[Openvpn-devel] msvc: OpenSSL 1.1.0 support

Message ID	1571304533-15614-1-git-send-email-lstipakov@gmail.com
State	Changes Requested
Headers	show Return-Path: <openvpn-devel-bounces@lists.sourceforge.net> From: Lev Stipakov <lstipakov@gmail.com> To: openvpn-devel@lists.sourceforge.net Date: Thu, 17 Oct 2019 12:28:53 +0300 Message-Id: <1571304533-15614-1-git-send-email-lstipakov@gmail.com> RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.67 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.67 listed in wl.mailspike.net] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid Subject: [Openvpn-devel] [PATCH] msvc: OpenSSL 1.1.0 support Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox
Series	[Openvpn-devel] msvc: OpenSSL 1.1.0 support \| expand [Openvpn-devel] msvc: OpenSSL 1.1.0 support

Message ID

1571304533-15614-1-git-send-email-lstipakov@gmail.com

State

Changes Requested

Headers

From: Lev Stipakov <lstipakov@gmail.com>
To: openvpn-devel@lists.sourceforge.net
Date: Thu, 17 Oct 2019 12:28:53 +0300
Message-Id: <1571304533-15614-1-git-send-email-lstipakov@gmail.com>
Subject: [Openvpn-devel] [PATCH] msvc: OpenSSL 1.1.0 support
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: openvpn-devel-bounces@lists.sourceforge.net

Series

[Openvpn-devel] msvc: OpenSSL 1.1.0 support | expand

Commit Message

Lev Stipakov Oct. 16, 2019, 10:28 p.m. UTC

From: Lev Stipakov <lev@openvpn.net>

Since we release Windows client with OpenSSL 1.1.0,
it makes sense to switch to this version in VS build.

This patch adds msvc-specific defines which imply
that underlying OpenSSL is 1.1.0.

Also OpenSSL library names in project file are updated.

Signed-off-by: Lev Stipakov <lev@openvpn.net>
---
 config-msvc.h               | 37 +++++++++++++++++++++++++++++++++++++
 src/openvpn/openvpn.vcxproj |  8 ++++----
 2 files changed, 41 insertions(+), 4 deletions(-)

Comments

François Kooman Oct. 16, 2019, 11:39 p.m. UTC | #1

On 17.10.19 11:28, Lev Stipakov wrote:
> Since we release Windows client with OpenSSL 1.1.0,
> it makes sense to switch to this version in VS build.
> 
> This patch adds msvc-specific defines which imply
> that underlying OpenSSL is 1.1.0.

"Version 1.1.0 will be supported until 2019-09-11" [1].

Is there a plan to update to 1.1.1 for the Windows client?

Regards,
François

[1] https://www.openssl.org/policies/releasestrat.html

Lev Stipakov Oct. 17, 2019, 1:10 a.m. UTC | #2

Hi François,

François Kooman kirjoitti 17.10.2019 klo 13.39:

> "Version 1.1.0 will be supported until 2019-09-11" [1].
> 
> Is there a plan to update to 1.1.1 for the Windows client?

Indeed, there is probably no reason to not to switch to newer version.
We'll include 1.1.1 into the next release.

This patch works just fine with 1.1.1, but I'll send v2 which states
that it supports 1.1.x instead of 1.1.0.

-Lev

Selva Nair Oct. 17, 2019, 3:25 a.m. UTC | #3

On Thu, Oct 17, 2019 at 8:11 AM Lev Stipakov <lstipakov@gmail.com> wrote:
>
> Hi François,
>
> François Kooman kirjoitti 17.10.2019 klo 13.39:
>
> > "Version 1.1.0 will be supported until 2019-09-11" [1].
> >
> > Is there a plan to update to 1.1.1 for the Windows client?
>
> Indeed, there is probably no reason to not to switch to newer version.
> We'll include 1.1.1 into the next release.

Use of 1.1.1 on both client ans server side will default to PSS padding
for RSA signature (for TLS 1.2 and 1.3) and break
--management-external-key.

So hold-off on building Windows release with 1.1.1 unless
we can get https://patchwork.openvpn.net/patch/587/ finalized by then.

Selva

Ilya Shipitsin Oct. 17, 2019, 3:44 a.m. UTC | #4

it sounds strange (it does not make a lot of sense), but we can build
openssl without TLS1.3 support

чт, 17 окт. 2019 г. в 19:27, Selva Nair <selva.nair@gmail.com>:

> On Thu, Oct 17, 2019 at 8:11 AM Lev Stipakov <lstipakov@gmail.com> wrote:
> >
> > Hi François,
> >
> > François Kooman kirjoitti 17.10.2019 klo 13.39:
> >
> > > "Version 1.1.0 will be supported until 2019-09-11" [1].
> > >
> > > Is there a plan to update to 1.1.1 for the Windows client?
> >
> > Indeed, there is probably no reason to not to switch to newer version.
> > We'll include 1.1.1 into the next release.
>
> Use of 1.1.1 on both client ans server side will default to PSS padding
> for RSA signature (for TLS 1.2 and 1.3) and break
> --management-external-key.
>
> So hold-off on building Windows release with 1.1.1 unless
> we can get https://patchwork.openvpn.net/patch/587/ finalized by then.
>
> Selva
>
>
> _______________________________________________
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
>
<div dir="ltr">it sounds strange (it does not make a lot of sense), but we can build openssl without TLS1.3 support<br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">чт, 17 окт. 2019 г. в 19:27, Selva Nair &lt;<a href="mailto:selva.nair@gmail.com">selva.nair@gmail.com</a>&gt;:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Thu, Oct 17, 2019 at 8:11 AM Lev Stipakov &lt;<a href="mailto:lstipakov@gmail.com" target="_blank">lstipakov@gmail.com</a>&gt; wrote:<br>
&gt;<br>
&gt; Hi François,<br>
&gt;<br>
&gt; François Kooman kirjoitti 17.10.2019 klo 13.39:<br>
&gt;<br>
&gt; &gt; &quot;Version 1.1.0 will be supported until 2019-09-11&quot; [1].<br>
&gt; &gt;<br>
&gt; &gt; Is there a plan to update to 1.1.1 for the Windows client?<br>
&gt;<br>
&gt; Indeed, there is probably no reason to not to switch to newer version.<br>
&gt; We&#39;ll include 1.1.1 into the next release.<br>
<br>
Use of 1.1.1 on both client ans server side will default to PSS padding<br>
for RSA signature (for TLS 1.2 and 1.3) and break<br>
--management-external-key.<br>
<br>
So hold-off on building Windows release with 1.1.1 unless<br>
we can get <a href="https://patchwork.openvpn.net/patch/587/" rel="noreferrer" target="_blank">https://patchwork.openvpn.net/patch/587/</a> finalized by then.<br>
<br>
Selva<br>
<br>
<br>
_______________________________________________<br>
Openvpn-devel mailing list<br>
<a href="mailto:Openvpn-devel@lists.sourceforge.net" target="_blank">Openvpn-devel@lists.sourceforge.net</a><br>
<a href="https://lists.sourceforge.net/lists/listinfo/openvpn-devel" rel="noreferrer" target="_blank">https://lists.sourceforge.net/lists/listinfo/openvpn-devel</a><br>
</blockquote></div>

diff --git a/config-msvc.h b/config-msvc.h
index 45fae8b..2f2d98f 100644
--- a/config-msvc.h
+++ b/config-msvc.h
@@ -76,6 +76,43 @@ 
 #define HAVE_POLL 1
 
 #define HAVE_OPENSSL_ENGINE 1
+/* hardcode OpenSSL 1.1.0 support */
+#define HAVE_EVP_MD_CTX_RESET 1
+#define HAVE_EVP_MD_CTX_FREE 1
+#define HAVE_EVP_MD_CTX_NEW 1
+#define HAVE_HMAC_CTX_RESET 1
+#define HAVE_HMAC_CTX_FREE 1
+#define HAVE_HMAC_CTX_NEW 1
+#define HAVE_SSL_CTX_GET_DEFAULT_PASSWD_CB_USERDATA 1
+#define HAVE_SSL_CTX_GET_DEFAULT_PASSWD_CB 1
+#define HAVE_X509_GET0_PUBKEY 1
+#define HAVE_X509_STORE_GET0_OBJECTS 1
+#define HAVE_X509_OBJECT_FREE 1
+#define HAVE_X509_OBJECT_GET_TYPE 1
+#define HAVE_EVP_PKEY_GET0_RSA 1
+#define HAVE_EVP_PKEY_GET0_EC_KEY 1
+#define HAVE_EVP_PKEY_ID 1
+#define HAVE_EVP_PKEY_GET0_DSA 1
+#define HAVE_RSA_SET_FLAGS 1
+#define HAVE_RSA_GET0_KEY 1
+#define HAVE_RSA_SET0_KEY 1
+#define HAVE_RSA_BITS 1
+#define HAVE_DSA_GET0_PQG 1
+#define HAVE_DSA_BITS 1
+#define HAVE_RSA_METH_NEW 1
+#define HAVE_RSA_METH_FREE 1
+#define HAVE_RSA_METH_SET_PUB_ENC 1
+#define HAVE_RSA_METH_SET_PUB_DEC 1
+#define HAVE_RSA_METH_SET_PRIV_ENC 1
+#define HAVE_RSA_METH_SET_PRIV_DEC 1
+#define HAVE_RSA_METH_SET_INIT 1
+#define HAVE_RSA_METH_SET_SIGN 1
+#define HAVE_RSA_METH_SET_FINISH 1
+#define HAVE_RSA_METH_SET0_APP_DATA 1
+#define HAVE_RSA_METH_GET0_APP_DATA 1
+#define HAVE_EC_GROUP_ORDER_BITS 1
+#define OPENSSL_NO_EC 1
+#define HAVE_EVP_CIPHER_CTX_RESET 1
 
 #define PATH_SEPARATOR     '\\'
 #define PATH_SEPARATOR_STR "\\"
diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj
index 3b0ee60..4ffff2b 100644
--- a/src/openvpn/openvpn.vcxproj
+++ b/src/openvpn/openvpn.vcxproj
@@ -78,7 +78,7 @@ 
     </ClCompile>
     <ResourceCompile />
     <Link>
-      <AdditionalDependencies>legacy_stdio_definitions.lib;Ncrypt.lib;libeay32.lib;ssleay32.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>legacy_stdio_definitions.lib;Ncrypt.lib;libssl.lib;libcrypto.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
       <SubSystem>Console</SubSystem>
     </Link>
@@ -91,7 +91,7 @@ 
     </ClCompile>
     <ResourceCompile />
     <Link>
-      <AdditionalDependencies>legacy_stdio_definitions.lib;Ncrypt.lib;libeay32.lib;ssleay32.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>legacy_stdio_definitions.lib;Ncrypt.lib;libssl.lib;libcrypto.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
       <SubSystem>Console</SubSystem>
     </Link>
@@ -104,7 +104,7 @@ 
     </ClCompile>
     <ResourceCompile />
     <Link>
-      <AdditionalDependencies>legacy_stdio_definitions.lib;Ncrypt.lib;libeay32.lib;ssleay32.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>legacy_stdio_definitions.lib;Ncrypt.lib;libssl.lib;libcrypto.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
       <SubSystem>Console</SubSystem>
     </Link>
@@ -117,7 +117,7 @@ 
     </ClCompile>
     <ResourceCompile />
     <Link>
-      <AdditionalDependencies>legacy_stdio_definitions.lib;Ncrypt.lib;libeay32.lib;ssleay32.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>legacy_stdio_definitions.lib;Ncrypt.lib;libssl.lib;libcrypto.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
       <SubSystem>Console</SubSystem>
     </Link>

[Openvpn-devel] msvc: OpenSSL 1.1.0 support

Commit Message

Comments

Patch