[openssl-users] Errors building 1.0.2e on Mac OS X 10.7.5
I know the OS is a bit old, but thought I’d better upgrade OpenSSL on it in now. To configure I used: ./Configure --prefix=/usr/local shared darwin64-x86_64-cc Running make gives lots of errors like this: cc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -fPIC -fno-common -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch x86_64 -O3 -DL_ENDIAN -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -c -o md5-x86_64.o md5-x86_64.s ar r ../../libcrypto.a md5_dgst.o md5_one.o md5-x86_64.o /usr/bin/ranlib: file: ../../libcrypto.a(ebcdic.o) has no symbols /usr/bin/ranlib: file: ../../libcrypto.a(fips_ers.o) has no symbols /usr/bin/ranlib ../../libcrypto.a || echo Never mind. /usr/bin/ranlib: file: ../../libcrypto.a(ebcdic.o) has no symbols /usr/bin/ranlib: file: ../../libcrypto.a(fips_ers.o) has no symbols making all in crypto/sha… before ending: x86_64-mont.s:957:2: error: invalid instruction mnemonic 'adoxq' adoxq %r15,%r10 ^ x86_64-mont.s:959:2: error: invalid instruction mnemonic 'adcxq' adcxq %rax,%r10 ^ x86_64-mont.s:960:2: error: invalid instruction mnemonic 'adoxq' adoxq %r15,%r11 ^ x86_64-mont.s:962:2: error: invalid instruction mnemonic 'adcxq' adcxq %rax,%r11 ^ x86_64-mont.s:963:2: error: invalid instruction mnemonic 'adoxq' adoxq %r15,%r12 ^ x86_64-mont.s:966:2: error: invalid instruction mnemonic 'adcxq' adcxq %rax,%r12 ^ x86_64-mont.s:967:2: error: invalid instruction mnemonic 'adoxq' adoxq %r15,%r13 ^ x86_64-mont.s:972:2: error: invalid instruction mnemonic 'adcxq' adcxq %rax,%r13 ^ x86_64-mont.s:973:2: error: invalid instruction mnemonic 'adoxq' adoxq %rbp,%r15 ^ make[2]: *** [x86_64-mont.o] Error 1 make[1]: *** [subdirs] Error 1 make: *** [build_crypto] Error 1 This worked with 1.0.1 versions. Any suggestions? Thanks, James. smime.p7s Description: S/MIME cryptographic signature ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d
> 1. With compiler optimization disabled, OpenSSL 1.0.2d function worked > as it is. Another indication in favour of compiler bug is that it worked when you added printf. It's similar to quantum physics when by measuring you force particle to specific state. But understand me correctly. I'm not saying that quantum physics apply in this case, it's just a *fun* way to look at it. As compiler doesn't know what printf does, it's forced to normalize value for "measurement". Same essentially applies to volatilization. I mean variables declared volatile are meant for *external* consumption/"measurement". ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Engines mess
Hello, Could you explain the engine management in the openssl 1.0.2e? I load an engine via openssl config specifying the path using the dynamic_path directive and provide some engine-specific directives. When I call the dgst command dgst -sha1 -engine myengine -keyform engine -sign mykey -out signature I see that the ENGINE_free function is not called after the setup_engine() call from line 220 of dgst.c. It's the 4th call to the ENGINE_free function, there was a call to ENGINE_free for my engine and 2 calls to ENGINE_free to the dynamic engine. Here I get the fields struct_ref = 4, funct_ref = 3, and it seems strange to me. It also seems to me that it should be a call to ENGINE_free at the end of openssl app call to free the resources (e.g. engine error strings), but there is no one. Could you explain my mistakes? Thank you! -- SY, Dmitry Belyavsky ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d
Hi All, 1. With compiler optimization disabled, OpenSSL 1.0.2d function worked as it is. 2. Looks like in the below functions, typecast to unsigned char to is not going well when compiler optimization is enabled. Hence functions are modified to assign the return value to a volatile unsigned char and then return the volatile value. Things worked fine. static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b) static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b) static inline unsigned char constant_time_is_zero_8(unsigned int a) static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int b) static inline unsigned char constant_time_eq_int_8(int a, int b) static inline unsigned char constant_time_select_8(unsigned char mask, Matt, Jakob, Andy your explanations were really useful to route cause the issue to compiler specific. Thanks every one for the valuable time and fruitful discussion. Regards Jaya On Sun, Dec 13, 2015 at 11:13 AM, Jayalakshmi bhat < bhat.jayalaks...@gmail.com> wrote: > Hi All, > > > > Thanks for all the responses. As mentioned by Matt in the discussion > thread,constant_time_msb performs the copy the msb of the input to all of > the other bits so the return value should either be one of 0x or > 0x. > > > > I found another interesting thing,constant_time_msb worked as it is > without any changes, after I added a printf in constant_time_is_zero_8 test > routine to print the return value. I added the printf just before comparing > the return value with the expected value. > > > > I have confirmed the failures by removing the printf and printing any > thing else other than the returned value. > > > > Now based on the discussions here and print results I am thinking, after > constant_time_msb operation probably overflow bit is set in case of > 0x. And it is not cleared before comparing, hence compare fails. > When I add a printf to print the return value probably overflow flag got > cleared and things worked. > > > > I am planning to attach the debugger to check the flags. I will get back > with debugger results. > > > > I have attached the test file. > > > > Regards > > Jaya > > > > On Fri, Dec 11, 2015 at 11:30 AM, Jeffrey Walton > wrote: > >> > 3. The compiler wasn't written by a fanatic who put >> > the "right shift of negative signed values is >> > undefined" rule above common sense. >> > >> > This is only implementation-defined behavior, not undefined behavior. >> It is >> > not permitted to crash the system or launch the missiles. (n1256.pdf >> 6.5.7 >> > paragraph 5.) >> >> The potential problem with implementation defined is its not >> guaranteed to produce consistent results. Different compilers or >> different versions of the same compiler may arrive at different >> results. >> >> In this light, the crash might be welcomed to make it easy to find the >> trouble spot :) >> ___ >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> > > ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users