[gnutls-devel] GnuTLS | configure.ac: fix "nettle_rsa_sec_decrypt" check error (!1389)

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

[gnutls-devel] GnuTLS | configure.ac: fix "nettle_rsa_sec_decrypt" check error (!1389)

Read-only notification of GnuTLS library development activities
GitLab

Dmitry Tsvettsikh created a merge request:

Project:Branches: ReklatsMasters/gnutls:bug/require-gmp to gnutls/gnutls:master
Author: Dmitry Tsvettsikh
Assignees:

Add a description of the new feature/bug fix. Reference any relevant bugs.

Checklist

  • Commits have Signed-off-by: with name/author being identical to the commit author
  • Code modified for feature
  • Test suite updated with functionality tests
  • Test suite updated with negative tests
  • Documentation updated / NEWS entry present (for non-trivial changes)
  • CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

Reviewer's checklist:

  • Any issues marked for closing are addressed
  • There is a test suite reasonably covering new functionality or modifications
  • Function naming, parameters, return values, types, etc., are consistent and according to CONTRIBUTION.md
  • This feature/change has adequate documentation added
  • No obvious mistakes in the code

_______________________________________________
Gnutls-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnutls-devel
Reply | Threaded
Open this post in threaded view
|

Re: [gnutls-devel] GnuTLS | configure.ac: fix "nettle_rsa_sec_decrypt" check error (!1389)

Read-only notification of GnuTLS library development activities
GitLab

Daiki Ueno commented:

According to the comment:

# Uses Requires.private and Libs.private, under the assumption that
# when using shared libraries, the ELF dependencies from libhogweed.so
# to nettle and gmp work.

it seems like an issue in Nettle's .pc file generation (or pkg-config itself). Although including this change wouldn't hurt, I wonder what exact situation that causes the issue. Would it be possible to elaborate the commit message, with the actual configuration and the hogweed.pc content?


_______________________________________________
Gnutls-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnutls-devel
Reply | Threaded
Open this post in threaded view
|

Re: [gnutls-devel] GnuTLS | configure.ac: fix "nettle_rsa_sec_decrypt" check error (!1389)

Read-only notification of GnuTLS library development activities
In reply to this post by Read-only notification of GnuTLS library development activities
GitLab

Daiki Ueno commented on a discussion:

Ah, ok, nevermind; I suppose this would solve a problem if GMP_LIBS is supplied to configure in GnuTLS (because GnuTLS is also a direct user of GMP).


_______________________________________________
Gnutls-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnutls-devel
Reply | Threaded
Open this post in threaded view
|

Re: [gnutls-devel] GnuTLS | configure.ac: fix "nettle_rsa_sec_decrypt" check error (!1389)

Read-only notification of GnuTLS library development activities
In reply to this post by Read-only notification of GnuTLS library development activities
GitLab
Re: GnuTLS | configure.ac: fix "nettle_rsa_sec_decrypt" check error (!1389)
GitLab
✓ Merge request was approved (1/1)
 
Merge request icon Merge request !1389 was approved by Avatar Daiki Ueno
 
Project gnutls / GnuTLS
Branch
Branch icon bug/require-gmp
Author
Avatar Dmitry Tsvettsikh

_______________________________________________
Gnutls-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnutls-devel
Reply | Threaded
Open this post in threaded view
|

Re: [gnutls-devel] GnuTLS | configure.ac: fix "nettle_rsa_sec_decrypt" check error (!1389)

Read-only notification of GnuTLS library development activities
In reply to this post by Read-only notification of GnuTLS library development activities
GitLab

All discussions on Merge Request !1389 were resolved by Daiki Ueno


_______________________________________________
Gnutls-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnutls-devel
Reply | Threaded
Open this post in threaded view
|

Re: [gnutls-devel] GnuTLS | configure.ac: fix "nettle_rsa_sec_decrypt" check error (!1389)

Read-only notification of GnuTLS library development activities
In reply to this post by Read-only notification of GnuTLS library development activities
GitLab

Merge Request !1389 was merged


_______________________________________________
Gnutls-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnutls-devel
Reply | Threaded
Open this post in threaded view
|

Re: [gnutls-devel] GnuTLS | configure.ac: fix "nettle_rsa_sec_decrypt" check error (!1389)

Read-only notification of GnuTLS library development activities
In reply to this post by Read-only notification of GnuTLS library development activities
GitLab

Andreas Metzler commented on a discussion:

@dueno wrote

According to the comment:

# Uses Requires.private and Libs.private, under the assumption that
# when using shared libraries, the ELF dependencies from libhogweed.so
# to nettle and gmp work.

it seems like an issue in Nettle's .pc file generation (or pkg-config itself).

I also wonder about @ReklatsMasters test case. This seems to work perfectly fine on Debian:

https://buildd.debian.org/status/fetch.php?pkg=gnutls28&arch=amd64&ver=3.7.0-7&stamp=1613160680&raw=0

checking for nettle_get_secp_192r1 in -lhogweed... yes
checking for nettle_rsa_sec_decrypt... yes
checking for nettle_gost28147_set_key... no

_______________________________________________
Gnutls-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnutls-devel
Reply | Threaded
Open this post in threaded view
|

Re: [gnutls-devel] GnuTLS | configure.ac: fix "nettle_rsa_sec_decrypt" check error (!1389)

Read-only notification of GnuTLS library development activities
In reply to this post by Read-only notification of GnuTLS library development activities
GitLab

Dmitry Tsvettsikh commented:

@ametzler here is my test case. HOGWEED_LIBS="-L${ROOT_DIR}/dependencies/lib -lhogweed -lgmp" \ is hotfix for this bug, this should be whithout -lgmp.

# Source
ARCHIVE_GNUTLS=https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.15.tar.xz
ARCHIVE_LIBTASN=https://ftp.gnu.org/gnu/libtasn1/libtasn1-4.16.0.tar.gz
ARCHIVE_NETTLE=https://ftp.gnu.org/gnu/nettle/nettle-3.7.tar.gz
ARCHIVE_GMPLIB=https://gmplib.org/download/gmp/gmp-6.2.1.tar.xz

# Build
ROOT_DIR=${PWD}
MAKE=make
CFLAGS="-O3"
CONFIGURE=./configure CFLAGS=${CFLAGS} --prefix=${ROOT_DIR}/dependencies --disable-shared
CURL=curl -s
EXTRACT_XZ=tar -xJ
EXTRACT_GZ=tar -xz
EMCC_DEBUG=0

all: gnutls

clean:
	rm -rf gnutls-3.6.15 gmp-6.2.1 nettle-3.7 libtasn1-4.16.0 dependencies

# gmp

gmp-6.2.1/configure:
	${CURL} ${ARCHIVE_GMPLIB} | ${EXTRACT_XZ}

gmp-6.2.1/Makefile: gmp-6.2.1/configure
	cd gmp-6.2.1 && \
	${CONFIGURE} \
		--prefix=${ROOT_DIR}/dependencies && \
	cd -

dependencies/lib/libgmp.a: gmp-6.2.1/Makefile
	cd gmp-6.2.1 && ${MAKE} install && cd -

gmp: dependencies/lib/libgmp.a

# libtasn1

libtasn1-4.16.0/configure:
	${CURL} ${ARCHIVE_LIBTASN} | ${EXTRACT_GZ}

libtasn1-4.16.0/Makefile: libtasn1-4.16.0/configure
	cd libtasn1-4.16.0 && \
	${CONFIGURE} \
		--disable-doc \
		--disable-valgrind-tests \
		--prefix=${ROOT_DIR}/dependencies && \
	cd -

dependencies/lib/libtasn1.a: libtasn1-4.16.0/Makefile
	cd libtasn1-4.16.0 && ${MAKE} install && cd -

asn1: dependencies/lib/libtasn1.a

# nettle

nettle-3.7/configure:
	${CURL} ${ARCHIVE_NETTLE} | ${EXTRACT_GZ}

nettle-3.7/Makefile: nettle-3.7/configure dependencies/lib/libgmp.a
	cd nettle-3.7 && \
	${CONFIGURE} \
		LDFLAGS="-L${ROOT_DIR}/dependencies/lib" \
		LIBS="-lgmp" \
		--disable-documentation \
		--enable-x86-aesni \
		--enable-public-key \
		&& cd -

dependencies/lib/libnettle.a: nettle-3.7/Makefile
	cd nettle-3.7 && ${MAKE} install && cd -

nettle: dependencies/lib/libnettle.a

# gnutls

gnutls-3.6.15/configure:
	${CURL} ${ARCHIVE_GNUTLS} | ${EXTRACT_XZ}

gnutls-3.6.15/Makefile: gnutls-3.6.15/configure dependencies/lib/libnettle.a dependencies/lib/libtasn1.a dependencies/lib/libgmp.a
	cd gnutls-3.6.15 && \
	${CONFIGURE} \
		NETTLE_CFLAGS="-I${ROOT_DIR}/dependencies/include" \
		NETTLE_LIBS="-L${ROOT_DIR}/dependencies/lib -lnettle" \
		HOGWEED_CFLAGS="-I${ROOT_DIR}/dependencies/include" \
		HOGWEED_LIBS="-L${ROOT_DIR}/dependencies/lib -lhogweed -lgmp" \
		GMP_CFLAGS="-I${ROOT_DIR}/dependencies/include" \
		GMP_LIBS="-L${ROOT_DIR}/dependencies/lib -lgmp" \
		LIBTASN1_CFLAGS="-I${ROOT_DIR}/dependencies/include" \
		LIBTASN1_LIBS="-L${ROOT_DIR}/dependencies/lib -ltasn1" \
		LDFLAGS="-L${ROOT_DIR}/dependencies/lib" \
		--disable-maintainer-mode \
		--disable-doc \
		--disable-tools \
		--disable-cxx \
		--disable-ssl3-support \
		--disable-ssl2-support \
		--disable-tests \
		--disable-valgrind-tests \
		--disable-full-test-suite \
		--disable-rpath \
		--disable-libtool-lock \
		--disable-libdane \
		--with-included-unistring \
		--without-zlib \
		--without-libz-prefix \
		--without-idn \
		--without-libidn2 \
		--without-tpm \
		--without-p11-kit \
		&& cd -

dependencies/lib/libgnutls.a: gnutls-3.6.15/Makefile
	cd gnutls-3.6.15 && ${MAKE} install && cd -

gnutls: dependencies/lib/libgnutls.a

_______________________________________________
Gnutls-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnutls-devel
Reply | Threaded
Open this post in threaded view
|

Re: [gnutls-devel] GnuTLS | configure.ac: fix "nettle_rsa_sec_decrypt" check error (!1389)

Read-only notification of GnuTLS library development activities
In reply to this post by Read-only notification of GnuTLS library development activities
GitLab

Andreas Metzler commented on a discussion:

I suspect it is triggered by your static-library-only setup. - I guess libnettle is only present as libnettle.a using it requires linking against libgmp.a?

If that was the case, you need to set different NETTLE_LIBS and than you do.

What does config.log say? It looks like this here:

configure:66498: checking for nettle_get_secp_192r1 in -lhogweed
configure:66523: gcc -o conftest -g -O2 -ffile-prefix-map=/dev/shm/GNUTLS/gnutls-3.7.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wl,-z,now conftest.c -lhogweed -lhogweed -lnettle  >&5
configure:66523: $? = 0
configure:66532: result: yes
configure:66561: checking for nettle_rsa_sec_decrypt
configure:66561: gcc -o conftest -g -O2 -ffile-prefix-map=/dev/shm/GNUTLS/gnutls-3.7.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wl,-z,now conftest.c  -lhogweed -lnettle >&5
configure:66561: $? = 0
configure:66561: result: yes
configure:66580: checking for nettle_gost28147_set_key

_______________________________________________
Gnutls-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnutls-devel