subject:"Errors building 1.1.1 on RHEL 7"

Re: Errors building 1.1.1 on RHEL 7

2019-07-18 Thread Viktor Dukhovni

> On Jul 18, 2019, at 3:13 PM, Mark Richter  wrote:
> 
> 2. Not at all clear on what the "_OPT" part means - do I need to change my 
> source code to use this for accessors or ???

Just try it and see.  The "_OPT" in the symbol version is internally
generated from "-opt" in the shlib_variant SONAME.  To support multiple
shlib_variants now or in the future, add the major.minor (ABI version)
to the variant tag:

shlib_variant => "-opt1.1"
shlib_variant => "-opt1.2"
shlib_variant => "-somevendor-3.0"
...

The non-alnum characters in the shlib_variant map to "_" in
the symbol version, and the letters are mapped to upper case
(IIRC).

-- 
Viktor.

Re: Errors building 1.1.1 on RHEL 7

2019-07-18 Thread Viktor Dukhovni

> On Jul 18, 2019, at 2:57 PM, Mark Richter  wrote:
> 
> Also, once I figure out the build issues, how can I statically link the ssl 
> libraries into my app?  (That way we don't require our customers to build and 
> install OpenSSL 1.1.1 pon their RHEL 7 hosts.)  Are there any gotchas to 
> doing this? E.g., our app also uses the curl library, which I believe uses 
> the default openssl on the host.

Static linking has much worse library version conflicts than
dynamic linking if you're delivering a library, or if your
application will run on systems where the C-library (perhaps
through nsswitch modules) also loads the default OpenSSL.

You lose the isolation made possible by symbol versioning
with dynamic libraries.

If you want to ship code to users to deploy on their own
systems you should generally use whichever OpenSSL is
in the base platform.  To deliver a custom OpenSSL,
for your application only, you'll need to build a
shlib_variant shared library and perhaps make its
location flexible using $ORIGIN in the dependent's
run path.

-- 
Viktor.

RE: Errors building 1.1.1 on RHEL 7

2019-07-18 Thread Michael Wojcik

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
> Mark Richter
> Sent: Thursday, July 18, 2019 12:57
>
> Is Linux considered to be the same as (or similar enough to) Unix w.r.t. the
> building instructions?  I'm reading the INSTALL file and it doesn't mention
> Linux (nor are there templates for, etc.).

Yes. Note there are a couple of references to Linux in NOTES.UNIX (and in 
NOTES.PERL). There are Linux-relevant stanzas in config, and so on.

We build on a number of Linux platforms and distributions, including some 
obscure ones, generally without issues.

> Also, once I figure out the build issues, how can I statically link the ssl
> libraries into my app?

You can Configure it for static linkage before building it, but per NOTES.UNIX 
you should get a set of static (archive) libraries as well as the dynamic ones 
even if you don't.

I recommend building OpenSSL as loadable - e.g. as PIC (position-independent 
code) on ELF platforms such as Linux - even if you intend to link it 
statically. Then you have the option of statically linking it into a shared 
object. That's what we do: build OpenSSL as loadable, and link it statically 
into our own wrapper library, which is a shared object (or DLL on Windows).

> Are there any gotchas to
> doing this?  E.g., our app also uses the curl library, which I believe uses
> the default openssl on the host.

As Viktor explained in some recent messages to the list, you may need to build 
OpenSSL with munged symbol names, to ensure each OpenSSL library resolves 
symbols to itself. However, if you're linking it statically that probably won't 
be an issue. Aside from that it shouldn't be a problem, as long as you don't 
try to share OpenSSL objects between the OpenSSL binaries.

--
Michael Wojcik
Distinguished Engineer, Micro Focus

RE: Errors building 1.1.1 on RHEL 7

2019-07-18 Thread Mark Richter

> -Original Message-
> From: openssl-users  On Behalf Of Viktor 
> Dukhovni
> Sent: Wednesday, July 17, 2019 12:42 PM
> To: openssl-users@openssl.org
> Subject: Re: Errors building 1.1.1 on RHEL 7
>:
>   4. Build and install OpenSSL 1.1.1c with "--prefix=/opt/openssl/1.1"
>  or similar for the custom target platorm.  Make sure that the
>  SONAME and symbol versions contain the "-opt" or "_OPT" tweak.

In reading the various README and INSTALL files, I'm not entirely clear on what 
this means.  I'm guessing:

1. During the build, the makefile ld flags have to include the variant -opt to 
get the right libraries to link.

2. Not at all clear on what the "_OPT" part means - do I need to change my 
source code to use this for accessors or ???

Thanks.

The information contained in this message is confidential and is intended for 
the addressee(s) only. If you have received this message in error, please 
notify the sender immediately and delete the message. Unless you are an 
addressee (or authorized to receive for an addressee), you may not use, copy or 
disclose to anyone this message or any information contained in this message. 
The unauthorized use, disclosure, copying or alteration of this message is 
strictly prohibited.

RE: Errors building 1.1.1 on RHEL 7

2019-07-18 Thread Mark Richter

-Original Message- [edited]
From: openssl-users  On Behalf Of Viktor 
Dukhovni
Sent: Wednesday, July 17, 2019 6:17 PM
To: openssl-users@openssl.org
Subject: Re: Errors building 1.1.1 on RHEL 7

>>>   2. Configure your OpenSSL build to use the corresponding "rpath":
>>>  -Wl,-rpath,/opt/openssl/1.1/lib
>>>
> > Again, how do I specify that?
>
>Command-line argument to "Configure" or custom platform template.

Is Linux considered to be the same as (or similar enough to) Unix w.r.t. the 
building instructions?  I'm reading the INSTALL file and it doesn't mention 
Linux (nor are there templates for, etc.).

Also, once I figure out the build issues, how can I statically link the ssl 
libraries into my app?  (That way we don't require our customers to build and 
install OpenSSL 1.1.1 pon their RHEL 7 hosts.)  Are there any gotchas to doing 
this?  E.g., our app also uses the curl library, which I believe uses the 
default openssl on the host.

Thanks.

Mark

The information contained in this message is confidential and is intended for 
the addressee(s) only. If you have received this message in error, please 
notify the sender immediately and delete the message. Unless you are an 
addressee (or authorized to receive for an addressee), you may not use, copy or 
disclose to anyone this message or any information contained in this message. 
The unauthorized use, disclosure, copying or alteration of this message is 
strictly prohibited.

Re: Errors building 1.1.1 on RHEL 7

2019-07-18 Thread Blumenthal, Uri - 0553 - MITLL

Probably, disregard: the problem seems to be related to the incomplete support 
for ISO C11 in GCC on CentOS (and I'm willing to bet - on RHEL). 

Changing the standard to "-std=gnu99" lead to a successful build with all the 
tests passing.


On 7/18/19, 12:28 PM, "openssl-users on behalf of Blumenthal, Uri - 0553 - 
MITLL"  wrote:

I'm getting a somewhat different error trying to build OpenSSL_1_1_1-stable 
on CentOS 7 (similar to RHEL 7).

Configuration:

./config --prefix=$HOME/openssl-1.1 --debug 
--openssldir=$HOME/openssl-1.1/etc --with-rand-seed=rdcpu enable-aria 
enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-weak-ssl-ciphers 
enable-zlib-dynamic shared threads enable-rfc3779 enable-ssl-trace

Followed by 

  make depend && make clean && make -j 2 all && make test && make install

I'm appending the output of "perl configdata.pm -d" at the end.

Here's the problem:

. . . . .
gcc  -I. -Icrypto/include -Iinclude -fPIC -pthread -m64 -Wa,--noexecstack 
-std=gnu11 -O3 -march=native -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC 
-DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT 
-DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM 
-DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM 
-DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM 
-DOPENSSLDIR="\"/home/ur20980/openssl-1.1/etc\"" 
-DENGINESDIR="\"/home/ur20980/openssl-1.1/lib/engines-1.1\"" -DZLIB 
-DZLIB_SHARED  -MMD -MF crypto/asn1/a_strex.d.tmp -MT crypto/asn1/a_strex.o -c 
-o crypto/asn1/a_strex.o crypto/asn1/a_strex.c
In file included from crypto/include/internal/evp_int.h:11:0,
 from crypto/asn1/a_sign.c:22:
include/internal/refcount.h:21:25: fatal error: stdatomic.h: No such file 
or directory
 #  include 
 ^
compilation terminated.
make[1]: *** [crypto/asn1/a_sign.o] Error 1
make[1]: *** Waiting for unfinished jobs

This is the compiler used:
$ gcc -v
Using built-in specs.
COLLECT_GCC=/usr/bin/gcc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-redhat-linux/4.8.5/lto-wrapper
Target: x86_64-redhat-linux
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man 
--infodir=/usr/share/info --with-bugurl=http://bugzilla.redhat.com/bugzilla 
--enable-bootstrap --enable-shared --enable-threads=posix 
--enable-checking=release --with-system-zlib --enable-__cxa_atexit 
--disable-libunwind-exceptions --enable-gnu-unique-object 
--enable-linker-build-id --with-linker-hash-style=gnu 
--enable-languages=c,c++,objc,obj-c++,java,fortran,ada,go,lto --enable-plugin 
--enable-initfini-array --disable-libgcj 
--with-isl=/builddir/build/BUILD/gcc-4.8.5-20150702/obj-x86_64-redhat-linux/isl-install
 
--with-cloog=/builddir/build/BUILD/gcc-4.8.5-20150702/obj-x86_64-redhat-linux/cloog-install
 --enable-gnu-indirect-function --with-tune=generic --with-arch_32=x86-64 
--build=x86_64-redhat-linux
Thread model: posix
gcc version 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) 
$

External flags:
$ env | grep FLAGS
CXXFLAGS=-std=gnu++11 -O3 -march=native
CFLAGS=-std=gnu11 -O3 -march=native
$

Finally, output of "perl configdata.pm -d":

Command line (with current working directory = .):

/usr/bin/perl ./Configure linux-x86_64 
--prefix=/home/ur20980/openssl-1.1 --debug 
--openssldir=/home/ur20980/openssl-1.1/etc --with-rand-seed=rdcpu enable-aria 
enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-weak-ssl-ciphers 
enable-zlib-dynamic shared threads enable-rfc3779 enable-ssl-trace

Perl information:

/usr/bin/perl
5.16.3 for x86_64-linux-thread-multi

Enabled features:

aria
asm
async
autoalginit
autoerrinit
autoload-config
bf
blake2
buildtest-c\+\+
camellia
capieng
cast
chacha
cmac
cms
comp
ct
deprecated
des
dgram
dh
dsa
dtls
dynamic-engine
ec
ec2m
ecdh
ecdsa
ec_nistp_64_gcc_128
engine
err
filenames
gost
hw(-.+)?
idea
makedepend
md2
md4
mdc2
multiblock
nextprotoneg
pinshared
ocb
ocsp
pic
poly1305
posix-io
psk
rc2
rc4
rc5
rdrand
rfc3779
rmd160
scrypt
seed
shared
siphash
sm2
sm3
sm4
sock
srp
srtp
sse2
ssl
ssl-trace
static-engine
stdio
tests
threads
tls
ts
ui-console
whirlpool
weak-ssl-ciphers
zlib

Re: Errors building 1.1.1 on RHEL 7

2019-07-18 Thread Blumenthal, Uri - 0553 - MITLL

I'm getting a somewhat different error trying to build OpenSSL_1_1_1-stable on 
CentOS 7 (similar to RHEL 7).

Configuration:

./config --prefix=$HOME/openssl-1.1 --debug --openssldir=$HOME/openssl-1.1/etc 
--with-rand-seed=rdcpu enable-aria enable-ec_nistp_64_gcc_128 enable-md2 
enable-rc5 enable-weak-ssl-ciphers enable-zlib-dynamic shared threads 
enable-rfc3779 enable-ssl-trace

Followed by 

  make depend && make clean && make -j 2 all && make test && make install

I'm appending the output of "perl configdata.pm -d" at the end.

Here's the problem:

. . . . .
gcc  -I. -Icrypto/include -Iinclude -fPIC -pthread -m64 -Wa,--noexecstack 
-std=gnu11 -O3 -march=native -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC 
-DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT 
-DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM 
-DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM 
-DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM 
-DOPENSSLDIR="\"/home/ur20980/openssl-1.1/etc\"" 
-DENGINESDIR="\"/home/ur20980/openssl-1.1/lib/engines-1.1\"" -DZLIB 
-DZLIB_SHARED  -MMD -MF crypto/asn1/a_strex.d.tmp -MT crypto/asn1/a_strex.o -c 
-o crypto/asn1/a_strex.o crypto/asn1/a_strex.c
In file included from crypto/include/internal/evp_int.h:11:0,
 from crypto/asn1/a_sign.c:22:
include/internal/refcount.h:21:25: fatal error: stdatomic.h: No such file or 
directory
 #  include 
 ^
compilation terminated.
make[1]: *** [crypto/asn1/a_sign.o] Error 1
make[1]: *** Waiting for unfinished jobs

This is the compiler used:
$ gcc -v
Using built-in specs.
COLLECT_GCC=/usr/bin/gcc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-redhat-linux/4.8.5/lto-wrapper
Target: x86_64-redhat-linux
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man 
--infodir=/usr/share/info --with-bugurl=http://bugzilla.redhat.com/bugzilla 
--enable-bootstrap --enable-shared --enable-threads=posix 
--enable-checking=release --with-system-zlib --enable-__cxa_atexit 
--disable-libunwind-exceptions --enable-gnu-unique-object 
--enable-linker-build-id --with-linker-hash-style=gnu 
--enable-languages=c,c++,objc,obj-c++,java,fortran,ada,go,lto --enable-plugin 
--enable-initfini-array --disable-libgcj 
--with-isl=/builddir/build/BUILD/gcc-4.8.5-20150702/obj-x86_64-redhat-linux/isl-install
 
--with-cloog=/builddir/build/BUILD/gcc-4.8.5-20150702/obj-x86_64-redhat-linux/cloog-install
 --enable-gnu-indirect-function --with-tune=generic --with-arch_32=x86-64 
--build=x86_64-redhat-linux
Thread model: posix
gcc version 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) 
$

External flags:
$ env | grep FLAGS
CXXFLAGS=-std=gnu++11 -O3 -march=native
CFLAGS=-std=gnu11 -O3 -march=native
$

Finally, output of "perl configdata.pm -d":

Command line (with current working directory = .):

/usr/bin/perl ./Configure linux-x86_64 --prefix=/home/ur20980/openssl-1.1 
--debug --openssldir=/home/ur20980/openssl-1.1/etc --with-rand-seed=rdcpu 
enable-aria enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 
enable-weak-ssl-ciphers enable-zlib-dynamic shared threads enable-rfc3779 
enable-ssl-trace

Perl information:

/usr/bin/perl
5.16.3 for x86_64-linux-thread-multi

Enabled features:

aria
asm
async
autoalginit
autoerrinit
autoload-config
bf
blake2
buildtest-c\+\+
camellia
capieng
cast
chacha
cmac
cms
comp
ct
deprecated
des
dgram
dh
dsa
dtls
dynamic-engine
ec
ec2m
ecdh
ecdsa
ec_nistp_64_gcc_128
engine
err
filenames
gost
hw(-.+)?
idea
makedepend
md2
md4
mdc2
multiblock
nextprotoneg
pinshared
ocb
ocsp
pic
poly1305
posix-io
psk
rc2
rc4
rc5
rdrand
rfc3779
rmd160
scrypt
seed
shared
siphash
sm2
sm3
sm4
sock
srp
srtp
sse2
ssl
ssl-trace
static-engine
stdio
tests
threads
tls
ts
ui-console
whirlpool
weak-ssl-ciphers
zlib
zlib-dynamic
tls1
tls1-method
tls1_1
tls1_1-method
tls1_2
tls1_2-method
tls1_3
dtls1
dtls1-method
dtls1_2
dtls1_2-method

Disabled features:

afalgeng[too-old-kernel] 
asan[default]OPENSSL_NO_ASAN
crypto-mdebug   [default]OPENSSL_NO_CRYPTO_MDEBUG
crypto-mdebug-backtrace [default]OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
devcryptoeng[default]OPENSSL_NO_DEVCRYPTOENG
egd [default]OPENSSL_NO_EGD
external-tests  [default]OPENSSL_NO_EXTERNAL_TESTS
fuzz-libfuzzer  [default]OPENSSL_NO_FUZZ_LIBFUZZER
fuzz-afl[default]OPENSSL_NO_FUZZ_AFL
heartbeats  [default]OPENSSL_NO_HEARTBEATS
msan

Re: Errors building 1.1.1 on RHEL 7

2019-07-17 Thread Viktor Dukhovni

On Thu, Jul 18, 2019 at 12:54:51AM +, Mark Richter wrote:

> I'm still really new at this - a few questions:

Understood.

