From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Fri, 01 Jul 2022 16:08:17 +0200 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1o7HJd-00313d-Kf for lore@lore.pengutronix.de; Fri, 01 Jul 2022 16:08:17 +0200 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1o7HJg-0003MG-Gu; Fri, 01 Jul 2022 16:08:16 +0200 Received: from mail.thorsis.com ([92.198.35.195]) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1o7HJ6-0003Lu-Jk for ptxdist@pengutronix.de; Fri, 01 Jul 2022 16:07:41 +0200 From: Alexander Dahl To: ptxdist@pengutronix.de Date: Fri, 01 Jul 2022 16:07:38 +0200 Message-ID: <1891554.kE8Vy1f9hj@ada> In-Reply-To: <48995529-262a-e73c-32b3-7c812c0357ee@mev.co.uk> References: <3029238.yBh1puBK4d@ada> <48995529-262a-e73c-32b3-7c812c0357ee@mev.co.uk> Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" X-Clacks-Overhead: GNU Terry Pratchett X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.ext.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.6 required=4.0 tests=AWL,BAYES_00,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Subject: Re: [ptxdist] build failure with recent dropbear 2022.82 on ptxdist for arm-v5te X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: Ian Abbott , dropbear@ucc.asn.au Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false Hello Ian, Am Donnerstag, 30. Juni 2022, 16:19:53 CEST schrieb Ian Abbott: > On 30/06/2022 12:57, Alexander Dahl wrote: > > Hello, > >=20 > > trying to build dropbear as part of a ptxdist based embedded BSP for an > > armv5te target, more precisely I try to upgrade dropbear from 2020.81 to > > 2022.82, the previous version builds fine, the new one fails to build. > >=20 > > Cross toolchain is OSELAS.Toolchain-2016.06.1/arm-v5te-linux-gnueabi/ > > gcc-5.4.0-glibc-2.23-binutils-2.26-kernel-4.6-sanitized > >=20 > > According to config.log =E2=80=A6 Invocation command line was > >=20 > > $ ./configure --prefix=3D/usr --sysconfdir=3D/etc --localstatedir=3D= /var -- > >=20 > > libdir=3D/usr/lib --build=3Dx86_64-host-linux-gnu > > --host=3Darm-v5te-linux-gnueabi -- enable-harden --enable-largefile > > --disable-zlib --disable-pam --enable-openpty --enable-syslog > > --enable-shadow --disable-plugin --disable-fuzz --enable- bundled-libtom > > --disable-lastlog --disable-utmp --disable-utmpx --disable-wtmp > > --disable-wtmpx --disable-loginfunc --disable-pututline > > --disable-pututxline>=20 > > And localoptions.h was set to this: > > /* localoptions.h created by ptxdist */ > > #define DROPBEAR_X11FWD 0 > > #define DROPBEAR_CLI_LOCALTCPFWD 1 > > #define DROPBEAR_CLI_REMOTETCPFWD 1 > > #define DROPBEAR_SVR_LOCALTCPFWD 1 > > #define DROPBEAR_SVR_REMOTETCPFWD 1 > > #define DROPBEAR_SVR_AGENTFWD 0 > > #define DROPBEAR_CLI_AGENTFWD 0 > > #define DROPBEAR_AES128 1 > > #define DROPBEAR_3DES 0 > > #define DROPBEAR_AES256 1 > > #define DROPBEAR_ENABLE_CBC_MODE 0 > > #define DROPBEAR_ENABLE_CTR_MODE 1 > > #define DROPBEAR_SHA1_HMAC 0 > > #define DROPBEAR_DH_GROUP1 0 > > #define DROPBEAR_DH_GROUP14_SHA1 0 > > #define DROPBEAR_SHA1_96_HMAC 0 > > #define DROPBEAR_SHA2_256_HMAC 1 > > #define DROPBEAR_SHA2_512_HMAC 1 > > #define DROPBEAR_DSS 0 > > #define DROPBEAR_RSA 1 > > #define DROPBEAR_ECDSA 0 > > #define DROPBEAR_ECDH 0 > > #define DROPBEAR_CURVE25519 0 > > #define DROPBEAR_SVR_PASSWORD_AUTH 1 > > #define DROPBEAR_CLI_PASSWORD_AUTH 1 > > #define DROPBEAR_SVR_PUBKEY_AUTH 1 > > #define DROPBEAR_CLI_PUBKEY_AUTH 1 > >=20 > > The compile error is like this: > > arm-v5te-linux-gnueabi-gcc -c -Os -W -Wall -Wno-pointer-sign > > -fno-strict- > >=20 > > overflow -fPIE -fstack-protector-strong -D_FORTIFY_SOURCE=3D2=20 > > -I./libtomcrypt/ src/headers/ -DLOCALOPTIONS_H_EXISTS -I. -I. > > -DDROPBEAR_SERVER - > > DDROPBEAR_CLIENT signkey.c -o signkey.o > >=20 > > In file included from signkey.c:31:0: > > sk-ecdsa.h:11:44: error: unknown type name 'ecc_key' > > signkey.c: In function 'buf_get_pub_key': > > signkey.c:318:17: error: 'DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256' > > undeclared > >=20 > > (first use in this function) > >=20 > > signkey.c:318:17: note: each undeclared identifier is reported only > > once for>=20 > > each function it appears in > >=20 > > signkey.c: In function 'buf_verify': > > signkey.c:688:17: error: 'DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256' > > undeclared > >=20 > > (first use in this function) > >=20 > > signkey.c:689:3: error: unknown type name 'ecc_key' > > signkey.c:689:20: error: 'ecc_key' undeclared (first use in this > > function) > > signkey.c:689:29: error: expected expression before ')' token > >=20 > > make[1]: *** [Makefile:154: signkey.o] Error 1 > >=20 > > I looked into the dropbear code, and sk-ecdsa.h includes "includes.h" > > which > > itself includes "tomcrypt.h" and in some file of that 'ecc_key' is > > defined, so I don't know why the compiler complains here. > >=20 > > Did not look into the other errors however. > >=20 > > Any ideas? >=20 > I think the problem occurs when DROPBEAR_SK_ECDSA is 1 and > DROPBEAR_ECDSA is 0. The upstream maintainers can determine whether > this combination should be supported or not. Exactly. All three other combinations of these two bits build fine though. > The ptxdist rules for dropbear 2020.81 (the current version in ptxdist) > did not configure DROPBEAR_SK_ECDSA in "localoptions.h", so > DROPBEAR_SK_ECDSA gets defined with the default value 1 in > "default_options_guard.h" (generated from "default_options.h"). >=20 > As a temporary measure, you can change ptxdist's "dropbear.make" to > forcibly configure DROPBEAR_SK_ECDSA to 0 by adding these lines in the > appropriate place before the `@$(call touch)` line in the > `$(STATEDIR)/dropbear.prepare` rules: >=20 > @echo "ptxdist: disabling sk_ecdsa" > @echo "#define DROPBEAR_SK_ECDSA 0" >> $(DROPBEAR_LOCALOPTIONS) >=20 > You could also add these lines to forcibly configure DROPBEAR_SK_ED25519 > to 0 (not needed to fix the build, but it should reduce the executable > size): >=20 > @echo "ptxdist: disabling sk_ed25519" > @echo "#define DROPBEAR_SK_ED25519 0" >> $(DROPBEAR_LOCALOPTIONS) This is what I prepared in my upcoming patch series. Will send it to ptxdi= st=20 mailing list next week. > (Ideally, extra configuration options for the new features should be > added to ptxdist's "dropbear.in", and should automatically select > DROPBEAR_ECDSA when DROPBEAR_SK_ECDSA is configured.) (This is a new feature. I think we can postpone this u2f security device=20 support until someone actually needs it.) > Alternatively, you could just select the DROPBEAR_ECSDA option in the > configuration anyway, but that will increase the size of the dropbear > executable. Thanks for your input. I'll Cc you on that patch series then if you don't= =20 mind. Have a nice weekend Alex