to its conclusion - so it looks like an issue that's specific to Vista unless there's something crucial I've got installed on the XP box, that's missing on the Vista box. Any advice on how to proceed with this ? Cheers, Rob __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to make in Visual C++ 6.0
- Original Message - From: "Desmond Ling" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, December 03, 2002 9:18 AM Subject: Re: How to make in Visual C++ 6.0 > hi > i tried to build the program in > visual studio c++.net > i got stuck at the step "nmake -f ntdll.mak" > i've already changed the SRC_D value in the > ntdll.mak file to the openssl directory > some how, when it tried to compile the > cryptlib.c file, it couldn't find stdio.h > does any1 know how to solve this? > Sounds like you have neglected to run 'vcvars32.bat'. Running that file from the command prompt will set some environment variables that will enable the msvc header files and lib files to be found. You might have to do some minimal configuring of 'vcvars32.bat' first. Have a look inside it and check that the specified paths are correct. At least, that's the way it is for msvc++6.0 - visual studio.net might be a little different (don't have it, hence don't know) - and I'm a little unclear as to which it is that you are using. Hth. Cheers, Rob __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: BN_CTX_start()
- Original Message - From: "Nils Larsch" <[EMAIL PROTECTED]> > > > > BN_mod_exp() will calculate: > > r = (a^p) % m > > I don't think it permits calculation of: > > a = (a^p) %m > > use a extra variable : > BIGNUM *tmp = BN_dup(a); > if (!BN_mod_exp(a, tmp, p, m, ctx)) goto err; > BN_free(tmp); > Shall do. > > Is the above simply an alternative to doing: > > BIGNUM *tmp = BN_new(); > > /* do stuff with tmp */ > > BN_free(tmp); > > Yes > > > > > What are the circumstances that determine whether I create a BIGNUM with a > > 'BN_CTX_get()' or a 'BN_new()' ? > > In frequently called functions which require a modest amount of BIGNUMs I > would prefer the BN_CTX method (to save the expensive malloc() calls). > In non time-critical functions I would use the 'normal' BN_new() method. > Yep . understood. Thanks again for the (very clear) advice and assistance. Cheers, Rob __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Trying to build 'prime.c'
- Original Message - From: "Sisyphus" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, June 09, 2002 8:38 PM Subject: Trying to build 'prime.c' > Hi, > > On Win 2k, OpenSSL 0.9.6a, I am trying to build 'prime.c' (from the demos) using MSVC++ 6.0 > (with which I built openssl). > > Compiles ok, but cannot link the 3 'BN_' functions called in 'prime.c'. Ok .. it now builds fine, but the 'BN_print_fp' function produces an 'illegal operation' when the executable is run. If I comment out the function, the executable runs perfectly - but I don't get to see the prime that has been generated. Something I can do about this ?? Cheers, Rob __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Trying to build 'prime.c'
Sorry - should have mentioned that 'prime.c' is in the 'openssl/demos/prime' prime folder. Cheers, Rob __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Trying to build 'prime.c'
Hi, On Win 2k, OpenSSL 0.9.6a, I am trying to build 'prime.c' using MSVC++ 6.0 (with which I built openssl). Compiles ok, but cannot link the 3 'BN_' functions called in 'prime.c'. I get the following error report: prime.c prime.c(91) : warning C4113: 'void (__cdecl *)()' differs in parameter list s from 'void (__cdecl *)(int ,int ,void *)' Microsoft (R) Incremental Linker Version 6.00.8168 Copyright (C) Microsoft Corp 1992-1998. All rights reserved. /out:prime.exe prime.obj prime.obj : error LNK2001: unresolved external symbol _BN_free prime.obj : error LNK2001: unresolved external symbol _BN_print_fp prime.obj : error LNK2001: unresolved external symbol _BN_generate_prime prime.exe : fatal error LNK1120: 3 unresolved externals 'prime.c' includes the following header files: #include #include #include What else do I need to do ? Cheers, Rob __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Trouble with HTTPS: and PERL
- Original Message - From: "Marko Asplund" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, September 16, 2001 9:27 PM Subject: Re: Trouble with HTTPS: and PERL > On Sat, 15 Sep 2001, Sisyphus wrote: > > > I don't think LWP supports 'https' protocol. Note that '$req' is a > > 'HTTP::Request' (not 'HTTPS::Request) object. > > You'll need to install 'Net::SSLeay' or 'Crypt::SSLeay' modules. > > the newer versions of LWP support http over ssl/tls but you need to have > either the Net::SSLeay+IO::Socket::SSL or Crypt::SSLeay module installed. > check the README.SSL. > I was unaware of that claim - thanks for taking the time to draw it to my attention. Have you successfully used LWP to connect to https sites ? After reading the readme.ssl, I don't doubt that it can be done, but I do wonder just how much "plugging" and "playing" is required. By my reading of the readme, I think it might be suggesting that those 3 modules be used *instead of* (as opposed to 'in conjunction with') LWP for connections to secure sites. I have both Net::SSLeay and IO::Socket::SSL (but not Crypt::SSLeay) and am unable to get LWP::UserAgent to play ball with https sites. This is of no practical significance, since Net::SSLeay alone does the job perfectly :-) Whatever the case.. I did say that I thought one of the 2 SSLeay modules was required - and that was wrong. Thanks for the correction. Cheers, Rob __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Trouble with HTTPS: and PERL
Hi, I don't think LWP supports 'https' protocol. Note that '$req' is a 'HTTP::Request' (not 'HTTPS::Request) object. You'll need to install 'Net::SSLeay' or 'Crypt::SSLeay' modules. Cheers, Rob - Original Message - From: "Andy Donaldson" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, September 14, 2001 8:48 PM Subject: Trouble with HTTPS: and PERL > I apologize for what I'm sure is a basic > question. I'm trying to automate a testing script > that accesses an https:// site under Windows NT > using ActivePerl. I've have the latest version > of ActiverPerl and to my knowledge the latest > version of openssl (openssl-engine-0.9.6b). I've > successfully compiled and linked the openssl code > using GNU C (Mingw32) GNU C (Cygwin32), and VC++ w/NASM, > but am not apparently copying the right files to the right > place(s). In each case, I get "501 Protocol scheme > 'https' is not supported" when running the following > perl code. > > #Start of Program > use LWP::UserAgent; > my $ua = LWP::UserAgent->new; > my $req = HTTP::Request->new(GET => 'https://www.helsinki.fi/'); > my $res = $ua->request($req); > if ($res->is_success) { > print $res->as_string; > } else { > print "Failed: ", $res->status_line, "\n"; > } > #End of progerm > > > Any hints or suggestions would be greatly appreciated! > Thanks in advance, > Andy Donaldson > > > > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
OOPS- was Re:Installation problem
My apologies for posting that large attachment to the list. It was meant to be an offlist reply. ( I'm not sure why it wasn't - but I'll try and ensure that I get it right in future.) Cheers, Rob __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Questions re: Crypt::SSLeay
- Original Message - From: "Szeto, Paul" <[EMAIL PROTECTED]> - > Can't locate loadable object for module Crypt::SSLeay in @INC > But the Crypt::SSLeay is there in the @INC path with the correct > permissions. I'm not familiar with your OS, but the 'loadable object' that can't be located will be the shared library, not the '.pm' file. In windows, this file is a '.dll' and would be looked for in the 'auto/crypt/ssleay' sub directory within one of the @INC directories. I expect that your perl would have a similar structure for the placement of shared libraries. Hth. Cheers, Rob __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [OT] Rabin-Miller test for primes
> You have read up to step 5? :-) > > HTH, > Thomas > Thanks, Thomas - the penny has finally dropped. I just have to loop through steps 4 and 5, incrementing j for as long as jhttp://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[OT] Rabin-Miller test for primes
Hi, I have 2 almost identical accounts of the Rabin-Miller test. One is in Schneier's 'Applied Cryptography' and the other is at http://mason.gmu.edu/~kgaj/ECE590/spec/dong.html ( from a Google search). I can follow the procedure quite well, except for the role of the variable 'j', which has no bearing at all on the procedure (as it is described). Could someone tell me what I'm supposed to do with 'j' ? Cheers, Rob __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Importing cerificates on Win 2k
- Original Message - From: "Oliver Bode" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, August 06, 2001 5:02 PM Subject: Re: Importing cerificates on Win 2k > > After importing it you have to enable it in your E-mail client: > > Outlook Express: > > tools>accounts>mail>your account>properties>security>digital id's > Yep - got it. There was no 'digital ids' to select, only a 'Select' - which revealed that there were no certs to select - which prompted me to put a copy of the cert in the 'Trusted' store (in addition to the copy in the 'Personal' store). After that, 'Outlook Express' found the cert all by itself - just as the 'Help' notes said it would. Still, I can't help wondering whether it is ( or should be ) necessary to make the certificate 'trusted' before I can sign with it. Anyway, I've got the start I'm after. Thanks, Rob __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Importing cerificates on Win 2k
Hi, Thanks for that. So I've run: openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out newcert.p12 and that seems to have worked fine. Windows will happily let me import 'newcert.p12' into the certificates store. However, when I try to use it to sign/encrypt email, 'Outlook Express' informs me that I don't have a digital ID ( and offers me the opportunity to procure one from a trusted CA ). Looking at the 'Details' of my cerificate, I notice there is no 'Key usage' mentioned ( though there is such an entry on Averroes', for example). Is this the source of my trouble ? If so, is it easily remedied, or am I destined to return to the docs and the archives for a few more hours, yet ? Cheers, Rob - Original Message - From: "Averroes" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, August 06, 2001 1:53 AM Subject: Re: Importing cerificates on Win 2k > Hi > > Just convert the newcertt.pem in pkcs12 format > and import it into Win2K > > Bye! > > Sisyphus wrote: > > > > Hi, > > I've just worked through the tutorial on creating a CA and certificate at: > > http://www.sendmail.org/~ca/email/other/cagreg.html > > > > And I now have 2 files, 'newcert.pem' (the signed certificate) and > > 'newreq.pem' (unsigned certificate and private key). > > > > I believe that everything to that stage worked as it should. > > > > I had expected that simply importing 'newcert.pem' to my certificate store > > would enable me to digitally sign and encrypt email. > > > > Alas, no. For a start, windows complains that this file is not of the > > correct format and, faik, there may be other issues as well. > > > > Could someone please tell me what else I need to do ? > > > > I reckon if I can get it working, I might just be able to work out what's > > going on :-) > > > > Cheers, > > Rob > > > > __ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List[EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > > -- > #-- > # Averroes A. Ayshahttp://www.keyserver.net/en/ > # Think Linux, Think Slackware! > # Network Security Auditor (NSA) > # [EMAIL PROTECTED] > # Fingerprint = 73B7 2559 2968 5094 3B95 5C70 4E85 5F94 6068 1DD8 > #-- __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Importing cerificates on Win 2k
Hi, I've just worked through the tutorial on creating a CA and certificate at: http://www.sendmail.org/~ca/email/other/cagreg.html And I now have 2 files, 'newcert.pem' (the signed certificate) and 'newreq.pem' (unsigned certificate and private key). I believe that everything to that stage worked as it should. I had expected that simply importing 'newcert.pem' to my certificate store would enable me to digitally sign and encrypt email. Alas, no. For a start, windows complains that this file is not of the correct format and, faik, there may be other issues as well. Could someone please tell me what else I need to do ? I reckon if I can get it working, I might just be able to work out what's going on :-) Cheers, Rob __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: NT Compilation problem
- Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, July 27, 2001 6:25 PM Subject: NT Compilation problem > hi, > > following instructions from file INSTALL.W32 > > i have this error running > > nmake -f ms\ntdll.mak > > something wrong? > > removing the option /WX solves the problem. it dont stop with error but the > warning remains, should be reviewed? > > > > cl /Fotmp32dll\rsa_oaep.obj -Iinc32 -Itmp32dll /MD /W3 /WX /G5 /Ox > /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN3 > 2_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DBN_ASM -DMD5_ASM -DSHA1_ASM > -DRMD160_ASM /Fdout32dll /GD -D_WINDLL -D_DLL -c . > \crypto\rsa\rsa_oaep.c > cl : Command line warning D4002 : ignoring unknown option '/GD' > rsa_oaep.c > crypto\rsa\rsa_oaep.c(149) : error C2220: warning treated as error - no > object file generated > crypto\rsa\rsa_oaep.c(149) : warning C4244: '=' : conversion from 'long' to > 'unsigned char', possible loss of data > crypto\rsa\rsa_oaep.c(149) : warning C4244: '=' : conversion from 'long' to > 'unsigned char', possible loss of data > crypto\rsa\rsa_oaep.c(150) : warning C4244: '=' : conversion from 'long' to > 'unsigned char', possible loss of data > crypto\rsa\rsa_oaep.c(150) : warning C4244: '=' : conversion from 'long' to > 'unsigned char', possible loss of data > NMAKE : fatal error U1077: 'cl' : return code '0x2' > Stop. > > > > best regards > > > __ Hi, I recently built version 0.9.6a on Win2k with VC++ 6.0 and can't recall having any difficulty. I'll briefly recount what I did and if you require further details, feel free to ask. I downloaded nasm-0.98-win32.zip, and installed the files in 'WINNT/System32' so that they would be in the path. Then ran: perl Configure VC-WIN32 Then ran: ms\do_nasm Then ran: nmake -f ms\ntdll.mak (This generated some warnings but built ok.) Then ran: cd out32dll ..\ms\test (which tested perfectly.) Hth. Cheers, Rob __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: smime system call problem
- Original Message - From: "Oliver Bode" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, July 27, 2001 11:34 PM Subject: Re: smime system call problem > > No information that I can pinpoint in the logs or the coredump. > > Even when I run the full path I get a core dump with the browser - but not > with ssh - it's weird and I don't understand it. > > It would be handy to see what perl is sending to STDERR and I gather you're not seeing that. Assuming that the '2>&1' redirect works on your OS, I'd be rewriting the script as: #!/usr/bin/perl -w $out =`openssl smime -encrypt -in message.txt cert.pem 2>&1`; print "Content-type: text/html\n\n"; print "\$out = $out\n"; See what that does when run from the browser - if you can stand another core dump :-) (I'm not familiar with your OS, so I probably should be remaining quiet.) Cheers, Rob __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: smime system call problem
- Original Message - From: "Oliver Bode" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, July 27, 2001 7:18 PM Subject: smime system call problem > = > #!/usr/bin/perl -w > > system("openssl smime -encrypt -in message.txt -out crypto.txt cert.pem"); > > print "Content-type: text/html\n\n"; > > if (-e "crypto.txt") { > print "crypto.txt exists\n"; > } > > else { > print "crypto.txt failed\n"; > } > exit; > > Hi, Seems to me that should work. Does the script run ok ? ie does it print out "crypto.txt failed" ? Does 'message.txt' exist in the current directory (presumably your cgi-bin) when you run the script from the browser ? My guess is that you need to specify the full path to 'message.txt'. If it can't be found, 'crypto.txt' won't be created - and you should find some mention of this in the server error log. Hth. Cheers, Rob __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]