Re: Repeating crashes @ fips 1.2 'make' on OSX

Dr. Stephen Henson Thu, 08 Jan 2009 04:39:22 -0800

On Wed, Jan 07, 2009, PGNet wrote:

> I'm building fips 1.2 on OSX,
> 
> uname -a
>   Darwin pb.local 9.6.0 Darwin Kernel Version 9.6.0: Mon Nov 24
> 17:39:01 PST 2008; root:xnu-1228.9.59~1/RELEASE_PPC Power Macintosh
> 
> Config,
> 
>       cd /usr/local/src/openssl-fips-1.2
>       ./config fipscanisterbuild
> 
> completes without an apparent hitch.
> 
> @ 'make', I see numerous warnings of "function called through a
> non-compatible type" as well as repeated instances of "ranlib: file:
> ... has no symbols",
> 
> make
>       if [ -n "libcrypto" ]; then \
>       ...
>       cc -I.. -I../.. -I../../include -fPIC -fno-common -DOPENSSL_PIC
> -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3    -c -o
> pem_all.o pem_all.c
>       pem_all.c: In function 'PEM_read_bio_X509_REQ':
>       pem_all.c:141: warning: function called through a non-compatible type
>       pem_all.c:141: note: if this code is reached, the program will abort
>       pem_all.c: In function 'PEM_read_X509_REQ':
>       pem_all.c:141: warning: function called through a non-compatible type
>       pem_all.c:141: note: if this code is reached, the program will abort
>       ...
>       cc -I. -I.. -I../include -fPIC -fno-common -DOPENSSL_PIC
> -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3    -c -o
> fips_err.o fips_err.c
>       /usr/local/DarkMatter/perl5/bin/perl ../util/arx.pl ar  r
> ../libcrypto.a cryptlib.o dyn_lck.o mem.o mem_clr.o mem_dbg.o
> cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o
> o_str.o o_dir.o o_init.o fips_err.o
>       ranlib: file: ../libcrypto.a(ebcdic.o) has no symbols
>       ranlib: file: ../libcrypto.a(hmac.o) has no symbols
>       ...
>       ranlib: file: ../libcrypto.a(v3_asid.o) has no symbols
>       ranlib: file: ../libcrypto.a(v3_addr.o) has no symbols
>       /usr/bin/ranlib ../libcrypto.a || echo Never mind.
>       /usr/bin/ranlib: file: ../libcrypto.a(ebcdic.o) has no symbols
>       /usr/bin/ranlib: file: ../libcrypto.a(hmac.o) has no symbols
>       ...
>       /usr/bin/ranlib: file: ../libcrypto.a(v3_addr.o) has no symbols
>       making all in crypto/objects...
>       cc -I.. -I../.. -I../../include -fPIC -fno-common -DOPENSSL_PIC
> -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3    -c -o
> o_names.o o_names.c
>       ...
> 
> 'make' continues until,
> 
>       ( :; LIBDEPS="${LIBDEPS:--Wl,-search_paths_first -L.. -lssl  -L..
> -lcrypto }"; LDCMD="${LDCMD:-cc}"; LDFLAGS="${LDFLAGS:--fPIC
> -fno-common -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN
> -DHAVE_DLFCN_H -O3 }"; LIBPATH=`for x in $LIBDEPS; do if echo $x |
> grep '^ *-L' > /dev/null 2>&1; then echo $x | sed -e 's/^ *-L//'; fi;
> done | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`;
> LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o
> ${APPNAME:=openssl} openssl.o verify.o asn1pars.o req.o dgst.o dh.o
> dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o
> rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o
> gendsa.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o
> s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o
> pkcs8.o spkac.o smime.o rand.o engine.o ocsp.o prime.o ${LIBDEPS} )
>       (cd ..; \
>                 OPENSSL="`pwd`/util/opensslwrap.sh"; export OPENSSL; \
>                 /usr/local/DarkMatter/perl5/bin/perl tools/c_rehash certs)
>       Doing certs
>       aol1.pem => .0
>       WARNING: Skipping duplicate certificate aol2.pem
>       WARNING: Skipping duplicate certificate aoltw1.pem
>       WARNING: Skipping duplicate certificate aoltw2.pem
> 
> where, at *each* "WARNING: Skipping duplicate certificate ...", I get
> an osx CRASH dialog, and a report such as,
>


This is an unfortunate side effect of gcc being stricter about function
pointers. The versions of gcc tested at the time of submission didn't
exhibit this behaviour and the nature of the process is such that making tiny
changes can introduce several months delay. The fix for that is not a tiny
change however.

The actual errors you see are not part of the validated module but part of the
rest of OpenSSL. If you complete the make process once (despite the crashes)
and can do "make install" it will install a validated module. You only have to
do this once with the validated tarball, subsequent version of OpenSSL will
then use that module.

When you then install OpenSSL 0.9.8j in fips mode the relevant parts of OpenSSL
include fixes for this issue and everything should be fine.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Re: Repeating crashes @ fips 1.2 'make' on OSX

Reply via email to