Re: [openssl-dev] Bugs fixed in one place but not another

[Salz, Rich]

> In general, I noticed that OpenSSL and LibreSSL don't seem to pay attention
> to the bugs that are fixed in BoringSSL and *ring*. See, for
> example:

We don't have the time to follow other forks, basically.

I don't see that changing.
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Bugs fixed in one place but not another

[Brian Smith]

Salz, Rich  wrote:
>> Sometimes I report bugs and/or fix bugs which get fixed in [1] and/or [2].
>> Please make sure you consider the impact of those changes on your own
>> projects.
>
> Not sure what you're asking for.

In general, I noticed that OpenSSL and LibreSSL don't seem to pay
attention to the bugs that are fixed in BoringSSL and *ring*. See, for
example:
* 
https://boringssl.googlesource.com/boringssl/+/95b97693403d5c8f09b2870ad9a6d7d198246da4%5E!/
* 
https://boringssl.googlesource.com/boringssl/+/75b833cc819a9d189adb0fdd56327bee600ff9e9
* 
https://boringssl.googlesource.com/boringssl/+/44bedc348d9491e63c7ed1438db100a4b8a830be

I think it would be a good idea for OpenSSL and LibreSSL to fix the bugs too.

Cheers,
Brian
-- 
https://briansmith.org/
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Bugs fixed in one place but not another

[Salz, Rich]

> Sometimes I report bugs and/or fix bugs which get fixed in [1] and/or [2].
> Please make sure you consider the impact of those changes on your own
> projects.

Not sure what you're asking for.
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] Bugs fixed in one place but not another

[Brian Smith]

Hi,

Sometimes I report bugs and/or fix bugs which get fixed in [1] and/or
[2]. Please make sure you consider the impact of those changes on your
own projects.

[1] https://boringssl.googlesource.com/boringssl/+log/
[2] https://github.com/briansmith/ring

Cheers,
Brian
-- 
https://briansmith.org/
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4586] RSA_memory_lock ?

[paul.d...@oracle.com via RT]

The RSA_memory_lock (crypto/rsa/rsa_lib.c) call  isn't mentioned in the 
documentation.  It also isn't called from anywhere inside OpenSSL.

 

 

The rsa.h header file says:

 

| /* This function needs the memory locking malloc callbacks to be installed */

| int RSA_memory_lock(RSA *r);

 

The problem being that this routine calls OPENSSL_malloc - i.e. no locking.

So either the call needs to be updated to call CRYPTO_secure_malloc or it could 
be a candidate for dead code removal.

 

 

Pauli

-- 

Oracle

Dr Paul Dale | Cryptographer | Network Security & Encryption 

Phone +61 7 3031 7217

Oracle Australia

 

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4586
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3499] Bug: Multiple matching certificates in CAfile

[Rich Salz via RT]

Fixed; see RT 3359 per Steve.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3499
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3921] [PATCH] Fix const-correctness issues of new ECDSA_METHOD api

[Rich Salz via RT]

This API is gone. Closing ticket.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3921
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3980] [PATCH] Fix BIO_get_accept_socket so that "port-only" input works on FreeBSD

[Rich Salz via RT]

https://github.com/openssl/openssl/pull/359 Closing ticket.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3980
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4432] [BUG] Building with "no-des" fails at crypto/cms/cms_kari.c

[Rich Salz via RT]

https://github.com/openssl/openssl/pull/872 Closing ticket.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4432
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4308] Add Postgres support to -starttls

[Rich Salz via RT]

https://github.com/openssl/openssl/pull/683 Closing ticket.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4308
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4175] Add new macro or PKCS7 flag to disable the check for both data and content

[Rich Salz via RT]

fixed some time ago.,

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4175
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4121] avoid configuring openssl twice

[Rich Salz via RT]

https://github.com/openssl/openssl/pull/466 Closing ticket.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4121
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4108] Set TLS ticket keys API

[Rich Salz via RT]

: https://github.com/openssl/openssl/pull/452 Closing ticket.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4108
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4038] SSLv2 session reuse is broken on the 1.0.2 branch

[Rich Salz via RT]

https://github.com/openssl/openssl/pull/395 Closing ticket.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4038
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3986] [PATCH] Implement HKDF algorithm (RFC 5869)

[Rich Salz via RT]

https://github.com/openssl/openssl/pull/355 Closing ticket.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3986
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3709] [PATCH] Constness in SSL_CTX_set_srp_username and SSL_CTX_set_srp_password functions

[Rich Salz via RT]

https://github.com/openssl/openssl/pull/227 Closing ticket.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3709
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3616] [Patch] Implement option to disable sending TLS extensions

[Rich Salz via RT]

https://github.com/openssl/openssl/pull/215 Closing ticket.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3616
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3533] [PATCH] Ensures that EVP encryption & decryption operations check the encrypt flag on the context.

[Rich Salz via RT]

https://github.com/openssl/openssl/pull/172 Closing ticket.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3533
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3305] Cppcheck report

[Rich Salz via RT]

https://github.com/openssl/openssl/pull/139 Closing ticket.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3305
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2698] [PATCH] Allow the use of startdate and enddate for ca -gencrl command

[Rich Salz via RT]

This duplicates https://github.com/openssl/openssl/pull/258 so closing the
ticket.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2698
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2894] [Bug] openssl crl -nameopt has no effect

[Rich Salz via RT]

This was implemented some time ago (not sure who). The nmflag variable is used
in name_print in apps/crl.c Closing ticket.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2894
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2867] des_ede3_cfb1_cipher(): output cropping

[Rich Salz via RT]

fixed with commit fe2d149 in master. Not backported, code has changed.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2867
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

[Andy Polyakov via RT]

 A quick question about this configuration... Should Linux-x32 enable
 ec_nistp_64_gcc_128 by default? Does anything prohibit
 ec_nistp_64_gcc_128 in this configuration?

 # ./Configure linux-x32
 Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
 no-asan [default]  OPENSSL_NO_ASAN (skip dir)
 ...
 no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128 (skip 
 dir)
 ...

