This is when built with fips enabled. The issue seems to be some
difference in gcc behaviour:
make[3]: Entering directory `/releng/nightly/trunk/build/openssl/crypto/bn'
../../util/domd ../.. -MD gcc -- -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB
-DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DIC_LICENSE
-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,--noexecstack
-DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_GF2m
-I/releng/nightly/trunk/build/openssl/isode/../../openssl-fips/linux32//include
-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM
-DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -I.. -I../.. -I../modes -I../asn1
-I../evp -I../../include -Iyes -DOPENSSL_NO_DEPRECATED
-DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_IDEA
-DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779
-DOPENSSL_NO_RSAX -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -- bn_add.c bn_div.c
bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c bn_print.c bn_rand.c bn_shift.c
bn_word.c bn_blind.c bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c
bn_asm.c bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c bn_depr.c
bn_const.c bn_x931p.c
bn_div.c:144:1: error: "bn_div_words" redefined
In file included from
/releng/nightly/trunk/build/openssl/isode/../../openssl-fips/linux32//include/openssl/crypto.h:151,
from
/releng/nightly/trunk/build/openssl/isode/../../openssl-fips/linux32//include/openssl/bn.h:133,
from bn_div.c:60:
/releng/nightly/trunk/build/openssl/isode/../../openssl-fips/linux32//include/openssl/fipssyms.h:620:1:
error: this is the location of the previous definition
This is with gcc-4.1.2. With gcc-4.6.2 I don't get any errors. If I add
suitable hackery:
#if defined(bn_div_words)
#error "bn_div_words is defined"
#endif
just before line 144 of bn_div.c then my build with 4.6.2 also fails,
suggesting it's not that some different combination of things is
happening, it's just that 4.6.2 silently permits redefinition of
macros. (Without the -Werror, 4.6.2 gives a warning for the
redefinition.)
I don't see anything fixing this in CVS, so is this a bug, and what's a
suitable resolution? An easy fix is just to explicitly undefine
bn_div_words (and SHA1_Update in crypto/evp/e_aes_cbc_hmac_sha1.c which
is similarly problematic), but ought these to be redefined at all?
Maybe these ought to be defined only if OPENSSL_FIPS isn't defined?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
