Comments (12)
I reproduced it with RUBY_OPENSSL_EXTCFLAGS=-Werror rake compile
. mkmf.log
says:
have_func: checking for EVP_PKEY_new_raw_private_key(0, NULL, (unsigned char *)"", 0) in openssl/evp.h... -------------------- no
LD_LIBRARY_PATH=.:/opt/ruby/master/lib "gcc -o conftest -I/opt/ruby/master/include/ruby-3.3.0+0/x86_64-linux -I/opt/ruby/master/include/ruby-3.3.0+0/ruby/backward -I/opt/ruby/master/include/ruby-3.3.0+0 -I../../../../ext/openssl -I/opt/openssl/3.0-stable/include -O3 -fno-fast-math -ggdb3 -Wall -Wextra -Wdeprecated-declarations -Wdiv-by-zero -Wduplicated-cond -Wimplicit-function-declaration -Wimplicit-int -Wmisleading-indentation -Wpointer-arith -Wwrite-strings -Wold-style-definition -Wimplicit-fallthrough=0 -Wmissing-noreturn -Wno-cast-function-type -Wno-constant-logical-operand -Wno-long-long -Wno-missing-field-initializers -Wno-overlength-strings -Wno-packed-bitfield-compat -Wno-parentheses-equality -Wno-self-assign -Wno-tautological-compare -Wno-unused-parameter -Wno-unused-value -Wsuggest-attribute=format -Wsuggest-attribute=noreturn -Wunused-variable -Wundef -fPIC -Werror conftest.c -L. -L/opt/ruby/master/lib -Wl,-rpath,/opt/ruby/master/lib -L/opt/openssl/3.0-stable/lib -Wl,-rpath,/opt/openssl/3.0-stable/lib -L. -fstack-protector-strong -rdynamic -Wl,-export-dynamic -Wl,--no-as-needed -lssl -lcrypto -Wl,-rpath,/opt/ruby/master/lib -L/opt/ruby/master/lib -lruby -lssl -lcrypto -lm -lpthread -lc"
conftest.c: In function ‘t’:
conftest.c:17:30: error: ‘s1’ may be used uninitialized [-Werror=maybe-uninitialized]
17 | int t(void) { char s1[1024]; EVP_PKEY_new_raw_private_key(0, NULL, (unsigned char *)s1, 0); return 0; }
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from conftest.c:3:
/opt/openssl/3.0-stable/include/openssl/evp.h:1810:11: note: by argument 3 of type ‘const unsigned char *’ to ‘EVP_PKEY_new_raw_private_key’ declared here
1810 | EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
conftest.c:17:20: note: ‘s1’ declared here
17 | int t(void) { char s1[1024]; EVP_PKEY_new_raw_private_key(0, NULL, (unsigned char *)s1, 0); return 0; }
| ^~
At top level:
cc1: note: unrecognized command-line option ‘-Wno-self-assign’ may have been intended to silence earlier diagnostics
cc1: note: unrecognized command-line option ‘-Wno-parentheses-equality’ may have been intended to silence earlier diagnostics
cc1: note: unrecognized command-line option ‘-Wno-constant-logical-operand’ may have been intended to silence earlier diagnostics
cc1: all warnings being treated as errors
checked program was:
/* begin */
1: #include "ruby.h"
2:
3: #include <openssl/evp.h>
4:
5: /*top*/
6: extern int t(void);
7: int main(int argc, char **argv)
8: {
9: if (argc > 1000000) {
10: int (* volatile tp)(void)=(int (*)(void))&t;
11: printf("%d", (*tp)());
12: }
13:
14: return !!argv[argc];
15: }
16:
17: int t(void) { char s1[1024]; EVP_PKEY_new_raw_private_key(0, NULL, (unsigned char *)s1, 0); return 0; }
/* end */
The checking program used by have_func
generally is not expected to be a perfectly valid program, so I think we should not apply -Werror
to it. I think we can move the append_cflags
logic in extconf.rb
to after all checking code, right before create_makefile
.
from openssl.
I will check if this issue happens with Ruby 3.0.
from openssl.
The
EVP_PKEY_new_mac_key
returnsNULL
in theossl_hmac_initialize
inext/openssl/ossl_hmac.c:107
.
This is a known issue in OpenSSL 3.0 when the HMAC key is empty: openssl/openssl#13089
However, this code is supposed to be unreachable with OpenSSL >= 3.0 (#538).
from openssl.
CC: @cwjenkins
Thank you for providing the info!
I checked the CI results, and the "ubuntu-22.04 (ruby) 3.1" case fails and "ubuntu-22.04 (ruby) 3.0" passes. So, I assumed that this is a Ruby version specific issue. Because it seemed that it was executed in the same environment.
https://github.com/junaruga/openssl/actions/runs/5125132987/jobs/9217902633
But it was a wrong assumption. I checked the used OpenSSL versions now. And I found the difference of used OpenSSL versions.
- "ubuntu-22.04 (ruby) 3.1": OpenSSL 3.0.2 is used. The issue happened.
https://github.com/junaruga/openssl/actions/runs/5125132987/jobs/9217902633#step:8:19 - "ubuntu-22.04 (ruby) 3.0": OpenSSL 1.1.1t is used. The issue didn't happen.
https://github.com/junaruga/openssl/actions/runs/5125132987/jobs/9217902535#step:8:19
from openssl.
The checking program used by have_func generally is not expected to be a perfectly valid program, so I think we should not apply -Werror to it. I think we can move the append_cflags logic in extconf.rb to after all checking code, right before create_makefile.
I see. The error happened in the have_func
. And I agree with your idea moving to the right before create_makefile
. Do you like to send the pull-request by yourself?
from openssl.
Already! Haha #633
from openssl.
All right. Thanks. :)
from openssl.
I checked the CI results, and the "ubuntu-22.04 (ruby) 3.1" case fails and "ubuntu-22.04 (ruby) 3.0" passes.
This is probably because the checking program was not producing a warning on Ruby 3.0.
A change in Ruby 3.1 (ruby/ruby@cb5a41c) replaced the ""
in the argument with a char s1[1024]
. I don't really understand the intention, however.
However, I think it will likely happen again that a new warning starts to appear in the checking program (e.g., by OpenSSL converting a function to a macro), I think the safest workaround is to not apply -Werror
.
from openssl.
This is probably because the checking program was not producing a warning on Ruby 3.0.
A change in Ruby 3.1 (ruby/ruby@cb5a41c) replaced the "" in the argument with a char s1[1024]. I don't really understand the intention, however.
Sorry, I don't understand what the change in Ruby 3.1 (ruby/ruby@cb5a41c) is related to about the CI results I provided above.
In the "ubuntu-22.04 (ruby) 3.1" case, the rake compile
with -Werror
passed without the compiler warnings, and the rake test
got the 1 error and 7 pendings that always happen with the -Werror
in the case. In my understanding, the cause is by use of the OpenSSL 3.0.
And in the "ubuntu-22.04 (ruby) 3.1" case, the rake compile
with -Werror
passed without the compiler warnings and the rake test
also passed.
from openssl.
Sorry for the misleading quotation. I missed the fact the "ubuntu-22.04 (ruby) 3.0" uses OpenSSL 1.1.1.
The "openssl-3.0.8" configuration uses Ruby 3.0 + OpenSSL 3.0 + -Werror
and it passed without failures or errors.
This is an issue when all of these are met: Ruby >= 3.1, OpenSSL >= 3.0, and -Werror
.
from openssl.
All right. That makes sense. 👍🏼
from openssl.
I don't see this issue on the CI environments on the #631. O assume that the #633 fixed it. Anyway, I think we can close this ticket.
from openssl.
Related Issues (20)
- FIPS: DH: OpenSSL::PKey.generate_parameters returning a value with block of break. HOT 7
- macos-latest truffeeruby-head: test_basic_response_response_operations failing HOT 3
- truffleruby-head 24.0.0-dev: Failing to compile dependant stringio gem. HOT 14
- OpenSSL::PKey::EC.new(nil).generate_key fails with OpenSSL::PKey::PKeyError HOT 6
- OpenSSL 3.2.0 - sessions, time, signed vs unsigned, failure with negative session timeout values HOT 6
- OpenSSL::SSL::SSLContext.new returns SSL_CTX_new: library has no ciphers HOT 6
- Respect system wide minimum TLS version HOT 2
- windows-latest 3.3 case failing with "OpenSSL::Provider::ProviderError: Failed to load legacy provider: (null) (name=legacy)" HOT 8
- OpenSSL::PKey::PKey subclass for EVP_PKEY_RSA_PSS HOT 4
- Error "Failed to build gem native extension." when running "gem install openssl" in Fedora HOT 4
- OpenSSL udate 3.2.1 for CVE-2023-6129 HOT 3
- OpenSSL 3 | Providers | Support broader range of URI schemes for loading keys HOT 3
- OpenSSL 3 support for loading engine keys HOT 3
- OpenSSL version 3.3.0-dev: OpenSSL::ASN1::ASN1Error: utctime/generalizedtime is too short HOT 7
- OpenSSL::ASN1.decode doesn't correctly parse UTCTime or GeneralizedTime with fractional seconds or a timezone
- remove file check to support proxied SSL connection HOT 5
- When decrypted with a different private key, `OpenSSL::PKey::RSAError` does not occur HOT 2
- Upcoming OpenSSL Webinar: Writing Your First OpenSSL Application
- Invalid CSR versions set in regress tests HOT 2
- OpenSSL::SSL::SSLError: SSL_write: unsupported method HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openssl.