Call for testing: OpenSSH 6.7

Kevin Brott kevin.brott at gmail.com
Tue Aug 26 07:27:54 EST 2014


Slightly better results this time 'round ... still having non-ec.h build
issues, what I think is a race condition on RHEL 3, and PIE issues (fixed
with --without-pie config option) on RHEL 5 64-bit systems with a
just-built copy of openssl

Using http://www.mindrot.org/openssh_snap/openssh-SNAP-20140826.tar.gz

OS              Build_Target                CC
OpenSSL       BUILD    TEST
==============  =========================== ================
============= ======   =================
Centos 2.1      i386-redhat-linux           gcc 2.9.6
1.0.1i**      OK*1     all tests passed
*RHEL 3.4        i386-redhat-linux           gcc 3.2.3-47
1.0.1i**      OK*1     FAIL*1   *
Fedora Core r2  i386-redhat-linux           gcc 3.3.3-7
1.0.1i**      OK*1*2   all tests passed
RHEL 4.8        i386-redhat-linux           gcc 3.4.6-11
1.0.1i**      OK*1*2   all tests passed
RHEL 4.8        x86_64-redhat-linux         gcc 3.4.6-11
1.0.1i**      OK*1*2   all tests passed
RHEL 5.4        i386-redhat-linux           gcc 4.1.2-46
1.0.1i**      OK*1     all tests passed
RHEL 5.4        x86_64-redhat-linux         gcc 4.1.2-46
1.0.1i**      OK*1*3   all tests passed
...more of same...
RHEL 5.10       i686-redhat-linux           gcc 4.1.2-54
1.0.1i**      OK*1     all tests passed
RHEL 5.10       x86_64-redhat-linux         gcc 4.1.2-54
1.0.1i**      OK*1*3   all tests passed





*RHEL 6.0        i686-redhat-linux           gcc 4.4.4-13
1.0.0-fips    FAIL*2   RHEL 6.0        x86_64-redhat-linux         gcc
4.4.4-13        1.0.0-fips    FAIL*2  ....more of same...RHEL 6.4
i686-redhat-linux           gcc 4.4.7-3         1.0.0-fips    FAIL*2   RHEL
6.4        x86_64-redhat-linux         gcc 4.4.7-3         1.0.0-fips
FAIL*2   *RHEL 6.5        i686-redhat-linux           gcc 4.4.7-4
1.0.1e-fips   OK       all tests passed
RHEL 6.5        x86_64-redhat-linux         gcc 4.4.7-4
1.0.1e-fips   OK       all tests passed
RHEL 7.0        x86_64-redhat-linux         gcc 4.8.2-16
1.0.1e-fips   OK       all tests passed
Debian 7.6      x86_64-linux-gnu            gcc Debian 4.7.2-5
1.0.1e        OK       all tests passed


*AIX 5300-12-02  powerpc-ibm-aix5.3.0.0      xlc 8.0.0.16
0.9.8k        FAIL*2AIX 5300-12-04  powerpc-ibm-aix5.3.0.0      gcc
4.2.0-3         0.9.8k        FAIL*2*AIX 6100-07-08
powerpc-ibm-aix6.1.0.0      xlc 11.1.0.6        1.0.1e        OK       all
tests passed
AIX 6100-07-08  powerpc-ibm-aix6.1.0.0      gcc 4.2.0
1.0.1e        OK       all tests passed
AIX 7100-03-01  powerpc-ibm-aix7.1.0.0      xlc 12.1.0.6
1.0.1e        OK       all tests passed
AIX 7100-03-01  powerpc-ibm-aix7.1.0.0      gcc 4.4.7
1.0.1e        OK       all tests passed
HP-UX 11.23     ia64-hp-hpux11.23           C/aC++ C.11.23.12
0.9.8w        OK       all tests passed
HP-UX 11.23     ia64-hp-hpux11.23           gcc 4.3.1
0.9.8w        OK       all tests passed
HP-UX 11.31     ia64-hp-hpux11.31           C/aC++ C.11.31.05
0.9.8y        OK       all tests passed
HP-UX 11.31     ia64-hp-hpux11.31           gcc 4.6.2
0.9.8y        OK       all tests passed

RHEL    Red Hat Enterprise Linux

**  OpenSSH will no longer configure/build against OS-native openssl,
    openssl-1.0.1i installed in /usr/local/ssl/ (./config && make && make
test && make install),
*1  ./configure --with-ssl-dir=/usr/local/ssl && make tests
*2  --without-zlib-version-check # old zlib on server
*3  --without-pie  # otherwise will not load openssl - which doesn't use
PIE during compile on 64-bit systems
*4  IBM auto-generated prologs in openssl 1.0.1e /usr/include/openssl/ec*.h
break
    compile, commented out properly (/*/ vs #) and then everything is go.