 I believe it meets the three criteria for ec_nistp_64_gcc_128.
>>>
>>   * Little endian CPU
>>   * CPU allows unaligned data access
>>   * Compiler supports  __uint128_t
> 
> Correct. But there still might be nuances. ...
> ... there *might* as well be some so-far-unverbalized assumption,
> for example sizeof(long) being 8. Note "might", as I'm not actually
> saying that there is. All I'm saying is that I don't know [at this point].

It should work with linux-x32 and apparently does based on your report
in RT#4584.


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

[Andy Polyakov via RT]

> ... What one can discuss is to have
> ./config (not ./Configure) detect x32 environment and pass alternative
> config line to ./Configure. That's how it worked so far and I see no
> reason to change it by moving platform detection logic to ./Configure.



-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583
Please log in as guest with password guest if prompted

diff --git a/config b/config
index 2e02ae3..1fef03e 100755
--- a/config
+++ b/config
@@ -640,7 +640,12 @@ case "$GUESSOS" in
 	#fi
 	OUT="linux64-s390x"
 	;;
-  x86_64-*-linux?) OUT="linux-x86_64" ;;
+  x86_64-*-linux?)
+	if $CC -dM -E -x c /dev/null 2>&1 | grep -q ILP32 > /dev/null; then
+	OUT="linux-x32"
+	else
+	OUT="linux-x86_64"
+	fi ;;
   *86-*-linux2) OUT="linux-elf"
 	if [ "$GCCVER" -gt 28 ]; then
   if grep '^model.*Pentium' /proc/cpuinfo >/dev/null ; then
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

[Andy Polyakov via RT]

>>> # ./config -mx32
>>> Operating system: x86_64-whatever-linux2
>>> Configuring for linux-x86_64
>>>
>>> Perhaps the second case should fail at configure just like the first
>>> case. Upon failure, it would be nice to tell the user what to do:
>>> "Please configure with ./Configure linux-x32"
>>
>> Well, there is a trade-off. Special cases are too numerous to cover them
>> all, so question would be if this would be common and grave enough to
>> guard against. For example you can actually run ./Configure
>> tru64-alpha-cc on your Linux computer. Running make would fail
>> miserably, but would it give you right to say "you're not allowed to
>> break the compile"?
> 
> Kinda agree. I image there could be many cases like you describe.

One word in the context, cross-compile.

> In this case, there's not "too many" or "too numerous". There's only
> one item of interest: -mx32.

And it might be one too many :-)

> When Configure ignores it,

But it doesn't, it does pass it down as additional flag to compiler...

> it results in a failed compile.

Well, Configure is deliberately liberal to allow all kinds of local
adaptations. Yes, you can screw things up [easily], but you've got to
appreciate the flexibility it provides. Suggestion seems to be to
classify flags as generic adaptations and ones that might affect choice
of platform. I'd say "no" to that. What one can discuss is to have
./config (not ./Configure) detect x32 environment and pass alternative
config line to ./Configure. That's how it worked so far and I see no
reason to change it by moving platform detection logic to ./Configure.


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

[noloa...@gmail.com via RT]

On Thu, Jun 23, 2016 at 6:18 AM, Jeffrey Walton  wrote:
> Here's a couple more ways things don't work as expected:
>
> # ./config CFLAGS="-mx32"
> Operating system: x86_64-whatever-linux2
> Configuring for linux-x86_64
> Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
> target already defined - linux-x86_64 (offending arg: CFLAGS=-mx32)
>
> # ./config -mx32
> Operating system: x86_64-whatever-linux2
> Configuring for linux-x86_64
> ...

Here's another interesting result. This one is significant because its
the that's often cited to side step "wrong platform" problems:

# CC="gcc -mx32" ./config
Operating system: x86_64-whatever-linux2
Configuring for linux-x86_64
Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
no-asan [default]  OPENSSL_NO_ASAN (skip dir)
...
no-zlib [default]
no-zlib-dynamic [default]
Configuring for linux-x86_64
CC=gcc -mx32
CFLAG =-Wall -O3 -pthread -m64 -DL_ENDIAN  -Wa,--noexecstack
SHARED_CFLAG  =-fPIC

PERL  =/usr/bin/perl
SIXTY_FOUR_BIT_LONG mode

Configured for linux-x86_64.


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

[noloa...@gmail.com via RT]

>> # ./config -mx32
>> Operating system: x86_64-whatever-linux2
>> Configuring for linux-x86_64
>>
>> Perhaps the second case should fail at configure just like the first
>> case. Upon failure, it would be nice to tell the user what to do:
>> "Please configure with ./Configure linux-x32"
>
> Well, there is a trade-off. Special cases are too numerous to cover them
> all, so question would be if this would be common and grave enough to
> guard against. For example you can actually run ./Configure
> tru64-alpha-cc on your Linux computer. Running make would fail
> miserably, but would it give you right to say "you're not allowed to
> break the compile"?

Kinda agree. I image there could be many cases like you describe.

In this case, there's not "too many" or "too numerous". There's only
one item of interest: -mx32. When Configure ignores it, it results in
a failed compile.

Jeff


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4585] some bugs in ver.1.0.2d (fix)

[石磊 via RT]

Hi,

Recently, I found some bugs in ver.1.0.2d.

DESCRIPTION

_

1. Line 122 in a_enum.c: return (0xL);
I think it should be "return -1;".


2. Line 149 in a_enum.c: if (BN_is_negative(bn))
I think it should be "if (BN_is_negative(bn) && !BN_is_zero(bn))".


3. Line 161 and line 164 in f_string.c:
sp = (unsigned char *)OPENSSL_malloc((unsigned int)num + i * 2);
sp = (unsigned char *)OPENSSL_realloc(s, (unsigned int)num + i * 2);

Allocation "num + i" is enough.


4. Function a2i_ASN1_STRING in f_string.c.
The processing of the contents containing "\\" is not correct.


5. Function a2i_ASN1_STRING in f_string.c.
There is a memory leak when the content like "1234567\\\r\n890".


6. Line 155 and line 158 in f_enum.c:
sp = (unsigned char *)OPENSSL_malloc((unsigned int)num + i * 2);
sp = (unsigned char *)OPENSSL_realloc(s, (unsigned int)num + i * 2);

Allocation "num + i" is enough.


