Linker errors when trying to build OpenSSL with MD2 and RC5 support

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

Linker errors when trying to build OpenSSL with MD2 and RC5 support

Osman Zakir
I had linker errors when trying to build OpenSSL with MD2 and RC5 support.  I ran this command:

"
perl Configure VC-WIN64A --with-zlib-lib=C:/zlib/lib/zlibstatic --with-zlib-include=C:/zlib/include enable-md2 enable-rc5 --release
"
and had the messages I've put in this Gist in the output: https://gist.github.com/DragonOsman/e81ff5590561d999dce5b2f7ddb9d3bd .

I had some warnings and one error from the Linker when trying to build the Win32::Console Perl module, but I still got the module itself.  Could that be a reason for my problem?  And also, how can I enable all of the cryptography algorithms without getting errors (is this possible?)?  

I'm also tempted to try getting the latest bleeding edge version from GitHub.  I wonder if I should try that.
Reply | Threaded
Open this post in threaded view
|

RE: Linker errors when trying to build OpenSSL with MD2 and RC5 support

Michael Wojcik
> From: openssl-users [mailto:[hidden email]] On Behalf Of Osman Zakir
> Sent: Friday, September 13, 2019 11:30

> I had linker errors when trying to build OpenSSL with MD2 and RC5 support.

Did you clean after configuring?

> I'm also tempted to try getting the latest bleeding edge version from GitHub.  I
> wonder if I should try that.

If you're bored with your current set of problems and want a different set, sure. If you're hoping to make progress, I wouldn't recommend it.

--
Michael Wojcik
Distinguished Engineer, Micro Focus



Reply | Threaded
Open this post in threaded view
|

Re: Linker errors when trying to build OpenSSL with MD2 and RC5 support

Osman Zakir
I had a successful build before I configured it again to try to get MD2 and RC5, so I didn't see a reason to clean the build.  I did clean it now after the failure happened.  

I'll try to fix these errors for now, so please help me with that.  But I also want to know after that whether or not it's possible to enable all of the algorithms supported by OpenSSL version 1.1.1d.  


Reply | Threaded
Open this post in threaded view
|

RE: Linker errors when trying to build OpenSSL with MD2 and RC5 support

Michael Wojcik
> From: Osman Zakir [mailto:[hidden email]]
> Sent: Friday, September 13, 2019 13:26

> I had a successful build before I configured it again to try to get MD2 and RC5, so I
> didn't see a reason to clean the build.

Reconfiguring changes the makefiles. You should always clean after a reconfigure. That's true for the vast majority of software projects that use a makefile-creating build process.

> But I also want to know after that whether or not it's possible to enable all of the
> algorithms supported by OpenSSL version 1.1.1d.

If it's not possible to enable an algorithm, it isn't actually "supported", is it?

If Configure claims a particular algorithm can be enabled, then if it's not actually possible to build with it enabled and use it, I'd say that's a bug somewhere. I haven't tried to build with all possible Configure options enabled, though.

--
Michael Wojcik
Distinguished Engineer, Micro Focus




Reply | Threaded
Open this post in threaded view
|

Re: Linker errors when trying to build OpenSSL with MD2 and RC5 support

Osman Zakir
I'll just put both email addresses in for "To" then.

I won't build with either one enabled if that's better, but I'd still like to know how to fix those linker errors.  

I do also want to ask what AFALG is and if I should enable it or not (and what happens if I do).  
Reply | Threaded
Open this post in threaded view
|

RE: Linker errors when trying to build OpenSSL with MD2 and RC5 support

Michael Wojcik
> From: Osman Zakir [mailto:[hidden email]]
> Sent: Friday, September 13, 2019 18:06

> I won't build with either one enabled if that's better, but I'd still like to know how
> to fix those linker errors.

Someone should probably look into that, but I don't have time to; and if no one else from the community picks it up, you'll probably have to wait until someone from the OpenSSL team has a chance to get to it.

Does the DLL you built have the missing symbols? (Try "dumpbin /exports libssl-1_1-x64.dll | findstr EVP_md2" in the apps directory.) If so, the link is picking up the wrong import library. If not, something didn't get rebuilt correctly.

> I do also want to ask what AFALG is and if I should enable it or not (and what happens
> if I do).

I answered this in one of my other replies, sent Thursday 12 September. The afalg engine is only applicable to Linux.

--
Michael Wojcik
Distinguished Engineer, Micro Focus



Reply | Threaded
Open this post in threaded view
|

RE: Linker errors when trying to build OpenSSL with MD2 and RC5 support

Michael Wojcik
Again, please don't send questions about OpenSSL directly to me. I am not a member of the OpenSSL Project.

> From: Osman Zakir [mailto:[hidden email]]
> Sent: Saturday, September 14, 2019 10:54

> I'm not trying to build a DLL, though.  I want to build a static .lib library (are there
> additional commands I need to give to make it build static libs?).

Yes, and they're documented in the Configure options just like everything else.

You need to configure with "no-shared" to disable the building of shared libraries. You may want no-dynamic-engine to have engines linked statically rather than loaded at runtime, no-zlib-dynamic for the same reason, and no-dso to disable loading of objects at runtime (though I'm not sure this has any effect on Windows builds). I don't think no-pic has any effect on Windows.

I can't guess what options you actually might want because you STILL haven't told us what you're trying to do, and why.

--
Michael Wojcik
Distinguished Engineer, Micro Focus



Reply | Threaded
Open this post in threaded view
|

Re: Linker errors when trying to build OpenSSL with MD2 and RC5 support

Osman Zakir
Are there additional commands I have to pass to the Configure module if I want to build completely static libs?  If so, what are they?  
Reply | Threaded
Open this post in threaded view
|

openssl smime/cms unable to handle binary encoded message? (header too long:asn1)

Carlos Maynard
In reply to this post by Osman Zakir
Hello gentlemen,

I am troubleshooting an issue with an AS2 setup, the error I'm getting is AS1_get_obect:header too long:asn1. Playing with another system, I was able to replicate the issue by switching the encoding from Base64 to Binary.

Before i get a smart response... the trading partner can't switch the encoding from binary to base64,.. so here I am ;-)

Apparently openssl assumes that all SMIME messages are base64 encoded, and balks when this is not the case?

Basically the transmission is an encrypted and signed. The decryption goes well, but then the signature verification fails, the full error message is below.

139666245117592:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:157:
139666245117592:error:0D0D106E:asn1 encoding routines:B64_READ_ASN1:decode error:asn_mime.c:192:
139666245117592:error:0D0D40CC:asn1 encoding routines:SMIME_read_ASN1:asn1 sig parse error:asn_mime.c:490:


According to the link above... I should be able to discard the the headers and handle the binary body with openssl. Copying/Pasting from the link above...

$ sed '1,/^\r$/d' <suA97544.mime >suA97544.body
$ openssl cms -uncompress -inform der -in suA97544.body
Now, when I try this suggestion... sed does strip the MIME headers, but still when attempting to uncompress with openssl there is an error.
Error reading S/MIME message
140081090963096:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1217:
140081090963096:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:386:Type=CMS_ContentInfo
I am hoping I am just missing something here... obviously openssl is not my forte. :-)

For illustration purposes, here is the original structure:

content-type: multipart/signed; protocol="application/pkcs7-signature"; micalg=SHA-1;
        boundary="_=4094798051677677Sterling4094798051677677MOKO"

--_=4094798051677677Sterling4094798051677677MOKO
content-type: application/pkcs7-mime; smime-type=compressed-data; name=smime.p7m
.... (Binary)
--_=4094798051677677Sterling4094798051677677MOKO
content-type: application/pkcs7-signature; name=EDIINTSIG.p7s .... (Binary)

After sed... the structure looks like this... which fails to uncompress with openssl

--_=4094798051677677Sterling4094798051677677MOKO
content-type: application/pkcs7-mime; smime-type=compressed-data; name=smime.p7m
.... (Binary) --_=4094798051677677Sterling4094798051677677MOKO
content-type: application/pkcs7-signature; name=EDIINTSIG.p7s ... (Binary) openssl pkcs7 -in 5d7aa60750796.dat.3 -inform DER

Last but not least, if I split the two parts, remove the boundary and content-type line... I can use pkcs7 to convert the binary content for each individual file, and I get this, but I'm not sure that this is what I think it is (the data what the next step would be. Talk about shooting in the dark. LoL.

openssl pkcs7 -in 5d7aa60750796.dat.3 -inform DER
-----BEGIN PKCS7-----
MIHOBgsqhkiG9woBCRABCaCBvjCAAgEAMAoGCyqGSIb3CgEJEAMIMIAGCSqGSIb3
CgEHAaCAJIAEAnicBIGMc87PK0nNK9EtqSxItVJwLCjIyUxOLMnMz9N3dfHUjTA0
4uVKhirJTLFSsPH19/Z3dnMGSeblp6Qa6hqaJRsYGicaJ5oY6hoZWRgZmJuaWTi7
uTsGGzlAFNrxcvFyKQOBQoiHZ7ACEDkqhLgGhyj4ugYHO7q7KoDlXPwV/PxDFAKC
/J2BwmAxABhSKacAAAAAAAA=
-----END PKCS7-----

I suspect this is a compressed version of the actual message, but I can't get any further. Any help, recommendations, thoughts would be greatly appreciated!!

Is there a solid openssl implementation that can handle the binary encoded smime message?

Thanks in advance!

CM.






Reply | Threaded
Open this post in threaded view
|

Re: Linker errors when trying to build OpenSSL with MD2 and RC5 support

Michael Wojcik
In reply to this post by Osman Zakir
Did you read my previous response, where I listed the relevant Configure options? Be sure to expand included text, if you're using one of those braindead MUAs which hide it.