From: Alexander Dahl <ada@thorsis.com>
To: ptxdist@pengutronix.de
Cc: Ian Abbott <abbotti@mev.co.uk>, dropbear@ucc.asn.au
Subject: Re: [ptxdist] build failure with recent dropbear 2022.82 on ptxdist for arm-v5te
Date: Fri, 01 Jul 2022 16:07:38 +0200 [thread overview]
Message-ID: <1891554.kE8Vy1f9hj@ada> (raw)
In-Reply-To: <48995529-262a-e73c-32b3-7c812c0357ee@mev.co.uk>
Hello Ian,
Am Donnerstag, 30. Juni 2022, 16:19:53 CEST schrieb Ian Abbott:
> On 30/06/2022 12:57, Alexander Dahl wrote:
> > Hello,
> >
> > trying to build dropbear as part of a ptxdist based embedded BSP for an
> > armv5te target, more precisely I try to upgrade dropbear from 2020.81 to
> > 2022.82, the previous version builds fine, the new one fails to build.
> >
> > Cross toolchain is OSELAS.Toolchain-2016.06.1/arm-v5te-linux-gnueabi/
> > gcc-5.4.0-glibc-2.23-binutils-2.26-kernel-4.6-sanitized
> >
> > According to config.log … Invocation command line was
> >
> > $ ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --
> >
> > libdir=/usr/lib --build=x86_64-host-linux-gnu
> > --host=arm-v5te-linux-gnueabi -- enable-harden --enable-largefile
> > --disable-zlib --disable-pam --enable-openpty --enable-syslog
> > --enable-shadow --disable-plugin --disable-fuzz --enable- bundled-libtom
> > --disable-lastlog --disable-utmp --disable-utmpx --disable-wtmp
> > --disable-wtmpx --disable-loginfunc --disable-pututline
> > --disable-pututxline>
> > And localoptions.h was set to this:
> > /* localoptions.h created by ptxdist */
> > #define DROPBEAR_X11FWD 0
> > #define DROPBEAR_CLI_LOCALTCPFWD 1
> > #define DROPBEAR_CLI_REMOTETCPFWD 1
> > #define DROPBEAR_SVR_LOCALTCPFWD 1
> > #define DROPBEAR_SVR_REMOTETCPFWD 1
> > #define DROPBEAR_SVR_AGENTFWD 0
> > #define DROPBEAR_CLI_AGENTFWD 0
> > #define DROPBEAR_AES128 1
> > #define DROPBEAR_3DES 0
> > #define DROPBEAR_AES256 1
> > #define DROPBEAR_ENABLE_CBC_MODE 0
> > #define DROPBEAR_ENABLE_CTR_MODE 1
> > #define DROPBEAR_SHA1_HMAC 0
> > #define DROPBEAR_DH_GROUP1 0
> > #define DROPBEAR_DH_GROUP14_SHA1 0
> > #define DROPBEAR_SHA1_96_HMAC 0
> > #define DROPBEAR_SHA2_256_HMAC 1
> > #define DROPBEAR_SHA2_512_HMAC 1
> > #define DROPBEAR_DSS 0
> > #define DROPBEAR_RSA 1
> > #define DROPBEAR_ECDSA 0
> > #define DROPBEAR_ECDH 0
> > #define DROPBEAR_CURVE25519 0
> > #define DROPBEAR_SVR_PASSWORD_AUTH 1
> > #define DROPBEAR_CLI_PASSWORD_AUTH 1
> > #define DROPBEAR_SVR_PUBKEY_AUTH 1
> > #define DROPBEAR_CLI_PUBKEY_AUTH 1
> >
> > The compile error is like this:
> > arm-v5te-linux-gnueabi-gcc -c -Os -W -Wall -Wno-pointer-sign
> > -fno-strict-
> >
> > overflow -fPIE -fstack-protector-strong -D_FORTIFY_SOURCE=2
> > -I./libtomcrypt/ src/headers/ -DLOCALOPTIONS_H_EXISTS -I. -I.
> > -DDROPBEAR_SERVER -
> > DDROPBEAR_CLIENT signkey.c -o signkey.o
> >
> > In file included from signkey.c:31:0:
> > sk-ecdsa.h:11:44: error: unknown type name 'ecc_key'
> > signkey.c: In function 'buf_get_pub_key':
> > signkey.c:318:17: error: 'DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256'
> > undeclared
> >
> > (first use in this function)
> >
> > signkey.c:318:17: note: each undeclared identifier is reported only
> > once for>
> > each function it appears in
> >
> > signkey.c: In function 'buf_verify':
> > signkey.c:688:17: error: 'DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256'
> > undeclared
> >
> > (first use in this function)
> >
> > signkey.c:689:3: error: unknown type name 'ecc_key'
> > signkey.c:689:20: error: 'ecc_key' undeclared (first use in this
> > function)
> > signkey.c:689:29: error: expected expression before ')' token
> >
> > make[1]: *** [Makefile:154: signkey.o] Error 1
> >
> > I looked into the dropbear code, and sk-ecdsa.h includes "includes.h"
> > which
> > itself includes "tomcrypt.h" and in some file of that 'ecc_key' is
> > defined, so I don't know why the compiler complains here.
> >
> > Did not look into the other errors however.
> >
> > Any ideas?
>
> I think the problem occurs when DROPBEAR_SK_ECDSA is 1 and
> DROPBEAR_ECDSA is 0. The upstream maintainers can determine whether
> this combination should be supported or not.
Exactly. All three other combinations of these two bits build fine though.
> The ptxdist rules for dropbear 2020.81 (the current version in ptxdist)
> did not configure DROPBEAR_SK_ECDSA in "localoptions.h", so
> DROPBEAR_SK_ECDSA gets defined with the default value 1 in
> "default_options_guard.h" (generated from "default_options.h").
>
> As a temporary measure, you can change ptxdist's "dropbear.make" to
> forcibly configure DROPBEAR_SK_ECDSA to 0 by adding these lines in the
> appropriate place before the `@$(call touch)` line in the
> `$(STATEDIR)/dropbear.prepare` rules:
>
> @echo "ptxdist: disabling sk_ecdsa"
> @echo "#define DROPBEAR_SK_ECDSA 0" >> $(DROPBEAR_LOCALOPTIONS)
>
> You could also add these lines to forcibly configure DROPBEAR_SK_ED25519
> to 0 (not needed to fix the build, but it should reduce the executable
> size):
>
> @echo "ptxdist: disabling sk_ed25519"
> @echo "#define DROPBEAR_SK_ED25519 0" >> $(DROPBEAR_LOCALOPTIONS)
This is what I prepared in my upcoming patch series. Will send it to ptxdist
mailing list next week.
> (Ideally, extra configuration options for the new features should be
> added to ptxdist's "dropbear.in", and should automatically select
> DROPBEAR_ECDSA when DROPBEAR_SK_ECDSA is configured.)
(This is a new feature. I think we can postpone this u2f security device
support until someone actually needs it.)
> Alternatively, you could just select the DROPBEAR_ECSDA option in the
> configuration anyway, but that will increase the size of the dropbear
> executable.
Thanks for your input. I'll Cc you on that patch series then if you don't
mind.
Have a nice weekend
Alex
prev parent reply other threads:[~2022-07-01 14:08 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-30 11:57 Alexander Dahl
2022-06-30 14:19 ` Ian Abbott
2022-07-01 14:07 ` Alexander Dahl [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1891554.kE8Vy1f9hj@ada \
--to=ada@thorsis.com \
--cc=abbotti@mev.co.uk \
--cc=dropbear@ucc.asn.au \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox