Re: Repeating crashes @ fips 1.2 'make' on OSX
The 'ranlib' warnings are normal on OSX, for whatever reason. I get them on the i386 version. The non-compatible type warnings, though, are not. Which version of Xcode do you have installed? Which version of gcc are you using (3.x or 4.x)? -Kyle H On Wed, Jan 7, 2009 at 12:41 PM, PGNet pgnet.trash+...@gmail.com wrote: I'm building fips 1.2 on OSX, uname -a Darwin pb.local 9.6.0 Darwin Kernel Version 9.6.0: Mon Nov 24 17:39:01 PST 2008; root:xnu-1228.9.59~1/RELEASE_PPC Power Macintosh Config, cd /usr/local/src/openssl-fips-1.2 ./config fipscanisterbuild completes without an apparent hitch. @ 'make', I see numerous warnings of function called through a non-compatible type as well as repeated instances of ranlib: file: ... has no symbols, make if [ -n libcrypto ]; then \ ... cc -I.. -I../.. -I../../include -fPIC -fno-common -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3-c -o pem_all.o pem_all.c pem_all.c: In function 'PEM_read_bio_X509_REQ': pem_all.c:141: warning: function called through a non-compatible type pem_all.c:141: note: if this code is reached, the program will abort pem_all.c: In function 'PEM_read_X509_REQ': pem_all.c:141: warning: function called through a non-compatible type pem_all.c:141: note: if this code is reached, the program will abort ... cc -I. -I.. -I../include -fPIC -fno-common -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3-c -o fips_err.o fips_err.c /usr/local/DarkMatter/perl5/bin/perl ../util/arx.pl ar r ../libcrypto.a cryptlib.o dyn_lck.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o o_init.o fips_err.o ranlib: file: ../libcrypto.a(ebcdic.o) has no symbols ranlib: file: ../libcrypto.a(hmac.o) has no symbols ... ranlib: file: ../libcrypto.a(v3_asid.o) has no symbols ranlib: file: ../libcrypto.a(v3_addr.o) has no symbols /usr/bin/ranlib ../libcrypto.a || echo Never mind. /usr/bin/ranlib: file: ../libcrypto.a(ebcdic.o) has no symbols /usr/bin/ranlib: file: ../libcrypto.a(hmac.o) has no symbols ... /usr/bin/ranlib: file: ../libcrypto.a(v3_addr.o) has no symbols making all in crypto/objects... cc -I.. -I../.. -I../../include -fPIC -fno-common -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3-c -o o_names.o o_names.c ... 'make' continues until, ( :; LIBDEPS=${LIBDEPS:--Wl,-search_paths_first -L.. -lssl -L.. -lcrypto }; LDCMD=${LDCMD:-cc}; LDFLAGS=${LDFLAGS:--fPIC -fno-common -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 }; LIBPATH=`for x in $LIBDEPS; do if echo $x | grep '^ *-L' /dev/null 21; then echo $x | sed -e 's/^ *-L//'; fi; done | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=openssl} openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o ocsp.o prime.o ${LIBDEPS} ) (cd ..; \ OPENSSL=`pwd`/util/opensslwrap.sh; export OPENSSL; \ /usr/local/DarkMatter/perl5/bin/perl tools/c_rehash certs) Doing certs aol1.pem = .0 WARNING: Skipping duplicate certificate aol2.pem WARNING: Skipping duplicate certificate aoltw1.pem WARNING: Skipping duplicate certificate aoltw2.pem where, at *each* WARNING: Skipping duplicate certificate ..., I get an osx CRASH dialog, and a report such as, Process: openssl [31040] Path:openssl Identifier: openssl Version: ??? (???) Code Type: PPC (Native) Parent Process: perl [31039] Date/Time: 2009-01-07 12:34:24.626 -0800 OS Version: Mac OS X 10.5.6 (9G55) Report Version: 6 Exception Type: EXC_BREAKPOINT (SIGTRAP) Exception Codes: 0x0001, 0x00200150 Crashed Thread: 0 Thread 0 Crashed: 0 libcrypto.0.9.8.dylib 0x00200150 PEM_read_bio_X509_AUX + 0 1 openssl 0x0002c558 load_cert + 616 2 openssl 0x0001952c x509_main + 4716 3 openssl 0x1940 do_cmd + 96 4 openssl 0x1fa8 main + 808 5 openssl 0x1830 start + 64 6 ??? 0x0ffc 0 + 4092 Thread 0 crashed with PPC Thread State 32: srr0: 0x00200150 srr1: 0x0202f030 dar: 0x00251e8c dsisr:
Re: Repeating crashes @ fips 1.2 'make' on OSX
On Wed, Jan 07, 2009, PGNet wrote: I'm building fips 1.2 on OSX, uname -a Darwin pb.local 9.6.0 Darwin Kernel Version 9.6.0: Mon Nov 24 17:39:01 PST 2008; root:xnu-1228.9.59~1/RELEASE_PPC Power Macintosh Config, cd /usr/local/src/openssl-fips-1.2 ./config fipscanisterbuild completes without an apparent hitch. @ 'make', I see numerous warnings of function called through a non-compatible type as well as repeated instances of ranlib: file: ... has no symbols, make if [ -n libcrypto ]; then \ ... cc -I.. -I../.. -I../../include -fPIC -fno-common -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3-c -o pem_all.o pem_all.c pem_all.c: In function 'PEM_read_bio_X509_REQ': pem_all.c:141: warning: function called through a non-compatible type pem_all.c:141: note: if this code is reached, the program will abort pem_all.c: In function 'PEM_read_X509_REQ': pem_all.c:141: warning: function called through a non-compatible type pem_all.c:141: note: if this code is reached, the program will abort ... cc -I. -I.. -I../include -fPIC -fno-common -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3-c -o fips_err.o fips_err.c /usr/local/DarkMatter/perl5/bin/perl ../util/arx.pl ar r ../libcrypto.a cryptlib.o dyn_lck.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o o_init.o fips_err.o ranlib: file: ../libcrypto.a(ebcdic.o) has no symbols ranlib: file: ../libcrypto.a(hmac.o) has no symbols ... ranlib: file: ../libcrypto.a(v3_asid.o) has no symbols ranlib: file: ../libcrypto.a(v3_addr.o) has no symbols /usr/bin/ranlib ../libcrypto.a || echo Never mind. /usr/bin/ranlib: file: ../libcrypto.a(ebcdic.o) has no symbols /usr/bin/ranlib: file: ../libcrypto.a(hmac.o) has no symbols ... /usr/bin/ranlib: file: ../libcrypto.a(v3_addr.o) has no symbols making all in crypto/objects... cc -I.. -I../.. -I../../include -fPIC -fno-common -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3-c -o o_names.o o_names.c ... 'make' continues until, ( :; LIBDEPS=${LIBDEPS:--Wl,-search_paths_first -L.. -lssl -L.. -lcrypto }; LDCMD=${LDCMD:-cc}; LDFLAGS=${LDFLAGS:--fPIC -fno-common -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 }; LIBPATH=`for x in $LIBDEPS; do if echo $x | grep '^ *-L' /dev/null 21; then echo $x | sed -e 's/^ *-L//'; fi; done | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=openssl} openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o ocsp.o prime.o ${LIBDEPS} ) (cd ..; \ OPENSSL=`pwd`/util/opensslwrap.sh; export OPENSSL; \ /usr/local/DarkMatter/perl5/bin/perl tools/c_rehash certs) Doing certs aol1.pem = .0 WARNING: Skipping duplicate certificate aol2.pem WARNING: Skipping duplicate certificate aoltw1.pem WARNING: Skipping duplicate certificate aoltw2.pem where, at *each* WARNING: Skipping duplicate certificate ..., I get an osx CRASH dialog, and a report such as, This is an unfortunate side effect of gcc being stricter about function pointers. The versions of gcc tested at the time of submission didn't exhibit this behaviour and the nature of the process is such that making tiny changes can introduce several months delay. The fix for that is not a tiny change however. The actual errors you see are not part of the validated module but part of the rest of OpenSSL. If you complete the make process once (despite the crashes) and can do make install it will install a validated module. You only have to do this once with the validated tarball, subsequent version of OpenSSL will then use that module. When you then install OpenSSL 0.9.8j in fips mode the relevant parts of OpenSSL include fixes for this issue and everything should be fine. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Repeating crashes @ fips 1.2 'make' on OSX
Hi, On Thu, Jan 8, 2009 at 12:42 AM, Kyle Hamilton aerow...@gmail.com wrote: Which version of Xcode do you have installed? XCode v3.1.2, build 1149 Which version of gcc are you using (3.x or 4.x)? gcc version 4.2.1 (Apple Inc. build 5566) On Wed, Jan 7, 2009 at 12:41 PM, PGNet pgnet.trash+...@gmail.com wrote: On Thu, Jan 8, 2009 at 3:42 AM, Dr. Stephen Henson st...@openssl.org wrote: where, at *each* WARNING: Skipping duplicate certificate ..., I get an osx CRASH dialog, and a report such as, This is an unfortunate side effect of gcc being stricter about function pointers ... The actual errors you see are not part of the validated module but part of the rest of OpenSSL. If you complete the make process once (despite the crashes) and can do make install it will install a validated module. ... Per advice, ignoring the crashes (18 of htem; somewhat disconverting) @ ... Doing certs aol1.pem = .0 WARNING: Skipping duplicate certificate aol2.pem ... making all in test... ... 'make', indeed, completes. ... making all in tools... make[1]: Nothing to be done for `all'. subsequent, make DESTDIR=/usr/local/ssl-fips install does, apparently, install, but ignores the DESTDIR spec, installing instead in, ls -al /usr/local/ssl/fips-1.0/lib/ drwxr-xr-x 11 root wheel 374 2009-01-08 07:18 engines/ -r--r--r-- 1 root wheel5396 2007-08-15 06:35 fips_premain.c -r--r--r-- 1 root wheel 68 2007-08-15 06:35 fips_premain.c.sha1 -r--r--r-- 1 root wheel 314008 2009-01-08 06:58 fipscanister.o -r--r--r-- 1 root wheel 68 2009-01-08 06:58 fipscanister.o.sha1 -r-xr-xr-x 1 root wheel 1412828 2009-01-08 07:18 libcrypto.0.9.8.dylib -rw-r--r-- 1 root wheel 2094752 2009-01-08 07:18 libcrypto.a lrwxr-xr-x 1 root wheel 21 2009-01-08 07:18 libcrypto.dylib - libcrypto.0.9.8.dylib -r-xr-xr-x 1 root wheel 310516 2009-01-08 07:18 libssl.0.9.8.dylib -rw-r--r-- 1 root wheel 380616 2009-01-08 07:18 libssl.a lrwxr-xr-x 1 root wheel 18 2009-01-08 07:18 libssl.dylib - libssl.0.9.8.dylib drwxr-xr-x 5 root wheel 170 2009-01-08 07:18 pkgconfig/ How do I get FIPS installed in a location I specify? I'd specify the install prefix on the config/Configure line, but http://openssl.org/docs/fips/UserGuide-1.2.pdf states, Per the conditions of the FIPS 140-2 validation only one configuration command may be used: ./config fipscanisterbuild The specification of any other options on the command line, such as ./config fipscanisterbuild shared is specifically not permitted. Just want to be clear that everything's working as (mostly) expected ... Thanks. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Repeating crashes @ fips 1.2 'make' on OSX
As a test, ignoring the UserGuide's admonition about user-config options to FIPS build, with a TARGET = darwin-ppc-cc, this, ./config --prefix=/usr/local/ssl-fips fipscanisterbuild make make install installs FIPS as directed in /usr/local/ssl-fips. Then, building openssl 098j, mv /usr/include/stdarg.h /usr/include/stdarg.h.ORIG cp /usr/lib/gcc/powerpc-apple-darwin9/4.2.1/include/stdarg.h /usr/include/stdarg.h setenv LDFLAGS -L/usr/local/lib -lz ./Configure --prefix=/usr/local/ssl --openssldir=/usr/local/ssl \ darwin-ppc-cc fips --with-fipslibdir=/usr/local/ssl-fips/lib \ -DUSE_TOD threads -L/usr/local/lib zlib \ enable-idea enable-rc5 enable-mdc2 enable-sha1 enable-sha256 enable-sha384 enable-sha512 