FAIL*1 ran make tests three (3) times ... died here each time:
  run test login-timeout.sh ...
  ssh connect after login grace timeout failed without privsep
  failed connect after login grace timeout
  make[1]: *** [t-exec] Error 1
  make[1]: Leaving directory `/usr/src/openssh/regress'
  make: *** [tests] Error 2

FAIL*2 compile fails at bufexc.c like so - another ec.h issue?
  GCC:
    gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare
-Wformat-security -Wno-pointer-sign -fno-strict-aliasing
-D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset  -I. -I.
-DSSHDIR=\"/usr/local/etc\"  -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\"
-D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\"
-D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\"
-D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\"
-D_PATH_SSH_PKCS11_HELPER=\"/usr/local/libexec/ssh-pkcs11-helper\"
-D_PATH_SSH_PIDDIR=\"/var/run\"  -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\"
-DHAVE_CONFIG_H -c bufec.c -o bufec.o
    bufec.c:30: warning: type defaults to 'int' in declaration of 'EC_GROUP'
    bufec.c:30: error: expected ';', ',' or ')' before '*' token
    bufec.c:43: warning: type defaults to 'int' in declaration of 'EC_GROUP'
    bufec.c:43: error: expected ';', ',' or ')' before '*' token
    bufec.c:51: warning: type defaults to 'int' in declaration of 'EC_GROUP'
    bufec.c:51: error: expected ';', ',' or ')' before '*' token
    bufec.c:64: warning: type defaults to 'int' in declaration of 'EC_GROUP'
    bufec.c:64: error: expected ';', ',' or ')' before '*' token
    make: The error code from the last command is 1.
  XLC:
    gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare
-Wformat-security -Wno-pointer-sign -fno-strict-aliasing
-D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset  -I. -I. -I/usr/include
-I/var/tmp/ssh/include  -DSSHDIR=\"/usr/local/etc\"
-D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\"
-D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\"
-D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\"
-D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\"
-D_PATH_SSH_PKCS11_HELPER=\"/usr/local/libexec/ssh-pkcs11-helper\"
-D_PATH_SSH_PIDDIR=\"/var/run\"  -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\"
-DHAVE_CONFIG_H -c bufec.c -o bufec.o
    bufec.c:30: warning: type defaults to 'int' in declaration of 'EC_GROUP'
    bufec.c:30: error: parse error before '*' token
    bufec.c: In function 'buffer_put_ecpoint_ret':
    bufec.c:35: warning: implicit declaration of function 'sshbuf_put_ec'
    bufec.c:35: error: 'buffer' undeclared (first use in this function)
    bufec.c:35: error: (Each undeclared identifier is reported only once
    bufec.c:35: error: for each function it appears in.)
    bufec.c:35: error: 'point' undeclared (first use in this function)
    bufec.c:35: error: 'curve' undeclared (first use in this function)
    bufec.c: At top level:
    bufec.c:43: warning: type defaults to 'int' in declaration of 'EC_GROUP'
    bufec.c:43: error: parse error before '*' token
    bufec.c: In function 'buffer_put_ecpoint':
    bufec.c:46: error: 'buffer' undeclared (first use in this function)
    bufec.c:46: error: 'curve' undeclared (first use in this function)
    bufec.c:46: error: 'point' undeclared (first use in this function)
    bufec.c: At top level:
    bufec.c:51: warning: type defaults to 'int' in declaration of 'EC_GROUP'
    bufec.c:51: error: parse error before '*' token
    bufec.c: In function 'buffer_get_ecpoint_ret':
    bufec.c:56: warning: implicit declaration of function 'sshbuf_get_ec'
    bufec.c:56: error: 'buffer' undeclared (first use in this function)
    bufec.c:56: error: 'point' undeclared (first use in this function)
    bufec.c:56: error: 'curve' undeclared (first use in this function)
    bufec.c: At top level:
    bufec.c:64: warning: type defaults to 'int' in declaration of 'EC_GROUP'
    bufec.c:64: error: parse error before '*' token
    bufec.c: In function 'buffer_get_ecpoint':
    bufec.c:67: error: 'buffer' undeclared (first use in this function)
    bufec.c:67: error: 'curve' undeclared (first use in this function)
    bufec.c:67: error: 'point' undeclared (first use in this function)
    make: 1254-004 The error code from the last command is 1.





On Fri, Aug 22, 2014 at 12:31 AM, Damien Miller <djm at mindrot.org> wrote:

> On Thu, 21 Aug 2014, Kevin Brott wrote:
>
> >               sshbuf-getput-crypto.c:27:24: error: openssl/ec.h: No such
> > file or directory
> >               gmake: *** [sshbuf-getput-crypto.o] Error 1
>
> I'll commit this momentarily. Will be in the 20140823 snapshot.
>
>
> Index: sshbuf-getput-crypto.c
> ===================================================================
> RCS file: /var/cvs/openssh/sshbuf-getput-crypto.c,v
> retrieving revision 1.3
> diff -u -p -r1.3 sshbuf-getput-crypto.c
> --- sshbuf-getput-crypto.c      2 Jul 2014 02:48:05 -0000       1.3
> +++ sshbuf-getput-crypto.c      22 Aug 2014 07:30:38 -0000
> @@ -24,7 +24,9 @@
>  #include <string.h>
>
>  #include <openssl/bn.h>
> -#include <openssl/ec.h>
> +#ifdef OPENSSL_HAS_ECC
> +# include <openssl/ec.h>
> +#endif /* OPENSSL_HAS_ECC */
>
>  #include "ssherr.h"
>  #include "sshbuf.h"
>



-- 
# include <stddisclaimer.h>
/* Kevin  Brott <Kevin.Brott at gmail.com> */


More information about the openssh-unix-dev mailing list