>   1. Choose some location that is not on the default library search path
>  to install the 1.1.1 custom libraries.  I use /opt/openssl/1.1/lib
>
> > How do I specify that?  A config parameter (and which one)?

--prefix=/opt/openssl/1.1

>   2. Configure your OpenSSL build to use the corresponding "rpath":
>  -Wl,-rpath,/opt/openssl/1.1/lib
>
> > Again, how do I specify that?

Command-line argument to "Configure" or custom platform template.

>   3. Add a custom target platform to the "targets" array in
>  Configurations/.conf.  This can inherit from
>  the configuration you're using now, but add a setting
>  for "shlib_variant" as described in Configurations/README
> 
> ...
> inherit_from => "",
> shlib_variant => "-opt",
> ...
> > I can find that...

You'll to read the existing files in the "Configurations" directory,
and cargo-cult a new target definition that meets your needs and
also adds "shlib_variant".

>   4. Build and install OpenSSL 1.1.1c with "--prefix=/opt/openssl/1.1"
>  or similar for the custom target platorm.  Make sure that the
>  SONAME and symbol versions contain the "-opt" or "_OPT" tweak.
>
> > Not familiar with that tweak.

Setting "shlib_variant" correctly is all it takes.  The results
can be verified via "readelf -d".

I've not had the opportunity to write up the process in more
step-by-step detail, perhaps if you get this working, you
can write it as a contribution to the Wiki, or blog it, ...

-- 
Viktor.

RE: Errors building 1.1.1 on RHEL 7

2019-07-17 Thread Mark Richter

I'm still really new at this - a few questions:

-Original Message-
From: openssl-users  On Behalf Of Viktor 
Dukhovni
Sent: Wednesday, July 17, 2019 12:42 PM
To: openssl-users@openssl.org
Subject: Re: Errors building 1.1.1 on RHEL 7

On a system with OpenSSL 1.0.2 or OpenSSL 1.1.0 in /usr/lib (on the default 
search path), and especially when you're linking with other libraries that in 
turn were linked against the OpenSSL version in /usr/lib, using OpenSSL
1.1.1 in your application requires care...

Specifically:

  1. Choose some location that is not on the default library search path
 to install the 1.1.1 custom libraries.  I use /opt/openssl/1.1/lib
> How do I specify that?  A config parameter (and which one)?

  2. Configure your OpenSSL build to use the corresponding "rpath":
 -Wl,-rpath,/opt/openssl/1.1/lib
> Again, how do I specify that?

  3. Add a custom target platform to the "targets" array in
 Configurations/.conf.  This can inherit from
 the configuration you're using now, but add a setting
 for "shlib_variant" as described in Configurations/README

...
inherit_from => "",
shlib_variant => "-opt",
...
> I can find that...

  4. Build and install OpenSSL 1.1.1c with "--prefix=/opt/openssl/1.1"
 or similar for the custom target platorm.  Make sure that the
 SONAME and symbol versions contain the "-opt" or "_OPT" tweak.
> Not familiar with that tweak.

  5. Link your application against this library:

-I/opt/openssl/1.1/include -L/opt/openssl/1.1/lib 
-Wl,-rpath,/opt/openssl/1.1/lib
> Can do.

  6.  Check with "readelf -d" that the application records the expected SONAME
  for the OpenSSL library (libcrypto and/or libssl) dependencies.
> Can do.

You can now have your code using OpenSSL 1.1.1 and other libraries you use, 
using whichever OpenSSL they were compiled with.  However, you cannot pass 
OpenSSL objects you create into such libraries, their use of OpenSSL must be 
self-contained.

--
Viktor.

The information contained in this message is confidential and is intended for 
the addressee(s) only. If you have received this message in error, please 
notify the sender immediately and delete the message. Unless you are an 
addressee (or authorized to receive for an addressee), you may not use, copy or 
disclose to anyone this message or any information contained in this message. 
The unauthorized use, disclosure, copying or alteration of this message is 
strictly prohibited.

Re: Errors building 1.1.1 on RHEL 7

2019-07-17 Thread Viktor Dukhovni

> On Jul 17, 2019, at 3:41 PM, Viktor Dukhovni  
> wrote:
> 
> On a system with OpenSSL 1.0.2 or OpenSSL 1.1.0 in /usr/lib (on the default
> search path), and especially when you're linking with other libraries that
> in turn were linked against the OpenSSL version in /usr/lib, using OpenSSL
> 1.1.1 in your application requires care...

By the way, today I'm uneventfully running an SSH server and client
that are linked against OpenSSL 1.0.2 for crypto in OpenSSH, but
also Heimdal Kerberos for GSSAPI, which in turn is linked against
OpenSSL 1.1.1 for its crypto.  The two libraries coëxist (ships
in the night) in the same process with no conflict.  They are
built with version-specific "shlib_variant" values, so that
the symbol versions and SONAMEs are distinct.

It all works.  Perhaps there should be a blog-post or other
document somewhere that explains this with a more detailed
walk-through of the required steps.  Anyone care to contribute?

-- 
Viktor.

Re: Errors building 1.1.1 on RHEL 7

2019-07-17 Thread Viktor Dukhovni

On a system with OpenSSL 1.0.2 or OpenSSL 1.1.0 in /usr/lib (on the default
search path), and especially when you're linking with other libraries that
in turn were linked against the OpenSSL version in /usr/lib, using OpenSSL
1.1.1 in your application requires care...

> On Jul 17, 2019, at 2:22 PM, Mark Richter  wrote:
> 
> However, although I modified our make file to use 
> '-I/usr/local/openssl/include' and '-L/usr/local/openssl/lib', I now see this 
> warning:
> 
> cc -DLOG_LEVEL=LOG_INFO -Wall -Werror -D__ci_driver__ -D__ci_ul_driver__ 
> -D_GNU_SOURCE -DWITH_MCDI_V2 -DWITH_TLS12=0 
> -DSOLAR_SECURE_VERSION="1.0.3.1020 (3bf2875895d5+ Wed Jul 17 11:14:55 PDT 
> 2019)" -Isrc/include -I/usr/local/openssl/include -Isrc/tools/mc-comms 
> -Isrc/tools/mc-comms/include -Isrc/emulators/mbedtls/include 
> -I/usr/include/json-c   -g3 -fno-omit-frame-pointer build/src/tools/sfslc.o 
> -o build/bin/sfslc -Lbuild/lib -L/usr/local/openssl/lib  -lsfsl_api -lsf_core 
> -lcm -lss -lcrypto  -lpci -lcurl -lpthread -lrt -lssl -luuid -ljson-c
> /usr/bin/ld: warning: libssl.so.10, needed by /usr/lib64/libssh2.so.1, may 
> conflict with libssl.so.1.1
> /usr/bin/ld: warning: libcrypto.so.10, needed by /usr/lib64/libssh2.so.1, may 
> conflict with libcrypto.so.1.1

Specifically:

  1. Choose some location that is not on the default library search path
 to install the 1.1.1 custom libraries.  I use /opt/openssl/1.1/lib

  2. Configure your OpenSSL build to use the corresponding "rpath":
 -Wl,-rpath,/opt/openssl/1.1/lib

  3. Add a custom target platform to the "targets" array in
 Configurations/.conf.  This can inherit from
 the configuration you're using now, but add a setting
 for "shlib_variant" as described in Configurations/README

...
inherit_from => "",
shlib_variant => "-opt",
...

  4. Build and install OpenSSL 1.1.1c with "--prefix=/opt/openssl/1.1"
 or similar for the custom target platorm.  Make sure that the
 SONAME and symbol versions contain the "-opt" or "_OPT" tweak.

  5. Link your application against this library:

-I/opt/openssl/1.1/include -L/opt/openssl/1.1/lib 
-Wl,-rpath,/opt/openssl/1.1/lib

  6.  Check with "readelf -d" that the application records the expected SONAME
  for the OpenSSL library (libcrypto and/or libssl) dependencies.

You can now have your code using OpenSSL 1.1.1 and other libraries you use,
using whichever OpenSSL they were compiled with.  However, you cannot pass
OpenSSL objects you create into such libraries, their use of OpenSSL must
be self-contained.

-- 
Viktor.

RE: Errors building 1.1.1 on RHEL 7

2019-07-17 Thread Mark Richter

It works better with 1.1.1c.

