Building OpenSSL 0.9.89a

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Building OpenSSL 0.9.89a

jfenlason
Message
I'm running into problems building a shared distribution of OpenSSL 0.9.8a on HPUX Itanium. 
On Solaris I've successfully used the following config:
    ./config --openssldir=/opensslSharedDist threads shared
 
When I try the same config on HPUX Itanium, I get the following error:
    Operating system: ia64-hp-hpux1x
    WARNING! 64-bit ABI is the default configured ABI on HP-UXi.
             If you wish to build 32-bit library, the you have to
             invoke './Configure hpux-ia64-cc' *manually*.
             You have about 5 seconds to press Ctrl-C to abort.
Next I tried the following config, which seemed to work fine,:
    ./Configure hpux-ia64-gcc --openssldir=/openSSLSharedDist threads shared
 
Unfortunately, make failed with the following error:
    if [ "${shlib_target}" = "darwin-shared" ] ; then \
      LIBRARIES="../libssl.a  ../libcrypto.a" ; \
    else \
      LIBRARIES="../libssl.a  ../libcrypto.a" ; \
    fi; \
    make -f ../Makefile.shared -e \
            APPNAME=openssl OBJECTS="openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o ocsp.o prime.o" \
            LIBDEPS=" $LIBRARIES -ldl" \
            link_app.${shlib_target}
    make[2]: Entering directory `/home/snow/jfenlason/hp/openssl-0.9.8a/apps'
    ld: Unsatisfied symbol "AES_cbc_encrypt" in file speed.o
    ld: Unsatisfied symbol "AES_set_encrypt_key" in file speed.o
    ld: Unsatisfied symbol "AES_set_decrypt_key" in file ../libcrypto.a[e_aes.o]
    3 errors.
    collect2: ld returned 1 exit status
    make[2]: *** [link_app.hpux] Error 1
    make[2]: Leaving directory `/home/snow/jfenlason/hp/openssl-0.9.8a/apps'
    make[1]: *** [openssl] Error 2
    make[1]: Leaving directory `/home/snow/jfenlason/hp/openssl-0.9.8a/apps'
    make: *** [build_apps] Error 1 
 
I'm building with gcc 3.3.1 and gnu make 3.79.1.
Any thoughts on what is wrong?  Thanks in advance.
,
Josh.
Reply | Threaded
Open this post in threaded view
|

ssl_select?

Chong Peng
Message
hello, does anybody here know that is there an api similar
to "select" in the regular socket socket api for open ssl?
 
thanks a lot.
Reply | Threaded
Open this post in threaded view
|

Re: ssl_select?

Dr. Stephen Henson
On Tue, Nov 08, 2005, Chong Peng wrote:

> hello, does anybody here know that is there an api similar
> to "select" in the regular socket socket api for open ssl?
>  

No there isn't.

This would have to call the OSes equivalent of "select" anyway. There are
several variations in use each with different properties used in different
circumstances depending on the set of events you wish to monitor.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: ssl_select?

Chong Peng
In reply to this post by Chong Peng
thanks, dr. henson, maybe what i should ask is that if there is a way, in open ssl,
to accomplish what "select" acomplishes in the regular socket api? by reading
your answer to my question, i guess there are ways to do this. can you be a
little bit more specific? what exactly is "OSes equivalent of select"? and
what are "several variations"? if it will take too long for you to answer
in an email, could you please give me a place to find relative information?

many thanks in advance.

chong peng

-----Original Message-----
From: Dr. Stephen Henson [mailto:[hidden email]]
Sent: Tuesday, November 08, 2005 10:02 AM
To: [hidden email]
Subject: Re: ssl_select?


On Tue, Nov 08, 2005, Chong Peng wrote:

> hello, does anybody here know that is there an api similar
> to "select" in the regular socket socket api for open ssl?
>  

No there isn't.

This would have to call the OSes equivalent of "select" anyway. There are
several variations in use each with different properties used in different
circumstances depending on the set of events you wish to monitor.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: ssl_select?

Thomas J. Hruska
In reply to this post by Dr. Stephen Henson
Dr. Stephen Henson wrote:

> On Tue, Nov 08, 2005, Chong Peng wrote:
>
>
>>hello, does anybody here know that is there an api similar
>>to "select" in the regular socket socket api for open ssl?
>>
>
>
> No there isn't.
>
> This would have to call the OSes equivalent of "select" anyway. There are
> several variations in use each with different properties used in different
> circumstances depending on the set of events you wish to monitor.
>
> Steve.

