Compiling openssl 0.9.7b under OpenBSD 2.8
I got major problems getting a shared libcrypto library compiled under OpenBSD 2.8. I tried a variety of different versions of openssl (starting with 0.9.6a) but had no luck. The last command invoked is AFAIK the linker command which goes like gcc -shared -o libcrypto.so.0.9.7 -Wl,-soname=libcrypto.so.0.9.7 -Wl,-Bsymbolic -Wl,--whole-archive libcrypto.a -Wl,--no-whole-archive -L. -lc It yields a huge list of errors like /usr/lib/libc.so.25.2: Definition of symbol `___fixdfdi' (multiply defined) /usr/lib/libc.so.25.2: Definition of symbol `___divdi3' (multiply defined) /usr/lib/libc.so.25.2: Definition of symbol `___muldi3' (multiply defined) /usr/lib/libc.so.25.2: Definition of symbol `___ashldi3' (multiply defined) /usr/lib/gcc-lib/i386-unknown-openbsd2.8/2.95.3/libgcc.a(__main.o): Definition of symbol `__exit_dummy_ref' (multiply defined) /usr/lib/gcc-lib/i386-unknown-openbsd2.8/2.95.3/libgcc.a(__main.o): Definition of symbol `___do_global_ctors' (multiply defined) /usr/lib/gcc-lib/i386-unknown-openbsd2.8/2.95.3/libgcc.a(__main.o): Definition of symbol `___main' (multiply defined) . /usr/src/gnu/egcs/gcc/libgcc2.c:1981: Definition of symbol `___bb_exit_func' (multiply defined) /usr/src/gnu/egcs/gcc/libgcc2.c:1981: Definition of symbol `___bb_init_func' (multiply defined) and so on. Is this a known problem and is there a work around ? Cheers Rudi __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [PATCH] Fall back to software if nCipher hardware fails
On Wed, Sep 17, 2003 at 10:23:46AM -0400, Geoff Thorpe wrote: On September 17, 2003 08:14 am, Colin Watson wrote: Is there anything I can do to speed the acceptance of this patch, or is it simply stuck in somebody's queue? If there's something suboptimal about it I'd be more than willing to fix it. It probably just slipped through the net. If others are like me, they scan over what they can of list mail each day and deal with what they have time for. If yours arrives on a busy day (or during a period when the person who should deal with it is away) then there are good chances it will slip by. No trouble, I know the drill - just thought I'd send a ping. Mail lists are UDP, the request tracker is TCP, for a tenuous analogy. Please submit the patch to RT and let me know the ticket number (or have you already done so?); http://www.openssl.org/support/rt2.html Yep, it got picked up automatically from my initial post. It's #668. I periodically expire old postings from my mail folders so your post of Julie 28 is long since gone - so I can't comment yet on your patch except to say that I think transparent falling back to software should not be the default mode of operation. If hardware fails and the user/coder specified that a certain class of operations (RSA, DSA, etc) should be done in hardware, then those certain class of operations should generate appropriate errors. If not, you are doing what you want to do rather than what the user/coder told you to do. In other words, I think the falling back to software should be configurable and should require the blessing of the user or coder. At one level, you can expose a control command in the ENGINE to configure this, and you could also support an environment variable check for default behaviour so that precompiled and unconfigurable apps can still be configured by the user. OK, I see the mechanism. Have you any preferences for the environment variable name (or names - perhaps RSA and modexp fallback should be configurable separately)? Note, these comments are perhaps in contradiction with the current behaviour of one or two ENGINEs already in the source, but that's because I haven't had the time to change them and get the appropriate people (who have the hardware) to verify the results. I was following the lead of the other ENGINEs, indeed. Thanks, -- Colin Watson [EMAIL PROTECTED] Software EngineernCipher Corporation Limited __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #689] ENGINE fallback to software
Audit the ENGINE implementations to eliminate transparent behaviour that is not requested by the application (ENGINE_ctrl()) or the user (conf or environment variables). This mainly covers fallback to software. -- Geoff Thorpe, RT/openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #690] compilation bug report
Hello, compilation of openssl fails on my system. The output of make report and make are enclosed below. Kind regards, Thomas Wolff [EMAIL PROTECTED]:~/ein/download/openssl-0.9.7b: make report Checking compiler... Running make... make[1]: Entering directory `/home/thw/ein/download/openssl-0.9.7b' making all in crypto... make[2]: Entering directory `/home/thw/ein/download/openssl-0.9.7b/crypto' gcc -I. -I.. -I../include -DOPENSSL_NO_KRB5 -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM linux -c cryptlib.c -o cryptlib.o gcc: cannot specify -o with -c or -S and multiple compilations make[2]: *** [cryptlib.o] Error 1 make[2]: Leaving directory `/home/thw/ein/download/openssl-0.9.7b/crypto' make[1]: *** [sub_all] Error 1 make[1]: Leaving directory `/home/thw/ein/download/openssl-0.9.7b' Running make test... make[1]: Entering directory `/home/thw/ein/download/openssl-0.9.7b' c_rehash: rehashing skipped ('openssl' program not available) touch rehash.time testing... make[2]: Entering directory `/home/thw/ein/download/openssl-0.9.7b/test' gcc -I.. -I../include -DOPENSSL_NO_KRB5 -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM linux -c bntest.c -o bntest.o gcc: cannot specify -o with -c or -S and multiple compilations make[2]: *** [bntest.o] Error 1 make[2]: Leaving directory `/home/thw/ein/download/openssl-0.9.7b/test' make[1]: *** [tests] Error 2 make[1]: Leaving directory `/home/thw/ein/download/openssl-0.9.7b' OpenSSL self-test report: OpenSSL version: 0.9.7b Last change: Countermeasure against the Klima-Pokorny-Rosa extension... Options: no-krb5 OS (uname): Linux scotty 2.2.13 #1 Mon Nov 8 15:08:22 CET 1999 i686 unknown OS (config): i686-whatever-linux2 Target (default): linux-pentium Target: linux-aout Compiler: gcc version egcs-2.91.66 19990314/Linux (egcs-1.1.2 release) Failure! [...] Test report in file testlog [EMAIL PROTECTED]:~/ein/download/openssl-0.9.7b: make making all in crypto... make[1]: Entering directory `/home/thw/ein/download/openssl-0.9.7b/crypto' ( echo #ifndef MK1MF_BUILD; \ echo ' /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */'; \ echo ' #define CFLAGS gcc -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentium -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM'; \ echo ' #define PLATFORM linux-pentium'; \ echo #define DATE \`LC_ALL=C LC_TIME=C date`\; \ echo '#endif' ) buildinf.h gcc -I. -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentium -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM linux -c cryptlib.c -o cryptlib.o gcc: cannot specify -o with -c or -S and multiple compilations make[1]: *** [cryptlib.o] Error 1 make[1]: Leaving directory `/home/thw/ein/download/openssl-0.9.7b/crypto' make: *** [sub_all] Error 1 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #691] Bug Report - Sparc/NetBSD
Including make report at the end. Of further note is a multitude of core dumps right at the beginning of make test (report does not seem to capture that info). make goes just fine. Tried removing the optimization flags, no change. First time I've seen core dumps on this box! :-) Thanks, Brian - OpenSSL self-test report: OpenSSL version: 0.9.7b Last change: Countermeasure against the Klima-Pokorny-Rosa extension... Options: no-krb5 OS (uname): NetBSD briank.sscorp.com 1.5.2 NetBSD 1.5.2 (GENERIC) #0: Wed Aug 22 04:33:09 CST 2001 [EMAIL PROTECTED]:/usr/src/sys/arch/sparc/compile/GEN ERIC sparc OS (config): sparc-whatever-netbsd Target (default): NetBSD-sparc Target: NetBSD-sparc Compiler: Using builtin specs. gcc version egcs-2.91.66 19990314 (egcs-1.1.2 release) Failure! - making all in crypto... making all in crypto/md2... making all in crypto/md4... making all in crypto/md5... making all in crypto/sha... making all in crypto/mdc2... making all in crypto/hmac... making all in crypto/ripemd... making all in crypto/des... making all in crypto/rc2... making all in crypto/rc4... making all in crypto/rc5... making all in crypto/idea... making all in crypto/bf... making all in crypto/cast... making all in crypto/bn... making all in crypto/ec... making all in crypto/rsa... making all in crypto/dsa... making all in crypto/dh... making all in crypto/dso... making all in crypto/engine... making all in crypto/aes... making all in crypto/buffer... making all in crypto/bio... making all in crypto/stack... making all in crypto/lhash... making all in crypto/rand... making all in crypto/err... making all in crypto/objects... making all in crypto/evp... making all in crypto/asn1... making all in crypto/pem... making all in crypto/x509... making all in crypto/x509v3... making all in crypto/conf... making all in crypto/txt_db... making all in crypto/pkcs7... making all in crypto/pkcs12... making all in crypto/comp... making all in crypto/ocsp... making all in crypto/ui... making all in crypto/krb5... if [ -n ]; then (cd ..; make -f Makefile.ssl libcrypto.so.0.9.7); fi making all in ssl... if [ -n ]; then (cd ..; make -f Makefile.ssl libssl.so.0.9.7); fi making all in apps... (cd ..; make -f Makefile.ssl DIRS=crypto all) making all in crypto... making all in crypto/md2... making all in crypto/md4... making all in crypto/md5... making all in crypto/sha... making all in crypto/mdc2... making all in crypto/hmac... making all in crypto/ripemd... making all in crypto/des... making all in crypto/rc2... making all in crypto/rc4... making all in crypto/rc5... making all in crypto/idea... making all in crypto/bf... making all in crypto/cast... making all in crypto/bn... making all in crypto/ec... making all in crypto/rsa... making all in crypto/dsa... making all in crypto/dh... making all in crypto/dso... making all in crypto/engine... making all in crypto/aes... making all in crypto/buffer... making all in crypto/bio... making all in crypto/stack... making all in crypto/lhash... making all in crypto/rand... making all in crypto/err... making all in crypto/objects... making all in crypto/evp... making all in crypto/asn1... making all in crypto/pem... making all in crypto/x509... making all in crypto/x509v3... making all in crypto/conf... making all in crypto/txt_db... making all in crypto/pkcs7... making all in crypto/pkcs12... making all in crypto/comp... making all in crypto/ocsp... making all in crypto/ui... making all in crypto/krb5... if [ -n ]; then (cd ..; make -f Makefile.ssl libcrypto.so.0.9.7); fi (cd ..; make -f Makefile.ssl DIRS=ssl all) making all in ssl... if [ -n ]; then (cd ..; make -f Makefile.ssl libssl.so.0.9.7); fi making all in test... (cd ..; make -f Makefile.ssl DIRS=crypto all) making all in crypto... making all in crypto/md2... making all in crypto/md4... making all in crypto/md5... making all in crypto/sha... making all in crypto/mdc2... making all in crypto/hmac... making all in crypto/ripemd... making all in crypto/des... making all in crypto/rc2... making all in crypto/rc4... making all in crypto/rc5... making all in crypto/idea... making all in crypto/bf... making all in crypto/cast... making all in crypto/bn... making all in crypto/ec... making all in crypto/rsa... making all in crypto/dsa... making all in crypto/dh... making all in crypto/dso... making all in crypto/engine... making all in crypto/aes... making all in crypto/buffer... making all in crypto/bio... making all in crypto/stack... making all in crypto/lhash... making all in crypto/rand... making all in crypto/err... making all in crypto/objects... making all in crypto/evp... making all in crypto/asn1... making all in crypto/pem... making all in crypto/x509... making all in crypto/x509v3... making all in crypto/conf...
[openssl.org #692] off-by-one bugs
(Excuse the filenames, patch generated from OpenBSD -current sources.) Index: lib/libssl/src/apps/openssl.c === RCS file: /cvs/src/lib/libssl/src/apps/openssl.c,v retrieving revision 1.8 diff -u -r1.8 openssl.c --- lib/libssl/src/apps/openssl.c 12 May 2003 02:18:35 - 1.8 +++ lib/libssl/src/apps/openssl.c 19 Sep 2003 14:38:36 - @@ -163,7 +163,7 @@ goto err; } - if (type 0 || type CRYPTO_NUM_LOCKS) + if (type 0 || type = CRYPTO_NUM_LOCKS) { errstr = type out of bounds; goto err; Index: lib/libssl/src/ssl/ssltest.c === RCS file: /cvs/src/lib/libssl/src/ssl/ssltest.c,v retrieving revision 1.9 diff -u -r1.9 ssltest.c --- lib/libssl/src/ssl/ssltest.c12 May 2003 02:18:40 - 1.9 +++ lib/libssl/src/ssl/ssltest.c19 Sep 2003 14:38:37 - @@ -291,7 +291,7 @@ goto err; } - if (type 0 || type CRYPTO_NUM_LOCKS) + if (type 0 || type = CRYPTO_NUM_LOCKS) { errstr = type out of bounds; goto err; --- Aaron Campbell ([EMAIL PROTECTED]) http://www.monkey.org/~aaron __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]