7. Function a2i_ASN1_ENUMERATED in f_enum.c.
The processing of the contents containing "\\" is not correct.


8. Function a2i_ASN1_ENUMERATED in f_enum.c.
There is a memory leak when the content like "1234567\\\r\n890".


9. Line 169 and line 172 in f_int.c:
sp = (unsigned char *)OPENSSL_malloc((unsigned int)num + i * 2);
sp = sp = OPENSSL_realloc_clean(s, slen, num + i * 2);

Allocation "num + i" is enough.


10. Function a2i_ASN1_INTEGER in f_int.c.
The processing of the contents containing "\\" is not correct.


11. Function a2i_ASN1_INTEGER in f_int.c.
There is a memory leak when the content like "1234567\\\r\n890".


12. Line 226 in t1_ext.c:
exts->meths = OPENSSL_realloc(exts->meths, (exts->meths_count + 1) * 
sizeof(custom_ext_method));

There's a risk of memory leaks.


13. Line 896 in ssl_rsa.c:
ctx->cert->key->serverinfo = OPENSSL_realloc(ctx->cert->key->serverinfo, 
serverinfo_length);

There's a risk of memory leaks.


14. Line 979 in ssl_rsa.c:
serverinfo = OPENSSL_realloc(serverinfo, serverinfo_length + extension_length);

There's a risk of memory leaks.


15. Line 366 in openbsd_hw.c:
md_data->data = OPENSSL_realloc(md_data->data, md_data->len + len);

There's a risk of memory leaks.


16. Line 812 in eng_cryptodev.c:
state->mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count);

There's a risk of memory leaks.


17. Line 899 in b_sock.c: p = OPENSSL_realloc(p, nl);
There's a risk of memory leaks.


18. Line 724 in b_print.c: *buffer = OPENSSL_realloc(*buffer, *maxlen);
There's a risk of memory leaks.


19. Line 117 in engine.c: *buf = OPENSSL_realloc(*buf, *size);
There's a risk of memory leaks.



Thanks,

Shi Lei / Qihoo 360 Inc.




-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4585
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

[Andy Polyakov via RT]

> Fair enough, agreed.
> 
> But Configure ignored my instructions:
> 
> # ./config CFLAGS="-mx32"
> Operating system: x86_64-whatever-linux2
> Configuring for linux-x86_64
> Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
> target already defined - linux-x86_64 (offending arg: CFLAGS=-mx32)

Well, I don't think that you can complain about this one. Basically you
can't assume that ./config will [gracefully] handle whatever you might
think of. You probably meant to run 'CFLAGS=-mx32 ./config' and computer
didn't get what you wanted. But they never do, don't they? Computers
getting what you meant to do that is...

> And:
> 
> # ./config -mx32
> Operating system: x86_64-whatever-linux2
> Configuring for linux-x86_64
> 
> Perhaps the second case should fail at configure just like the first
> case. Upon failure, it would be nice to tell the user what to do:
> "Please configure with ./Configure linux-x32"

Well, there is a trade-off. Special cases are too numerous to cover them
all, so question would be if this would be common and grave enough to
guard against. For example you can actually run ./Configure
tru64-alpha-cc on your Linux computer. Running make would fail
miserably, but would it give you right to say "you're not allowed to
break the compile"?


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

[noloa...@gmail.com via RT]

On Thu, Jun 23, 2016 at 7:10 AM, Andy Polyakov via RT  wrote:
 A quick question about this configuration... Should Linux-x32 enable
 ec_nistp_64_gcc_128 by default? Does anything prohibit
 ec_nistp_64_gcc_128 in this configuration?

 # ./Configure linux-x32
 Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
 no-asan [default]  OPENSSL_NO_ASAN (skip dir)
 ...
 no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128 (skip 
 dir)
 ...

 I believe it meets the three criteria for ec_nistp_64_gcc_128.
>>>
>>> What are "the three criteria"? I mean I'm not really sure. Nor am I sure
>>> that they are perfect. I mean maybe they need some adjustment in x32
>>> context. To either allow or prevent erroneous compilation. Bottom line
>>> is that I don't actually know at this point...
>>
>> My bad... According to my notes, one can use ec_nistp_64_gcc_128 when
>> these three conditions are met:
>>
>>   * Little endian CPU
>>   * CPU allows unaligned data access
>>   * Compiler supports  __uint128_t
>
> Correct. But there still might be nuances. For example first two
> criteria were not actually formulated originally

Gotcha, thanks.


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

[Andy Polyakov via RT]

>>> A quick question about this configuration... Should Linux-x32 enable
>>> ec_nistp_64_gcc_128 by default? Does anything prohibit
>>> ec_nistp_64_gcc_128 in this configuration?
>>>
>>> # ./Configure linux-x32
>>> Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
>>> no-asan [default]  OPENSSL_NO_ASAN (skip dir)
>>> ...
>>> no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128 (skip 
>>> dir)
>>> ...
>>>
>>> I believe it meets the three criteria for ec_nistp_64_gcc_128.
>>
>> What are "the three criteria"? I mean I'm not really sure. Nor am I sure
>> that they are perfect. I mean maybe they need some adjustment in x32
>> context. To either allow or prevent erroneous compilation. Bottom line
>> is that I don't actually know at this point...
> 
> My bad... According to my notes, one can use ec_nistp_64_gcc_128 when
> these three conditions are met:
> 
>   * Little endian CPU
>   * CPU allows unaligned data access
>   * Compiler supports  __uint128_t

Correct. But there still might be nuances. For example first two
criteria were not actually formulated originally. Upon code submission
only __uint128_t requirement was explicitly formulated along with
statement that code was developed on x86_64 and therefore tested only on
x86_64. The first two criteria were kind of epiphany as result of
looking at a compiler warning and realizing that the piece of code in
question can possibly work only on little-endian system that tolerates
unaligned access. I.e. code was written under this assumption, but it
was not explicitly verbalized or maybe even recognized, presumably
because it appeared too obvious to original developer. Same in this
case, i.e. there *might* as well be some so-far-unverbalized assumption,
for example sizeof(long) being 8. Note "might", as I'm not actually
saying that there is. All I'm saying is that I don't know [at this point].


