Menu
▾
▴
Re: [TCLCORE] TCLTLS Updates macOS 14.3.1 Sonoma on M2 with Tcl 8.6 arm64
|
From: Alexander S. <a.s...@gm...> - 2024-02-27 10:32:26
|
My first test on macOS Sonoma 14.3.1 on an M2 arm64 with Tcl 8.6. I had to adjust the following things:
./configure --with-tcl=/Library/Frameworks/Tcl.framework/Versions/8.6 --prefix=/opt/tcl/8.6 --exec-prefix=/opt/tcl/8.6 --with-openssl-dir=/opt/homebrew/Cellar/openssl@3/3.2.1 --enable-static-ssl
Makefile > line 149
INCLUDES = -I/opt/homebrew/Cellar/openssl@3/3.2.1/include/openssl -I"/Library/Frameworks/Tcl.framework/Versions/8.6/Headers" $(SSL_INCLUDES) -I.
INCLUDES = -I/opt/homebrew/Cellar/openssl@3/3.2.1/include -I"/Library/Frameworks/Tcl.framework/Versions/8.6/Headers" $(SSL_INCLUDES) -I.
Makefile > line 152
PKG_CFLAGS = -fstack-protector-all -fno-strict-overflow -I/opt/homebrew/Cellar/openssl@3/3.2.1/include/openssl
PKG_CFLAGS = -fstack-protector-all -fno-strict-overflow -I/opt/homebrew/Cellar/openssl@3/3.2.1/include
Compiler Error:
./generic/tlsDigest.c:298:2: error: expected expression
size_t size;
./generic/tlsDigest.c > DigestFinalize > line 297
case TYPE_CMAC:
size_t size;
res = CMAC_Final(statePtr->cctx, md_buf, &size);
md_len = (int) size;
break;
case TYPE_CMAC:
{
size_t size;
res = CMAC_Final(statePtr->cctx, md_buf, &size);
md_len = (int) size;
break;
}
pkgIndex.tcl > line 14
if {[string tolower [file extension libtls1.8.0.dylib]] in [list ".dll" ".so"]} {
if {[string tolower [file extension libtls1.8.0.dylib]] in [list ".dll" ".so" ".dylib"]} {
Linker Error:
gcc -dynamiclib -pipe -Os -DNDEBUG -Wall -fno-common -Wl,-single_module -current_version 1.8.0 -compatibility_version 1.8.0 -headerpad_max_install_names -Wl,-search_paths_first -o libtls1.8.0.dylib tls.o tlsBIO.o tlsDigest.o tlsEncrypt.o tlsInfo.o tlsIO.o tlsKDF.o tlsRand.o tlsUtil.o tlsX509.o -Wl,-Bstatic -Wl,-Bdynamic -L/Library/Frameworks/Tcl.framework/Versions/8.6 -ltclstub8.6 ld: warning: -single_module is obsolete
ld: unknown options: -Bstatic -Bdynamic clang: error: linker command failed with exit code 1 (use -v to see invocation)
Linker from command line:
gcc -dynamiclib -pipe -Os -DNDEBUG -Wall -fno-common -current_version 1.8.0 -compatibility_version 1.8.0 -headerpad_max_install_names -Wl,-search_paths_first -o libtls1.8.0.dylib tls.o tlsBIO.o tlsDigest.o tlsEncrypt.o tlsInfo.o tlsIO.o tlsKDF.o tlsRand.o tlsUtil.o tlsX509.o -L/Library/Frameworks/Tcl.framework/Versions/8.6 -ltclstub8.6 -L/opt/homebrew/Cellar/openssl@3/3.2.1/lib -lssl -lcrypto
The test suite reports 6 errors:
TCL_LIBRARY=`echo /Users/alex/src/tcl86-13/tcl8.6.13/library` DYLD_LIBRARY_PATH="/Users/alex/src/tcl86-14/tcltls-884dd9dece:/Library/Frameworks/Tcl.framework/Versions/8.6:" PATH="/Users/alex/src/tcl86-14/tcltls-884dd9dece:/Library/Frameworks/Tcl.framework/Versions/8.6:/opt/homebrew/bin:/opt/homebrew/sbin:/opt/local/bin:/opt/local/sbin:/opt/local/bin:/opt/local/sbin:/usr/local/bin:/System/Cryptexes/App/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin:/Library/Apple/usr/bin:/Applications/Little Snitch.app/Contents/Components:/Applications/VMware Fusion.app/Contents/Public:/Developer/usr/bin" TCLLIBPATH="/Users/alex/src/tcl86-14/tcltls-884dd9dece" /opt/tcl/8.6/bin/tclsh8.6 `echo ./tests/all.tcl` \
-load "package ifneeded tls 1.8.0 \
[list load `echo libtls1.8.0.dylib` [string totitle tls]]"
Tests running in interp: /opt/tcl/8.6/bin/tclsh8.6
Tests located in: /Users/alex/src/tcl86-14/tcltls-884dd9dece/tests
Tests running in: /Users/alex/src/tcl86-14/tcltls-884dd9dece
Temporary files stored in /Users/alex/src/tcl86-14/tcltls-884dd9dece
Test files run in separate interpreters
Running tests that match: *
Skipping test files that match: l.*.test
Only running test files that match: *.test
Tests began at Tue Feb 27 10:32:58 CET 2024
badssl.test
==== BadSSL-1.3 3des FAILED
==== Contents of test case:
badssl 3des.badssl.com
---- Result was:
handshake failed: ssl/tls alert handshake failure
---- Result should have been (exact matching):
handshake failed: sslv3 alert handshake failure
==== BadSSL-1.3 FAILED
==== BadSSL-1.14 dh512 FAILED
==== Contents of test case:
badssl dh512.badssl.com
---- Result was:
handshake failed: unknown security bits
---- Result should have been (exact matching):
handshake failed: dh key too small
==== BadSSL-1.14 FAILED
==== BadSSL-1.34 null FAILED
==== Contents of test case:
badssl null.badssl.com
---- Result was:
handshake failed: ssl/tls alert handshake failure
---- Result should have been (exact matching):
handshake failed: sslv3 alert handshake failure
==== BadSSL-1.34 FAILED
==== BadSSL-1.38 rc4-md5 FAILED
==== Contents of test case:
badssl rc4-md5.badssl.com
---- Result was:
handshake failed: ssl/tls alert handshake failure
---- Result should have been (exact matching):
handshake failed: sslv3 alert handshake failure
==== BadSSL-1.38 FAILED
==== BadSSL-1.39 rc4 FAILED
==== Contents of test case:
badssl rc4.badssl.com
---- Result was:
handshake failed: ssl/tls alert handshake failure
---- Result should have been (exact matching):
handshake failed: sslv3 alert handshake failure
==== BadSSL-1.39 FAILED
digest.test
encrypt.test
info.test
==== Ciphers_List-1.1 All FAILED
==== Contents of test case:
lcompare [lsort [exec_get_ciphers]] [list_tolower [lsort [::tls::ciphers]]]
---- Result was:
missing {@ aes-128-cbc-cts aes-128-gcm-siv aes-128-siv aes-192-cbc-cts aes-192-gcm-siv aes-192-siv aes-256-cbc-cts aes-256-gcm-siv aes-256-siv aes128-wrap, aes128-wrap-pad, aes192-wrap, aes192-wrap-pad, aes256-wrap, aes256-wrap-pad, camellia-128-cbc-cts camellia-192-cbc-cts camellia-256-cbc-cts default legacy: null provided: sm4-cfb128 sm4-ofb128 \{ \}} unexpected {aes-128-ccm aes-128-gcm aes-192-ccm aes-192-gcm aes-256-ccm aes-256-gcm}
---- Result should have been (exact matching):
missing {rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb} unexpected {aes-128-ccm aes-128-gcm aes-192-ccm aes-192-gcm aes-256-ccm aes-256-gcm}
==== Ciphers_List-1.1 FAILED
==== Pkey_List-10.1 All FAILED
==== Contents of test case:
lcompare [exec_get_pkeys] [tls::pkeys]
---- Result was:
missing {Legacy: Provided: Encryption: {{ 1.2.840.113549.1.1.1, 2.5.8.1.1, RSA, rsaEncryption } @ default} {{ 1.2.156.10197.1.301, SM2 } @ default} {Key Exchange:} {{ 1.2.840.113549.1.3.1, DH, dhKeyAgreement } @ default} {{ 1.3.101.110, X25519 } @ default} {{ 1.3.101.111, X448 } @ default} {ECDH @ default} {TLS1-PRF @ default} {HKDF @ default} {{ 1.3.6.1.4.1.11591.4.11, id-scrypt, SCRYPT } @ default} Signatures: {CMAC @ default} {{ 1.2.840.10040.4.1, 1.2.840.10040.4.3, 1.3.14.3.2.12, 1.3.14.3.2.13, 1.3.14.3.2.27, DSA, DSA-old, DSA-SHA, DSA-SHA1, DSA-SHA1-old, dsaEncryption, dsaEncryption-old, dsaWithSHA, dsaWithSHA1, dsaWithSHA1-old } @ default} {{ 1.3.101.112, ED25519 } @ default} {{ 1.3.101.113, ED448 } @ default} {{ 1.2.156.10197.1.301, SM2 } @ default} {ECDSA @ default} {HMAC @ default} {SIPHASH @ default} {POLY1305 @ default} {{ 1.2.840.113549.1.1.1, 2.5.8.1.1, RSA, rsaEncryption } @ default} {Key encapsulation:} {{ 1.2.840.113549.1.1.1, 2.5.8.1.1, RSA, rsaEncryption } @ default} {{ 1.2.840.10045.2.1, EC, id-ecPublicKey } @ default} {{ 1.3.101.110, X25519 } @ default} {{ 1.3.101.111, X448 } @ default}} unexpected {}
---- Result should have been (exact matching):
missing {} unexpected {}
==== Pkey_List-10.1 FAILED
==== Provider-14.1 Provider too few args FAILED
==== Contents of test case:
::tls::provider
---- Result was:
wrong # args: should be "::tls::provider name"
---- Result should have been (exact matching):
wrong # args: should be "::tls:provider name"
==== Provider-14.1 FAILED
==== Provider-14.2 Provider too few args FAILED
==== Contents of test case:
::tls::provider too many args
---- Result was:
wrong # args: should be "::tls::provider name"
---- Result should have been (exact matching):
wrong # args: should be "::tls:provider name"
==== Provider-14.2 FAILED
kdf.test
random.test
tlsIO.test
==== tlsIO-5.1 byte order problems, socket numbers, htons FAILED
==== Contents of test case:
set x {couldn't open socket: not owner}
if {![catch {tls::socket -server dodo 0x1} msg]} {
set x {htons problem, should be disallowed, are you running as SU?}
close $msg
}
set x
---- Result was:
htons problem, should be disallowed, are you running as SU?
---- Result should have been (exact matching):
couldn't open socket: not owner
==== tlsIO-5.1 FAILED
==== tlsIO-5.3 byte order problems, socket numbers, htons FAILED
==== Contents of test case:
set x {couldn't open socket: not owner}
if {![catch {tls::socket -server dodo 21} msg]} {
set x {htons problem, should be disallowed, are you running as SU?}
close $msg
}
set x
---- Result was:
htons problem, should be disallowed, are you running as SU?
---- Result should have been (exact matching):
couldn't open socket: not owner
==== tlsIO-5.3 FAILED
==== tls-bug58-1.0 test protocol negotiation failure FAILED
==== Contents of test case:
# Following code is based on what was reported in bug #58. Prior
# to fix the program would crash with a segfault.
proc Accept {sock args} {
fconfigure $sock -blocking 0;
fileevent $sock readable [list Handshake $sock]
}
proc Handshake {sock} {
set ::done HAND
catch {tls::handshake $sock} msg
set ::done $msg
}
# NOTE: when doing an in-process client/server test, both sides need
# to be non-blocking for the TLS handshake
# Server - Only accept TLS 1.2
set s [tls::socket -certfile $serverCert -cafile $caCert -keyfile $serverKey -request 0 -require 0 -ssl2 0 -ssl3 0 -tls1 0 -tls1.1 0 -tls1.2 1 -tls1.3 0 -server Accept 8831]
# Client - Only propose TLS1.0
set c [tls::socket -async -cafile $caCert -request 0 -require 0 -ssl2 0 -ssl3 0 -tls1 1 -tls1.1 0 -tls1.2 0 -tls1.3 0 localhost 8831]
fconfigure $c -blocking 0
puts $c a ; flush $c
after 5000 [list set ::done timeout]
vwait ::done
switch -exact -- $::done {
"handshake failed: wrong ssl version" -
"handshake failed: unsupported protocol" {
set ::done "handshake failed: wrong version number"
}
}
set ::done
---- Test generated error; Return code was: 1
---- Return code should have been one of: 0 2
---- errorInfo: error flushing "sock12a88ba10": software caused connection abort
while executing
"flush $c"
("uplevel" body line 21)
invoked from within
"uplevel 1 $script"
---- errorCode: POSIX ECONNABORTED {software caused connection abort}
==== tls-bug58-1.0 FAILED
Tests ended at Tue Feb 27 10:33:54 CET 2024
all.tcl: Total 393 Passed 342 Skipped 39 Failed 12
Sourced 7 Test Files.
Files with failing tests: badssl.test info.test tlsIO.test
Number of tests skipped for each constraint:
1 !tls1
1 !tls1.1
1 !tls1.2
1 !tls1.3
12 doTestsWithRemoteServer
3 knownIgnored
11 old_api
3 ssl2
3 ssl3
1 testthread
2 unexplainedFailure
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
test_vectors test began at Tue Feb 27 10:33:54 CET 2024
Tests running in interp: /opt/tcl/8.6/bin/tclsh8.6
Tests located in: /Users/alex/src/tcl86-14/tcltls-884dd9dece/tests/test_vectors
Tests running in: /Users/alex/src/tcl86-14/tcltls-884dd9dece
Temporary files stored in /Users/alex/src/tcl86-14/tcltls-884dd9dece
Test files run in separate interpreters
Running tests that match: *
Skipping test files that match: l.*.test
Only running test files that match: *.test
Tests began at Tue Feb 27 10:33:54 CET 2024
Error: No test files remain after applying your match and skip patterns!
Tests ended at Tue Feb 27 10:33:54 CET 2024
all.tcl: Total 0 Passed 0 Skipped 0 Failed 0
Sourced 0 Test Files.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hash test began at Tue Feb 27 10:33:54 CET 2024
Tests running in interp: /opt/tcl/8.6/bin/tclsh8.6
Tests located in: /Users/alex/src/tcl86-14/tcltls-884dd9dece/tests/test_vectors/Hash
Tests running in: /Users/alex/src/tcl86-14/tcltls-884dd9dece
Temporary files stored in /Users/alex/src/tcl86-14/tcltls-884dd9dece
Test files run in separate interpreters
Running tests that match: *
Skipping test files that match: l.*.test
Only running test files that match: *.test
Tests began at Tue Feb 27 10:33:54 CET 2024
BLAKE2b512.test
BLAKE2s256.test
MD2.test
MD4.test
MD5.test
MDC2.test
RIPEMD128.test
RIPEMD160.test
RIPEMD256.test
RIPEMD320.test
SHA1.test
SHA1LongMsg.test
SHA1ShortMsg.test
SHA224.test
SHA224LongMsg.test
SHA224ShortMsg.test
SHA256.test
SHA256LongMsg.test
SHA256ShortMsg.test
SHA3-224.test
SHA3-256.test
SHA3-384.test
SHA3-512.test
SHA384.test
SHA384LongMsg.test
SHA384ShortMsg.test
SHA3_224LongMsg.test
SHA3_224ShortMsg.test
SHA3_256LongMsg.test
SHA3_256ShortMsg.test
SHA3_384LongMsg.test
SHA3_384ShortMsg.test
SHA3_512LongMsg.test
SHA3_512ShortMsg.test
SHA512-224.test
SHA512-256.test
SHA512.test
SHA512LongMsg.test
SHA512ShortMsg.test
SHA512_224LongMsg.test
SHA512_224ShortMsg.test
SHA512_256LongMsg.test
SHA512_256ShortMsg.test
SHAKE128.test
==== Hash_SHAKE128-1.1 SHAKE128 FAILED
==== Contents of test case:
tls::digest -digest SHAKE128 -data $data
---- Result was:
7f9c2ba4e88f827d616045507605853e
---- Result should have been (exact matching):
7f9c2ba4e88f827d616045507605853ed73b8093f6efbc88eb1a6eacfa66ef26
==== Hash_SHAKE128-1.1 FAILED
==== Hash_SHAKE128-1.2 SHAKE128 FAILED
==== Contents of test case:
tls::digest -digest SHAKE128 -data $data
---- Result was:
f4202e3c5852f9182a0430fd8144f0a7
---- Result should have been (exact matching):
f4202e3c5852f9182a0430fd8144f0a74b95e7417ecae17db0f8cfeed0e3e66e
==== Hash_SHAKE128-1.2 FAILED
==== Hash_SHAKE128-1.3 SHAKE128 FAILED
==== Contents of test case:
tls::digest -digest SHAKE128 -data $data
---- Result was:
131ab8d2b594946b9c81333f9bb6e0ce
---- Result should have been (exact matching):
131ab8d2b594946b9c81333f9bb6e0ce75c3b93104fa3469d3917457385da037
==== Hash_SHAKE128-1.3 FAILED
SHAKE128LongMsg.test
SHAKE128ShortMsg.test
SHAKE256.test
==== Hash_SHAKE256-1.1 SHAKE256 FAILED
==== Contents of test case:
tls::digest -digest SHAKE256 -data $data
---- Result was:
46b9dd2b0ba88d13233b3feb743eeb243fcd52ea62b81b82b50c27646ed5762f
---- Result should have been (exact matching):
46b9dd2b0ba88d13233b3feb743eeb243fcd52ea62b81b82b50c27646ed5762fd75dc4ddd8c0f200cb05019d67b592f6fc821c49479ab48640292eacb3b7c4be
==== Hash_SHAKE256-1.1 FAILED
==== Hash_SHAKE256-1.2 SHAKE256 FAILED
==== Contents of test case:
tls::digest -digest SHAKE256 -data $data
---- Result was:
2f671343d9b2e1604dc9dcf0753e5fe15c7c64a0d283cbbf722d411a0e36f6ca
---- Result should have been (exact matching):
2f671343d9b2e1604dc9dcf0753e5fe15c7c64a0d283cbbf722d411a0e36f6ca1d01d1369a23539cd80f7c054b6e5daf9c962cad5b8ed5bd11998b40d5734442
==== Hash_SHAKE256-1.2 FAILED
==== Hash_SHAKE256-1.3 SHAKE256 FAILED
==== Contents of test case:
tls::digest -digest SHAKE256 -data $data
---- Result was:
cd8a920ed141aa0407a22d59288652e9d9f1a7ee0c1e7c1ca699424da84a904d
---- Result should have been (exact matching):
cd8a920ed141aa0407a22d59288652e9d9f1a7ee0c1e7c1ca699424da84a904d2d700caae7396ece96604440577da4f3aa22aeb8857f961c4cd8e06f0ae6610b
==== Hash_SHAKE256-1.3 FAILED
SHAKE256LongMsg.test
SHAKE256ShortMsg.test
SM3.test
WHIRLPOOL.test
Tests ended at Tue Feb 27 10:34:23 CET 2024
all.tcl: Total 3333 Passed 3290 Skipped 37 Failed 6
Sourced 51 Test Files.
Files with failing tests: SHAKE128.test SHAKE256.test
Number of tests skipped for each constraint:
7 MD2
10 RIPEMD128
10 RIPEMD256
10 RIPEMD320
make: *** [test] Error 1
|