I wrote a SSL_select() once upon a time (actually a whole SSL wrapper
interface because I don't like OpenSSL's interface)...it involved some
very evil code because I was working with asynchronous sockets.  It
wasn't super performance-friendly, but it worked and it auto-managed the
read/write issues involved with asynchronous SSL sockets.

To write a SSL_select(), you need to wrap up _all_ of the OpenSSL calls
you use into your own functions and create a structure/class to track
the information with.  The reason for this is because you need to track
the responses from the OpenSSL library for the other calls so your
SSL_select() works properly.  I can't provide any more hints than this -
the library in question is proprietary code.  What you want is doable,
but the code is evil.

--
Thomas Hruska
Shining Light Productions

Home of BMP2AVI, Nuclear Vision, ProtoNova, and Win32 OpenSSL.
http://www.slproweb.com/

Ask me about discounts on any Shining Light Productions product!

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: ssl_select?

Peter Sylvester-3

BIO_pair as with the example in ssltest.c may help to use just normal
select.


--
To verify the signature, see http://edelpki.edelweb.fr/ 
Cela vous permet de charger le certificat de l'autorité;
die Liste mit zurückgerufenen Zertifikaten finden Sie da auch.


smime.p7s (6K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: ssl_select?

Dr. Stephen Henson
In reply to this post by Chong Peng
On Tue, Nov 08, 2005, Chong Peng wrote:

> thanks, dr. henson, maybe what i should ask is that if there is a way, in open ssl,
> to accomplish what "select" acomplishes in the regular socket api? by reading
> your answer to my question, i guess there are ways to do this. can you be a
> little bit more specific? what exactly is "OSes equivalent of select"? and
> what are "several variations"? if it will take too long for you to answer
> in an email, could you please give me a place to find relative information?
>

In general the OpenSSL BIO APIs (and SSL_read/SSL_write) will either
read/write data or indicate that the underlying transport cannot do so. The
way this is indicated is mentioned in the relevant manual pages.

When the APIs signal that data cannot be read or written it is then the
applications reponsibility to wait until this condition is cleared and
retry. For example by calling select() on the underlying file descriptor.

The "several variations" depends on the actual events you want to process. If
for example you want to process terminal I/O and socket data then select() may
be OK for Unix but you'd have to do something else under Windows. Similarly if
you want to process socket I/O and some GUI event (for example a mouse click
on a "cancel" button) you'd use an alternative call or possibly restructure
the way the application is written.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Building OpenSSL 0.9.89a

prakash babu
In reply to this post by jfenlason
Hello Josh,
 
The problem I suspect is AES_cbc_encrypt function is defined in aes_cbc.c and that is not compiled and added to the libcrypto library.
 
You can either edit the openssl-0.9.8a/Makefile
 
Line 92:
Before : AES_ASM_OBJ= aes-ia64.o
After   : AES_ASM_OBJ= aes_core.o aes_cbc.o aes-ia64.o
 
or
use the hpux64-ia64-cc (CC compiler) option.

Regards,
Prakash

"Fenlason, Josh" <[hidden email]> wrote:
I'm running into problems building a shared distribution of OpenSSL 0.9.8a on HPUX Itanium. 
On Solaris I've successfully used the following config:
    ./config --openssldir=/opensslSharedDist threads shared
 
When I try the same config on HPUX Itanium, I get the following error:
    Operating system: ia64-hp-hpux1x
    WARNING! 64-bit ABI is the default configured ABI on HP-UXi.
             If you wish to build 32-bit library, the you have to
             invoke './Configure hpux-ia64-cc' *manually*.
             You have about 5 seconds to press Ctrl-C to abort.
Next I tried the following config, which seemed to work fine,:
    ./Configure hpux-ia64-gcc --openssldir=/openSSLSharedDist threads shared
 
Unfortunately, make failed with the following error:
    if [ "${shlib_target}" = "darwin-shared" ] ; then \
      LIBRARIES="../libssl.a  ../libcrypto.a" ; \
    else \
      LIBRARIES="../libssl.a  ../libcrypto.a" ; \
    fi; \
    make -f ../Makefile.shared -e \
            APPNAME=openssl OBJECTS="openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o ocsp.o prime.o" \
            LIBDEPS=" $LIBRARIES -ldl" \
            link_app.${shlib_target}
    make[2]: Entering directory `/home/snow/jfenlason/hp/openssl-0.9.8a/apps'
    ld: Unsatisfied symbol "AES_cbc_encrypt" in file speed.o
    ld: Unsatisfied symbol "AES_set_encrypt_key" in file speed.o
    ld: Unsatisfied symbol "AES_set_decrypt_key" in file ../libcrypto.a[e_aes.o]
    3 errors.
    collect2: ld returned 1 exit status
    make[2]: *** [link_app.hpux] Error 1
    make[2]: Leaving directory `/home/snow/jfenlason/hp/openssl-0.9.8a/apps'
    make[1]: *** [openssl] Error 2
    make[1]: Leaving directory `/home/snow/jfenlason/hp/openssl-0.9.8a/apps'
    make: *** [build_apps] Error 1 
 
I'm building with gcc 3.3.1 and gnu make 3.79.1.
Any thoughts on what is wrong?  Thanks in advance.
,
Josh.


Yahoo! FareChase - Search multiple travel sites in one click.
Reply | Threaded
Open this post in threaded view
|

RE: Building OpenSSL 0.9.89a

jfenlason
In reply to this post by jfenlason
Message
I tried configuring with hpux64-ia64-cc and was able to build as a shared library.  Thanks.
,
Josh.
-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of prakash babu
Sent: Wednesday, November 09, 2005 8:08 AM
To: [hidden email]
Subject: Re: Building OpenSSL 0.9.89a

Hello Josh,
 
The problem I suspect is AES_cbc_encrypt function is defined in aes_cbc.c and that is not compiled and added to the libcrypto library.
 
You can either edit the openssl-0.9.8a/Makefile
 
Line 92:
Before : AES_ASM_OBJ= aes-ia64.o
After   : AES_ASM_OBJ= aes_core.o aes_cbc.o aes-ia64.o
 
or
use the hpux64-ia64-cc (CC compiler) option.

Regards,
Prakash

"Fenlason, Josh" <[hidden email]> wrote:
I'm running into problems building a shared distribution of OpenSSL 0.9.8a on HPUX Itanium. 
On Solaris I've successfully used the following config:
    ./config --openssldir=/opensslSharedDist threads shared
 
When I try the same config on HPUX Itanium, I get the following error:
    Operating system: ia64-hp-hpux1x
    WARNING! 64-bit ABI is the default configured ABI on HP-UXi.
             If you wish to build 32-bit library, the you have to
             invoke './Configure hpux-ia64-cc' *manually*.
             You have about 5 seconds to press Ctrl-C to abort.
Next I tried the following config, which seemed to work fine,:
    ./Configure hpux-ia64-gcc --openssldir=/openSSLSharedDist threads shared
 
Unfortunately, make failed with the following error:
    if [ "${shlib_target}" = "darwin-shared" ] ; then \
      LIBRARIES="../libssl.a  ../libcrypto.a" ; \
    else \
      LIBRARIES="../libssl.a  ../libcrypto.a" ; \
    fi; \
    make -f ../Makefile.shared -e \
            APPNAME=openssl OBJECTS="openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o ocsp.o prime.o" \
            LIBDEPS=" $LIBRARIES -ldl" \
            link_app.${shlib_target}
    make[2]: Entering directory `/home/snow/jfenlason/hp/openssl-0.9.8a/apps'
    ld: Unsatisfied symbol "AES_cbc_encrypt" in file speed.o
    ld: Unsatisfied symbol "AES_set_encrypt_key" in file speed.o
    ld: Unsatisfied symbol "AES_set_decrypt_key" in file ../libcrypto.a[e_aes.o]
    3 errors.
    collect2: ld returned 1 exit status
    make[2]: *** [link_app.hpux] Error 1
    make[2]: Leaving directory `/home/snow/jfenlason/hp/openssl-0.9.8a/apps'
    make[1]: *** [openssl] Error 2
    make[1]: Leaving directory `/home/snow/jfenlason/hp/openssl-0.9.8a/apps'
    make: *** [build_apps] Error 1 
 
I'm building with gcc 3.3.1 and gnu make 3.79.1.
Any thoughts on what is wrong?  Thanks in advance.
,
Josh.


Yahoo! FareChase - Search multiple travel sites in one click.