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4584] Self test failures under X32

[noloa...@gmail.com via RT]

I'm working on a Debian X32 system (http://wiki.debian.org/X32Port),
and working from HEAD:

# git rev-parse HEAD
b58614d7f5f98571b2c0bb2fb3df48f4b48a7e92

Running 'make test' under a machine configured with './Configure
linux-x32  enable-ec_nistp_64_gcc_128' results in two failed self
tests:

make[1]: Leaving directory '/openssl'
( cd test; \
  SRCTOP=../. \
  BLDTOP=../. \
  PERL="perl" \
  EXE_EXT= \
  OPENSSL_ENGINES=.././engines \
perl .././test/run_tests.pl  )
../test/recipes/01-test_abort.t  ok
../test/recipes/01-test_ordinals.t . ok
../test/recipes/01-test_symbol_presence.t .. ok
../test/recipes/05-test_bf.t ... ok
../test/recipes/05-test_cast.t . ok
../test/recipes/05-test_des.t .. ok
../test/recipes/05-test_hmac.t . ok
../test/recipes/05-test_idea.t . ok
../test/recipes/05-test_md2.t .. skipped: md2 is not
supported by this OpenSSL build
../test/recipes/05-test_md4.t .. ok
../test/recipes/05-test_md5.t .. ok
../test/recipes/05-test_mdc2.t . ok
../test/recipes/05-test_rand.t . ok
../test/recipes/05-test_rc2.t .. ok
../test/recipes/05-test_rc4.t .. ok
../test/recipes/05-test_rc5.t .. skipped: rc5 is not
supported by this OpenSSL build
../test/recipes/05-test_rmd.t .. ok
../test/recipes/05-test_sha1.t . ok
../test/recipes/05-test_sha256.t ... ok
../test/recipes/05-test_sha512.t ... ok
../test/recipes/05-test_wp.t ... ok
../test/recipes/10-test_bn.t ... ok
../test/recipes/10-test_exp.t .. ok
../test/recipes/15-test_dh.t ... ok
../test/recipes/15-test_dsa.t .. ok
../test/recipes/15-test_ec.t ... ok
../test/recipes/15-test_ecdh.t . ok
../test/recipes/15-test_ecdsa.t  ok
../test/recipes/15-test_rsa.t .. ok
../test/recipes/20-test_enc.t .. ok
../test/recipes/25-test_crl.t .. ok
../test/recipes/25-test_d2i.t .. ok
../test/recipes/25-test_pkcs7.t  ok
../test/recipes/25-test_req.t .. ok
../test/recipes/25-test_sid.t .. ok
../test/recipes/25-test_verify.t ... ok
../test/recipes/25-test_x509.t . ok
../test/recipes/30-test_afalg.t  1/1
#   Failed test 'running afalgtest'
#   at ../test/recipes/30-test_afalg.t line 23.
# Looks like you failed 1 test of 1.
../test/recipes/30-test_afalg.t  Dubious, test returned 1
(wstat 256, 0x100)
Failed 1/1 subtests
../test/recipes/30-test_engine.t ... ok
../test/recipes/30-test_evp.t .. ok
../test/recipes/30-test_evp_extra.t  ok
../test/recipes/30-test_pbelu.t  ok
../test/recipes/40-test_rehash.t ... 1/5
#   Failed test 'Testing that we aren't running as a privileged user,
such as root'
#   at ../test/recipes/40-test_rehash.t line 49.
# Looks like you failed 1 test of 5.
../test/recipes/40-test_rehash.t ... Dubious, test returned 1
(wstat 256, 0x100)
Failed 1/5 subtests
 (less 1 skipped subtest: 3 okay)
../test/recipes/70-test_asyncio.t .. ok
../test/recipes/70-test_clienthello.t .. ok
../test/recipes/70-test_packet.t ... ok
../test/recipes/70-test_sslcertstatus.t  ok
../test/recipes/70-test_sslextension.t . ok
../test/recipes/70-test_sslrecords.t ... ok
../test/recipes/70-test_sslsessiontick.t ... ok
../test/recipes/70-test_sslskewith0p.t . ok
../test/recipes/70-test_sslvertol.t  ok
../test/recipes/70-test_tlsextms.t . ok
../test/recipes/70-test_verify_extra.t . ok
../test/recipes/80-test_ca.t ... ok
../test/recipes/80-test_cipherlist.t ... ok
../test/recipes/80-test_cms.t .. ok
../test/recipes/80-test_ct.t ... ok
../test/recipes/80-test_dane.t . ok
../test/recipes/80-test_dtlsv1listen.t . ok
../test/recipes/80-test_ocsp.t . ok
../test/recipes/80-test_ssl_new.t .. ok
../test/recipes/80-test_ssl_old.t .. ok
../test/recipes/80-test_ssl_test_ctx.t . ok
../test/recipes/80-test_tsa.t .. ok
../test/recipes/80-test_x509aux.t .. ok
../test/recipes/90-test_async.t  ok
../test/recipes/90-test_bioprint.t . ok
../test/recipes/90-test_constant_time.t  ok
../test/recipes/90-test_gmdiff.t ... ok
../test/recipes/90-test_heartbeat.t  skipped: heartbeats is
not supported by this OpenSSL build
../test/recipes/90-test_ige.t .. ok
../test/recipes/90-test_memleak.t .. ok
../test/recipes/90-test_np.t ... ok
../test/recipes/90-test_p5_crpt2.t . ok
../test/recipes/90-test_secmem.t ... ok
../test/recipes/90-test_srp.t .. ok
../test/recipes/90-test_sslapi.t ... ok
../test/recipes/90-test_threads.t .. ok

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

[noloa...@gmail.com via RT]

On Thu, Jun 23, 2016 at 6:52 AM, Andy Polyakov via RT  wrote:
>> A quick question about this configuration... Should Linux-x32 enable
>> ec_nistp_64_gcc_128 by default? Does anything prohibit
>> ec_nistp_64_gcc_128 in this configuration?
>>
>> # ./Configure linux-x32
>> Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
>> no-asan [default]  OPENSSL_NO_ASAN (skip dir)
>> ...
>> no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128 (skip 
>> dir)
>> ...
>>
>> I believe it meets the three criteria for ec_nistp_64_gcc_128.
>
> What are "the three criteria"? I mean I'm not really sure. Nor am I sure
> that they are perfect. I mean maybe they need some adjustment in x32
> context. To either allow or prevent erroneous compilation. Bottom line
> is that I don't actually know at this point...

My bad... According to my notes, one can use ec_nistp_64_gcc_128 when
these three conditions are met:

  * Little endian CPU
  * CPU allows unaligned data access
  * Compiler supports  __uint128_t

Jeff


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

[Andy Polyakov via RT]

> A quick question about this configuration... Should Linux-x32 enable
> ec_nistp_64_gcc_128 by default? Does anything prohibit
> ec_nistp_64_gcc_128 in this configuration?
> 
> # ./Configure linux-x32
> Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
> no-asan [default]  OPENSSL_NO_ASAN (skip dir)
> ...
> no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128 (skip 
> dir)
> ...
> 
> I believe it meets the three criteria for ec_nistp_64_gcc_128.

What are "the three criteria"? I mean I'm not really sure. Nor am I sure
that they are perfect. I mean maybe they need some adjustment in x32
context. To either allow or prevent erroneous compilation. Bottom line
is that I don't actually know at this point...


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

[noloa...@gmail.com via RT]

On Thu, Jun 23, 2016 at 6:44 AM, Andy Polyakov via RT  wrote:
>> you're not allowed to break the compile, regardless of whether there's
>> a proper "X32" kernel.
>
> I don't understand what do you mean by "break the compile". I'd say it's
> the kind of thing that lies on both parties. We are responsible for
> providing code and config lines, but you have responsibilities too, you
> are responsible for providing sane compiler environment. For example if
> there is a system header file missing on target system [or another
> standard header file attempts to include non-existing system header
> file], there is nothing we can do. There either is a package missing,
> not installed, or vendor screwed up packaging...

Fair enough, agreed.

But Configure ignored my instructions:

# ./config CFLAGS="-mx32"
Operating system: x86_64-whatever-linux2
Configuring for linux-x86_64
Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
target already defined - linux-x86_64 (offending arg: CFLAGS=-mx32)

And:

# ./config -mx32
Operating system: x86_64-whatever-linux2
Configuring for linux-x86_64

Perhaps the second case should fail at configure just like the first
case. Upon failure, it would be nice to tell the user what to do:
"Please configure with ./Configure linux-x32"

Jeff


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

[noloa...@gmail.com via RT]

On Thu, Jun 23, 2016 at 6:31 AM, Andy Polyakov via RT  wrote:
>>> Here's a couple more ways things don't work as expected:
>>>
>>> # ./config CFLAGS="-mx32"
>>> Operating system: x86_64-whatever-linux2
>>> Configuring for linux-x86_64
>>> Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
>>> target already defined - linux-x86_64 (offending arg: CFLAGS=-mx32)
>>>
>>> # ./config -mx32
>>> Operating system: x86_64-whatever-linux2
>>> Configuring for linux-x86_64
>>> ...
>>
>> There is linux-x32 config line, use that instead.
>
> It naturally means that using linux-x86_64 config with -mx32 option is
> not supported. Or in other words if there are problems with that,
> questions won't be answered. I.e. *do* use linux-x32 for x32 build.

A quick question about this configuration... Should Linux-x32 enable
ec_nistp_64_gcc_128 by default? Does anything prohibit
ec_nistp_64_gcc_128 in this configuration?

# ./Configure linux-x32
Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
no-asan [default]  OPENSSL_NO_ASAN (skip dir)
...
no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)
...

I believe it meets the three criteria for ec_nistp_64_gcc_128.

 Jeff


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

[Andy Polyakov via RT]

> you're not allowed to break the compile, regardless of whether there's
> a proper "X32" kernel.

I don't understand what do you mean by "break the compile". I'd say it's
the kind of thing that lies on both parties. We are responsible for
providing code and config lines, but you have responsibilities too, you
are responsible for providing sane compiler environment. For example if
there is a system header file missing on target system [or another
standard header file attempts to include non-existing system header
file], there is nothing we can do. There either is a package missing,
not installed, or vendor screwed up packaging...

As suggested, start by ./Configure linux-x32...




-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

[noloa...@gmail.com via RT]

On Thu, Jun 23, 2016 at 6:25 AM, Andy Polyakov via RT  wrote:
>> Here's a couple more ways things don't work as expected:
>>
>> # ./config CFLAGS="-mx32"
>> Operating system: x86_64-whatever-linux2
>> Configuring for linux-x86_64
>> Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
>> target already defined - linux-x86_64 (offending arg: CFLAGS=-mx32)
>>
>> # ./config -mx32
>> Operating system: x86_64-whatever-linux2
>> Configuring for linux-x86_64
>> ...
>
> There is linux-x32 config line, use that instead. The only question is
> *if* x32 should be auto-detected and in such case how. You mentioned
> that uname returns x86_64. Of course it does, there is no x32 kernel,
> x32 is pure user-land thing. Well, "pure" is overstatement because it
> does require certain kernel support, but it's an add-on support for
> plain 64-bit kernel. Most 64-bit Linux installations can execute x32
> binaries (statically linked if there are no corresponding dynamic
> libraries) and x32 installations can execute 64-bit binaries (statically
> linked if there are no corresponding dynamic libraries).

Yeah, I'm less concerned about the mis-detection. As strange as it
sounds, you are free to mis-detect as much as you'd like. BUT...
you're not allowed to break the compile, regardless of whether there's
a proper "X32" kernel.

In my mind's eye, things either "just work" or they have issues. This
is falling on the "has issues" side of the line.


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

[Andy Polyakov via RT]

>> Here's a couple more ways things don't work as expected:
>>
>> # ./config CFLAGS="-mx32"
>> Operating system: x86_64-whatever-linux2
>> Configuring for linux-x86_64
>> Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
>> target already defined - linux-x86_64 (offending arg: CFLAGS=-mx32)
>>
>> # ./config -mx32
>> Operating system: x86_64-whatever-linux2
>> Configuring for linux-x86_64
>> ...
> 
> There is linux-x32 config line, use that instead.

It naturally means that using linux-x86_64 config with -mx32 option is
not supported. Or in other words if there are problems with that,
questions won't be answered. I.e. *do* use linux-x32 for x32 build.


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

[Andy Polyakov via RT]

> Here's a couple more ways things don't work as expected:
> 
> # ./config CFLAGS="-mx32"
> Operating system: x86_64-whatever-linux2
> Configuring for linux-x86_64
> Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
> target already defined - linux-x86_64 (offending arg: CFLAGS=-mx32)
> 
> # ./config -mx32
> Operating system: x86_64-whatever-linux2
> Configuring for linux-x86_64
> ...

There is linux-x32 config line, use that instead. The only question is
*if* x32 should be auto-detected and in such case how. You mentioned
that uname returns x86_64. Of course it does, there is no x32 kernel,
x32 is pure user-land thing. Well, "pure" is overstatement because it
does require certain kernel support, but it's an add-on support for
plain 64-bit kernel. Most 64-bit Linux installations can execute x32
binaries (statically linked if there are no corresponding dynamic
libraries) and x32 installations can execute 64-bit binaries (statically
linked if there are no corresponding dynamic libraries).



-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

[noloa...@gmail.com via RT]

Here's a couple more ways things don't work as expected:

# ./config CFLAGS="-mx32"
Operating system: x86_64-whatever-linux2
Configuring for linux-x86_64
Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
target already defined - linux-x86_64 (offending arg: CFLAGS=-mx32)

# ./config -mx32
Operating system: x86_64-whatever-linux2
Configuring for linux-x86_64
...

> -
> I'm working on a Debian X32 system (http://wiki.debian.org/X32Port),
> and working from HEAD:
>
> # git rev-parse HEAD
> b58614d7f5f98571b2c0bb2fb3df48f4b48a7e92
>
> It appears Configure is mis-detecting the platform, and it results in
> a compile failure:
>
> make
> ...
> gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS
> -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2
> -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m
> -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM
> -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM
> -DOPENSSLDIR="\"/usr/local/ssl\""
> -DENGINESDIR="\"/usr/local/lib/engines\"" -Wall -O3 -pthread -m64
> -DL_ENDIAN  -Wa,--noexecstack -fPIC -Iinclude -I. -Icrypto/include
> -MMD -MF crypto/aes/aes_ecb.d.tmp -MT crypto/aes/aes_ecb.o -c -o
> crypto/aes/aes_ecb.o crypto/aes/aes_ecb.c
> In file included from /usr/include/assert.h:35:0,
>  from crypto/aes/aes_ecb.c:10:
> /usr/include/features.h:361:25: fatal error: sys/cdefs.h: No such file
> or directory
> compilation terminated.
> Makefile:728: recipe for target 'crypto/aes/aes_ecb.o' failed
> make: *** [crypto/aes/aes_ecb.o] Error 1
>
> **
>
> # ./config
> Operating system: x86_64-whatever-linux2
> Configuring for linux-x86_64
> Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
> no-asan [default]  OPENSSL_NO_ASAN (skip dir)
> no-crypto-mdebug [default]  OPENSSL_NO_CRYPTO_MDEBUG (skip dir)
> no-crypto-mdebug-backtrace [default]
> OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE (skip dir)
> no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128 (skip 
> dir)
> no-egd  [default]  OPENSSL_NO_EGD (skip dir)
> no-fuzz-afl [default]  OPENSSL_NO_FUZZ_AFL (skip dir)
> no-fuzz-libfuzzer [default]  OPENSSL_NO_FUZZ_LIBFUZZER (skip dir)
> no-heartbeats   [default]  OPENSSL_NO_HEARTBEATS (skip dir)
> no-md2  [default]  OPENSSL_NO_MD2 (skip dir)
> no-rc5  [default]  OPENSSL_NO_RC5 (skip dir)
> no-sctp [default]  OPENSSL_NO_SCTP (skip dir)
> no-ssl-trace[default]  OPENSSL_NO_SSL_TRACE (skip dir)
> no-ssl3 [default]  OPENSSL_NO_SSL3 (skip dir)
> no-ssl3-method  [default]  OPENSSL_NO_SSL3_METHOD (skip dir)
> no-ubsan[default]  OPENSSL_NO_UBSAN (skip dir)
> no-unit-test[default]  OPENSSL_NO_UNIT_TEST (skip dir)
> no-weak-ssl-ciphers [default]  OPENSSL_NO_WEAK_SSL_CIPHERS (skip dir)
> no-zlib [default]
> no-zlib-dynamic [default]
> Configuring for linux-x86_64
> CC=gcc
> CFLAG =-Wall -O3 -pthread -m64 -DL_ENDIAN  -Wa,--noexecstack
> SHARED_CFLAG  =-fPIC
> DEFINES   =DSO_DLFCN HAVE_DLFCN_H NDEBUG OPENSSL_THREADS
> OPENSSL_NO_STATIC_ENGINE OPENSSL_PIC OPENSSL_IA32_SSE2
> OPENSSL_BN_ASM_MONT OPENSSL_BN_ASM_MONT5 OPENSSL_BN_ASM_GF2m SHA1_ASM
> SHA256_ASM SHA512_ASM MD5_ASM AES_ASM VPAES_ASM BSAES_ASM GHASH_ASM
> ECP_NISTZ256_ASM POLY1305_ASM
> LFLAG =
> PLIB_LFLAG=
> EX_LIBS   =-ldl
> APPS_OBJ  =
> CPUID_OBJ =x86_64cpuid.o
> UPLINK_OBJ=
> BN_ASM=asm/x86_64-gcc.o x86_64-mont.o x86_64-mont5.o
> x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o
> EC_ASM=ecp_nistz256.o ecp_nistz256-x86_64.o
> DES_ENC   =des_enc.o fcrypt_b.o
> AES_ENC   =aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o
> aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o
> aesni-mb-x86_64.o
> BF_ENC=bf_enc.o
> CAST_ENC  =c_enc.o
> RC4_ENC   =rc4-x86_64.o rc4-md5-x86_64.o
> RC5_ENC   =rc5_enc.o
> MD5_OBJ_ASM   =md5-x86_64.o
> SHA1_OBJ_ASM  =sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o
> sha1-mb-x86_64.o sha256-mb-x86_64.o
> RMD160_OBJ_ASM=
> CMLL_ENC  =cmll-x86_64.o cmll_misc.o
> MODES_OBJ =ghash-x86_64.o aesni-gcm-x86_64.o
> PADLOCK_OBJ   =e_padlock-x86_64.o
> CHACHA_ENC=chacha-x86_64.o
> POLY1305_OBJ  =poly1305-x86_64.o
> BLAKE2_OBJ=
> PROCESSOR =
> RANLIB=ranlib
> ARFLAGS   =
> PERL  =/usr/bin/perl
> SIXTY_FOUR_BIT_LONG mode
> Configured for linux-x86_64.


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

[noloa...@gmail.com via RT]

As far as I know, these are the two ways to detect the platform
because `uname` only provides x86_64/amd64 on some platforms:

# gcc -dM -E -  -
> I'm working on a Debian X32 system (http://wiki.debian.org/X32Port),
> and working from HEAD:
>
> # git rev-parse HEAD
> b58614d7f5f98571b2c0bb2fb3df48f4b48a7e92
>
> It appears Configure is mis-detecting the platform, and it results in
> a compile failure:
>
> make
> ...
> gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS
> -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2
> -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m
> -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM
> -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM
> -DOPENSSLDIR="\"/usr/local/ssl\""
> -DENGINESDIR="\"/usr/local/lib/engines\"" -Wall -O3 -pthread -m64
> -DL_ENDIAN  -Wa,--noexecstack -fPIC -Iinclude -I. -Icrypto/include
> -MMD -MF crypto/aes/aes_ecb.d.tmp -MT crypto/aes/aes_ecb.o -c -o
> crypto/aes/aes_ecb.o crypto/aes/aes_ecb.c
> In file included from /usr/include/assert.h:35:0,
>  from crypto/aes/aes_ecb.c:10:
> /usr/include/features.h:361:25: fatal error: sys/cdefs.h: No such file
> or directory
> compilation terminated.
> Makefile:728: recipe for target 'crypto/aes/aes_ecb.o' failed
> make: *** [crypto/aes/aes_ecb.o] Error 1
>
> **
>
> # ./config
> Operating system: x86_64-whatever-linux2
> Configuring for linux-x86_64
> Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
> no-asan [default]  OPENSSL_NO_ASAN (skip dir)
> no-crypto-mdebug [default]  OPENSSL_NO_CRYPTO_MDEBUG (skip dir)
> no-crypto-mdebug-backtrace [default]
> OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE (skip dir)
> no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128 (skip 
> dir)
> no-egd  [default]  OPENSSL_NO_EGD (skip dir)
> no-fuzz-afl [default]  OPENSSL_NO_FUZZ_AFL (skip dir)
> no-fuzz-libfuzzer [default]  OPENSSL_NO_FUZZ_LIBFUZZER (skip dir)
> no-heartbeats   [default]  OPENSSL_NO_HEARTBEATS (skip dir)
> no-md2  [default]  OPENSSL_NO_MD2 (skip dir)
> no-rc5  [default]  OPENSSL_NO_RC5 (skip dir)
> no-sctp [default]  OPENSSL_NO_SCTP (skip dir)
> no-ssl-trace[default]  OPENSSL_NO_SSL_TRACE (skip dir)
> no-ssl3 [default]  OPENSSL_NO_SSL3 (skip dir)
> no-ssl3-method  [default]  OPENSSL_NO_SSL3_METHOD (skip dir)
> no-ubsan[default]  OPENSSL_NO_UBSAN (skip dir)
> no-unit-test[default]  OPENSSL_NO_UNIT_TEST (skip dir)
> no-weak-ssl-ciphers [default]  OPENSSL_NO_WEAK_SSL_CIPHERS (skip dir)
> no-zlib [default]
> no-zlib-dynamic [default]
> Configuring for linux-x86_64
> CC=gcc
> CFLAG =-Wall -O3 -pthread -m64 -DL_ENDIAN  -Wa,--noexecstack
> SHARED_CFLAG  =-fPIC
> DEFINES   =DSO_DLFCN HAVE_DLFCN_H NDEBUG OPENSSL_THREADS
> OPENSSL_NO_STATIC_ENGINE OPENSSL_PIC OPENSSL_IA32_SSE2
> OPENSSL_BN_ASM_MONT OPENSSL_BN_ASM_MONT5 OPENSSL_BN_ASM_GF2m SHA1_ASM
> SHA256_ASM SHA512_ASM MD5_ASM AES_ASM VPAES_ASM BSAES_ASM GHASH_ASM
> ECP_NISTZ256_ASM POLY1305_ASM
> LFLAG =
> PLIB_LFLAG=
> EX_LIBS   =-ldl
> APPS_OBJ  =
> CPUID_OBJ =x86_64cpuid.o
> UPLINK_OBJ=
> BN_ASM=asm/x86_64-gcc.o x86_64-mont.o x86_64-mont5.o
> x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o
> EC_ASM=ecp_nistz256.o ecp_nistz256-x86_64.o
> DES_ENC   =des_enc.o fcrypt_b.o
> AES_ENC   =aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o
> aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o
> aesni-mb-x86_64.o
> BF_ENC=bf_enc.o
> CAST_ENC  =c_enc.o
> RC4_ENC   =rc4-x86_64.o rc4-md5-x86_64.o
> RC5_ENC   =rc5_enc.o
> MD5_OBJ_ASM   =md5-x86_64.o
> SHA1_OBJ_ASM  =sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o
> sha1-mb-x86_64.o sha256-mb-x86_64.o
> RMD160_OBJ_ASM=
> CMLL_ENC  =cmll-x86_64.o cmll_misc.o
> MODES_OBJ =ghash-x86_64.o aesni-gcm-x86_64.o
> PADLOCK_OBJ   =e_padlock-x86_64.o
> CHACHA_ENC=chacha-x86_64.o
> POLY1305_OBJ  =poly1305-x86_64.o
> BLAKE2_OBJ=
> PROCESSOR =
> RANLIB=ranlib
> ARFLAGS   =
> PERL  =/usr/bin/perl
> SIXTY_FOUR_BIT_LONG mode
> Configured for linux-x86_64.
>
>
>
> -
> http://rt.openssl.org/Ticket/Display.html?id=4583=guest=guest


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4583] Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"

[noloa...@gmail.com via RT]

I'm working on a Debian X32 system (http://wiki.debian.org/X32Port),
and working from HEAD:

# git rev-parse HEAD
b58614d7f5f98571b2c0bb2fb3df48f4b48a7e92

It appears Configure is mis-detecting the platform, and it results in
a compile failure:

make
...
gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m
-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM
-DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM
-DOPENSSLDIR="\"/usr/local/ssl\""
-DENGINESDIR="\"/usr/local/lib/engines\"" -Wall -O3 -pthread -m64
-DL_ENDIAN  -Wa,--noexecstack -fPIC -Iinclude -I. -Icrypto/include
-MMD -MF crypto/aes/aes_ecb.d.tmp -MT crypto/aes/aes_ecb.o -c -o
crypto/aes/aes_ecb.o crypto/aes/aes_ecb.c
In file included from /usr/include/assert.h:35:0,
 from crypto/aes/aes_ecb.c:10:
/usr/include/features.h:361:25: fatal error: sys/cdefs.h: No such file
or directory
compilation terminated.
Makefile:728: recipe for target 'crypto/aes/aes_ecb.o' failed
make: *** [crypto/aes/aes_ecb.o] Error 1

**

# ./config
Operating system: x86_64-whatever-linux2
Configuring for linux-x86_64
Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
no-asan [default]  OPENSSL_NO_ASAN (skip dir)
no-crypto-mdebug [default]  OPENSSL_NO_CRYPTO_MDEBUG (skip dir)
no-crypto-mdebug-backtrace [default]
OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE (skip dir)
no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)
no-egd  [default]  OPENSSL_NO_EGD (skip dir)
no-fuzz-afl [default]  OPENSSL_NO_FUZZ_AFL (skip dir)
no-fuzz-libfuzzer [default]  OPENSSL_NO_FUZZ_LIBFUZZER (skip dir)
no-heartbeats   [default]  OPENSSL_NO_HEARTBEATS (skip dir)
no-md2  [default]  OPENSSL_NO_MD2 (skip dir)
no-rc5  [default]  OPENSSL_NO_RC5 (skip dir)
no-sctp [default]  OPENSSL_NO_SCTP (skip dir)
no-ssl-trace[default]  OPENSSL_NO_SSL_TRACE (skip dir)
no-ssl3 [default]  OPENSSL_NO_SSL3 (skip dir)
no-ssl3-method  [default]  OPENSSL_NO_SSL3_METHOD (skip dir)
no-ubsan[default]  OPENSSL_NO_UBSAN (skip dir)
no-unit-test[default]  OPENSSL_NO_UNIT_TEST (skip dir)
no-weak-ssl-ciphers [default]  OPENSSL_NO_WEAK_SSL_CIPHERS (skip dir)
no-zlib [default]
no-zlib-dynamic [default]
Configuring for linux-x86_64
CC=gcc
CFLAG =-Wall -O3 -pthread -m64 -DL_ENDIAN  -Wa,--noexecstack
SHARED_CFLAG  =-fPIC
DEFINES   =DSO_DLFCN HAVE_DLFCN_H NDEBUG OPENSSL_THREADS
OPENSSL_NO_STATIC_ENGINE OPENSSL_PIC OPENSSL_IA32_SSE2
OPENSSL_BN_ASM_MONT OPENSSL_BN_ASM_MONT5 OPENSSL_BN_ASM_GF2m SHA1_ASM
SHA256_ASM SHA512_ASM MD5_ASM AES_ASM VPAES_ASM BSAES_ASM GHASH_ASM
ECP_NISTZ256_ASM POLY1305_ASM
LFLAG =
PLIB_LFLAG=
EX_LIBS   =-ldl
APPS_OBJ  =
CPUID_OBJ =x86_64cpuid.o
UPLINK_OBJ=
BN_ASM=asm/x86_64-gcc.o x86_64-mont.o x86_64-mont5.o
x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o
EC_ASM=ecp_nistz256.o ecp_nistz256-x86_64.o
DES_ENC   =des_enc.o fcrypt_b.o
AES_ENC   =aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o
aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o
aesni-mb-x86_64.o
BF_ENC=bf_enc.o
CAST_ENC  =c_enc.o
RC4_ENC   =rc4-x86_64.o rc4-md5-x86_64.o
RC5_ENC   =rc5_enc.o
MD5_OBJ_ASM   =md5-x86_64.o
SHA1_OBJ_ASM  =sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o
sha1-mb-x86_64.o sha256-mb-x86_64.o
RMD160_OBJ_ASM=
CMLL_ENC  =cmll-x86_64.o cmll_misc.o
MODES_OBJ =ghash-x86_64.o aesni-gcm-x86_64.o
PADLOCK_OBJ   =e_padlock-x86_64.o
CHACHA_ENC=chacha-x86_64.o
POLY1305_OBJ  =poly1305-x86_64.o
BLAKE2_OBJ=
PROCESSOR =
RANLIB=ranlib
ARFLAGS   =
PERL  =/usr/bin/perl
SIXTY_FOUR_BIT_LONG mode
Configured for linux-x86_64.


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev