X-Authentication-Warning: delorie.com: mail set sender to djgpp-bounces using -f Message-Id: <201209231642.q8NGguHQ002590@delorie.com> From: Juan Manuel Guerrero To: djgpp-announce AT delorie DOT com Subject: ANNOUNCE: DJGPP port of OpenSSL 1.0.1c uploaded. Date: Sun, 23 Sep 2012 18:30:21 +0200 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline This is a port of OpenSSL 1.0.1c to MSDOS/DJGPP. The OpenSSL Project is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. OpenSSL is based on the excellent SSLeay library developed from Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the OpenSSL license plus the SSLeay license) situation, which basically means that you are free to get and use it for commercial and non-commercial purposes as long as you fulfill the conditions of both licenses. DJGPP specific changes. ======================= Fortunately, OpenSSL supports DJGPP out-of-the-box so there is no need to adjust the source code itself. Neitherless there are assumptions made about the file system used and its capabilities that require some changes in the perl configuration scripts and in the way source package is unzipped. - all new DJGPP specific files are store in the /djgpp directory. - to install, configure and compile the sources LFN support is required. - all links (linked files) in the archive have been removed. Depending on if djtar or tar is used and depending on if they are from DJGPP 2.03 or 2.04 all these tar programs create different kind of files to represent those links and this breaks either the configuration step or later the building step. - the /djgpp directory contains unpack.sh. This small shell script uses djtar to create a file list of the archive, identifies the links, extract the sources using djtar and removes all links. Of course, if you download the DJGPP port all this has already been done. - as usual the /djgpp directory contains also the diffs file. It shows how I have changed some of the perl scripts used during the configuration and building steps to check for the OS used and to copy the files instead of trying to create links even if this is possible. - the binaries, headers and libraries will be installed in the corresponding directories of the DJGPP installation tree. All documentation will be installend in /dev/env/DJDIR/share/ssl/man. This means that you will have to adjust your MANPATH in djgpp.env if you want that the man program finds these new manpages. - to be able to configure and compile this port, the DJGPP port of perl must be installed. openssl uses a mix of perl scripts and Makefiles to configure and compile the sources. I have used perl588b but the previous one may work as well but I have never tested this. - Attention: this port depends on WATT-32. Unfortunately there is no DJGPP specific port available that fits into the DJGPP installation tree so I downloaded the source archive and compiled it. I have used watt32s-2.2-dev.10.zip. I had to adjust the following issues: 1) the error numbers list (/src/djgpp/syserr.c) generated by /util/dj_err.exe does not match the error numbers of DJGPP 2.04, so I have deleted that program and compiled it again using djdev204. If this is not done a lot of warnings concerning redefined error numbers will be generated. Of course, to compile the DJGPP 2.03 port of openssl I have compiled /util/dj_err.exe with djdev203. The error list must always match the djdev version that shall be used. 2) I have removed the -gcoff flag from the CFLAGS variable in /src/djgpp.mak. If this is not done a brocken library will be produced and every single openssl program created by the testsuite that is linked with libwatt.a dies with SIGSEGV. Of course, it is well known that the COFF debug support for the latest GCC compilers is almost completely brocken; using other versions previous to gcc4NN may work well with -gcoff. I have never tested the binary distribution of WATT-32 but I fear that it will not work with gcc4NN and this DJGPP port of openssl. The buttom line is that you must install the WATT-32 sources in some directory, configure and compile it either for DJGPP 2.03 or DJGPP 2.04 and make the WATT_ROOT environment variable point to that directory before you can configure and compile openssl. - the binary package of openssl ist not completely SFN clean. But this concerns the manpages only. Neither the libraries nor the headers are affected. I do not have the time to invent SFN clean names for hundreds of manpages which names may change and become useless with the next openssl update. Of course, the headers and libraries are 8.3 clean and the use of the libraries do not require LFN support at all. - the openssl libraries depend on WATT-32, so the WATT-32 headers and library must be installed somewhere on your hard disk when you link your application with openssl. Remember to set the WATT_ROOT environment variable to point to the directory where your installed WATT-32. This does not need to be the same directory where WATT-32 was installed when openssl was configured and build. - the testsuite passes for both djdev203 and djdev204 except for the last test that requires some certificate that needs to be requested. For some test, it is also required that the port of GNU bc is installed. - due to the dependency of WATT-32 and the required value of the WATT_ROOT environment variable, the source package is not configured at all. You have to install and build WATT-32 first and then you can configure and build openssl as described in the original INSTALL.DJGPP file. - as any cryptographic software, openssl needs a source of unpredictable data to work correctly. Many open source operating systems provide a "randomness device" (/dev/urandom or /dev/random) that serves this purpose. As of version 0.9.7f of openssl the DJGPP port checks upon /dev/urandom$ for a 3rd party "randomness" DOS driver. One such driver, NOISE.SYS, can be obtained from "http://www.rahul.net/dkaufman/index.html" as: Please read the instructions _VERY_ carefully. This driver works on DOS and may be on some versions of Windows (Windows 3.1 and Win95) but it does not work for all versions of Windows. For XP it does not work and I have found no replacement. This means that for WinXP and probably for Win2K there is no "randomness device" support for openssl available. - the port has been configured and compiled to support for zlib compression. The zlib port used is ftp://ftp.delorie.com/pub/djgpp/current/v2tk/zlib127b.zip or: ftp://ftp.delorie.com/pub/djgpp/beta/v2tk/zlib127b.zip but any other version of the port may work as well. - the binaries have been build on WinXP using djdev203 or djdev204, gcc471b and bnu222br4. Configuring, compiling and running the testsuite takes around 01:30 h not counting the time to build WATT-32. For further information about OpenSSL please read the man pages, various README files and NEWS file. Also visit the home page of openssl. Please note that I am not an user of openssl. I have only ported it because I needed it to create another port. This means that I am not able to answer openssl specific questions. The port has been compiled using stock djdev203 (patchlevel 2) and consists of two packages that can be downloaded from ftp.delorie.com and mirrors as (timestamp 2012-09-23): OpenSSL 1.0.1c binary, headers, libraries and man format documentation: ftp://ftp.delorie.com/pub/djgpp/current/v2tk/ssl101cb.zip OpenSSL 1.0.1c source: ftp://ftp.delorie.com/pub/djgpp/current/v2tk/ssl101cs.zip The binaries have been produced a second time using the stock version of djdev204 beta library. This package is available at ftp.delorie.com and mirrors as (timestamp 2012-09-23): OpenSSL 1.0.1c binary, headers, libraries and man format documentation: ftp://ftp.delorie.com/pub/djgpp/current/v2tk/ssl101cb.zip Send openssl specific bug reports to . Send suggestions and bug reports concerning the DJGPP port to comp.os.msdos.djgpp or . If you are not sure if the failure is really a openssl failure or a djgpp specific failure, report it here and *not* to . Enjoy. Guerrero, Juan Manuel