Thank you.

-Original Message-
From: Matt Caswell 
Sent: Wednesday, July 17, 2019 1:16 AM
To: Mark Richter ; openssl-users@openssl.org
Subject: Re: Errors building 1.1.1 on RHEL 7



On 16/07/2019 23:27, Mark Richter wrote:
> Result: PASS

Well that's quite odd because this test was failing for you before. I assume 
that after you had done the "make clean" that "make test" is still failing? Is 
it failing with the same set of tests that were failing before or different 
ones?

Matt


> make[1]: Leaving directory `/tmp/openssl-1.1.1'
> [root@sfsdr220d openssl-1.1.1]# perl -v
>
> This is perl 5, version 16, subversion 3 (v5.16.3) built for
> x86_64-linux-thread-multi (with 33 registered patches, see perl -V for
> more detail)
>
> Copyright 1987-2012, Larry Wall
>
> Perl may be copied only under the terms of either the Artistic License
> or the GNU General Public License, which may be found in the Perl 5 source 
> kit.
>
> Complete documentation for Perl, including FAQ lists, should be found
> on this system using "man perl" or "perldoc perl".  If you have access
> to the Internet, point your browser at http://www.perl.org/, the Perl Home 
> Page.
>
>
> Mark Richter | Senior Staff Engineer
> SolarFlare Communications, Inc. | www.Solarflare.com
> 9444 Waples Street, #170, San Diego, CA  92121
> Mobile: +1 949-632-8403
>
>
> 
> From: openssl-users  on behalf of
> Matt Caswell 
> Sent: Tuesday, July 16, 2019 3:20 PM
> To: openssl-users@openssl.org
> Subject: Re: Errors building 1.1.1 on RHEL 7
>
> On 16/07/2019 22:23, Mark Richter wrote:
>> After I built version 1.1.1 on RHEL 7, I got these errors at the end of the 
>> 'make test.'  What do they mean?
>>
>>
>> Test Summary Report
>> ---
>> ../test/recipes/15-test_dsa.t(Wstat: 768 Tests: 6 
>> Failed: 3)
>>   Failed tests:  4-6
>>   Non-zero exit status: 3
>
> Looks like something fundamentally wrong to get this many errors
> (guess: perl version is too low?)
>
> Please run:
>
> make TESTS=test_dsa V=1 test
>
> Also lets see the output from:
>
> perl -v
>
> Matt
>
>
>> ../test/recipes/15-test_ec.t (Wstat: 768 Tests: 5 
>> Failed: 3)
>>   Failed tests:  3-5
>>   Non-zero exit status: 3
>> ../test/recipes/15-test_genrsa.t (Wstat: 1024 Tests: 5 
>> Failed: 4)
>>   Failed tests:  2-5
>>   Non-zero exit status: 4
>> ../test/recipes/15-test_mp_rsa.t (Wstat: 7680 Tests: 31 
>> Failed: 30)
>>   Failed tests:  2-31
>>   Non-zero exit status: 30
>> ../test/recipes/15-test_out_option.t (Wstat: 256 Tests: 4 
>> Failed: 1)
>>   Failed test:  2
>>   Non-zero exit status: 1
>> ../test/recipes/15-test_rsa.t(Wstat: 768 Tests: 6 
>> Failed: 3)
>>   Failed tests:  4-6
>>   Non-zero exit status: 3
>> ../test/recipes/15-test_rsapss.t (Wstat: 512 Tests: 5 
>> Failed: 2)
>>   Failed tests:  1, 5
>>   Non-zero exit status: 2
>> ../test/recipes/20-test_enc.t(Wstat: 256 Tests: 87 
>> Failed: 1)
>>   Failed test:  2
>>   Non-zero exit status: 1
>>   Parse errors: Bad plan.  You planned 172 tests but ran 87.
>> ../test/recipes/20-test_enc_more.t   (Wstat: 256 Tests: 137 
>> Failed: 1)
>>   Failed test:  2
>>   Non-zero exit status: 1
>> ../test/recipes/25-test_crl.t(Wstat: 768 Tests: 7 
>> Failed: 3)
>>   Failed tests:  2, 6-7
>>   Non-zero exit status: 3
>> ../test/recipes/25-test_pkcs7.t  (Wstat: 512 Tests: 3 
>> Failed: 2)
>>   Failed tests:  2-3
>>   Non-zero exit status: 2
>> ../test/recipes/25-test_req.t(Wstat: 1024 Tests: 9 
>> Failed: 4)
>>   Failed tests:  2, 7-9
>>   Non-zero exit status: 4
>> ../test/recipes/25-test_sid.t(Wstat: 256 Tests: 2 
>> Failed: 1)
>>   Failed test:  2
>>   Non-zero exit status: 1
>> ../test/recipes/25-test_x509.t   (Wstat: 1792 Tests: 9 
>> Failed: 7)
>>   Failed tests:  2-8
>>   Non-zero exit status: 7
>> ../test/recipes/40-test_rehash.t (Wstat: 65280 Tests: 0 
>> Failed: 0)
>>   Non-zero exit status: 255
>>   Parse errors: Bad plan.  You planned 4 tests but ran 0.
>> ../test/recipes/60-test_x509_store.t (Wstat: 65280 Tests: 0 
>> Failed: 0)
>>   Non-zero exit status: 255
>>   Parse errors

RE: Errors building 1.1.1 on RHEL 7

2019-07-17 Thread Mark Richter

Hi Jan,

Thanks for that.  I got 1.1.1c and it built properly.

I configured it to use /usr/local/openssl for the target per the instructions 
on https://blacksaildivision.com/how-to-install-openssl-on-centos, and 
everything seemed to go well.  I get this:

11:02 [mrichter@sfsdr220d:~] $ openssl version
OpenSSL 1.1.1c  28 May 2019

After I log out and back in.

However, although I modified our make file to use 
'-I/usr/local/openssl/include' and '-L/usr/local/openssl/lib', I now see this 
warning:

cc -DLOG_LEVEL=LOG_INFO -Wall -Werror -D__ci_driver__ -D__ci_ul_driver__ 
-D_GNU_SOURCE -DWITH_MCDI_V2 -DWITH_TLS12=0 -DSOLAR_SECURE_VERSION="1.0.3.1020 
(3bf2875895d5+ Wed Jul 17 11:14:55 PDT 2019)" -Isrc/include 
-I/usr/local/openssl/include -Isrc/tools/mc-comms -Isrc/tools/mc-comms/include 
-Isrc/emulators/mbedtls/include -I/usr/include/json-c   -g3 
-fno-omit-frame-pointer build/src/tools/sfslc.o -o build/bin/sfslc -Lbuild/lib 
-L/usr/local/openssl/lib  -lsfsl_api -lsf_core -lcm -lss -lcrypto  -lpci -lcurl 
-lpthread -lrt -lssl -luuid -ljson-c
/usr/bin/ld: warning: libssl.so.10, needed by /usr/lib64/libssh2.so.1, may 
conflict with libssl.so.1.1
/usr/bin/ld: warning: libcrypto.so.10, needed by /usr/lib64/libssh2.so.1, may 
conflict with libcrypto.so.1.1

I tried googling this and get lots of suggestion for similar errors with 
libcurl, but not this one.

What am I missing?

