[erlang-patches] new veriosn elliptic curve support

Lukas Larsson lukas@REDACTED
Tue Mar 5 18:41:12 CET 2013 

Hello!

I just noticed that this patch seems to break the OS X Leopard build.

./otp_build autoconf
./otp_build configure --enable-smp-support --enable-darwin-universal
make
...
Lots of text
...
gcc -c -o ../priv/obj/i386-apple-darwin9.8.0/crypto.o -Wall 
-Wstrict-prototypes
-Wmissing-prototypes -Wdeclaration-after-statement  -DUSE_THREADS 
-D_THREAD_SAFE
  -D_REENTRANT -DPOSIX_THREADS -m32 -arch i386 -arch ppc -g -O2 
-I/$ERL_TOP/erts/i386-apple-darwin9.8.0   -D_XO
PEN_SOURCE -fPIC -fno-common -DHAVE_DYNAMIC_CRYPTO_LIB -I/usr/include 
-I/$ERL_TOP/erts/emulator/beam -I/$ERL_TOP/erts/include 
-I/$ERL_TOP/erts/include/i386-apple-darwin9.8.0 
-I/$ERL_TOP/erts/include/internal 
-I/$ERL_TOP/erts/include/internal/i386-apple-darwin9.8.0 
-I/$ERL_TOP/erts/emulator/sys/unix crypto.c
crypto.c:58:26: error: openssl/ecdh.h: No such file or directory
crypto.c:59:27: error: openssl/ecdsa.h: No such file or directory
crypto.c:369: error: 'NID_secp112r1' undeclared here (not in a function)
crypto.c:370: error: 'NID_secp112r2' undeclared here (not in a function)
crypto.c:371: error: 'NID_secp128r1' undeclared here (not in a function)
crypto.c:372: error: 'NID_secp128r2' undeclared here (not in a function)
crypto.c:373: error: 'NID_secp160k1' undeclared here (not in a function)
crypto.c:374: error: 'NID_secp160r1' undeclared here (not in a function)
crypto.c:375: error: 'NID_secp160r2' undeclared here (not in a function)
crypto.c:378: error: 'NID_secp192k1' undeclared here (not in a function)
crypto.c:379: error: 'NID_secp224k1' undeclared here (not in a function)

It would seem like OPENSSL_NO_EC is not defined on OS X Leopard, even if 
the feature is not supported. The feature is supported on Snow Leopard 
and Lion.

I don't really know how this is meant to work, but maybe a configure 
test for osx leopard could work?

As a side note, strangely openssl/ec.h exists, but not ecdh and 
ecdsa.... maybe that's why it is not defined? Let me know if you need 
any more info.

Lukas

On 28/02/13 09:43, Fredrik wrote:
> On 02/27/2013 07:33 PM, Andreas Schultz wrote:
>> Hi,
>>
>> I have fixed the ssl_to_openssl_SUITE failure. The test suite tried to
>> use an EC cipher on an openssl version that has no support for that
>> cipher.
>>
>> I have also tried to reproduced the failing crypto ec test on Ubuntu
>> natty 32bit and 64bit with halfword and m32-build, but it does pass
>> the test on all those variants.
>>
>> Is there anything special or non-standard in your test setup
>> (e.g. configuration switches, manually installed libraries, ...)???
>>
>> New version with fixed ssl_to_openssl_SUITE here:
>>
>> git fetch git://github.com/RoadRunnr/otp.git tls-psk-srp-suites-ECC
>>
>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites-ECC
>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites-ECC.patch 
>>
>>
>> Andreas
>>
>> ----- Original Message -----
>>> Hi!
>>>
>>> Andreas Schultz wrote:
>>>> ----- Original Message -----
>>>>> Hi!
>>>>>
>>>>> I took a look at the failing test cases  and found that whit openssl
>>>>> 0.9.8k,  openssl
>>>>>
>>>>> will crash with errors like the following:
>>>>>
>>>>> openssl 25966:error:14092073:SSL 
>>>>> routines:SSL3_GET_SERVER_HELLO:bad packet
>>>>> length:s3_clnt.c:879:
>>>>> CONNECTED(00000003)
>>>>>
>>>>>
>>>>> **** User 2013-02-25 11:01:47.291 ****
>>>>> ssl_to_openssl_SUITE:basic_erlang_server_openssl_client failed on 
>>>>> line
>>>>> 249 Reason: {test_case_failed,{{expected,{<0.11346.0>,ok}},
>>>>> {got,{'EXIT',#Port<0.11738>,normal}}}}
>>>>>
>>>>>
>>>>> That is why the the test case gets {EXIT',#Port<0.11738>,normal}
>>>>>
>>>>> for the test cases erlang_server_openssl_client,
>>>>> erlang_server_openssl_client_client_cert,
>>>>> erlang_server_openssl_client_dsa_cert,
>>>>> erlang_server_openssl_client_reuse_session
>>>>>
>>>>>
>>>>> and with openssl openssl 0.9.8k and 0.9.8.o  there is a hanshake 
>>>>> failure
>>>>> in the ciphers_rsa_signed_certs test case
>>>>> <http://otp.ericsson.se:8000/product/internal/test/test_results/pu_R16B/2013_02_25/otp_r16b_elbereth_linux-gnu_x86_64_64_s4_a6_meamax/ct_run.test_server@elbereth.2013-02-26_04.53.56/test.ssl_test.logs/run.2013-02-26_04.53.59/ssl_to_openssl_suite.src.html#ciphers_rsa_signed_certs-1> 
>>>>>
>>>> Got that too. Will investigate.
>>>>
>>>> Yet this still doesn't explain why the i386 build is showing
>>>> a failure in the crypto EC tests (this also cause a lot of
>>>> the ssl failures later on).
>>> Yes it could be good to investigate that first.
>>> Looking at the crypto testruns it fails on openssl 0.9.8k.
>>>
>>> Regards Ingela Erlang/OTP team - Ericsson AB
>>>
>>> [...]
>>>
> Hello,
> Re-fetched. Let's see how the testing go now!
> There should be no special configurations as far as I know..
>

More information about the erlang-patches mailing list