enable-rmd160 is fine. make depend also completes, but with a bunch of odd warnings, ... makedepend: warning: cannot open ppc making depend in ssl... makedepend: warning: cannot open ppc making depend in engines... makedepend: warning: cannot open ppc making depend in apps... makedepend: warning: cannot open ppc making depend in test... makedepend: warning: cannot open ppc making depend in tools... make[1]: Nothing to be done for `depend'. then make gets quite a way, but eventually fails @, ... /usr/local/ssl-fips/lib/fips_premain.c: In function 'FINGERPRINT_premain': /usr/local/ssl-fips/lib/fips_premain.c:94: warning: incompatible implicit declaration of built-in function '_exit' /usr/local/ssl-fips/lib/fips_premain.c:109: warning: incompatible implicit declaration of built-in function '_exit' /usr/local/ssl-fips/lib/fips_premain.c:115: warning: incompatible implicit declaration of built-in function '_exit' ld: duplicate symbol _CRYPTO_num_locks in libcrypto.a(cryptlib.o) and /usr/local/ssl-fips/lib//fipscanister.o collect2: ld returned 1 exit status ranlib: file: fips/../libcrypto.a(ebcdic.o) has no symbols ... ranlib: file: fips/../libcrypto.a(v3_addr.o) has no symbols make[2]: *** [link_a.darwin] Error 1 make[1]: *** [do_darwin-shared] Error 2 make: *** [libcrypto.0.9.8.dylib] Error 2 fyi, building 089j WITHOUT fips --with-fipslibdir=/usr/local/ssl-fips/lib installs executes without error. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Repeating crashes @ fips 1.2 'make' on OSX
On Thu, Jan 08, 2009, PGNet wrote: This is an unfortunate side effect of gcc being stricter about function pointers ... The actual errors you see are not part of the validated module but part of the rest of OpenSSL. If you complete the make process once (despite the crashes) and can do make install it will install a validated module. ... Per advice, ignoring the crashes (18 of htem; somewhat disconverting) @ ... Doing certs aol1.pem = .0 WARNING: Skipping duplicate certificate aol2.pem ... making all in test... ... 'make', indeed, completes. ... making all in tools... make[1]: Nothing to be done for `all'. subsequent, make DESTDIR=/usr/local/ssl-fips install does, apparently, install, but ignores the DESTDIR spec, installing instead in, ls -al /usr/local/ssl/fips-1.0/lib/ drwxr-xr-x 11 root wheel 374 2009-01-08 07:18 engines/ -r--r--r-- 1 root wheel5396 2007-08-15 06:35 fips_premain.c -r--r--r-- 1 root wheel 68 2007-08-15 06:35 fips_premain.c.sha1 -r--r--r-- 1 root wheel 314008 2009-01-08 06:58 fipscanister.o -r--r--r-- 1 root wheel 68 2009-01-08 06:58 fipscanister.o.sha1 -r-xr-xr-x 1 root wheel 1412828 2009-01-08 07:18 libcrypto.0.9.8.dylib -rw-r--r-- 1 root wheel 2094752 2009-01-08 07:18 libcrypto.a lrwxr-xr-x 1 root wheel 21 2009-01-08 07:18 libcrypto.dylib - libcrypto.0.9.8.dylib -r-xr-xr-x 1 root wheel 310516 2009-01-08 07:18 libssl.0.9.8.dylib -rw-r--r-- 1 root wheel 380616 2009-01-08 07:18 libssl.a lrwxr-xr-x 1 root wheel 18 2009-01-08 07:18 libssl.dylib - libssl.0.9.8.dylib drwxr-xr-x 5 root wheel 170 2009-01-08 07:18 pkgconfig/ How do I get FIPS installed in a location I specify? I'd specify the install prefix on the config/Configure line, but http://openssl.org/docs/fips/UserGuide-1.2.pdf states, Per the conditions of the FIPS 140-2 validation only one configuration command may be used: ./config fipscanisterbuild The specification of any other options on the command line, such as ./config fipscanisterbuild shared is specifically not permitted. Just want to be clear that everything's working as (mostly) expected ... If you want to move the validated module elsewhere afterwards you can do provided you keep to the permission requirements of the security policy. Once you've installed the validated module you can then use OpenSSL 0.9.8j to build a usable version of OpenSSL which links against the validated module. For that you *can* specify whatever arguments you wish to the build process because the validated module is already installed. Of course you have to include the fips argument so it uses the validated module. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Repeating crashes @ fips 1.2 'make' on OSX
On Thu, Jan 8, 2009 at 7:58 AM, Dr. Stephen Henson st...@openssl.org wrote: If you want to move the validated module elsewhere afterwards you can do provided you keep to the permission requirements of the security policy. Once you've installed the validated module you can then use OpenSSL 0.9.8j to build a usable version of OpenSSL which links against the validated module. OK. Juggling a bit, I get a finished openssl+fips build. Doing instead, cd /usr/local/src/openssl/openssl-fips-* ./config fipscanisterbuild make make install mv /usr/local/ssl/fips-1* /usr/local/ssl-fips then, as above, cd /usr/local/src/openssl/openssl-0.9.8j ... ./config fips fips --with-fipslibdir=/usr/local/ssl-fips/lib ... make depend ... makedepend: warning: cannot open ppc making depend in ssl... makedepend: warning: cannot open ppc making depend in engines... makedepend: warning: cannot open ppc making depend in apps... makedepend: warning: cannot open ppc making depend in test... makedepend: warning: cannot open ppc making depend in tools... make[1]: Nothing to be done for `depend'. then, make now completes with a few warnings, but no apparent errors, ... /usr/local/ssl-fips/lib/fips_premain.c: In function 'FINGERPRINT_premain': /usr/local/ssl-fips/lib/fips_premain.c:94: warning: incompatible implicit declaration of built-in function '_exit' /usr/local/ssl-fips/lib/fips_premain.c:109: warning: incompatible implicit declaration of built-in function '_exit' /usr/local/ssl-fips/lib/fips_premain.c:115: warning: incompatible implicit declaration of built-in function '_exit' /usr/local/ssl-fips/lib/fips_premain.c: In function 'FINGERPRINT_premain': /usr/local/ssl-fips/lib/fips_premain.c:94: warning: incompatible implicit declaration of built-in function '_exit' /usr/local/ssl-fips/lib/fips_premain.c:109: warning: incompatible implicit declaration of built-in function '_exit' /usr/local/ssl-fips/lib/fips_premain.c:115: warning: incompatible implicit declaration of built-in function '_exit' ... checking the build, make test make report cat testlog returns correctly (I think ...), cat testlog OpenSSL self-test report: OpenSSL version: 0.9.8j Last change: Properly check EVP_VerifyFinal() and similar return val... Options: --prefix=/usr/local/ssl --openssldir=/usr/local/ssl enable-shared fips --with-fipslibdir=/usr/local/ssl-fips/lib -DUSE_TOD enable-threads enable-idea enable-rc5 enable-mdc2 enable-sha1 enable-sha256 enable-sha384 enable-sha512 enable-rmd160 -L/usr/local/lib enable-zlib no-camellia no-capieng no-cms no-gmp no-jpake no-krb5 no-montasm no-rfc3779 no-seed no-zlib-dynamic OS (uname): Darwin ws.local 9.6.0 Darwin Kernel Version 9.6.0: Mon Nov 24 17:39:01 PST 2008; root:xnu-1228.9.59~1/RELEASE_PPC Power Macintosh OS (config): ppc-apple-darwinDarwin Kernel Version 9.6.0: Mon Nov 24 17:39:01 PST 2008; root:xnu-1228.9.59~1/RELEASE_PPC Target (default): darwin-ppc-cc Target: darwin-ppc-cc Compiler: Using built-in specs. Target: powerpc-apple-darwin9 Configured with: /var/tmp/gcc_42/gcc_42-5566~1/src/configure --disable-checking --enable-werror --prefix=/usr --mandir=/usr/share/man --enable-languages=c,objc,c++,obj-c++ --program-transform-name=/^[cg][^.-]*$/s/$/-4.2/ --with-slibdir=/usr/lib --build=i686-apple-darwin9 --with-gxx-include-dir=/usr/include/c++/4.0.0 --program-prefix= --host=powerpc-apple-darwin9 --target=powerpc-apple-darwin9 Thread model: posix gcc version 4.2.1 (Apple Inc. build 5566) Test passed. after make install i finally end up with, openssl version OpenSSL 0.9.8j-fips 07 Jan 2009 thanks! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Repeating crashes @ fips 1.2 'make' on OSX
If you create a softlink to the real target directory, that seems to work... cd /usr/local/ssl ln -s fips-1.0 /usr/local/ssl-fips Please respond to openssl-users@openssl.org Sent by:owner-openssl-us...@openssl.org To: openssl-users@openssl.org cc: (bcc: Dan Mitton/YD/RWDOE) Subject:Re: Repeating crashes @ fips 1.2 'make' on OSX LSN: Not Relevant User Filed as: Not a Record Hi, On Thu, Jan 8, 2009 at 12:42 AM, Kyle Hamilton aerow...@gmail.com wrote: Which version of Xcode do you have installed? XCode v3.1.2, build 1149 Which version of gcc are you using (3.x or 4.x)? gcc version 4.2.1 (Apple Inc. build 5566) On Wed, Jan 7, 2009 at 12:41 PM, PGNet pgnet.trash+...@gmail.com wrote: On Thu, Jan 8, 2009 at 3:42 AM, Dr. Stephen Henson st...@openssl.org wrote: where, at *each* WARNING: Skipping duplicate certificate ..., I get an osx CRASH dialog, and a report such as, This is an unfortunate side effect of gcc being stricter about function pointers ... The actual errors you see are not part of the validated module but part of the rest of OpenSSL. If you complete the make process once (despite the crashes) and can do make install it will install a validated module. ... Per advice, ignoring the crashes (18 of htem; somewhat disconverting) @ ... Doing certs aol1.pem = .0 WARNING: Skipping duplicate certificate aol2.pem ... making all in test... ... 'make', indeed, completes. ... making all in tools... make[1]: Nothing to be done for `all'. subsequent, make DESTDIR=/usr/local/ssl-fips install does, apparently, install, but ignores the DESTDIR spec, installing instead in, ls -al /usr/local/ssl/fips-1.0/lib/ drwxr-xr-x 11 root wheel 374 2009-01-08 07:18 engines/ -r--r--r-- 1 root wheel5396 2007-08-15 06:35 fips_premain.c -r--r--r-- 1 root wheel 68 2007-08-15 06:35 fips_premain.c.sha1 -r--r--r-- 1 root wheel 314008 2009-01-08 06:58 fipscanister.o -r--r--r-- 1 root wheel 68 2009-01-08 06:58 fipscanister.o.sha1 -r-xr-xr-x 1 root wheel 1412828 2009-01-08 07:18 libcrypto.0.9.8.dylib -rw-r--r-- 1 root wheel 2094752 2009-01-08 07:18 libcrypto.a lrwxr-xr-x 1 root wheel 21 2009-01-08 07:18 libcrypto.dylib - libcrypto.0.9.8.dylib -r-xr-xr-x 1 root wheel 310516 2009-01-08 07:18 libssl.0.9.8.dylib -rw-r--r-- 1 root wheel 380616 2009-01-08 07:18 libssl.a lrwxr-xr-x 1 root wheel 18 2009-01-08 07:18 libssl.dylib - libssl.0.9.8.dylib drwxr-xr-x 5 root wheel 170 2009-01-08 07:18 pkgconfig/ How do I get FIPS installed in a location I specify? I'd specify the install prefix on the config/Configure line, but http://openssl.org/docs/fips/UserGuide-1.2.pdf states, Per the conditions of the FIPS 140-2 validation only one configuration command may be used: ./config fipscanisterbuild The specification of any other options on the command line, such as ./config fipscanisterbuild shared is specifically not permitted. Just want to be clear that everything's working as (mostly) expected ... Thanks. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Repeating crashes @ fips 1.2 'make' on OSX
I'm building fips 1.2 on OSX, uname -a Darwin pb.local 9.6.0 Darwin Kernel Version 9.6.0: Mon Nov 24 17:39:01 PST 2008; root:xnu-1228.9.59~1/RELEASE_PPC Power Macintosh Config, cd /usr/local/src/openssl-fips-1.2 ./config fipscanisterbuild completes without an apparent hitch. @ 'make', I see numerous warnings of function called through a non-compatible type as well as repeated instances of ranlib: file: ... has no symbols, make if [ -n libcrypto ]; then \ ... cc -I.. -I../.. -I../../include -fPIC -fno-common -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3-c -o pem_all.o pem_all.c pem_all.c: In function 'PEM_read_bio_X509_REQ': pem_all.c:141: warning: function called through a non-compatible type pem_all.c:141: note: if this code is reached, the program will abort pem_all.c: In function 'PEM_read_X509_REQ': pem_all.c:141: warning: function called through a non-compatible type pem_all.c:141: note: if this code is reached, the program will abort ... cc -I. -I.. -I../include -fPIC -fno-common -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3-c -o fips_err.o fips_err.c /usr/local/DarkMatter/perl5/bin/perl ../util/arx.pl ar r ../libcrypto.a cryptlib.o dyn_lck.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o o_init.o fips_err.o ranlib: file: ../libcrypto.a(ebcdic.o) has no symbols ranlib: file: ../libcrypto.a(hmac.o) has no symbols ... ranlib: file: ../libcrypto.a(v3_asid.o) has no symbols ranlib: file: ../libcrypto.a(v3_addr.o) has no symbols /usr/bin/ranlib ../libcrypto.a || echo Never mind. /usr/bin/ranlib: file: ../libcrypto.a(ebcdic.o) has no symbols /usr/bin/ranlib: file: ../libcrypto.a(hmac.o) has no symbols ... /usr/bin/ranlib: file: ../libcrypto.a(v3_addr.o) has no symbols making all in crypto/objects... cc -I.. -I../.. -I../../include -fPIC -fno-common -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3-c -o o_names.o o_names.c ... 'make' continues until, ( :; LIBDEPS=${LIBDEPS:--Wl,-search_paths_first -L.. -lssl -L.. -lcrypto }; LDCMD=${LDCMD:-cc}; LDFLAGS=${LDFLAGS:--fPIC -fno-common -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 }; LIBPATH=`for x in $LIBDEPS; do if echo $x | grep '^ *-L' /dev/null 21; then echo $x | sed -e 's/^ *-L//'; fi; done | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=openssl} openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o ocsp.o prime.o ${LIBDEPS} ) (cd ..; \ OPENSSL=`pwd`/util/opensslwrap.sh; export OPENSSL; \ /usr/local/DarkMatter/perl5/bin/perl tools/c_rehash certs) Doing certs aol1.pem = .0 WARNING: Skipping duplicate certificate aol2.pem WARNING: Skipping duplicate certificate aoltw1.pem WARNING: Skipping duplicate certificate aoltw2.pem where, at *each* WARNING: Skipping duplicate certificate ..., I get an osx CRASH dialog, and a report such as, Process: openssl [31040] Path:openssl Identifier: openssl Version: ??? (???) Code Type: PPC (Native) Parent Process: perl [31039] Date/Time: 2009-01-07 12:34:24.626 -0800 OS Version: Mac OS X 10.5.6 (9G55) Report Version: 6 Exception Type: EXC_BREAKPOINT (SIGTRAP) Exception Codes: 0x0001, 0x00200150 Crashed Thread: 0 Thread 0 Crashed: 0 libcrypto.0.9.8.dylib 0x00200150 PEM_read_bio_X509_AUX + 0 1 openssl 0x0002c558 load_cert + 616 2 openssl 0x0001952c x509_main + 4716 3 openssl 0x1940 do_cmd + 96 4 openssl 0x1fa8 main + 808 5 openssl 0x1830 start + 64 6 ??? 0x0ffc 0 + 4092 Thread 0 crashed with PPC Thread State 32: srr0: 0x00200150 srr1: 0x0202f030 dar: 0x00251e8c dsisr: 0x4000 r0: 0x0002c55cr1: 0xbfffa440r2: 0x002fr3: 0x00308510 r4: 0xr5: 0x0002cb20r6: 0xr7: 0x r8: 0x0003r9: 0x9181e350 r10: 0x r11: 0x8fe33c48 r12: 0x00200150 r13: 0x r14: 0x0003c7cc r15: 0x000482d0 r16: 0x0003 r17: 0x0003 r18: 0x00308a70 r19: 0x r20: