Closed
Bug 1396301
Opened 7 years ago
Closed 7 years ago
verified/kremlib.h:204:23: error: implicit declaration of function 'le64toh' [-Werror=implicit -function-declaration]
Categories
(NSS :: Libraries, defect, P3)
Tracking
(firefox-esr52 unaffected, firefox56 unaffected, firefox57 wontfix, firefox58 wontfix, firefox59 fixed)
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| firefox-esr52 | --- | unaffected |
| firefox56 | --- | unaffected |
| firefox57 | --- | wontfix |
| firefox58 | --- | wontfix |
| firefox59 | --- | fixed |
People
(Reporter: jbeich, Unassigned)
References
Details
(Keywords: regression)
Attachments
(3 obsolete files)
In file included from ecl/curve25519_64.c:6:
In file included from ecl/../verified/hacl_curve25519_64.h:17:
verified/kremlib.h:307:30: error: implicit declaration of function 'le64toh' is invalid in C99
[-Werror,-Wimplicit-function-declaration]
uint128_t l = (uint128_t)load64_le(b);
^
verified/kremlib.h:204:23: note: expanded from macro 'load64_le'
#define load64_le(b) (le64toh(load64(b)))
^
verified/kremlib.h:315:5: error: implicit declaration of function 'htole64' is invalid in C99
[-Werror,-Wimplicit-function-declaration]
store64_le(b, (uint64_t)n);
^
verified/kremlib.h:205:38: note: expanded from macro 'store64_le'
#define store64_le(b, i) (store64(b, htole64(i)))
^
verified/kremlib.h:315:5: note: did you mean 'store64'?
verified/kremlib.h:205:38: note: expanded from macro 'store64_le'
#define store64_le(b, i) (store64(b, htole64(i)))
^
verified/kremlib.h:189:1: note: 'store64' declared here
store64(uint8_t *b, uint64_t i)
^
verified/kremlib.h:322:30: error: implicit declaration of function 'be64toh' is invalid in C99
[-Werror,-Wimplicit-function-declaration]
uint128_t h = (uint128_t)load64_be(b);
^
verified/kremlib.h:206:23: note: expanded from macro 'load64_be'
#define load64_be(b) (be64toh(load64(b)))
^
verified/kremlib.h:322:30: note: did you mean 'le64toh'?
verified/kremlib.h:206:23: note: expanded from macro 'load64_be'
#define load64_be(b) (be64toh(load64(b)))
^
verified/kremlib.h:307:30: note: 'le64toh' declared here
uint128_t l = (uint128_t)load64_le(b);
^
verified/kremlib.h:204:23: note: expanded from macro 'load64_le'
#define load64_le(b) (le64toh(load64(b)))
^
verified/kremlib.h:330:5: error: implicit declaration of function 'htobe64' is invalid in C99
[-Werror,-Wimplicit-function-declaration]
store64_be(b, (uint64_t)(n >> 64));
^
verified/kremlib.h:207:38: note: expanded from macro 'store64_be'
#define store64_be(b, i) (store64(b, htobe64(i)))
^
verified/kremlib.h:330:5: note: did you mean 'htole64'?
verified/kremlib.h:207:38: note: expanded from macro 'store64_be'
#define store64_be(b, i) (store64(b, htobe64(i)))
^
verified/kremlib.h:315:5: note: 'htole64' declared here
store64_le(b, (uint64_t)n);
^
verified/kremlib.h:205:38: note: expanded from macro 'store64_le'
#define store64_le(b, i) (store64(b, htole64(i)))
^
4 errors generated.BSDs provide byteswap functions via sys/endian.h. However, NSS is probably better off using compiler builtins on all platforms.
|
||
Comment 2•7 years ago
|
||
Should we add those
|
||
Comment 3•7 years ago
|
||
Jan, What's probably easiest here is if you provide us a patch that works on BSD and also on the Tier 1 platforms we CI on, and then we can review that.
Flags: needinfo?(jbeich)
|
||
Comment 4•7 years ago
|
||
These are in the BSD headers, which are guarded via <features.h> on GNU/Linux. Last I dived into these man pages, the following two options make these functions visible on both Ubuntu 14.04 and 16.04 (and KreMLin, when used as a driver for the C compiler, enables them): -D_BSD_SOURCE -D_DEFAULT_SOURCE If this is to silence the warnings, then these two options might be helpful in Makefiles.
|
||
Updated•7 years ago
|
Priority: -- → P3
|
||
Comment 5•7 years ago
|
||
Unfortunately this bug breaks all https connections (at least on my FreeBSD 11-stable box). Attaching a band-aid patch in case some desperate soul's looking for a workaround. Oh, and I hope I got the OpenBSD part right...
|
|
||
Comment 6•7 years ago
|
||
Ooops! v2 needed to wipe out a typo affecting DragonflyBSD. Sorry for the bugspam.
Attachment #8915751 -
Attachment is obsolete: true
|
|
||
Comment 7•7 years ago
|
||
The original version of this file is located at https://github.com/FStarLang/kremlin/blob/master/kremlib/kremlib.h ... would you mind submitting a pull request there? We added support for Solaris this week, so I'd be happy to take in proper support for the BSDs as well. Thanks!
|
||
Comment 8•7 years ago
|
||
I created https://github.com/FStarLang/kremlin/pull/62
|
|
||
Comment 9•7 years ago
|
||
Comment on attachment 8915757 [details] [diff] [review] band-aid patch to fix ssl/tls on the BSDs for now Sorry for accidentally mixing up the BSD patch with the Windows block.
Attachment #8915757 -
Attachment is obsolete: true
|
Reporter | |
Comment 10•7 years ago
|
||
Upstream fix looks fine given it's similar to downstream one: https://svnweb.freebsd.org/ports/head/security/nss/files/patch-bug1396301?revision=450203&view=markup What we're waiting for to backport it into NSS?
Flags: needinfo?(jbeich) → needinfo?(franziskuskiefer)
|
|
||
Comment 11•7 years ago
|
||
Does this look good ? https://phabricator.services.mozilla.com/D141
|
||
Comment 12•7 years ago
|
||
Great, first splinter, then mozreview, then github, then phabricator :) (In reply to Benjamin Beurdouche from comment #11) > Does this look good ? > https://phabricator.services.mozilla.com/D141 Not 100% for OpenBSD, as i already said in https://github.com/FStarLang/kremlin/pull/62#discussion_r143208459 (and quoting the header itself) * This file should be included as <endian.h> in userspace and as * <sys/endian.h> in the kernel.
|
|
||
Comment 13•7 years ago
|
||
Fixed by using the fix from upstream Kremlin, can you check again please ?
|
|
||
Comment 14•7 years ago
|
||
Even if i havent built-tested any of this (nor experienced the build failure reported in this bug) this looks good to me for OpenBSD.
|
|
Reporter | |
Comment 15•7 years ago
|
||
(In reply to Benjamin Beurdouche from comment #11) > Does this look good ? > https://phabricator.services.mozilla.com/D141 Yes. Replacing downstream patch with this one doesn't break build on FreeBSD. Example build log: http://sprunge.us/PcjE
|
|
||
Comment 16•7 years ago
|
||
This isn't a simple import (yet). We might land a hotfix and get the upstream changes later (depending on which one's done first).
Flags: needinfo?(franziskuskiefer)
|
|
Reporter | |
Comment 17•7 years ago
|
||
For Firefox this doesn't break build but https:// no longer works. Nightly (and even Beta now) cannot use --with-system-nss due to Gecko chasing NSS trunk and depending on unstable API (e.g., SSL_UseAltHandshakeType).
status-firefox56:
--- → unaffected
status-firefox57:
--- → affected
status-firefox58:
--- → affected
status-firefox-esr52:
--- → unaffected
|
|
Reporter | |
Comment 18•7 years ago
|
||
needinfo myself to request tracking for Firefox ESR59 as Tor Browser (only tracks ESR) users may want to avoid --with-system-nss per https://gitweb.torproject.org/tor-browser.git/commit/?id=76cee7a86e72 https://gitweb.torproject.org/tor-browser.git/commit/?id=e57fa6f6f8fd
Flags: needinfo?(jbeich)
|
||
Updated•7 years ago
|
|
|
||
Comment 19•7 years ago
|
||
(In reply to Jan Beich from comment #17) > For Firefox this doesn't break build but https:// no longer works. Nightly > (and even Beta now) cannot use --with-system-nss due to Gecko chasing NSS > trunk and depending on unstable API (e.g., SSL_UseAltHandshakeType). I am not exactly sure to understand the discussion about API here nor how the breakage is done. Can you please expand ? Is it just that additional compilation flags are passed to NSS ? The current plan is to push the fix with the new iteration of HACL* by early December for integration in NSS 3.35/Firefox 59.
|
|
||
Comment 20•7 years ago
|
||
The API discussion is unrelated to this bug.
|
|
||
Comment 21•7 years ago
|
||
This should be fixed by https://bugzilla.mozilla.org/show_bug.cgi?id=1419173 Can you please confirm ? Thanks
|
|
Reporter | |
Comment 22•7 years ago
|
||
I confirm, Nightly 59 builds/works fine with bundled NSS.
Flags: needinfo?(jbeich)
|
|
Reporter | |
Comment 23•7 years ago
|
||
https://hg.mozilla.org/projects/nss/diff/6a27e4b4c92c/lib/freebl/verified/kremlib.h#l1.300
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox59:
--- → fixed
Depends on: 1419173
Resolution: --- → FIXED
|
|
Reporter | |
Comment 24•7 years ago
|
||
Err, that change didn't land in Nightly 59 yet. https:// works but always says "connection is not secure", even for sites using EV.
|
|
Reporter | |
Comment 25•7 years ago
|
||
https://hg.mozilla.org/mozilla-central/diff/0c40802096cd/security/nss/lib/freebl/verified/kremlib.h#l1.300
|
||
Updated•7 years ago
|
|
||
Comment 26•6 years ago
|
||
|
|
||
Comment 27•6 years ago
|
||
Comment on attachment 8940788 [details] Backporting KreMLin support for BSDs Martin Thomson [:mt:] has approved the revision. https://phabricator.services.mozilla.com/D141
Attachment #8940788 -
Attachment is obsolete: true
Attachment #8940788 -
Flags: review+
You need to log in
before you can comment on or make changes to this bug.
Description
•