openssl 1.0.2 SNAPSHOT issue that exists since 20160521

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

openssl 1.0.2 SNAPSHOT issue that exists since 20160521

The Doctor

when executing

../apps/openssl x509 -sha1 -CAcreateserial -in reqCA.ss -days 30 -req -out certCA.ss -signkey keyCA.ss -extfile CAss.cnf -extensions v3_ca

during the test phase, it looks as if the test hangs.

Please look into this.

--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising!
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
Abuse a man unjustly, and you will make friends for him.  -Edgar Watson Howe
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: openssl 1.0.2 SNAPSHOT issue that exists since 20160521

The Doctor
On Sun, May 22, 2016 at 06:34:26AM -0600, The Doctor wrote:
>
> when executing
>
> ../apps/openssl x509 -sha1 -CAcreateserial -in reqCA.ss -days 30 -req -out certCA.ss -signkey keyCA.ss -extfile CAss.cnf -extensions v3_ca
>
> during the test phase, it looks as if the test hangs.
>
> Please look into this.
>


This issue now exists in 20160523 .

Please look into this showstopper.

--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising!
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
Abuse a man unjustly, and you will make friends for him.  -Edgar Watson Howe
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: openssl 1.0.2 SNAPSHOT issue that exists since 20160521

Richard Levitte - VMS Whacker-2
In message <[hidden email]> on Mon, 23 May 2016 01:04:29 -0600, The Doctor <[hidden email]> said:

doctor> On Sun, May 22, 2016 at 06:34:26AM -0600, The Doctor wrote:
doctor> >
doctor> > when executing
doctor> >
doctor> > ../apps/openssl x509 -sha1 -CAcreateserial -in reqCA.ss -days 30 -req -out certCA.ss -signkey keyCA.ss -extfile CAss.cnf -extensions v3_ca
doctor> >
doctor> > during the test phase, it looks as if the test hangs.
doctor> >
doctor> > Please look into this.
doctor> >
doctor>
doctor>
doctor> This issue now exists in 20160523 .
doctor>
doctor> Please look into this showstopper.

Can't reproduce.  I've tried on Linux (Debian bleeding edge) and
FreeBSD (8.4-RELEASE-p14).  However, I did it with the default config
(BSD-x86_64, which is what ./config gives me automagically, and no
extra options), please remind me of yours.

Cheers,
Richard

--
Richard Levitte         [hidden email]
OpenSSL Project         http://www.openssl.org/~levitte/
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: openssl 1.0.2 SNAPSHOT issue that exists since 20160521

The Doctor
On Mon, May 23, 2016 at 10:10:46AM +0200, Richard Levitte wrote:

> In message <[hidden email]> on Mon, 23 May 2016 01:04:29 -0600, The Doctor <[hidden email]> said:
>
> doctor> On Sun, May 22, 2016 at 06:34:26AM -0600, The Doctor wrote:
> doctor> >
> doctor> > when executing
> doctor> >
> doctor> > ../apps/openssl x509 -sha1 -CAcreateserial -in reqCA.ss -days 30 -req -out certCA.ss -signkey keyCA.ss -extfile CAss.cnf -extensions v3_ca
> doctor> >
> doctor> > during the test phase, it looks as if the test hangs.
> doctor> >
> doctor> > Please look into this.
> doctor> >
> doctor>
> doctor>
> doctor> This issue now exists in 20160523 .
> doctor>
> doctor> Please look into this showstopper.
>
> Can't reproduce.  I've tried on Linux (Debian bleeding edge) and
> FreeBSD (8.4-RELEASE-p14).  However, I did it with the default config
> (BSD-x86_64, which is what ./config gives me automagically, and no
> extra options), please remind me of yours.
>

 
 ./Configure 386 threads shared experimental-libunbound experimental-dane  no-sse2 enable-srtp no-sctp experimental-jpake  experimental-store enable-whrlpool enable-montasm enable-capieng enable-cms enable-seed enable-tlsext enable-ssl-trace enable-camellia enable-rfc3779 enable-gmp enable-mdc2 enable-md5 enable-rc5 experimental-multiblock enable-unit-test zlib-dynamic no-ssl3 --prefix=/usr/contrib --openssldir=/usr/contrib debug-bsdi-x86-elf ; make update;make depend


"debug-bsdi-x86-elf",   "gcc3:-DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer
-O2 -Wall -g::${BSDthreads}::-lgmp -ldl -lm -lc -lz:THIRY_TWO_BIT_LONG RC4_CHUNK
 BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fP
IC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 
> Cheers,
> Richard
>
> --
> Richard Levitte         [hidden email]
> OpenSSL Project         http://www.openssl.org/~levitte/

--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising!
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
Abuse a man unjustly, and you will make friends for him.  -Edgar Watson Howe
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: openssl 1.0.2 SNAPSHOT issue that exists since 20160521

The Doctor
In reply to this post by Richard Levitte - VMS Whacker-2
On Mon, May 23, 2016 at 10:10:46AM +0200, Richard Levitte wrote:

> In message <[hidden email]> on Mon, 23 May 2016 01:04:29 -0600, The Doctor <[hidden email]> said:
>
> doctor> On Sun, May 22, 2016 at 06:34:26AM -0600, The Doctor wrote:
> doctor> >
> doctor> > when executing
> doctor> >
> doctor> > ../apps/openssl x509 -sha1 -CAcreateserial -in reqCA.ss -days 30 -req -out certCA.ss -signkey keyCA.ss -extfile CAss.cnf -extensions v3_ca
> doctor> >
> doctor> > during the test phase, it looks as if the test hangs.
> doctor> >
> doctor> > Please look into this.
> doctor> >
> doctor>
> doctor>
> doctor> This issue now exists in 20160523 .
> doctor>
> doctor> Please look into this showstopper.
>
> Can't reproduce.  I've tried on Linux (Debian bleeding edge) and
> FreeBSD (8.4-RELEASE-p14).  However, I did it with the default config
> (BSD-x86_64, which is what ./config gives me automagically, and no
> extra options), please remind me of yours.
>

All right,  what changed between 20160520 and 20160521 ?

Simple question.  That is the source of the showstopper.
 
> Cheers,
> Richard
>
> --
> Richard Levitte         [hidden email]
> OpenSSL Project         http://www.openssl.org/~levitte/

--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising!
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
Abuse a man unjustly, and you will make friends for him.  -Edgar Watson Howe
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: openssl 1.0.2 SNAPSHOT issue that exists since 20160521

Richard Levitte - VMS Whacker-2
In message <[hidden email]> on Tue, 24 May 2016 01:09:55 -0600, The Doctor <[hidden email]> said:

doctor> On Mon, May 23, 2016 at 10:10:46AM +0200, Richard Levitte wrote:
doctor> > In message <[hidden email]> on Mon, 23 May 2016 01:04:29 -0600, The Doctor <[hidden email]> said:
doctor> >
doctor> > doctor> On Sun, May 22, 2016 at 06:34:26AM -0600, The Doctor wrote:
doctor> > doctor> >
doctor> > doctor> > when executing
doctor> > doctor> >
doctor> > doctor> > ../apps/openssl x509 -sha1 -CAcreateserial -in reqCA.ss -days 30 -req -out certCA.ss -signkey keyCA.ss -extfile CAss.cnf -extensions v3_ca
doctor> > doctor> >
doctor> > doctor> > during the test phase, it looks as if the test hangs.
doctor> > doctor> >
doctor> > doctor> > Please look into this.
doctor> > doctor> >
doctor> > doctor>
doctor> > doctor>
doctor> > doctor> This issue now exists in 20160523 .
doctor> > doctor>
doctor> > doctor> Please look into this showstopper.
doctor> >
doctor> > Can't reproduce.  I've tried on Linux (Debian bleeding edge) and
doctor> > FreeBSD (8.4-RELEASE-p14).  However, I did it with the default config
doctor> > (BSD-x86_64, which is what ./config gives me automagically, and no
doctor> > extra options), please remind me of yours.
doctor> >
doctor>
doctor> All right,  what changed between 20160520 and 20160521 ?
doctor>
doctor> Simple question.  That is the source of the showstopper.

I'm attaching the only change that I can think makes a difference.
Try a 'patch -R -p1 < xopen_source.patch' and see if that changes
anything.

I don't think we're going to back off from that change, so if you can
help us figure out what goes wrong with it on your system and how to
improve the change, that's be great.

Cheers,
Richard

--
Richard Levitte         [hidden email]
OpenSSL Project         http://www.openssl.org/~levitte/

commit e10b54ca32280d9fec20085f404dcdcf2217c90e
Author: Andy Polyakov <[hidden email]>
Date:   Mon May 16 16:44:33 2016 +0200

    rand/randfile.c: remove _XOPEN_SOURCE definition.
   
    Defintions of macros similar to _XOPEN_SOURCE belong in command line
    or in worst case prior first #include directive in source. As for
    macros is was allegedly controlling. One can argue that we are
    probably better off demanding S_IS* macros but there are systems
    that just don't comply, hence this compromise solution...
   
    Reviewed-by: Rich Salz <[hidden email]>
    (cherry picked from commit 2e6d7799ffc47604d06e0465afeb84b91aff8006)

diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
index 9537c56..76bdb9a 100644
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@@ -56,11 +56,6 @@
  * [including the GNU Public Licence.]
  */
 
-/* We need to define this to get macros like S_IFBLK and S_IFCHR */
-#if !defined(OPENSSL_SYS_VXWORKS)
-# define _XOPEN_SOURCE 500
-#endif
-
 #include <errno.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -80,6 +75,29 @@
 #ifndef OPENSSL_NO_POSIX_IO
 # include <sys/stat.h>
 # include <fcntl.h>
+/*
+ * Following should not be needed, and we could have been stricter
+ * and demand S_IS*. But some systems just don't comply... Formally
+ * below macros are "anatomically incorrect", because normally they
+ * would look like ((m) & MASK == TYPE), but since MASK availability
+ * is as questionable, we settle for this poor-man fallback...
+ */
+# if !defined(S_ISBLK)
+#  if defined(_S_IFBLK)
+#   define S_ISBLK(m) ((m) & _S_IFBLK)
+#  elif defined(S_IFBLK)
+#   define S_ISBLK(m) ((m) & S_IFBLK)
+#  elif defined(_WIN32)
+#   define S_ISBLK(m) 0 /* no concept of block devices on Windows */
+#  endif
+# endif
+# if !defined(S_ISCHR)
+#  if defined(_S_IFCHR)
+#   define S_ISCHR(m) ((m) & _S_IFCHR)
+#  elif defined(S_IFCHR)
+#   define S_ISCHR(m) ((m) & S_IFCHR)
+#  endif
+# endif
 #endif
 
 #ifdef _WIN32
@@ -151,8 +169,8 @@ int RAND_load_file(const char *file, long bytes)
 #endif
     if (in == NULL)
         goto err;
-#if defined(S_IFBLK) && defined(S_IFCHR) && !defined(OPENSSL_NO_POSIX_IO)
-    if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
+#if defined(S_ISBLK) && defined(S_ISCHR) && !defined(OPENSSL_NO_POSIX_IO)
+    if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
         /*
          * this file is a device. we don't want read an infinite number of
          * bytes from a random device, nor do we want to use buffered I/O

--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: openssl 1.0.2 SNAPSHOT issue that exists since 20160521

The Doctor
On Tue, May 24, 2016 at 12:26:02PM +0200, Richard Levitte wrote:

> In message <[hidden email]> on Tue, 24 May 2016 01:09:55 -0600, The Doctor <[hidden email]> said:
>
> doctor> On Mon, May 23, 2016 at 10:10:46AM +0200, Richard Levitte wrote:
> doctor> > In message <[hidden email]> on Mon, 23 May 2016 01:04:29 -0600, The Doctor <[hidden email]> said:
> doctor> >
> doctor> > doctor> On Sun, May 22, 2016 at 06:34:26AM -0600, The Doctor wrote:
> doctor> > doctor> >
> doctor> > doctor> > when executing
> doctor> > doctor> >
> doctor> > doctor> > ../apps/openssl x509 -sha1 -CAcreateserial -in reqCA.ss -days 30 -req -out certCA.ss -signkey keyCA.ss -extfile CAss.cnf -extensions v3_ca
> doctor> > doctor> >
> doctor> > doctor> > during the test phase, it looks as if the test hangs.
> doctor> > doctor> >
> doctor> > doctor> > Please look into this.
> doctor> > doctor> >
> doctor> > doctor>
> doctor> > doctor>
> doctor> > doctor> This issue now exists in 20160523 .
> doctor> > doctor>
> doctor> > doctor> Please look into this showstopper.
> doctor> >
> doctor> > Can't reproduce.  I've tried on Linux (Debian bleeding edge) and
> doctor> > FreeBSD (8.4-RELEASE-p14).  However, I did it with the default config
> doctor> > (BSD-x86_64, which is what ./config gives me automagically, and no
> doctor> > extra options), please remind me of yours.
> doctor> >
> doctor>
> doctor> All right,  what changed between 20160520 and 20160521 ?
> doctor>
> doctor> Simple question.  That is the source of the showstopper.
>
> I'm attaching the only change that I can think makes a difference.
> Try a 'patch -R -p1 < xopen_source.patch' and see if that changes
> anything.
>
> I don't think we're going to back off from that change, so if you can
> help us figure out what goes wrong with it on your system and how to
> improve the change, that's be great.
>
> Cheers,
> Richard
>
> --
> Richard Levitte         [hidden email]
> OpenSSL Project         http://www.openssl.org/~levitte/

> commit e10b54ca32280d9fec20085f404dcdcf2217c90e
> Author: Andy Polyakov <[hidden email]>
> Date:   Mon May 16 16:44:33 2016 +0200
>
>     rand/randfile.c: remove _XOPEN_SOURCE definition.
>    
>     Defintions of macros similar to _XOPEN_SOURCE belong in command line
>     or in worst case prior first #include directive in source. As for
>     macros is was allegedly controlling. One can argue that we are
>     probably better off demanding S_IS* macros but there are systems
>     that just don't comply, hence this compromise solution...
>    
>     Reviewed-by: Rich Salz <[hidden email]>
>     (cherry picked from commit 2e6d7799ffc47604d06e0465afeb84b91aff8006)
>
> diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
> index 9537c56..76bdb9a 100644
> --- a/crypto/rand/randfile.c
> +++ b/crypto/rand/randfile.c
> @@ -56,11 +56,6 @@
>   * [including the GNU Public Licence.]
>   */
>  
> -/* We need to define this to get macros like S_IFBLK and S_IFCHR */
> -#if !defined(OPENSSL_SYS_VXWORKS)
> -# define _XOPEN_SOURCE 500
> -#endif
> -
>  #include <errno.h>
>  #include <stdio.h>
>  #include <stdlib.h>
> @@ -80,6 +75,29 @@
>  #ifndef OPENSSL_NO_POSIX_IO
>  # include <sys/stat.h>
>  # include <fcntl.h>
> +/*
> + * Following should not be needed, and we could have been stricter
> + * and demand S_IS*. But some systems just don't comply... Formally
> + * below macros are "anatomically incorrect", because normally they
> + * would look like ((m) & MASK == TYPE), but since MASK availability
> + * is as questionable, we settle for this poor-man fallback...
> + */
> +# if !defined(S_ISBLK)
> +#  if defined(_S_IFBLK)
> +#   define S_ISBLK(m) ((m) & _S_IFBLK)
> +#  elif defined(S_IFBLK)
> +#   define S_ISBLK(m) ((m) & S_IFBLK)
> +#  elif defined(_WIN32)
> +#   define S_ISBLK(m) 0 /* no concept of block devices on Windows */
> +#  endif
> +# endif
> +# if !defined(S_ISCHR)
> +#  if defined(_S_IFCHR)
> +#   define S_ISCHR(m) ((m) & _S_IFCHR)
> +#  elif defined(S_IFCHR)
> +#   define S_ISCHR(m) ((m) & S_IFCHR)
> +#  endif
> +# endif
>  #endif
>  
>  #ifdef _WIN32
> @@ -151,8 +169,8 @@ int RAND_load_file(const char *file, long bytes)
>  #endif
>      if (in == NULL)
>          goto err;
> -#if defined(S_IFBLK) && defined(S_IFCHR) && !defined(OPENSSL_NO_POSIX_IO)
> -    if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
> +#if defined(S_ISBLK) && defined(S_ISCHR) && !defined(OPENSSL_NO_POSIX_IO)
> +    if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
>          /*
>           * this file is a device. we don't want read an infinite number of
>           * bytes from a random device, nor do we want to use buffered I/O

The patch worked.  What is next?
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising!
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
Abuse a man unjustly, and you will make friends for him.  -Edgar Watson Howe
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: openssl 1.0.2 SNAPSHOT issue that exists since 20160521

Richard Levitte - VMS Whacker-2
In message <[hidden email]> on Tue, 24 May 2016 08:24:12 -0600, The Doctor <[hidden email]> said:

doctor> On Tue, May 24, 2016 at 12:26:02PM +0200, Richard Levitte wrote:
doctor> > In message <[hidden email]> on Tue, 24 May 2016 01:09:55 -0600, The Doctor <[hidden email]> said:
doctor> >
doctor> > doctor> On Mon, May 23, 2016 at 10:10:46AM +0200, Richard Levitte wrote:
doctor> > doctor> > In message <[hidden email]> on Mon, 23 May 2016 01:04:29 -0600, The Doctor <[hidden email]> said:
doctor> > doctor> >
doctor> > doctor> > doctor> On Sun, May 22, 2016 at 06:34:26AM -0600, The Doctor wrote:
doctor> > doctor> > doctor> >
doctor> > doctor> > doctor> > when executing
doctor> > doctor> > doctor> >
doctor> > doctor> > doctor> > ../apps/openssl x509 -sha1 -CAcreateserial -in reqCA.ss -days 30 -req -out certCA.ss -signkey keyCA.ss -extfile CAss.cnf -extensions v3_ca
doctor> > doctor> > doctor> >
doctor> > doctor> > doctor> > during the test phase, it looks as if the test hangs.
doctor> > doctor> > doctor> >
doctor> > doctor> > doctor> > Please look into this.
doctor> > doctor> > doctor> >
doctor> > doctor> > doctor>
doctor> > doctor> > doctor>
doctor> > doctor> > doctor> This issue now exists in 20160523 .
doctor> > doctor> > doctor>
doctor> > doctor> > doctor> Please look into this showstopper.
doctor> > doctor> >
doctor> > doctor> > Can't reproduce.  I've tried on Linux (Debian bleeding edge) and
doctor> > doctor> > FreeBSD (8.4-RELEASE-p14).  However, I did it with the default config
doctor> > doctor> > (BSD-x86_64, which is what ./config gives me automagically, and no
doctor> > doctor> > extra options), please remind me of yours.
doctor> > doctor> >
doctor> > doctor>
doctor> > doctor> All right,  what changed between 20160520 and 20160521 ?
doctor> > doctor>
doctor> > doctor> Simple question.  That is the source of the showstopper.
doctor> >
doctor> > I'm attaching the only change that I can think makes a difference.
doctor> > Try a 'patch -R -p1 < xopen_source.patch' and see if that changes
doctor> > anything.
doctor> >
doctor> > I don't think we're going to back off from that change, so if you can
doctor> > help us figure out what goes wrong with it on your system and how to
doctor> > improve the change, that's be great.
doctor> >
doctor> > Cheers,
doctor> > Richard
doctor> >
doctor> > --
doctor> > Richard Levitte         [hidden email]
doctor> > OpenSSL Project         http://www.openssl.org/~levitte/
doctor>
doctor> > commit e10b54ca32280d9fec20085f404dcdcf2217c90e
doctor> > Author: Andy Polyakov <[hidden email]>
doctor> > Date:   Mon May 16 16:44:33 2016 +0200
doctor> >
doctor> >     rand/randfile.c: remove _XOPEN_SOURCE definition.
doctor> >    
doctor> >     Defintions of macros similar to _XOPEN_SOURCE belong in command line
doctor> >     or in worst case prior first #include directive in source. As for
doctor> >     macros is was allegedly controlling. One can argue that we are
doctor> >     probably better off demanding S_IS* macros but there are systems
doctor> >     that just don't comply, hence this compromise solution...
doctor> >    
doctor> >     Reviewed-by: Rich Salz <[hidden email]>
doctor> >     (cherry picked from commit 2e6d7799ffc47604d06e0465afeb84b91aff8006)
doctor> >
doctor> > diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
doctor> > index 9537c56..76bdb9a 100644
doctor> > --- a/crypto/rand/randfile.c
doctor> > +++ b/crypto/rand/randfile.c
doctor> > @@ -56,11 +56,6 @@
doctor> >   * [including the GNU Public Licence.]
doctor> >   */
doctor> >  
doctor> > -/* We need to define this to get macros like S_IFBLK and S_IFCHR */
doctor> > -#if !defined(OPENSSL_SYS_VXWORKS)
doctor> > -# define _XOPEN_SOURCE 500
doctor> > -#endif
doctor> > -
doctor> >  #include <errno.h>
doctor> >  #include <stdio.h>
doctor> >  #include <stdlib.h>
doctor> > @@ -80,6 +75,29 @@
doctor> >  #ifndef OPENSSL_NO_POSIX_IO
doctor> >  # include <sys/stat.h>
doctor> >  # include <fcntl.h>
doctor> > +/*
doctor> > + * Following should not be needed, and we could have been stricter
doctor> > + * and demand S_IS*. But some systems just don't comply... Formally
doctor> > + * below macros are "anatomically incorrect", because normally they
doctor> > + * would look like ((m) & MASK == TYPE), but since MASK availability
doctor> > + * is as questionable, we settle for this poor-man fallback...
doctor> > + */
doctor> > +# if !defined(S_ISBLK)
doctor> > +#  if defined(_S_IFBLK)
doctor> > +#   define S_ISBLK(m) ((m) & _S_IFBLK)
doctor> > +#  elif defined(S_IFBLK)
doctor> > +#   define S_ISBLK(m) ((m) & S_IFBLK)
doctor> > +#  elif defined(_WIN32)
doctor> > +#   define S_ISBLK(m) 0 /* no concept of block devices on Windows */
doctor> > +#  endif
doctor> > +# endif
doctor> > +# if !defined(S_ISCHR)
doctor> > +#  if defined(_S_IFCHR)
doctor> > +#   define S_ISCHR(m) ((m) & _S_IFCHR)
doctor> > +#  elif defined(S_IFCHR)
doctor> > +#   define S_ISCHR(m) ((m) & S_IFCHR)
doctor> > +#  endif
doctor> > +# endif
doctor> >  #endif
doctor> >  
doctor> >  #ifdef _WIN32
doctor> > @@ -151,8 +169,8 @@ int RAND_load_file(const char *file, long bytes)
doctor> >  #endif
doctor> >      if (in == NULL)
doctor> >          goto err;
doctor> > -#if defined(S_IFBLK) && defined(S_IFCHR) && !defined(OPENSSL_NO_POSIX_IO)
doctor> > -    if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
doctor> > +#if defined(S_ISBLK) && defined(S_ISCHR) && !defined(OPENSSL_NO_POSIX_IO)
doctor> > +    if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
doctor> >          /*
doctor> >           * this file is a device. we don't want read an infinite number of
doctor> >           * bytes from a random device, nor do we want to use buffered I/O
doctor>
doctor> The patch worked.  What is next?

So I understand correctly, it works when the patch is reversed (that's
what -R does), right?  Good, that gives us a point.  However, that
commit is there for a reason, so like I said, if you can help us
figure out what goes wrong on your system, everyone will be happier.

Cheers,
Richard

--
Richard Levitte         [hidden email]
OpenSSL Project         http://www.openssl.org/~levitte/
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: openssl 1.0.2 SNAPSHOT issue that exists since 20160521

The Doctor
On Tue, May 24, 2016 at 05:15:52PM +0200, Richard Levitte wrote:

> In message <[hidden email]> on Tue, 24 May 2016 08:24:12 -0600, The Doctor <[hidden email]> said:
>
> doctor> On Tue, May 24, 2016 at 12:26:02PM +0200, Richard Levitte wrote:
> doctor> > In message <[hidden email]> on Tue, 24 May 2016 01:09:55 -0600, The Doctor <[hidden email]> said:
> doctor> >
> doctor> > doctor> On Mon, May 23, 2016 at 10:10:46AM +0200, Richard Levitte wrote:
> doctor> > doctor> > In message <[hidden email]> on Mon, 23 May 2016 01:04:29 -0600, The Doctor <[hidden email]> said:
> doctor> > doctor> >
> doctor> > doctor> > doctor> On Sun, May 22, 2016 at 06:34:26AM -0600, The Doctor wrote:
> doctor> > doctor> > doctor> >
> doctor> > doctor> > doctor> > when executing
> doctor> > doctor> > doctor> >
> doctor> > doctor> > doctor> > ../apps/openssl x509 -sha1 -CAcreateserial -in reqCA.ss -days 30 -req -out certCA.ss -signkey keyCA.ss -extfile CAss.cnf -extensions v3_ca
> doctor> > doctor> > doctor> >
> doctor> > doctor> > doctor> > during the test phase, it looks as if the test hangs.
> doctor> > doctor> > doctor> >
> doctor> > doctor> > doctor> > Please look into this.
> doctor> > doctor> > doctor> >
> doctor> > doctor> > doctor>
> doctor> > doctor> > doctor>
> doctor> > doctor> > doctor> This issue now exists in 20160523 .
> doctor> > doctor> > doctor>
> doctor> > doctor> > doctor> Please look into this showstopper.
> doctor> > doctor> >
> doctor> > doctor> > Can't reproduce.  I've tried on Linux (Debian bleeding edge) and
> doctor> > doctor> > FreeBSD (8.4-RELEASE-p14).  However, I did it with the default config
> doctor> > doctor> > (BSD-x86_64, which is what ./config gives me automagically, and no
> doctor> > doctor> > extra options), please remind me of yours.
> doctor> > doctor> >
> doctor> > doctor>
> doctor> > doctor> All right,  what changed between 20160520 and 20160521 ?
> doctor> > doctor>
> doctor> > doctor> Simple question.  That is the source of the showstopper.
> doctor> >
> doctor> > I'm attaching the only change that I can think makes a difference.
> doctor> > Try a 'patch -R -p1 < xopen_source.patch' and see if that changes
> doctor> > anything.
> doctor> >
> doctor> > I don't think we're going to back off from that change, so if you can
> doctor> > help us figure out what goes wrong with it on your system and how to
> doctor> > improve the change, that's be great.
> doctor> >
> doctor> > Cheers,
> doctor> > Richard
> doctor> >
> doctor> > --
> doctor> > Richard Levitte         [hidden email]
> doctor> > OpenSSL Project         http://www.openssl.org/~levitte/
> doctor>
> doctor> > commit e10b54ca32280d9fec20085f404dcdcf2217c90e
> doctor> > Author: Andy Polyakov <[hidden email]>
> doctor> > Date:   Mon May 16 16:44:33 2016 +0200
> doctor> >
> doctor> >     rand/randfile.c: remove _XOPEN_SOURCE definition.
> doctor> >    
> doctor> >     Defintions of macros similar to _XOPEN_SOURCE belong in command line
> doctor> >     or in worst case prior first #include directive in source. As for
> doctor> >     macros is was allegedly controlling. One can argue that we are
> doctor> >     probably better off demanding S_IS* macros but there are systems
> doctor> >     that just don't comply, hence this compromise solution...
> doctor> >    
> doctor> >     Reviewed-by: Rich Salz <[hidden email]>
> doctor> >     (cherry picked from commit 2e6d7799ffc47604d06e0465afeb84b91aff8006)
> doctor> >
> doctor> > diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
> doctor> > index 9537c56..76bdb9a 100644
> doctor> > --- a/crypto/rand/randfile.c
> doctor> > +++ b/crypto/rand/randfile.c
> doctor> > @@ -56,11 +56,6 @@
> doctor> >   * [including the GNU Public Licence.]
> doctor> >   */
> doctor> >  
> doctor> > -/* We need to define this to get macros like S_IFBLK and S_IFCHR */
> doctor> > -#if !defined(OPENSSL_SYS_VXWORKS)
> doctor> > -# define _XOPEN_SOURCE 500
> doctor> > -#endif
> doctor> > -
> doctor> >  #include <errno.h>
> doctor> >  #include <stdio.h>
> doctor> >  #include <stdlib.h>
> doctor> > @@ -80,6 +75,29 @@
> doctor> >  #ifndef OPENSSL_NO_POSIX_IO
> doctor> >  # include <sys/stat.h>
> doctor> >  # include <fcntl.h>
> doctor> > +/*
> doctor> > + * Following should not be needed, and we could have been stricter
> doctor> > + * and demand S_IS*. But some systems just don't comply... Formally
> doctor> > + * below macros are "anatomically incorrect", because normally they
> doctor> > + * would look like ((m) & MASK == TYPE), but since MASK availability
> doctor> > + * is as questionable, we settle for this poor-man fallback...
> doctor> > + */
> doctor> > +# if !defined(S_ISBLK)
> doctor> > +#  if defined(_S_IFBLK)
> doctor> > +#   define S_ISBLK(m) ((m) & _S_IFBLK)
> doctor> > +#  elif defined(S_IFBLK)
> doctor> > +#   define S_ISBLK(m) ((m) & S_IFBLK)
> doctor> > +#  elif defined(_WIN32)
> doctor> > +#   define S_ISBLK(m) 0 /* no concept of block devices on Windows */
> doctor> > +#  endif
> doctor> > +# endif
> doctor> > +# if !defined(S_ISCHR)
> doctor> > +#  if defined(_S_IFCHR)
> doctor> > +#   define S_ISCHR(m) ((m) & _S_IFCHR)
> doctor> > +#  elif defined(S_IFCHR)
> doctor> > +#   define S_ISCHR(m) ((m) & S_IFCHR)
> doctor> > +#  endif
> doctor> > +# endif
> doctor> >  #endif
> doctor> >  
> doctor> >  #ifdef _WIN32
> doctor> > @@ -151,8 +169,8 @@ int RAND_load_file(const char *file, long bytes)
> doctor> >  #endif
> doctor> >      if (in == NULL)
> doctor> >          goto err;
> doctor> > -#if defined(S_IFBLK) && defined(S_IFCHR) && !defined(OPENSSL_NO_POSIX_IO)
> doctor> > -    if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
> doctor> > +#if defined(S_ISBLK) && defined(S_ISCHR) && !defined(OPENSSL_NO_POSIX_IO)
> doctor> > +    if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
> doctor> >          /*
> doctor> >           * this file is a device. we don't want read an infinite number of
> doctor> >           * bytes from a random device, nor do we want to use buffered I/O
> doctor>
> doctor> The patch worked.  What is next?
>
> So I understand correctly, it works when the patch is reversed (that's
> what -R does), right?  Good, that gives us a point.  However, that
> commit is there for a reason, so like I said, if you can help us
> figure out what goes wrong on your system, everyone will be happier.
>

All right, what if you are using egd instead of rnadomd ?
 
> Cheers,
> Richard
>
> --
> Richard Levitte         [hidden email]
> OpenSSL Project         http://www.openssl.org/~levitte/

--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising!
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
Abuse a man unjustly, and you will make friends for him.  -Edgar Watson Howe
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: openssl 1.0.2 SNAPSHOT issue that exists since 20160521

Richard Levitte - VMS Whacker-2
In message <[hidden email]> on Tue, 24 May 2016 09:44:57 -0600, The Doctor <[hidden email]> said:

doctor> On Tue, May 24, 2016 at 05:15:52PM +0200, Richard Levitte wrote:
doctor> > So I understand correctly, it works when the patch is reversed (that's
doctor> > what -R does), right?  Good, that gives us a point.  However, that
doctor> > commit is there for a reason, so like I said, if you can help us
doctor> > figure out what goes wrong on your system, everyone will be happier.
doctor> >
doctor>
doctor> All right, what if you are using egd instead of rnadomd ?

How exactly do you mean?

Side note: it feels like you're playing the guessing game with me.  My
patience for that is running thin.  Please give me details.  In the
end, helping us is helping yourself, as we don't have any BSDi system
to try things on ourselves.

--
Richard Levitte         [hidden email]
OpenSSL Project         http://www.openssl.org/~levitte/
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: openssl 1.0.2 SNAPSHOT issue that exists since 20160521

The Doctor
On Tue, May 24, 2016 at 11:47:21PM +0200, Richard Levitte wrote:

> In message <[hidden email]> on Tue, 24 May 2016 09:44:57 -0600, The Doctor <[hidden email]> said:
>
> doctor> On Tue, May 24, 2016 at 05:15:52PM +0200, Richard Levitte wrote:
> doctor> > So I understand correctly, it works when the patch is reversed (that's
> doctor> > what -R does), right?  Good, that gives us a point.  However, that
> doctor> > commit is there for a reason, so like I said, if you can help us
> doctor> > figure out what goes wrong on your system, everyone will be happier.
> doctor> >
> doctor>
> doctor> All right, what if you are using egd instead of rnadomd ?
>
> How exactly do you mean?
>

Usually I use egd as the Randomd just does not
perform to expectation.  Randomd does not act stable here.
 
> Side note: it feels like you're playing the guessing game with me.  My
> patience for that is running thin.  Please give me details.  In the
> end, helping us is helping yourself, as we don't have any BSDi system
> to try things on ourselves.
>
> --
> Richard Levitte         [hidden email]
> OpenSSL Project         http://www.openssl.org/~levitte/

--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising!
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
Abuse a man unjustly, and you will make friends for him.  -Edgar Watson Howe
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev