Slightly better results this time 'round ... still having non-ec.h build
issues, what I think is a race condition on RHEL 3, and PIE issues (fixed
with --without-pie config option) on RHEL 5 64-bit systems with a
just-built copy of openssl
Using http://www.mindrot.org/openssh_snap/openssh-SNAP-20140826.tar.gz
OS Build_Target CC
OpenSSL BUILD TEST
============== =========================== ============================ ======
================Centos 2.1 i386-redhat-linux gcc 2.9.6
1.0.1i** OK*1 all tests passed
*RHEL 3.4 i386-redhat-linux gcc 3.2.3-47
1.0.1i** OK*1 FAIL*1 *
Fedora Core r2 i386-redhat-linux gcc 3.3.3-7
1.0.1i** OK*1*2 all tests passed
RHEL 4.8 i386-redhat-linux gcc 3.4.6-11
1.0.1i** OK*1*2 all tests passed
RHEL 4.8 x86_64-redhat-linux gcc 3.4.6-11
1.0.1i** OK*1*2 all tests passed
RHEL 5.4 i386-redhat-linux gcc 4.1.2-46
1.0.1i** OK*1 all tests passed
RHEL 5.4 x86_64-redhat-linux gcc 4.1.2-46
1.0.1i** OK*1*3 all tests passed
...more of same...
RHEL 5.10 i686-redhat-linux gcc 4.1.2-54
1.0.1i** OK*1 all tests passed
RHEL 5.10 x86_64-redhat-linux gcc 4.1.2-54
1.0.1i** OK*1*3 all tests passed
*RHEL 6.0 i686-redhat-linux gcc 4.4.4-13
1.0.0-fips FAIL*2 RHEL 6.0 x86_64-redhat-linux gcc
4.4.4-13 1.0.0-fips FAIL*2 ....more of same...RHEL 6.4
i686-redhat-linux gcc 4.4.7-3 1.0.0-fips FAIL*2 RHEL
6.4 x86_64-redhat-linux gcc 4.4.7-3 1.0.0-fips
FAIL*2 *RHEL 6.5 i686-redhat-linux gcc 4.4.7-4
1.0.1e-fips OK all tests passed
RHEL 6.5 x86_64-redhat-linux gcc 4.4.7-4
1.0.1e-fips OK all tests passed
RHEL 7.0 x86_64-redhat-linux gcc 4.8.2-16
1.0.1e-fips OK all tests passed
Debian 7.6 x86_64-linux-gnu gcc Debian 4.7.2-5
1.0.1e OK all tests passed
*AIX 5300-12-02 powerpc-ibm-aix5.3.0.0 xlc 8.0.0.16
0.9.8k FAIL*2AIX 5300-12-04 powerpc-ibm-aix5.3.0.0 gcc
4.2.0-3 0.9.8k FAIL*2*AIX 6100-07-08
powerpc-ibm-aix6.1.0.0 xlc 11.1.0.6 1.0.1e OK all
tests passed
AIX 6100-07-08 powerpc-ibm-aix6.1.0.0 gcc 4.2.0
1.0.1e OK all tests passed
AIX 7100-03-01 powerpc-ibm-aix7.1.0.0 xlc 12.1.0.6
1.0.1e OK all tests passed
AIX 7100-03-01 powerpc-ibm-aix7.1.0.0 gcc 4.4.7
1.0.1e OK all tests passed
HP-UX 11.23 ia64-hp-hpux11.23 C/aC++ C.11.23.12
0.9.8w OK all tests passed
HP-UX 11.23 ia64-hp-hpux11.23 gcc 4.3.1
0.9.8w OK all tests passed
HP-UX 11.31 ia64-hp-hpux11.31 C/aC++ C.11.31.05
0.9.8y OK all tests passed
HP-UX 11.31 ia64-hp-hpux11.31 gcc 4.6.2
0.9.8y OK all tests passed
RHEL Red Hat Enterprise Linux
** OpenSSH will no longer configure/build against OS-native openssl,
openssl-1.0.1i installed in /usr/local/ssl/ (./config && make
&& make
test && make install),
*1 ./configure --with-ssl-dir=/usr/local/ssl && make tests
*2 --without-zlib-version-check # old zlib on server
*3 --without-pie # otherwise will not load openssl - which doesn't use
PIE during compile on 64-bit systems
*4 IBM auto-generated prologs in openssl 1.0.1e /usr/include/openssl/ec*.h
break
compile, commented out properly (/*/ vs #) and then everything is go.
FAIL*1 ran make tests three (3) times ... died here each time:
run test login-timeout.sh ...
ssh connect after login grace timeout failed without privsep
failed connect after login grace timeout
make[1]: *** [t-exec] Error 1
make[1]: Leaving directory `/usr/src/openssh/regress'
make: *** [tests] Error 2
FAIL*2 compile fails at bufexc.c like so - another ec.h issue?
GCC:
gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare
-Wformat-security -Wno-pointer-sign -fno-strict-aliasing
-D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -I. -I.
-DSSHDIR=\"/usr/local/etc\"
-D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\"
-D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\"
-D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\"
-D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\"
-D_PATH_SSH_PKCS11_HELPER=\"/usr/local/libexec/ssh-pkcs11-helper\"
-D_PATH_SSH_PIDDIR=\"/var/run\"
-D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\"
-DHAVE_CONFIG_H -c bufec.c -o bufec.o
bufec.c:30: warning: type defaults to 'int' in declaration of
'EC_GROUP'
bufec.c:30: error: expected ';', ',' or ')' before
'*' token
bufec.c:43: warning: type defaults to 'int' in declaration of
'EC_GROUP'
bufec.c:43: error: expected ';', ',' or ')' before
'*' token
bufec.c:51: warning: type defaults to 'int' in declaration of
'EC_GROUP'
bufec.c:51: error: expected ';', ',' or ')' before
'*' token
bufec.c:64: warning: type defaults to 'int' in declaration of
'EC_GROUP'
bufec.c:64: error: expected ';', ',' or ')' before
'*' token
make: The error code from the last command is 1.
XLC:
gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare
-Wformat-security -Wno-pointer-sign -fno-strict-aliasing
-D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -I. -I. -I/usr/include
-I/var/tmp/ssh/include -DSSHDIR=\"/usr/local/etc\"
-D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\"
-D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\"
-D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\"
-D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\"
-D_PATH_SSH_PKCS11_HELPER=\"/usr/local/libexec/ssh-pkcs11-helper\"
-D_PATH_SSH_PIDDIR=\"/var/run\"
-D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\"
-DHAVE_CONFIG_H -c bufec.c -o bufec.o
bufec.c:30: warning: type defaults to 'int' in declaration of
'EC_GROUP'
bufec.c:30: error: parse error before '*' token
bufec.c: In function 'buffer_put_ecpoint_ret':
bufec.c:35: warning: implicit declaration of function
'sshbuf_put_ec'
bufec.c:35: error: 'buffer' undeclared (first use in this function)
bufec.c:35: error: (Each undeclared identifier is reported only once
bufec.c:35: error: for each function it appears in.)
bufec.c:35: error: 'point' undeclared (first use in this function)
bufec.c:35: error: 'curve' undeclared (first use in this function)
bufec.c: At top level:
bufec.c:43: warning: type defaults to 'int' in declaration of
'EC_GROUP'
bufec.c:43: error: parse error before '*' token
bufec.c: In function 'buffer_put_ecpoint':
bufec.c:46: error: 'buffer' undeclared (first use in this function)
bufec.c:46: error: 'curve' undeclared (first use in this function)
bufec.c:46: error: 'point' undeclared (first use in this function)
bufec.c: At top level:
bufec.c:51: warning: type defaults to 'int' in declaration of
'EC_GROUP'
bufec.c:51: error: parse error before '*' token
bufec.c: In function 'buffer_get_ecpoint_ret':
bufec.c:56: warning: implicit declaration of function
'sshbuf_get_ec'
bufec.c:56: error: 'buffer' undeclared (first use in this function)
bufec.c:56: error: 'point' undeclared (first use in this function)
bufec.c:56: error: 'curve' undeclared (first use in this function)
bufec.c: At top level:
bufec.c:64: warning: type defaults to 'int' in declaration of
'EC_GROUP'
bufec.c:64: error: parse error before '*' token
bufec.c: In function 'buffer_get_ecpoint':
bufec.c:67: error: 'buffer' undeclared (first use in this function)
bufec.c:67: error: 'curve' undeclared (first use in this function)
bufec.c:67: error: 'point' undeclared (first use in this function)
make: 1254-004 The error code from the last command is 1.
On Fri, Aug 22, 2014 at 12:31 AM, Damien Miller <djm at mindrot.org>
wrote:
> On Thu, 21 Aug 2014, Kevin Brott wrote:
>
> > sshbuf-getput-crypto.c:27:24: error: openssl/ec.h: No
such
> > file or directory
> > gmake: *** [sshbuf-getput-crypto.o] Error 1
>
> I'll commit this momentarily. Will be in the 20140823 snapshot.
>
>
> Index: sshbuf-getput-crypto.c
> ==================================================================> RCS
file: /var/cvs/openssh/sshbuf-getput-crypto.c,v
> retrieving revision 1.3
> diff -u -p -r1.3 sshbuf-getput-crypto.c
> --- sshbuf-getput-crypto.c 2 Jul 2014 02:48:05 -0000 1.3
> +++ sshbuf-getput-crypto.c 22 Aug 2014 07:30:38 -0000
> @@ -24,7 +24,9 @@
> #include <string.h>
>
> #include <openssl/bn.h>
> -#include <openssl/ec.h>
> +#ifdef OPENSSL_HAS_ECC
> +# include <openssl/ec.h>
> +#endif /* OPENSSL_HAS_ECC */
>
> #include "ssherr.h"
> #include "sshbuf.h"
>
--
# include <stddisclaimer.h>
/* Kevin Brott <Kevin.Brott at gmail.com> */