-Original Message-
From: Jan Just Keijser 
Sent: Wednesday, July 17, 2019 2:53 AM
To: Mark Richter ; Matt Caswell ; 
openssl-users@openssl.org
Subject: Re: Errors building 1.1.1 on RHEL 7

FWIW:

I just downloaded openssl 1.1.1c, untarred it on my CentOS 7 box, then ran
   ./config
   make
   make test

The tests passed with the following output (the "ok" tests stripped out):

...
../test/recipes/05-test_md2.t .. skipped: md2 is not 
supported by this OpenSSL build ...
../test/recipes/05-test_rc5.t .. skipped: rc5 is not 
supported by this OpenSSL build ...
../test/recipes/30-test_afalg.t  skipped: test_afalg not 
supported for this build ...
../test/recipes/90-test_gost.t . skipped: No test GOST 
engine found ...
../test/recipes/90-test_overhead.t . skipped: Only supported in 
no-shared builds ...
../test/recipes/95-test_external_boringssl.t ... skipped: No external tests 
in this configuration ../test/recipes/95-test_external_krb5.t  
skipped: No external tests in this configuration 
../test/recipes/95-test_external_pyca.t  skipped: No external tests 
in this configuration ...
All tests successful.
Files=155, Tests=1452, 66 wallclock secs ( 1.44 usr  0.11 sys + 62.90 cusr 
13.51 csys = 77.96 CPU)
Result: PASS
make[1]: Leaving directory `/home/janjust/src/openssl-1.1.1c'

Share and enjoy,

JJK

On 17/07/19 00:27, Mark Richter wrote:
> I removed the directory, re-untarred the source, ran 'make clean', then 
> 'make', then 'make TESTS=test_dsa V=1 test':
>
> [root@sfsdr220d openssl-1.1.1]# make TESTS=test_dsa V=1 test make
> depend && make _tests
> make[1]: Entering directory `/tmp/openssl-1.1.1'
> make[1]: Leaving directory `/tmp/openssl-1.1.1'
> make[1]: Entering directory `/tmp/openssl-1.1.1'
> ( cd test; \
>mkdir -p test-runs; \
>SRCTOP=../. \
>BLDTOP=../. \
>RESULT_D=test-runs \
>PERL="/usr/bin/perl" \
>EXE_EXT= \
>OPENSSL_ENGINES=`cd .././engines 2>/dev/null && pwd` \
>OPENSSL_DEBUG_MEMORY=on \
>  /usr/bin/perl .././test/run_tests.pl test_dsa )
> /tmp/openssl-1.1.1/test ../test/recipes/15-test_dsa.t ..
> 1..6
> ok 1 - require '../../test/recipes/tconversion.pl';
>  # Subtest: ../../test/dsatest
>  1..1
>  ok 1 - dsa_test
> ../../util/shlib_wrap.sh ../../test/dsatest => 0 ok 2 - running
> dsatest
>  # Subtest: ../../test/dsa_no_digest_size_test
>  1..3
>  ok 1 - dsa_exact_size_test
>  ok 2 - dsa_small_digest_test
>  ok 3 - dsa_large_digest_test
> ../../util/shlib_wrap.sh ../../test/dsa_no_digest_size_test => 0 ok 3
> - running dsa_no_digest_size_test
>  1..10
>  ok 1 - initializing
> read DSA key
> writing DSA key
> ../../util/shlib_wrap.sh ../../apps/openssl dsa -in dsa-fff.p -inform p -out 
> dsa-f.d -outform d => 0
>  ok 2 - p -> d
> read DSA key
> writing DSA key
> ../../util/shlib_wrap.sh ../../apps/openssl dsa -in dsa-fff.p -inform p -out 
> dsa-f.p -outform p => 0
>  ok 3 - p -> p
> read DSA key
> writing DSA key
> ../../util/shlib_wrap.sh ../../apps/openssl dsa -in dsa-f.d -inform d -out 
> dsa-ff.dd -outform d => 0
>  ok 4 - d -> d
> read DSA key
> writing DSA key
> ../../util/shlib_wrap.sh ../../apps/openssl dsa -in dsa-f.p -inform p -out 
> dsa-ff.pd -outform d => 0
&g

Re: Errors building 1.1.1 on RHEL 7

2019-07-17 Thread Jan Just Keijser

k 3 - p -> p
read DSA key
writing DSA key
../../util/shlib_wrap.sh ../../apps/openssl dsa -pubin -pubout -in msb-fff.p 
-inform p -out msb-f.msblob -outform msblob => 0
 ok 4 - p -> msblob
read DSA key
writing DSA key
../../util/shlib_wrap.sh ../../apps/openssl dsa -pubin -pubout -in msb-f.d -inform 
d -out msb-ff.dd -outform d => 0
 ok 5 - d -> d
read DSA key
writing DSA key
../../util/shlib_wrap.sh ../../apps/openssl dsa -pubin -pubout -in msb-f.p -inform 
p -out msb-ff.pd -outform d => 0
 ok 6 - p -> d
read DSA key
writing DSA key
../../util/shlib_wrap.sh ../../apps/openssl dsa -pubin -pubout -in msb-f.msblob 
-inform msblob -out msb-ff.msblobd -outform d => 0
 ok 7 - msblob -> d
read DSA key
writing DSA key
../../util/shlib_wrap.sh ../../apps/openssl dsa -pubin -pubout -in msb-f.d -inform 
d -out msb-ff.dp -outform p => 0
 ok 8 - d -> p
read DSA key
writing DSA key
../../util/shlib_wrap.sh ../../apps/openssl dsa -pubin -pubout -in msb-f.p -inform 
p -out msb-ff.pp -outform p => 0
 ok 9 - p -> p
read DSA key
writing DSA key
../../util/shlib_wrap.sh ../../apps/openssl dsa -pubin -pubout -in msb-f.msblob 
-inform msblob -out msb-ff.msblobp -outform p => 0
 ok 10 - msblob -> p
read DSA key
writing DSA key
../../util/shlib_wrap.sh ../../apps/openssl dsa -pubin -pubout -in msb-f.d -inform 
d -out msb-ff.dmsblob -outform msblob => 0
 ok 11 - d -> msblob
read DSA key
writing DSA key
../../util/shlib_wrap.sh ../../apps/openssl dsa -pubin -pubout -in msb-f.p -inform 
p -out msb-ff.pmsblob -outform msblob => 0
 ok 12 - p -> msblob
read DSA key
writing DSA key
../../util/shlib_wrap.sh ../../apps/openssl dsa -pubin -pubout -in msb-f.msblob 
-inform msblob -out msb-ff.msblobmsblob -outform msblob => 0
 ok 13 - msblob -> msblob
 ok 14 - comparing orig to p
 ok 15 - comparing p to dp
 ok 16 - comparing p to pp
 ok 17 - comparing p to msblobp
 ok 18 - comparing msblob to dmsblob
 ok 19 - comparing msblob to pmsblob
 ok 20 - comparing msblob to msblobmsblob
ok 6 - dsa conversions -- public key
ok
All tests successful.
Files=1, Tests=6,  1 wallclock secs ( 0.02 usr  0.00 sys +  0.23 cusr  0.08 
csys =  0.33 CPU)
Result: PASS
make[1]: Leaving directory `/tmp/openssl-1.1.1'
[root@sfsdr220d openssl-1.1.1]# perl -v

This is perl 5, version 16, subversion 3 (v5.16.3) built for 
x86_64-linux-thread-multi
(with 33 registered patches, see perl -V for more detail)

Copyright 1987-2012, Larry Wall

Perl may be copied only under the terms of either the Artistic License or the
GNU General Public License, which may be found in the Perl 5 source kit.

Complete documentation for Perl, including FAQ lists, should be found on
this system using "man perl" or "perldoc perl".  If you have access to the
Internet, point your browser at http://www.perl.org/, the Perl Home Page.


Mark Richter | Senior Staff Engineer
SolarFlare Communications, Inc. | www.Solarflare.com
9444 Waples Street, #170, San Diego, CA  92121
Mobile: +1 949-632-8403



From: openssl-users  on behalf of Matt Caswell 

Sent: Tuesday, July 16, 2019 3:20 PM
To: openssl-users@openssl.org
Subject: Re: Errors building 1.1.1 on RHEL 7

On 16/07/2019 22:23, Mark Richter wrote:

After I built version 1.1.1 on RHEL 7, I got these errors at the end of the 
'make test.'  What do they mean?


Test Summary Report
---
../test/recipes/15-test_dsa.t(Wstat: 768 Tests: 6 Failed: 3)
   Failed tests:  4-6
   Non-zero exit status: 3

Looks like something fundamentally wrong to get this many errors (guess: perl
version is too low?)

Please run:

make TESTS=test_dsa V=1 test

Also lets see the output from:

perl -v

Matt



../test/recipes/15-test_ec.t (Wstat: 768 Tests: 5 Failed: 3)
   Failed tests:  3-5
   Non-zero exit status: 3
../test/recipes/15-test_genrsa.t (Wstat: 1024 Tests: 5 Failed: 
4)
   Failed tests:  2-5
   Non-zero exit status: 4
../test/recipes/15-test_mp_rsa.t (Wstat: 7680 Tests: 31 Failed: 
30)
   Failed tests:  2-31
   Non-zero exit status: 30
../test/recipes/15-test_out_option.t (Wstat: 256 Tests: 4 Failed: 1)
   Failed test:  2
   Non-zero exit status: 1
../test/recipes/15-test_rsa.t(Wstat: 768 Tests: 6 Failed: 3)
   Failed tests:  4-6
   Non-zero exit status: 3
../test/recipes/15-test_rsapss.t (Wstat: 512 Tests: 5 Failed: 2)
   Failed tests:  1, 5
   Non-zero exit status: 2
../test/recipes/20-test_enc.t(Wstat: 256 Tests: 87 Failed: 
1)
   Failed test:  2
   Non-zero exit status: 1
   Parse errors: Bad plan.  You planned 172 tests but ran 87.
../test/recipes/20-test_enc_more.t   (Wstat: 256 Tests: 137 Failed: 
1)
   Failed test:  2
   Non-zero exit status: 1
../test/recipes/25-test_crl.t(Wstat: 768 Tests

Re: Errors building 1.1.1 on RHEL 7

2019-07-17 Thread Matt Caswell




On 16/07/2019 23:27, Mark Richter wrote:
> Result: PASS

Well that's quite odd because this test was failing for you before. I assume
that after you had done the "make clean" that "make test" is still failing? Is
it failing with the same set of tests that were failing before or different 
ones?

Matt


> make[1]: Leaving directory `/tmp/openssl-1.1.1'
> [root@sfsdr220d openssl-1.1.1]# perl -v
> 
> This is perl 5, version 16, subversion 3 (v5.16.3) built for 
> x86_64-linux-thread-multi
> (with 33 registered patches, see perl -V for more detail)
> 
> Copyright 1987-2012, Larry Wall
> 
> Perl may be copied only under the terms of either the Artistic License or the
> GNU General Public License, which may be found in the Perl 5 source kit.
> 
> Complete documentation for Perl, including FAQ lists, should be found on
> this system using "man perl" or "perldoc perl".  If you have access to the
> Internet, point your browser at http://www.perl.org/, the Perl Home Page.
> 
> 
> Mark Richter | Senior Staff Engineer
> SolarFlare Communications, Inc. | www.Solarflare.com
> 9444 Waples Street, #170, San Diego, CA  92121
> Mobile: +1 949-632-8403
> 
> 
> 
> From: openssl-users  on behalf of Matt 
> Caswell 
> Sent: Tuesday, July 16, 2019 3:20 PM
> To: openssl-users@openssl.org
> Subject: Re: Errors building 1.1.1 on RHEL 7
> 
> On 16/07/2019 22:23, Mark Richter wrote:
>> After I built version 1.1.1 on RHEL 7, I got these errors at the end of the 
>> 'make test.'  What do they mean?
>>
>>
>> Test Summary Report
>> ---
>> ../test/recipes/15-test_dsa.t(Wstat: 768 Tests: 6 
>> Failed: 3)
>>   Failed tests:  4-6
>>   Non-zero exit status: 3
> 
> Looks like something fundamentally wrong to get this many errors (guess: perl
> version is too low?)
> 
> Please run:
> 
> make TESTS=test_dsa V=1 test
> 
> Also lets see the output from:
> 
> perl -v
> 
> Matt
> 
> 
>> ../test/recipes/15-test_ec.t (Wstat: 768 Tests: 5 
>> Failed: 3)
>>   Failed tests:  3-5
>>   Non-zero exit status: 3
>> ../test/recipes/15-test_genrsa.t (Wstat: 1024 Tests: 5 
>> Failed: 4)
>>   Failed tests:  2-5
>>   Non-zero exit status: 4
>> ../test/recipes/15-test_mp_rsa.t (Wstat: 7680 Tests: 31 
>> Failed: 30)
>>   Failed tests:  2-31
>>   Non-zero exit status: 30
>> ../test/recipes/15-test_out_option.t (Wstat: 256 Tests: 4 
>> Failed: 1)
>>   Failed test:  2
>>   Non-zero exit status: 1
>> ../test/recipes/15-test_rsa.t(Wstat: 768 Tests: 6 
>> Failed: 3)
>>   Failed tests:  4-6
>>   Non-zero exit status: 3
>> ../test/recipes/15-test_rsapss.t (Wstat: 512 Tests: 5 
>> Failed: 2)
>>   Failed tests:  1, 5
>>   Non-zero exit status: 2
>> ../test/recipes/20-test_enc.t(Wstat: 256 Tests: 87 
>> Failed: 1)
>>   Failed test:  2
>>   Non-zero exit status: 1
>>   Parse errors: Bad plan.  You planned 172 tests but ran 87.
>> ../test/recipes/20-test_enc_more.t   (Wstat: 256 Tests: 137 
>> Failed: 1)
>>   Failed test:  2
>>   Non-zero exit status: 1
>> ../test/recipes/25-test_crl.t(Wstat: 768 Tests: 7 
>> Failed: 3)
>>   Failed tests:  2, 6-7
>>   Non-zero exit status: 3
>> ../test/recipes/25-test_pkcs7.t  (Wstat: 512 Tests: 3 
>> Failed: 2)
>>   Failed tests:  2-3
>>   Non-zero exit status: 2
>> ../test/recipes/25-test_req.t(Wstat: 1024 Tests: 9 
>> Failed: 4)
>>   Failed tests:  2, 7-9
>>   Non-zero exit status: 4
>> ../test/recipes/25-test_sid.t(Wstat: 256 Tests: 2 
>> Failed: 1)
>>   Failed test:  2
>>   Non-zero exit status: 1
>> ../test/recipes/25-test_x509.t   (Wstat: 1792 Tests: 9 
>> Failed: 7)
>>   Failed tests:  2-8
>>   Non-zero exit status: 7
>> ../test/recipes/40-test_rehash.t (Wstat: 65280 Tests: 0 
>> Failed: 0)
>>   Non-zero exit status: 255
>>   Parse errors: Bad plan.  You planned 4 tests but ran 0.
>> ../test/recipes/60-test_x509_store.t (Wstat: 65280 Tests: 0 
>> Failed: 0)
>>   Non-zero exit status: 255
>>   Parse errors: Bad plan.  You planned 3 tests but ran 0.
>> ../test/recipes/80-test_ca.t (Wstat: 256 Tests: 5 
>> Failed: 1)
>>   Failed test:  1
>>   Non-zero exit status: 1
>>

Re: Errors building 1.1.1 on RHEL 7

2019-07-16 Thread Mark Richter

out -in msb-f.d 
-inform d -out msb-ff.dmsblob -outform msblob => 0
ok 11 - d -> msblob
read DSA key
writing DSA key
../../util/shlib_wrap.sh ../../apps/openssl dsa -pubin -pubout -in msb-f.p 
-inform p -out msb-ff.pmsblob -outform msblob => 0
ok 12 - p -> msblob
read DSA key
writing DSA key
../../util/shlib_wrap.sh ../../apps/openssl dsa -pubin -pubout -in msb-f.msblob 
-inform msblob -out msb-ff.msblobmsblob -outform msblob => 0
ok 13 - msblob -> msblob
ok 14 - comparing orig to p
ok 15 - comparing p to dp
ok 16 - comparing p to pp
ok 17 - comparing p to msblobp
ok 18 - comparing msblob to dmsblob
ok 19 - comparing msblob to pmsblob
ok 20 - comparing msblob to msblobmsblob
ok 6 - dsa conversions -- public key
ok
All tests successful.
Files=1, Tests=6,  1 wallclock secs ( 0.02 usr  0.00 sys +  0.23 cusr  0.08 
csys =  0.33 CPU)
Result: PASS
make[1]: Leaving directory `/tmp/openssl-1.1.1'
[root@sfsdr220d openssl-1.1.1]# perl -v

This is perl 5, version 16, subversion 3 (v5.16.3) built for 
x86_64-linux-thread-multi
(with 33 registered patches, see perl -V for more detail)

Copyright 1987-2012, Larry Wall

Perl may be copied only under the terms of either the Artistic License or the
GNU General Public License, which may be found in the Perl 5 source kit.

Complete documentation for Perl, including FAQ lists, should be found on
this system using "man perl" or "perldoc perl".  If you have access to the
Internet, point your browser at http://www.perl.org/, the Perl Home Page.


Mark Richter | Senior Staff Engineer
SolarFlare Communications, Inc. | www.Solarflare.com
9444 Waples Street, #170, San Diego, CA  92121
Mobile: +1 949-632-8403



From: openssl-users  on behalf of Matt 
Caswell 
Sent: Tuesday, July 16, 2019 3:20 PM
To: openssl-users@openssl.org
Subject: Re: Errors building 1.1.1 on RHEL 7

On 16/07/2019 22:23, Mark Richter wrote:
> After I built version 1.1.1 on RHEL 7, I got these errors at the end of the 
> 'make test.'  What do they mean?
>
>
> Test Summary Report
> ---
> ../test/recipes/15-test_dsa.t(Wstat: 768 Tests: 6 Failed: 
> 3)
>   Failed tests:  4-6
>   Non-zero exit status: 3

Looks like something fundamentally wrong to get this many errors (guess: perl
version is too low?)

Please run:

make TESTS=test_dsa V=1 test

Also lets see the output from:

perl -v

Matt


> ../test/recipes/15-test_ec.t (Wstat: 768 Tests: 5 Failed: 
> 3)
>   Failed tests:  3-5
>   Non-zero exit status: 3
> ../test/recipes/15-test_genrsa.t (Wstat: 1024 Tests: 5 
> Failed: 4)
>   Failed tests:  2-5
>   Non-zero exit status: 4
> ../test/recipes/15-test_mp_rsa.t (Wstat: 7680 Tests: 31 
> Failed: 30)
>   Failed tests:  2-31
>   Non-zero exit status: 30
> ../test/recipes/15-test_out_option.t (Wstat: 256 Tests: 4 Failed: 
> 1)
>   Failed test:  2
>   Non-zero exit status: 1
> ../test/recipes/15-test_rsa.t(Wstat: 768 Tests: 6 Failed: 
> 3)
>   Failed tests:  4-6
>   Non-zero exit status: 3
> ../test/recipes/15-test_rsapss.t (Wstat: 512 Tests: 5 Failed: 
> 2)
>   Failed tests:  1, 5
>   Non-zero exit status: 2
> ../test/recipes/20-test_enc.t(Wstat: 256 Tests: 87 
> Failed: 1)
>   Failed test:  2
>   Non-zero exit status: 1
>   Parse errors: Bad plan.  You planned 172 tests but ran 87.
> ../test/recipes/20-test_enc_more.t   (Wstat: 256 Tests: 137 
> Failed: 1)
>   Failed test:  2
>   Non-zero exit status: 1
> ../test/recipes/25-test_crl.t(Wstat: 768 Tests: 7 Failed: 
> 3)
>   Failed tests:  2, 6-7
>   Non-zero exit status: 3
> ../test/recipes/25-test_pkcs7.t  (Wstat: 512 Tests: 3 Failed: 
> 2)
>   Failed tests:  2-3
>   Non-zero exit status: 2
> ../test/recipes/25-test_req.t(Wstat: 1024 Tests: 9 
> Failed: 4)
>   Failed tests:  2, 7-9
>   Non-zero exit status: 4
> ../test/recipes/25-test_sid.t(Wstat: 256 Tests: 2 Failed: 
> 1)
>   Failed test:  2
>   Non-zero exit status: 1
> ../test/recipes/25-test_x509.t   (Wstat: 1792 Tests: 9 
> Failed: 7)
>   Failed tests:  2-8
>   Non-zero exit status: 7
> ../test/recipes/40-test_rehash.t (Wstat: 65280 Tests: 0 
> Failed: 0)
>   Non-zero exit status: 255
>   Parse errors: Bad plan.  You planned 4 tests but ran 0.
> ../test/recipes/60-test_x509_store.t (Wstat: 65280 Tests: 0 
> Failed: 0)
>   Non-zero exit status: 255
>   Parse errors: Bad plan.  You planned 3 tests but ran 0.
> ../test/recipes/80-test_ca.t (Wstat: 256 Tests: 5 Failed: 
> 1)
>   Failed

Re: Errors building 1.1.1 on RHEL 7

2019-07-16 Thread Matt Caswell




On 16/07/2019 22:23, Mark Richter wrote:
> After I built version 1.1.1 on RHEL 7, I got these errors at the end of the 
> 'make test.'  What do they mean?
> 
> 
> Test Summary Report
> ---
> ../test/recipes/15-test_dsa.t(Wstat: 768 Tests: 6 Failed: 
> 3)
>   Failed tests:  4-6
>   Non-zero exit status: 3

Looks like something fundamentally wrong to get this many errors (guess: perl
version is too low?)

Please run:

make TESTS=test_dsa V=1 test

Also lets see the output from:

perl -v

Matt


> ../test/recipes/15-test_ec.t (Wstat: 768 Tests: 5 Failed: 
> 3)
>   Failed tests:  3-5
>   Non-zero exit status: 3
> ../test/recipes/15-test_genrsa.t (Wstat: 1024 Tests: 5 
> Failed: 4)
>   Failed tests:  2-5
>   Non-zero exit status: 4
> ../test/recipes/15-test_mp_rsa.t (Wstat: 7680 Tests: 31 
> Failed: 30)
>   Failed tests:  2-31
>   Non-zero exit status: 30
> ../test/recipes/15-test_out_option.t (Wstat: 256 Tests: 4 Failed: 
> 1)
>   Failed test:  2
>   Non-zero exit status: 1
> ../test/recipes/15-test_rsa.t(Wstat: 768 Tests: 6 Failed: 
> 3)
>   Failed tests:  4-6
>   Non-zero exit status: 3
> ../test/recipes/15-test_rsapss.t (Wstat: 512 Tests: 5 Failed: 
> 2)
>   Failed tests:  1, 5
>   Non-zero exit status: 2
> ../test/recipes/20-test_enc.t(Wstat: 256 Tests: 87 
> Failed: 1)
>   Failed test:  2
>   Non-zero exit status: 1
>   Parse errors: Bad plan.  You planned 172 tests but ran 87.
> ../test/recipes/20-test_enc_more.t   (Wstat: 256 Tests: 137 
> Failed: 1)
>   Failed test:  2
>   Non-zero exit status: 1
> ../test/recipes/25-test_crl.t(Wstat: 768 Tests: 7 Failed: 
> 3)
>   Failed tests:  2, 6-7
>   Non-zero exit status: 3
> ../test/recipes/25-test_pkcs7.t  (Wstat: 512 Tests: 3 Failed: 
> 2)
>   Failed tests:  2-3
>   Non-zero exit status: 2
> ../test/recipes/25-test_req.t(Wstat: 1024 Tests: 9 
> Failed: 4)
>   Failed tests:  2, 7-9
>   Non-zero exit status: 4
> ../test/recipes/25-test_sid.t(Wstat: 256 Tests: 2 Failed: 
> 1)
>   Failed test:  2
>   Non-zero exit status: 1
> ../test/recipes/25-test_x509.t   (Wstat: 1792 Tests: 9 
> Failed: 7)
>   Failed tests:  2-8
>   Non-zero exit status: 7
> ../test/recipes/40-test_rehash.t (Wstat: 65280 Tests: 0 
> Failed: 0)
>   Non-zero exit status: 255
>   Parse errors: Bad plan.  You planned 4 tests but ran 0.
> ../test/recipes/60-test_x509_store.t (Wstat: 65280 Tests: 0 
> Failed: 0)
>   Non-zero exit status: 255
>   Parse errors: Bad plan.  You planned 3 tests but ran 0.
> ../test/recipes/80-test_ca.t (Wstat: 256 Tests: 5 Failed: 
> 1)
>   Failed test:  1
>   Non-zero exit status: 1
> ../test/recipes/80-test_cms.t(Wstat: 1024 Tests: 4 
> Failed: 4)
>   Failed tests:  1-4
>   Non-zero exit status: 4
> ../test/recipes/80-test_ocsp.t   (Wstat: 512 Tests: 11 
> Failed: 2)
>   Failed tests:  1, 10
>   Non-zero exit status: 2
> ../test/recipes/80-test_ssl_new.t(Wstat: 6912 Tests: 27 
> Failed: 27)
>   Failed tests:  1-27
>   Non-zero exit status: 27
> ../test/recipes/80-test_ssl_old.t(Wstat: 1536 Tests: 6 
> Failed: 6)
>   Failed tests:  1-6
>   Non-zero exit status: 6
> ../test/recipes/80-test_tsa.t(Wstat: 3328 Tests: 0 
> Failed: 0)
>   Non-zero exit status: 13
>   Parse errors: Bad plan.  You planned 20 tests but ran 0.
> ../test/recipes/90-test_store.t  (Wstat: 3328 Tests: 0 
> Failed: 0)
>   Non-zero exit status: 13
>   Parse errors: Bad plan.  You planned 209 tests but ran 0.
> Files=152, Tests=850, 30 wallclock secs ( 0.38 usr  0.10 sys + 31.02 cusr  
> 4.55 csys = 36.05 CPU)
> Result: FAIL
> make[1]: *** [_tests] Error 1
> make[1]: Leaving directory `/home/mrichter/bin/openssl-1.1.1'
> make: *** [tests] Error 2
> 
> ?
> 
> 
> Mark Richter | Senior Staff Engineer
> SolarFlare Communications, Inc. | 
> www.Solarflare.com
> 9444 Waples Street, #170, San Diego, CA  92121
> Mobile: +1 949-632-8403
> [Description: Description: cid:EC628FDE-ACA6-4F34-A8AE-E1F672D4E395]
> The information contained in this message is confidential and is intended for 
> the addressee(s) only. If you have received this message in error, please 
> notify the sender immediately and delete the message. Unless you are an 
> addressee (or authorized to receive for an addressee), you may not use, copy 
> or disclose to anyone this message or any information contained in this 
> message. The unauthorized use, disclosure, copying or alteration of this 
> message is strictly prohibited.
>

Re: Errors building 1.1.1 on RHEL 7

2019-07-16 Thread Viktor Dukhovni

On Tue, Jul 16, 2019 at 09:23:32PM +, Mark Richter wrote:

> After I built version 1.1.1 on RHEL 7, I got these errors at the end of the 
> 'make test.'  What do they mean?

The test scripts exited with non-zero exit codes.

> Test Summary Report
> ---
> ../test/recipes/15-test_dsa.t(Wstat: 768 Tests: 6 Failed: 
> 3)
>   Failed tests:  4-6
>   Non-zero exit status: 3

> ../test/recipes/20-test_enc.t(Wstat: 256 Tests: 87 
> Failed: 1)
>   Failed test:  2
>   Non-zero exit status: 1
>   Parse errors: Bad plan.  You planned 172 tests but ran 87.

Something looks wrong with your build.

> Files=152, Tests=850, 30 wallclock secs ( 0.38 usr  0.10 sys + 31.02 cusr  
> 4.55 csys = 36.05 CPU)
> Result: FAIL

Insufficient detail, but make sure the directory is "clean" before
you do the build. And post the build options in future problem
reports.  IIRC, you can use "make V=1 ..." to get more verbose test
output.

-- 
Viktor.

Errors building 1.1.1 on RHEL 7

2019-07-16 Thread Mark Richter

After I built version 1.1.1 on RHEL 7, I got these errors at the end of the 
'make test.'  What do they mean?


Test Summary Report
---
../test/recipes/15-test_dsa.t(Wstat: 768 Tests: 6 Failed: 3)
  Failed tests:  4-6
  Non-zero exit status: 3
../test/recipes/15-test_ec.t (Wstat: 768 Tests: 5 Failed: 3)
  Failed tests:  3-5
  Non-zero exit status: 3
../test/recipes/15-test_genrsa.t (Wstat: 1024 Tests: 5 Failed: 
4)
  Failed tests:  2-5
  Non-zero exit status: 4
../test/recipes/15-test_mp_rsa.t (Wstat: 7680 Tests: 31 Failed: 
30)
  Failed tests:  2-31
  Non-zero exit status: 30
../test/recipes/15-test_out_option.t (Wstat: 256 Tests: 4 Failed: 1)
  Failed test:  2
  Non-zero exit status: 1
../test/recipes/15-test_rsa.t(Wstat: 768 Tests: 6 Failed: 3)
  Failed tests:  4-6
  Non-zero exit status: 3
../test/recipes/15-test_rsapss.t (Wstat: 512 Tests: 5 Failed: 2)
  Failed tests:  1, 5
  Non-zero exit status: 2
../test/recipes/20-test_enc.t(Wstat: 256 Tests: 87 Failed: 
1)
  Failed test:  2
  Non-zero exit status: 1
  Parse errors: Bad plan.  You planned 172 tests but ran 87.
../test/recipes/20-test_enc_more.t   (Wstat: 256 Tests: 137 Failed: 
1)
  Failed test:  2
  Non-zero exit status: 1
../test/recipes/25-test_crl.t(Wstat: 768 Tests: 7 Failed: 3)
  Failed tests:  2, 6-7
  Non-zero exit status: 3
../test/recipes/25-test_pkcs7.t  (Wstat: 512 Tests: 3 Failed: 2)
  Failed tests:  2-3
  Non-zero exit status: 2
../test/recipes/25-test_req.t(Wstat: 1024 Tests: 9 Failed: 
4)
  Failed tests:  2, 7-9
  Non-zero exit status: 4
../test/recipes/25-test_sid.t(Wstat: 256 Tests: 2 Failed: 1)
  Failed test:  2
  Non-zero exit status: 1
../test/recipes/25-test_x509.t   (Wstat: 1792 Tests: 9 Failed: 
7)
  Failed tests:  2-8
  Non-zero exit status: 7
../test/recipes/40-test_rehash.t (Wstat: 65280 Tests: 0 Failed: 
0)
  Non-zero exit status: 255
  Parse errors: Bad plan.  You planned 4 tests but ran 0.
../test/recipes/60-test_x509_store.t (Wstat: 65280 Tests: 0 Failed: 
0)
  Non-zero exit status: 255
  Parse errors: Bad plan.  You planned 3 tests but ran 0.
../test/recipes/80-test_ca.t (Wstat: 256 Tests: 5 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
../test/recipes/80-test_cms.t(Wstat: 1024 Tests: 4 Failed: 
4)
  Failed tests:  1-4
  Non-zero exit status: 4
../test/recipes/80-test_ocsp.t   (Wstat: 512 Tests: 11 Failed: 
2)
  Failed tests:  1, 10
  Non-zero exit status: 2
../test/recipes/80-test_ssl_new.t(Wstat: 6912 Tests: 27 Failed: 
27)
  Failed tests:  1-27
  Non-zero exit status: 27
../test/recipes/80-test_ssl_old.t(Wstat: 1536 Tests: 6 Failed: 
6)
  Failed tests:  1-6
  Non-zero exit status: 6
../test/recipes/80-test_tsa.t(Wstat: 3328 Tests: 0 Failed: 
0)
  Non-zero exit status: 13
  Parse errors: Bad plan.  You planned 20 tests but ran 0.
../test/recipes/90-test_store.t  (Wstat: 3328 Tests: 0 Failed: 
0)
  Non-zero exit status: 13
  Parse errors: Bad plan.  You planned 209 tests but ran 0.
Files=152, Tests=850, 30 wallclock secs ( 0.38 usr  0.10 sys + 31.02 cusr  4.55 
csys = 36.05 CPU)
Result: FAIL
make[1]: *** [_tests] Error 1
make[1]: Leaving directory `/home/mrichter/bin/openssl-1.1.1'
make: *** [tests] Error 2

?


Mark Richter | Senior Staff Engineer
SolarFlare Communications, Inc. | www.Solarflare.com
9444 Waples Street, #170, San Diego, CA  92121
Mobile: +1 949-632-8403
[Description: Description: cid:EC628FDE-ACA6-4F34-A8AE-E1F672D4E395]
The information contained in this message is confidential and is intended for 
the addressee(s) only. If you have received this message in error, please 
notify the sender immediately and delete the message. Unless you are an 
addressee (or authorized to receive for an addressee), you may not use, copy or 
disclose to anyone this message or any information contained in this message. 
The unauthorized use, disclosure, copying or alteration of this message is 
strictly prohibited.

Re: Errors building 1.1.1 on RHEL 7

Re: Errors building 1.1.1 on RHEL 7

RE: Errors building 1.1.1 on RHEL 7

RE: Errors building 1.1.1 on RHEL 7

RE: Errors building 1.1.1 on RHEL 7

Re: Errors building 1.1.1 on RHEL 7

Re: Errors building 1.1.1 on RHEL 7

Re: Errors building 1.1.1 on RHEL 7

RE: Errors building 1.1.1 on RHEL 7

Re: Errors building 1.1.1 on RHEL 7

Re: Errors building 1.1.1 on RHEL 7

RE: Errors building 1.1.1 on RHEL 7

RE: Errors building 1.1.1 on RHEL 7

Re: Errors building 1.1.1 on RHEL 7

Re: Errors building 1.1.1 on RHEL 7

Re: Errors building 1.1.1 on RHEL 7

Re: Errors building 1.1.1 on RHEL 7

Re: Errors building 1.1.1 on RHEL 7

Errors building 1.1.1 on RHEL 7

19 matches

Site Navigation

Mail list logo

Footer information