Re: [openssl-dev] Bugs fixed in one place but not another
> In general, I noticed that OpenSSL and LibreSSL don't seem to pay attention > to the bugs that are fixed in BoringSSL and *ring*. See, for > example: We don't have the time to follow other forks, basically. I don't see that changing. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Bugs fixed in one place but not another
Salz, Richwrote: >> Sometimes I report bugs and/or fix bugs which get fixed in [1] and/or [2]. >> Please make sure you consider the impact of those changes on your own >> projects. > > Not sure what you're asking for. In general, I noticed that OpenSSL and LibreSSL don't seem to pay attention to the bugs that are fixed in BoringSSL and *ring*. See, for example: * https://boringssl.googlesource.com/boringssl/+/95b97693403d5c8f09b2870ad9a6d7d198246da4%5E!/ * https://boringssl.googlesource.com/boringssl/+/75b833cc819a9d189adb0fdd56327bee600ff9e9 * https://boringssl.googlesource.com/boringssl/+/44bedc348d9491e63c7ed1438db100a4b8a830be I think it would be a good idea for OpenSSL and LibreSSL to fix the bugs too. Cheers, Brian -- https://briansmith.org/ -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Bugs fixed in one place but not another
> Sometimes I report bugs and/or fix bugs which get fixed in [1] and/or [2]. > Please make sure you consider the impact of those changes on your own > projects. Not sure what you're asking for. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] Bugs fixed in one place but not another
Hi, Sometimes I report bugs and/or fix bugs which get fixed in [1] and/or [2]. Please make sure you consider the impact of those changes on your own projects. [1] https://boringssl.googlesource.com/boringssl/+log/ [2] https://github.com/briansmith/ring Cheers, Brian -- https://briansmith.org/ -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4586] RSA_memory_lock ?
The RSA_memory_lock (crypto/rsa/rsa_lib.c) call isn't mentioned in the documentation. It also isn't called from anywhere inside OpenSSL. The rsa.h header file says: | /* This function needs the memory locking malloc callbacks to be installed */ | int RSA_memory_lock(RSA *r); The problem being that this routine calls OPENSSL_malloc - i.e. no locking. So either the call needs to be updated to call CRYPTO_secure_malloc or it could be a candidate for dead code removal. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4586 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3499] Bug: Multiple matching certificates in CAfile
Fixed; see RT 3359 per Steve. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3499 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3921] [PATCH] Fix const-correctness issues of new ECDSA_METHOD api
This API is gone. Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3921 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3980] [PATCH] Fix BIO_get_accept_socket so that "port-only" input works on FreeBSD
https://github.com/openssl/openssl/pull/359 Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3980 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4432] [BUG] Building with "no-des" fails at crypto/cms/cms_kari.c
https://github.com/openssl/openssl/pull/872 Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4432 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4308] Add Postgres support to -starttls
https://github.com/openssl/openssl/pull/683 Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4308 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4175] Add new macro or PKCS7 flag to disable the check for both data and content
fixed some time ago., -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4175 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4121] avoid configuring openssl twice
https://github.com/openssl/openssl/pull/466 Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4121 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4108] Set TLS ticket keys API
: https://github.com/openssl/openssl/pull/452 Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4108 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4038] SSLv2 session reuse is broken on the 1.0.2 branch
https://github.com/openssl/openssl/pull/395 Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4038 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3986] [PATCH] Implement HKDF algorithm (RFC 5869)
https://github.com/openssl/openssl/pull/355 Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3986 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3709] [PATCH] Constness in SSL_CTX_set_srp_username and SSL_CTX_set_srp_password functions
https://github.com/openssl/openssl/pull/227 Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3709 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3616] [Patch] Implement option to disable sending TLS extensions
https://github.com/openssl/openssl/pull/215 Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3616 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3533] [PATCH] Ensures that EVP encryption & decryption operations check the encrypt flag on the context.
https://github.com/openssl/openssl/pull/172 Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3533 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3305] Cppcheck report
https://github.com/openssl/openssl/pull/139 Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3305 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #2698] [PATCH] Allow the use of startdate and enddate for ca -gencrl command
This duplicates https://github.com/openssl/openssl/pull/258 so closing the ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2698 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #2894] [Bug] openssl crl -nameopt has no effect
This was implemented some time ago (not sure who). The nmflag variable is used in name_print in apps/crl.c Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2894 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #2867] des_ede3_cfb1_cipher(): output cropping
fixed with commit fe2d149 in master. Not backported, code has changed. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2867 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"
A quick question about this configuration... Should Linux-x32 enable ec_nistp_64_gcc_128 by default? Does anything prohibit ec_nistp_64_gcc_128 in this configuration? # ./Configure linux-x32 Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L) no-asan [default] OPENSSL_NO_ASAN (skip dir) ... no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir) ... I believe it meets the three criteria for ec_nistp_64_gcc_128. >>> >> * Little endian CPU >> * CPU allows unaligned data access >> * Compiler supports __uint128_t > > Correct. But there still might be nuances. ... > ... there *might* as well be some so-far-unverbalized assumption, > for example sizeof(long) being 8. Note "might", as I'm not actually > saying that there is. All I'm saying is that I don't know [at this point]. It should work with linux-x32 and apparently does based on your report in RT#4584. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"
> ... What one can discuss is to have > ./config (not ./Configure) detect x32 environment and pass alternative > config line to ./Configure. That's how it worked so far and I see no > reason to change it by moving platform detection logic to ./Configure. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583 Please log in as guest with password guest if prompted diff --git a/config b/config index 2e02ae3..1fef03e 100755 --- a/config +++ b/config @@ -640,7 +640,12 @@ case "$GUESSOS" in #fi OUT="linux64-s390x" ;; - x86_64-*-linux?) OUT="linux-x86_64" ;; + x86_64-*-linux?) + if $CC -dM -E -x c /dev/null 2>&1 | grep -q ILP32 > /dev/null; then + OUT="linux-x32" + else + OUT="linux-x86_64" + fi ;; *86-*-linux2) OUT="linux-elf" if [ "$GCCVER" -gt 28 ]; then if grep '^model.*Pentium' /proc/cpuinfo >/dev/null ; then -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"
>>> # ./config -mx32 >>> Operating system: x86_64-whatever-linux2 >>> Configuring for linux-x86_64 >>> >>> Perhaps the second case should fail at configure just like the first >>> case. Upon failure, it would be nice to tell the user what to do: >>> "Please configure with ./Configure linux-x32" >> >> Well, there is a trade-off. Special cases are too numerous to cover them >> all, so question would be if this would be common and grave enough to >> guard against. For example you can actually run ./Configure >> tru64-alpha-cc on your Linux computer. Running make would fail >> miserably, but would it give you right to say "you're not allowed to >> break the compile"? > > Kinda agree. I image there could be many cases like you describe. One word in the context, cross-compile. > In this case, there's not "too many" or "too numerous". There's only > one item of interest: -mx32. And it might be one too many :-) > When Configure ignores it, But it doesn't, it does pass it down as additional flag to compiler... > it results in a failed compile. Well, Configure is deliberately liberal to allow all kinds of local adaptations. Yes, you can screw things up [easily], but you've got to appreciate the flexibility it provides. Suggestion seems to be to classify flags as generic adaptations and ones that might affect choice of platform. I'd say "no" to that. What one can discuss is to have ./config (not ./Configure) detect x32 environment and pass alternative config line to ./Configure. That's how it worked so far and I see no reason to change it by moving platform detection logic to ./Configure. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"
On Thu, Jun 23, 2016 at 6:18 AM, Jeffrey Waltonwrote: > Here's a couple more ways things don't work as expected: > > # ./config CFLAGS="-mx32" > Operating system: x86_64-whatever-linux2 > Configuring for linux-x86_64 > Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L) > target already defined - linux-x86_64 (offending arg: CFLAGS=-mx32) > > # ./config -mx32 > Operating system: x86_64-whatever-linux2 > Configuring for linux-x86_64 > ... Here's another interesting result. This one is significant because its the that's often cited to side step "wrong platform" problems: # CC="gcc -mx32" ./config Operating system: x86_64-whatever-linux2 Configuring for linux-x86_64 Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L) no-asan [default] OPENSSL_NO_ASAN (skip dir) ... no-zlib [default] no-zlib-dynamic [default] Configuring for linux-x86_64 CC=gcc -mx32 CFLAG =-Wall -O3 -pthread -m64 -DL_ENDIAN -Wa,--noexecstack SHARED_CFLAG =-fPIC PERL =/usr/bin/perl SIXTY_FOUR_BIT_LONG mode Configured for linux-x86_64. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"
>> # ./config -mx32 >> Operating system: x86_64-whatever-linux2 >> Configuring for linux-x86_64 >> >> Perhaps the second case should fail at configure just like the first >> case. Upon failure, it would be nice to tell the user what to do: >> "Please configure with ./Configure linux-x32" > > Well, there is a trade-off. Special cases are too numerous to cover them > all, so question would be if this would be common and grave enough to > guard against. For example you can actually run ./Configure > tru64-alpha-cc on your Linux computer. Running make would fail > miserably, but would it give you right to say "you're not allowed to > break the compile"? Kinda agree. I image there could be many cases like you describe. In this case, there's not "too many" or "too numerous". There's only one item of interest: -mx32. When Configure ignores it, it results in a failed compile. Jeff -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4585] some bugs in ver.1.0.2d (fix)
Hi, Recently, I found some bugs in ver.1.0.2d. DESCRIPTION _ 1. Line 122 in a_enum.c: return (0xL); I think it should be "return -1;". 2. Line 149 in a_enum.c: if (BN_is_negative(bn)) I think it should be "if (BN_is_negative(bn) && !BN_is_zero(bn))". 3. Line 161 and line 164 in f_string.c: sp = (unsigned char *)OPENSSL_malloc((unsigned int)num + i * 2); sp = (unsigned char *)OPENSSL_realloc(s, (unsigned int)num + i * 2); Allocation "num + i" is enough. 4. Function a2i_ASN1_STRING in f_string.c. The processing of the contents containing "\\" is not correct. 5. Function a2i_ASN1_STRING in f_string.c. There is a memory leak when the content like "1234567\\\r\n890". 6. Line 155 and line 158 in f_enum.c: sp = (unsigned char *)OPENSSL_malloc((unsigned int)num + i * 2); sp = (unsigned char *)OPENSSL_realloc(s, (unsigned int)num + i * 2); Allocation "num + i" is enough. 7. Function a2i_ASN1_ENUMERATED in f_enum.c. The processing of the contents containing "\\" is not correct. 8. Function a2i_ASN1_ENUMERATED in f_enum.c. There is a memory leak when the content like "1234567\\\r\n890". 9. Line 169 and line 172 in f_int.c: sp = (unsigned char *)OPENSSL_malloc((unsigned int)num + i * 2); sp = sp = OPENSSL_realloc_clean(s, slen, num + i * 2); Allocation "num + i" is enough. 10. Function a2i_ASN1_INTEGER in f_int.c. The processing of the contents containing "\\" is not correct. 11. Function a2i_ASN1_INTEGER in f_int.c. There is a memory leak when the content like "1234567\\\r\n890". 12. Line 226 in t1_ext.c: exts->meths = OPENSSL_realloc(exts->meths, (exts->meths_count + 1) * sizeof(custom_ext_method)); There's a risk of memory leaks. 13. Line 896 in ssl_rsa.c: ctx->cert->key->serverinfo = OPENSSL_realloc(ctx->cert->key->serverinfo, serverinfo_length); There's a risk of memory leaks. 14. Line 979 in ssl_rsa.c: serverinfo = OPENSSL_realloc(serverinfo, serverinfo_length + extension_length); There's a risk of memory leaks. 15. Line 366 in openbsd_hw.c: md_data->data = OPENSSL_realloc(md_data->data, md_data->len + len); There's a risk of memory leaks. 16. Line 812 in eng_cryptodev.c: state->mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count); There's a risk of memory leaks. 17. Line 899 in b_sock.c: p = OPENSSL_realloc(p, nl); There's a risk of memory leaks. 18. Line 724 in b_print.c: *buffer = OPENSSL_realloc(*buffer, *maxlen); There's a risk of memory leaks. 19. Line 117 in engine.c: *buf = OPENSSL_realloc(*buf, *size); There's a risk of memory leaks. Thanks, Shi Lei / Qihoo 360 Inc. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4585 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"
> Fair enough, agreed. > > But Configure ignored my instructions: > > # ./config CFLAGS="-mx32" > Operating system: x86_64-whatever-linux2 > Configuring for linux-x86_64 > Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L) > target already defined - linux-x86_64 (offending arg: CFLAGS=-mx32) Well, I don't think that you can complain about this one. Basically you can't assume that ./config will [gracefully] handle whatever you might think of. You probably meant to run 'CFLAGS=-mx32 ./config' and computer didn't get what you wanted. But they never do, don't they? Computers getting what you meant to do that is... > And: > > # ./config -mx32 > Operating system: x86_64-whatever-linux2 > Configuring for linux-x86_64 > > Perhaps the second case should fail at configure just like the first > case. Upon failure, it would be nice to tell the user what to do: > "Please configure with ./Configure linux-x32" Well, there is a trade-off. Special cases are too numerous to cover them all, so question would be if this would be common and grave enough to guard against. For example you can actually run ./Configure tru64-alpha-cc on your Linux computer. Running make would fail miserably, but would it give you right to say "you're not allowed to break the compile"? -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"
On Thu, Jun 23, 2016 at 7:10 AM, Andy Polyakov via RTwrote: A quick question about this configuration... Should Linux-x32 enable ec_nistp_64_gcc_128 by default? Does anything prohibit ec_nistp_64_gcc_128 in this configuration? # ./Configure linux-x32 Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L) no-asan [default] OPENSSL_NO_ASAN (skip dir) ... no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir) ... I believe it meets the three criteria for ec_nistp_64_gcc_128. >>> >>> What are "the three criteria"? I mean I'm not really sure. Nor am I sure >>> that they are perfect. I mean maybe they need some adjustment in x32 >>> context. To either allow or prevent erroneous compilation. Bottom line >>> is that I don't actually know at this point... >> >> My bad... According to my notes, one can use ec_nistp_64_gcc_128 when >> these three conditions are met: >> >> * Little endian CPU >> * CPU allows unaligned data access >> * Compiler supports __uint128_t > > Correct. But there still might be nuances. For example first two > criteria were not actually formulated originally Gotcha, thanks. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"
>>> A quick question about this configuration... Should Linux-x32 enable >>> ec_nistp_64_gcc_128 by default? Does anything prohibit >>> ec_nistp_64_gcc_128 in this configuration? >>> >>> # ./Configure linux-x32 >>> Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L) >>> no-asan [default] OPENSSL_NO_ASAN (skip dir) >>> ... >>> no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip >>> dir) >>> ... >>> >>> I believe it meets the three criteria for ec_nistp_64_gcc_128. >> >> What are "the three criteria"? I mean I'm not really sure. Nor am I sure >> that they are perfect. I mean maybe they need some adjustment in x32 >> context. To either allow or prevent erroneous compilation. Bottom line >> is that I don't actually know at this point... > > My bad... According to my notes, one can use ec_nistp_64_gcc_128 when > these three conditions are met: > > * Little endian CPU > * CPU allows unaligned data access > * Compiler supports __uint128_t Correct. But there still might be nuances. For example first two criteria were not actually formulated originally. Upon code submission only __uint128_t requirement was explicitly formulated along with statement that code was developed on x86_64 and therefore tested only on x86_64. The first two criteria were kind of epiphany as result of looking at a compiler warning and realizing that the piece of code in question can possibly work only on little-endian system that tolerates unaligned access. I.e. code was written under this assumption, but it was not explicitly verbalized or maybe even recognized, presumably because it appeared too obvious to original developer. Same in this case, i.e. there *might* as well be some so-far-unverbalized assumption, for example sizeof(long) being 8. Note "might", as I'm not actually saying that there is. All I'm saying is that I don't know [at this point]. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4584] Self test failures under X32
I'm working on a Debian X32 system (http://wiki.debian.org/X32Port), and working from HEAD: # git rev-parse HEAD b58614d7f5f98571b2c0bb2fb3df48f4b48a7e92 Running 'make test' under a machine configured with './Configure linux-x32 enable-ec_nistp_64_gcc_128' results in two failed self tests: make[1]: Leaving directory '/openssl' ( cd test; \ SRCTOP=../. \ BLDTOP=../. \ PERL="perl" \ EXE_EXT= \ OPENSSL_ENGINES=.././engines \ perl .././test/run_tests.pl ) ../test/recipes/01-test_abort.t ok ../test/recipes/01-test_ordinals.t . ok ../test/recipes/01-test_symbol_presence.t .. ok ../test/recipes/05-test_bf.t ... ok ../test/recipes/05-test_cast.t . ok ../test/recipes/05-test_des.t .. ok ../test/recipes/05-test_hmac.t . ok ../test/recipes/05-test_idea.t . ok ../test/recipes/05-test_md2.t .. skipped: md2 is not supported by this OpenSSL build ../test/recipes/05-test_md4.t .. ok ../test/recipes/05-test_md5.t .. ok ../test/recipes/05-test_mdc2.t . ok ../test/recipes/05-test_rand.t . ok ../test/recipes/05-test_rc2.t .. ok ../test/recipes/05-test_rc4.t .. ok ../test/recipes/05-test_rc5.t .. skipped: rc5 is not supported by this OpenSSL build ../test/recipes/05-test_rmd.t .. ok ../test/recipes/05-test_sha1.t . ok ../test/recipes/05-test_sha256.t ... ok ../test/recipes/05-test_sha512.t ... ok ../test/recipes/05-test_wp.t ... ok ../test/recipes/10-test_bn.t ... ok ../test/recipes/10-test_exp.t .. ok ../test/recipes/15-test_dh.t ... ok ../test/recipes/15-test_dsa.t .. ok ../test/recipes/15-test_ec.t ... ok ../test/recipes/15-test_ecdh.t . ok ../test/recipes/15-test_ecdsa.t ok ../test/recipes/15-test_rsa.t .. ok ../test/recipes/20-test_enc.t .. ok ../test/recipes/25-test_crl.t .. ok ../test/recipes/25-test_d2i.t .. ok ../test/recipes/25-test_pkcs7.t ok ../test/recipes/25-test_req.t .. ok ../test/recipes/25-test_sid.t .. ok ../test/recipes/25-test_verify.t ... ok ../test/recipes/25-test_x509.t . ok ../test/recipes/30-test_afalg.t 1/1 # Failed test 'running afalgtest' # at ../test/recipes/30-test_afalg.t line 23. # Looks like you failed 1 test of 1. ../test/recipes/30-test_afalg.t Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../test/recipes/30-test_engine.t ... ok ../test/recipes/30-test_evp.t .. ok ../test/recipes/30-test_evp_extra.t ok ../test/recipes/30-test_pbelu.t ok ../test/recipes/40-test_rehash.t ... 1/5 # Failed test 'Testing that we aren't running as a privileged user, such as root' # at ../test/recipes/40-test_rehash.t line 49. # Looks like you failed 1 test of 5. ../test/recipes/40-test_rehash.t ... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/5 subtests (less 1 skipped subtest: 3 okay) ../test/recipes/70-test_asyncio.t .. ok ../test/recipes/70-test_clienthello.t .. ok ../test/recipes/70-test_packet.t ... ok ../test/recipes/70-test_sslcertstatus.t ok ../test/recipes/70-test_sslextension.t . ok ../test/recipes/70-test_sslrecords.t ... ok ../test/recipes/70-test_sslsessiontick.t ... ok ../test/recipes/70-test_sslskewith0p.t . ok ../test/recipes/70-test_sslvertol.t ok ../test/recipes/70-test_tlsextms.t . ok ../test/recipes/70-test_verify_extra.t . ok ../test/recipes/80-test_ca.t ... ok ../test/recipes/80-test_cipherlist.t ... ok ../test/recipes/80-test_cms.t .. ok ../test/recipes/80-test_ct.t ... ok ../test/recipes/80-test_dane.t . ok ../test/recipes/80-test_dtlsv1listen.t . ok ../test/recipes/80-test_ocsp.t . ok ../test/recipes/80-test_ssl_new.t .. ok ../test/recipes/80-test_ssl_old.t .. ok ../test/recipes/80-test_ssl_test_ctx.t . ok ../test/recipes/80-test_tsa.t .. ok ../test/recipes/80-test_x509aux.t .. ok ../test/recipes/90-test_async.t ok ../test/recipes/90-test_bioprint.t . ok ../test/recipes/90-test_constant_time.t ok ../test/recipes/90-test_gmdiff.t ... ok ../test/recipes/90-test_heartbeat.t skipped: heartbeats is not supported by this OpenSSL build ../test/recipes/90-test_ige.t .. ok ../test/recipes/90-test_memleak.t .. ok ../test/recipes/90-test_np.t ... ok ../test/recipes/90-test_p5_crpt2.t . ok ../test/recipes/90-test_secmem.t ... ok ../test/recipes/90-test_srp.t .. ok ../test/recipes/90-test_sslapi.t ... ok ../test/recipes/90-test_threads.t .. ok
Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"
On Thu, Jun 23, 2016 at 6:52 AM, Andy Polyakov via RTwrote: >> A quick question about this configuration... Should Linux-x32 enable >> ec_nistp_64_gcc_128 by default? Does anything prohibit >> ec_nistp_64_gcc_128 in this configuration? >> >> # ./Configure linux-x32 >> Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L) >> no-asan [default] OPENSSL_NO_ASAN (skip dir) >> ... >> no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip >> dir) >> ... >> >> I believe it meets the three criteria for ec_nistp_64_gcc_128. > > What are "the three criteria"? I mean I'm not really sure. Nor am I sure > that they are perfect. I mean maybe they need some adjustment in x32 > context. To either allow or prevent erroneous compilation. Bottom line > is that I don't actually know at this point... My bad... According to my notes, one can use ec_nistp_64_gcc_128 when these three conditions are met: * Little endian CPU * CPU allows unaligned data access * Compiler supports __uint128_t Jeff -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"
> A quick question about this configuration... Should Linux-x32 enable > ec_nistp_64_gcc_128 by default? Does anything prohibit > ec_nistp_64_gcc_128 in this configuration? > > # ./Configure linux-x32 > Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L) > no-asan [default] OPENSSL_NO_ASAN (skip dir) > ... > no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip > dir) > ... > > I believe it meets the three criteria for ec_nistp_64_gcc_128. What are "the three criteria"? I mean I'm not really sure. Nor am I sure that they are perfect. I mean maybe they need some adjustment in x32 context. To either allow or prevent erroneous compilation. Bottom line is that I don't actually know at this point... -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"
On Thu, Jun 23, 2016 at 6:44 AM, Andy Polyakov via RTwrote: >> you're not allowed to break the compile, regardless of whether there's >> a proper "X32" kernel. > > I don't understand what do you mean by "break the compile". I'd say it's > the kind of thing that lies on both parties. We are responsible for > providing code and config lines, but you have responsibilities too, you > are responsible for providing sane compiler environment. For example if > there is a system header file missing on target system [or another > standard header file attempts to include non-existing system header > file], there is nothing we can do. There either is a package missing, > not installed, or vendor screwed up packaging... Fair enough, agreed. But Configure ignored my instructions: # ./config CFLAGS="-mx32" Operating system: x86_64-whatever-linux2 Configuring for linux-x86_64 Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L) target already defined - linux-x86_64 (offending arg: CFLAGS=-mx32) And: # ./config -mx32 Operating system: x86_64-whatever-linux2 Configuring for linux-x86_64 Perhaps the second case should fail at configure just like the first case. Upon failure, it would be nice to tell the user what to do: "Please configure with ./Configure linux-x32" Jeff -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"
On Thu, Jun 23, 2016 at 6:31 AM, Andy Polyakov via RTwrote: >>> Here's a couple more ways things don't work as expected: >>> >>> # ./config CFLAGS="-mx32" >>> Operating system: x86_64-whatever-linux2 >>> Configuring for linux-x86_64 >>> Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L) >>> target already defined - linux-x86_64 (offending arg: CFLAGS=-mx32) >>> >>> # ./config -mx32 >>> Operating system: x86_64-whatever-linux2 >>> Configuring for linux-x86_64 >>> ... >> >> There is linux-x32 config line, use that instead. > > It naturally means that using linux-x86_64 config with -mx32 option is > not supported. Or in other words if there are problems with that, > questions won't be answered. I.e. *do* use linux-x32 for x32 build. A quick question about this configuration... Should Linux-x32 enable ec_nistp_64_gcc_128 by default? Does anything prohibit ec_nistp_64_gcc_128 in this configuration? # ./Configure linux-x32 Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L) no-asan [default] OPENSSL_NO_ASAN (skip dir) ... no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir) ... I believe it meets the three criteria for ec_nistp_64_gcc_128. Jeff -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"
> you're not allowed to break the compile, regardless of whether there's > a proper "X32" kernel. I don't understand what do you mean by "break the compile". I'd say it's the kind of thing that lies on both parties. We are responsible for providing code and config lines, but you have responsibilities too, you are responsible for providing sane compiler environment. For example if there is a system header file missing on target system [or another standard header file attempts to include non-existing system header file], there is nothing we can do. There either is a package missing, not installed, or vendor screwed up packaging... As suggested, start by ./Configure linux-x32... -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"
On Thu, Jun 23, 2016 at 6:25 AM, Andy Polyakov via RTwrote: >> Here's a couple more ways things don't work as expected: >> >> # ./config CFLAGS="-mx32" >> Operating system: x86_64-whatever-linux2 >> Configuring for linux-x86_64 >> Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L) >> target already defined - linux-x86_64 (offending arg: CFLAGS=-mx32) >> >> # ./config -mx32 >> Operating system: x86_64-whatever-linux2 >> Configuring for linux-x86_64 >> ... > > There is linux-x32 config line, use that instead. The only question is > *if* x32 should be auto-detected and in such case how. You mentioned > that uname returns x86_64. Of course it does, there is no x32 kernel, > x32 is pure user-land thing. Well, "pure" is overstatement because it > does require certain kernel support, but it's an add-on support for > plain 64-bit kernel. Most 64-bit Linux installations can execute x32 > binaries (statically linked if there are no corresponding dynamic > libraries) and x32 installations can execute 64-bit binaries (statically > linked if there are no corresponding dynamic libraries). Yeah, I'm less concerned about the mis-detection. As strange as it sounds, you are free to mis-detect as much as you'd like. BUT... you're not allowed to break the compile, regardless of whether there's a proper "X32" kernel. In my mind's eye, things either "just work" or they have issues. This is falling on the "has issues" side of the line. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"
>> Here's a couple more ways things don't work as expected: >> >> # ./config CFLAGS="-mx32" >> Operating system: x86_64-whatever-linux2 >> Configuring for linux-x86_64 >> Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L) >> target already defined - linux-x86_64 (offending arg: CFLAGS=-mx32) >> >> # ./config -mx32 >> Operating system: x86_64-whatever-linux2 >> Configuring for linux-x86_64 >> ... > > There is linux-x32 config line, use that instead. It naturally means that using linux-x86_64 config with -mx32 option is not supported. Or in other words if there are problems with that, questions won't be answered. I.e. *do* use linux-x32 for x32 build. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"
> Here's a couple more ways things don't work as expected: > > # ./config CFLAGS="-mx32" > Operating system: x86_64-whatever-linux2 > Configuring for linux-x86_64 > Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L) > target already defined - linux-x86_64 (offending arg: CFLAGS=-mx32) > > # ./config -mx32 > Operating system: x86_64-whatever-linux2 > Configuring for linux-x86_64 > ... There is linux-x32 config line, use that instead. The only question is *if* x32 should be auto-detected and in such case how. You mentioned that uname returns x86_64. Of course it does, there is no x32 kernel, x32 is pure user-land thing. Well, "pure" is overstatement because it does require certain kernel support, but it's an add-on support for plain 64-bit kernel. Most 64-bit Linux installations can execute x32 binaries (statically linked if there are no corresponding dynamic libraries) and x32 installations can execute 64-bit binaries (statically linked if there are no corresponding dynamic libraries). -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"
Here's a couple more ways things don't work as expected: # ./config CFLAGS="-mx32" Operating system: x86_64-whatever-linux2 Configuring for linux-x86_64 Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L) target already defined - linux-x86_64 (offending arg: CFLAGS=-mx32) # ./config -mx32 Operating system: x86_64-whatever-linux2 Configuring for linux-x86_64 ... > - > I'm working on a Debian X32 system (http://wiki.debian.org/X32Port), > and working from HEAD: > > # git rev-parse HEAD > b58614d7f5f98571b2c0bb2fb3df48f4b48a7e92 > > It appears Configure is mis-detecting the platform, and it results in > a compile failure: > > make > ... > gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS > -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 > -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m > -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM > -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM > -DOPENSSLDIR="\"/usr/local/ssl\"" > -DENGINESDIR="\"/usr/local/lib/engines\"" -Wall -O3 -pthread -m64 > -DL_ENDIAN -Wa,--noexecstack -fPIC -Iinclude -I. -Icrypto/include > -MMD -MF crypto/aes/aes_ecb.d.tmp -MT crypto/aes/aes_ecb.o -c -o > crypto/aes/aes_ecb.o crypto/aes/aes_ecb.c > In file included from /usr/include/assert.h:35:0, > from crypto/aes/aes_ecb.c:10: > /usr/include/features.h:361:25: fatal error: sys/cdefs.h: No such file > or directory > compilation terminated. > Makefile:728: recipe for target 'crypto/aes/aes_ecb.o' failed > make: *** [crypto/aes/aes_ecb.o] Error 1 > > ** > > # ./config > Operating system: x86_64-whatever-linux2 > Configuring for linux-x86_64 > Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L) > no-asan [default] OPENSSL_NO_ASAN (skip dir) > no-crypto-mdebug [default] OPENSSL_NO_CRYPTO_MDEBUG (skip dir) > no-crypto-mdebug-backtrace [default] > OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE (skip dir) > no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip > dir) > no-egd [default] OPENSSL_NO_EGD (skip dir) > no-fuzz-afl [default] OPENSSL_NO_FUZZ_AFL (skip dir) > no-fuzz-libfuzzer [default] OPENSSL_NO_FUZZ_LIBFUZZER (skip dir) > no-heartbeats [default] OPENSSL_NO_HEARTBEATS (skip dir) > no-md2 [default] OPENSSL_NO_MD2 (skip dir) > no-rc5 [default] OPENSSL_NO_RC5 (skip dir) > no-sctp [default] OPENSSL_NO_SCTP (skip dir) > no-ssl-trace[default] OPENSSL_NO_SSL_TRACE (skip dir) > no-ssl3 [default] OPENSSL_NO_SSL3 (skip dir) > no-ssl3-method [default] OPENSSL_NO_SSL3_METHOD (skip dir) > no-ubsan[default] OPENSSL_NO_UBSAN (skip dir) > no-unit-test[default] OPENSSL_NO_UNIT_TEST (skip dir) > no-weak-ssl-ciphers [default] OPENSSL_NO_WEAK_SSL_CIPHERS (skip dir) > no-zlib [default] > no-zlib-dynamic [default] > Configuring for linux-x86_64 > CC=gcc > CFLAG =-Wall -O3 -pthread -m64 -DL_ENDIAN -Wa,--noexecstack > SHARED_CFLAG =-fPIC > DEFINES =DSO_DLFCN HAVE_DLFCN_H NDEBUG OPENSSL_THREADS > OPENSSL_NO_STATIC_ENGINE OPENSSL_PIC OPENSSL_IA32_SSE2 > OPENSSL_BN_ASM_MONT OPENSSL_BN_ASM_MONT5 OPENSSL_BN_ASM_GF2m SHA1_ASM > SHA256_ASM SHA512_ASM MD5_ASM AES_ASM VPAES_ASM BSAES_ASM GHASH_ASM > ECP_NISTZ256_ASM POLY1305_ASM > LFLAG = > PLIB_LFLAG= > EX_LIBS =-ldl > APPS_OBJ = > CPUID_OBJ =x86_64cpuid.o > UPLINK_OBJ= > BN_ASM=asm/x86_64-gcc.o x86_64-mont.o x86_64-mont5.o > x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o > EC_ASM=ecp_nistz256.o ecp_nistz256-x86_64.o > DES_ENC =des_enc.o fcrypt_b.o > AES_ENC =aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o > aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o > aesni-mb-x86_64.o > BF_ENC=bf_enc.o > CAST_ENC =c_enc.o > RC4_ENC =rc4-x86_64.o rc4-md5-x86_64.o > RC5_ENC =rc5_enc.o > MD5_OBJ_ASM =md5-x86_64.o > SHA1_OBJ_ASM =sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o > sha1-mb-x86_64.o sha256-mb-x86_64.o > RMD160_OBJ_ASM= > CMLL_ENC =cmll-x86_64.o cmll_misc.o > MODES_OBJ =ghash-x86_64.o aesni-gcm-x86_64.o > PADLOCK_OBJ =e_padlock-x86_64.o > CHACHA_ENC=chacha-x86_64.o > POLY1305_OBJ =poly1305-x86_64.o > BLAKE2_OBJ= > PROCESSOR = > RANLIB=ranlib > ARFLAGS = > PERL =/usr/bin/perl > SIXTY_FOUR_BIT_LONG mode > Configured for linux-x86_64. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #4583] AutoReply: Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"
As far as I know, these are the two ways to detect the platform because `uname` only provides x86_64/amd64 on some platforms: # gcc -dM -E - - > I'm working on a Debian X32 system (http://wiki.debian.org/X32Port), > and working from HEAD: > > # git rev-parse HEAD > b58614d7f5f98571b2c0bb2fb3df48f4b48a7e92 > > It appears Configure is mis-detecting the platform, and it results in > a compile failure: > > make > ... > gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS > -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 > -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m > -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM > -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM > -DOPENSSLDIR="\"/usr/local/ssl\"" > -DENGINESDIR="\"/usr/local/lib/engines\"" -Wall -O3 -pthread -m64 > -DL_ENDIAN -Wa,--noexecstack -fPIC -Iinclude -I. -Icrypto/include > -MMD -MF crypto/aes/aes_ecb.d.tmp -MT crypto/aes/aes_ecb.o -c -o > crypto/aes/aes_ecb.o crypto/aes/aes_ecb.c > In file included from /usr/include/assert.h:35:0, > from crypto/aes/aes_ecb.c:10: > /usr/include/features.h:361:25: fatal error: sys/cdefs.h: No such file > or directory > compilation terminated. > Makefile:728: recipe for target 'crypto/aes/aes_ecb.o' failed > make: *** [crypto/aes/aes_ecb.o] Error 1 > > ** > > # ./config > Operating system: x86_64-whatever-linux2 > Configuring for linux-x86_64 > Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L) > no-asan [default] OPENSSL_NO_ASAN (skip dir) > no-crypto-mdebug [default] OPENSSL_NO_CRYPTO_MDEBUG (skip dir) > no-crypto-mdebug-backtrace [default] > OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE (skip dir) > no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip > dir) > no-egd [default] OPENSSL_NO_EGD (skip dir) > no-fuzz-afl [default] OPENSSL_NO_FUZZ_AFL (skip dir) > no-fuzz-libfuzzer [default] OPENSSL_NO_FUZZ_LIBFUZZER (skip dir) > no-heartbeats [default] OPENSSL_NO_HEARTBEATS (skip dir) > no-md2 [default] OPENSSL_NO_MD2 (skip dir) > no-rc5 [default] OPENSSL_NO_RC5 (skip dir) > no-sctp [default] OPENSSL_NO_SCTP (skip dir) > no-ssl-trace[default] OPENSSL_NO_SSL_TRACE (skip dir) > no-ssl3 [default] OPENSSL_NO_SSL3 (skip dir) > no-ssl3-method [default] OPENSSL_NO_SSL3_METHOD (skip dir) > no-ubsan[default] OPENSSL_NO_UBSAN (skip dir) > no-unit-test[default] OPENSSL_NO_UNIT_TEST (skip dir) > no-weak-ssl-ciphers [default] OPENSSL_NO_WEAK_SSL_CIPHERS (skip dir) > no-zlib [default] > no-zlib-dynamic [default] > Configuring for linux-x86_64 > CC=gcc > CFLAG =-Wall -O3 -pthread -m64 -DL_ENDIAN -Wa,--noexecstack > SHARED_CFLAG =-fPIC > DEFINES =DSO_DLFCN HAVE_DLFCN_H NDEBUG OPENSSL_THREADS > OPENSSL_NO_STATIC_ENGINE OPENSSL_PIC OPENSSL_IA32_SSE2 > OPENSSL_BN_ASM_MONT OPENSSL_BN_ASM_MONT5 OPENSSL_BN_ASM_GF2m SHA1_ASM > SHA256_ASM SHA512_ASM MD5_ASM AES_ASM VPAES_ASM BSAES_ASM GHASH_ASM > ECP_NISTZ256_ASM POLY1305_ASM > LFLAG = > PLIB_LFLAG= > EX_LIBS =-ldl > APPS_OBJ = > CPUID_OBJ =x86_64cpuid.o > UPLINK_OBJ= > BN_ASM=asm/x86_64-gcc.o x86_64-mont.o x86_64-mont5.o > x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o > EC_ASM=ecp_nistz256.o ecp_nistz256-x86_64.o > DES_ENC =des_enc.o fcrypt_b.o > AES_ENC =aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o > aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o > aesni-mb-x86_64.o > BF_ENC=bf_enc.o > CAST_ENC =c_enc.o > RC4_ENC =rc4-x86_64.o rc4-md5-x86_64.o > RC5_ENC =rc5_enc.o > MD5_OBJ_ASM =md5-x86_64.o > SHA1_OBJ_ASM =sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o > sha1-mb-x86_64.o sha256-mb-x86_64.o > RMD160_OBJ_ASM= > CMLL_ENC =cmll-x86_64.o cmll_misc.o > MODES_OBJ =ghash-x86_64.o aesni-gcm-x86_64.o > PADLOCK_OBJ =e_padlock-x86_64.o > CHACHA_ENC=chacha-x86_64.o > POLY1305_OBJ =poly1305-x86_64.o > BLAKE2_OBJ= > PROCESSOR = > RANLIB=ranlib > ARFLAGS = > PERL =/usr/bin/perl > SIXTY_FOUR_BIT_LONG mode > Configured for linux-x86_64. > > > > - > http://rt.openssl.org/Ticket/Display.html?id=4583=guest=guest -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4583] Debian X32 and "fatal error: sys/cdefs.h: No such file or directory"
I'm working on a Debian X32 system (http://wiki.debian.org/X32Port), and working from HEAD: # git rev-parse HEAD b58614d7f5f98571b2c0bb2fb3df48f4b48a7e92 It appears Configure is mis-detecting the platform, and it results in a compile failure: make ... gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines\"" -Wall -O3 -pthread -m64 -DL_ENDIAN -Wa,--noexecstack -fPIC -Iinclude -I. -Icrypto/include -MMD -MF crypto/aes/aes_ecb.d.tmp -MT crypto/aes/aes_ecb.o -c -o crypto/aes/aes_ecb.o crypto/aes/aes_ecb.c In file included from /usr/include/assert.h:35:0, from crypto/aes/aes_ecb.c:10: /usr/include/features.h:361:25: fatal error: sys/cdefs.h: No such file or directory compilation terminated. Makefile:728: recipe for target 'crypto/aes/aes_ecb.o' failed make: *** [crypto/aes/aes_ecb.o] Error 1 ** # ./config Operating system: x86_64-whatever-linux2 Configuring for linux-x86_64 Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L) no-asan [default] OPENSSL_NO_ASAN (skip dir) no-crypto-mdebug [default] OPENSSL_NO_CRYPTO_MDEBUG (skip dir) no-crypto-mdebug-backtrace [default] OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE (skip dir) no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir) no-egd [default] OPENSSL_NO_EGD (skip dir) no-fuzz-afl [default] OPENSSL_NO_FUZZ_AFL (skip dir) no-fuzz-libfuzzer [default] OPENSSL_NO_FUZZ_LIBFUZZER (skip dir) no-heartbeats [default] OPENSSL_NO_HEARTBEATS (skip dir) no-md2 [default] OPENSSL_NO_MD2 (skip dir) no-rc5 [default] OPENSSL_NO_RC5 (skip dir) no-sctp [default] OPENSSL_NO_SCTP (skip dir) no-ssl-trace[default] OPENSSL_NO_SSL_TRACE (skip dir) no-ssl3 [default] OPENSSL_NO_SSL3 (skip dir) no-ssl3-method [default] OPENSSL_NO_SSL3_METHOD (skip dir) no-ubsan[default] OPENSSL_NO_UBSAN (skip dir) no-unit-test[default] OPENSSL_NO_UNIT_TEST (skip dir) no-weak-ssl-ciphers [default] OPENSSL_NO_WEAK_SSL_CIPHERS (skip dir) no-zlib [default] no-zlib-dynamic [default] Configuring for linux-x86_64 CC=gcc CFLAG =-Wall -O3 -pthread -m64 -DL_ENDIAN -Wa,--noexecstack SHARED_CFLAG =-fPIC DEFINES =DSO_DLFCN HAVE_DLFCN_H NDEBUG OPENSSL_THREADS OPENSSL_NO_STATIC_ENGINE OPENSSL_PIC OPENSSL_IA32_SSE2 OPENSSL_BN_ASM_MONT OPENSSL_BN_ASM_MONT5 OPENSSL_BN_ASM_GF2m SHA1_ASM SHA256_ASM SHA512_ASM MD5_ASM AES_ASM VPAES_ASM BSAES_ASM GHASH_ASM ECP_NISTZ256_ASM POLY1305_ASM LFLAG = PLIB_LFLAG= EX_LIBS =-ldl APPS_OBJ = CPUID_OBJ =x86_64cpuid.o UPLINK_OBJ= BN_ASM=asm/x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o EC_ASM=ecp_nistz256.o ecp_nistz256-x86_64.o DES_ENC =des_enc.o fcrypt_b.o AES_ENC =aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o BF_ENC=bf_enc.o CAST_ENC =c_enc.o RC4_ENC =rc4-x86_64.o rc4-md5-x86_64.o RC5_ENC =rc5_enc.o MD5_OBJ_ASM =md5-x86_64.o SHA1_OBJ_ASM =sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o RMD160_OBJ_ASM= CMLL_ENC =cmll-x86_64.o cmll_misc.o MODES_OBJ =ghash-x86_64.o aesni-gcm-x86_64.o PADLOCK_OBJ =e_padlock-x86_64.o CHACHA_ENC=chacha-x86_64.o POLY1305_OBJ =poly1305-x86_64.o BLAKE2_OBJ= PROCESSOR = RANLIB=ranlib ARFLAGS = PERL =/usr/bin/perl SIXTY_FOUR_BIT_LONG mode Configured for linux-x86_64. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4583 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev