Switch hangs for significant amount of time when using RAND_write_file API with openssl version 1.1.1h and above.
Hi, I have updated the openssl version running on the switch from 1.1.1g to 1.1.1h and eventually to 1.1.1k. Starting 1.1.1h, I am observing that the switch hangs for a significant amount of time (> 3 minutes) when the call RAND_write_file is invoked from the switch software. The same call (RAND_write_file) invoked from the switch software with the earlier versions of openssl (1.1.1g) did not make the switch to hang for the noticeable time. Can you please help me understand why this behavior is and suggest a solution if any? Regards, Sravani -- This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it. smime.p7s Description: S/MIME Cryptographic Signature
Compilation errors with 1.1.1b
Hi, Earlier our application used OpenSSL version 1.0.2n. Now we wanted to upgrade to 1.1.1b. After upgrade when i compile OpenSSL, i see the following errors: Tried to generate the Makefile with both the ways mentioned below.. But getting compilation errors as attached mainly at places where DEPRECATEDIN_1_1_0 and DEPRECATEDIN_0_9_8 are used. ./config >> ../build.log \ no-idea no-md2 no-md4 no-mdc2 no-rc2 no-rc5 \ -DOPENSSL_SYSNAME_LINUX -DOPENSSL_USE_IPV6 -DOPENSSL_IMPLEMENTS_strncasecmp \ -DOPENSSL_API_COMPAT=0x1010102fL \ -ffunction-sections -fdata-sections \ no-hw shared no-asm ./config >> ../build.log \ no-idea no-md2 no-md4 no-mdc2 no-rc2 no-rc5 \ -DOPENSSL_SYSNAME_LINUX -DOPENSSL_USE_IPV6 -DOPENSSL_IMPLEMENTS_strncasecmp \ disable-deprecated \ -ffunction-sections -fdata-sections \ no-hw shared no-asm Can you please suggest the possible solution to fix the errors? Regards, Sravani COMPILING[openssl] : vendor/openssl/crypto/cpt_err.c In file included from ../../../../vendor/openssl/include/openssl/err.h:21:0, from ../../../../vendor/openssl/crypto/cpt_err.c:11: ../../../../vendor/openssl/include/openssl/bio.h:689:27: error: 'struct hostent' declared inside parameter list [-Werror] DEPRECATEDIN_1_1_0(struct hostent *BIO_gethostbyname(const char *name)) ^ ../../../../vendor/openssl/include/openssl/bio.h:689:27: error: its scope is only this definition or declaration, which is probably not what you want [-Werror] ../../../../vendor/openssl/include/openssl/bio.h:689:1: error: return type defaults to 'int' [-Werror=implicit-int] DEPRECATEDIN_1_1_0(struct hostent *BIO_gethostbyname(const char *name)) ^ ../../../../vendor/openssl/include/openssl/bio.h: In function 'DEPRECATEDIN_1_1_0': ../../../../vendor/openssl/include/openssl/bio.h:690:1: error: expected declaration specifiers before 'DEPRECATEDIN_1_1_0' DEPRECATEDIN_1_1_0(int BIO_get_port(const char *str, unsigned short *port_ptr)) ^ ../../../../vendor/openssl/include/openssl/bio.h:697:2: error: expected declaration specifiers before ';' token }; ^ ../../../../vendor/openssl/include/openssl/bio.h:698:1: error: empty declaration [-Werror] enum BIO_sock_info_type { ^ ../../../../vendor/openssl/include/openssl/bio.h:702:55: error: 'union BIO_sock_info_u' declared inside parameter list [-Werror] enum BIO_sock_info_type type, union BIO_sock_info_u *info); ^ In file included from ../../../../vendor/openssl/include/openssl/err.h:22:0, from ../../../../vendor/openssl/crypto/cpt_err.c:11: ../../../../vendor/openssl/include/openssl/lhash.h:24:30: error: storage class specified for parameter 'OPENSSL_LH_NODE' typedef struct lhash_node_st OPENSSL_LH_NODE; ^ ../../../../vendor/openssl/include/openssl/lhash.h:25:15: error: storage class specified for parameter 'OPENSSL_LH_COMPFUNC' typedef int (*OPENSSL_LH_COMPFUNC) (const void *, const void *); ^ ../../../../vendor/openssl/include/openssl/lhash.h:26:25: error: storage class specified for parameter 'OPENSSL_LH_HASHFUNC' typedef unsigned long (*OPENSSL_LH_HASHFUNC) (const void *); ^ ../../../../vendor/openssl/include/openssl/lhash.h:27:16: error: storage class specified for parameter 'OPENSSL_LH_DOALL_FUNC' typedef void (*OPENSSL_LH_DOALL_FUNC) (void *); ^ ../../../../vendor/openssl/include/openssl/lhash.h:28:16: error: storage class specified for parameter 'OPENSSL_LH_DOALL_FUNCARG' typedef void (*OPENSSL_LH_DOALL_FUNCARG) (void *, void *); ^ ../../../../vendor/openssl/include/openssl/lhash.h:29:25: error: storage class specified for parameter 'OPENSSL_LHASH' typedef struct lhash_st OPENSSL_LHASH; ^ ../../../../vendor/openssl/include/openssl/lhash.h:72:22: error: expected declaration specifiers or '...' before 'OPENSSL_LHASH' int OPENSSL_LH_error(OPENSSL_LHASH *lh); ^ ../../../../vendor/openssl/include/openssl/lhash.h:73:1: error: expected declaration specifiers before 'OPENSSL_LHASH' OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c); ^ ../../../../vendor/openssl/include/openssl/lhash.h:74:22: error: expected declaration specifiers or '...' before 'OPENSSL_LHASH' void OPENSSL_LH_free(OPENSSL_LHASH *lh); ^ ../../../../vendor/openssl/include/openssl/lhash.h:75:25: error: expected declaration specifiers or '...' before 'OPENSSL_LHASH' void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data); ^ ../../../../vendor/openssl/include/openssl/lhash.h:76:25: error: expected declaration specifiers or '...' before 'OPENSSL_LHASH' void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data);
Re: [openssl-users] Openssl 1.1.0f support for building Openssh7.2p2 and above
I will check with OpenSSH team on this. Thanks for the info. Regards, Sravani On Mon, Jul 10, 2017 at 12:05 PM, Jeffrey Walton <noloa...@gmail.com> wrote: > On Mon, Jul 10, 2017 at 2:01 AM, Sravani Maddukuri via openssl-users > <openssl-users@openssl.org> wrote: > > > > Is there any plans in the future to get the support of OpenSSL 1.1.0 for > > OpenSSH? > > You should ask the OpenSSH folks. > > Jeff > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Openssl 1.1.0f support for building Openssh7.2p2 and above
Thanks for the update Jeff. Is there any plans in the future to get the support of OpenSSL 1.1.0 for OpenSSH? Regards, Sravani On Mon, Jul 10, 2017 at 9:18 AM, Jeffrey Walton <noloa...@gmail.com> wrote: > On Sun, Jul 9, 2017 at 11:31 PM, Sravani Maddukuri via openssl-users > <openssl-users@openssl.org> wrote: > > Dear Concern, > > > > Can you please update me on my below query? > > > > Does openssl 1.1.0f version support building Openssh7.2p2 and above > > versions? > > As far as I know, OpenSSH does not support OpenSSL 1.1.0. Kurt Roeckx > provided the initial port and offered the patches to OpenSSH, but they > were never merged. > > Also see http://github.com/openssh/openssh-portable/pull/48 and > https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes#OpenSSH. > > Jeff > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Openssl 1.1.0f support for building Openssh7.2p2 and above
Dear Concern, Can you please update me on my below query? Does openssl 1.1.0f version support building Openssh7.2p2 and above versions? Regards, Sravani On Fri, Jul 7, 2017 at 2:33 PM, Sravani Maddukuri < sravani.madduk...@broadcom.com> wrote: > Dear Concern, > > I am using openssh 7.2p2 version ported to use along with my software. > After upgrading openssl to 1.1.0f, I am getting compilation errors in the > openssh code. > > Does openssl 1.1.0f version support building Openssh7.2p2 and > above versions? > > Regards, > Sravani > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users