A test fails

[ruipacheco]

I tried building Botan thus:

> python configure.py --minimized-build --enable-modules=zlib,md5,sha1,tls --single-amalgamation-file
> make

and botan-test failed on the following test:

X509 Usage ran 8 tests 1 FAILED
Failure 1: X509 Usage test_usage RSA with error False assertion 'RSA sign consistency check' (expression m == c) in raw_sign @botan_all.cpp:20428

Reverting back to an old issue I had here I tried creating the library with the following command:

python configure.py --minimized-build --enable-modules=md5,sha1,system_rng,sha2_64,tls --single-amalgamation-file --amalgamation

but make fails:

⟩ make
clang++ -fstack-protector -m64 -pthread -stdlib=libc++ -fPIC -fvisibility=hidden -std=c++11 -D_REENTRANT -O3 -Wall -Wextra -Wpedantic -Wshadow -Wstrict-aliasing -Wstrict-overflow=5 -Wcast-align -Wmissing-declarations -Wpointer-arith -Wcast-qual -Ibuild/include -c botan_all.cpp -o build/obj/lib/botan_all.o
botan_all.cpp:27496:67: warning: unused parameter 'version' [-Wunused-parameter]
Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version,
                                                                  ^
botan_all.cpp:27501:55: warning: unused parameter 'uses_encrypt_then_mac' [-Wunused-parameter]
                                                 bool uses_encrypt_then_mac) :
                                                      ^
botan_all.cpp:30710:25: error: variable has incomplete type 'struct stat'
            struct stat stat_buf;
                        ^
botan_all.cpp:30710:20: note: forward declaration of 'stat'
            struct stat stat_buf;
                   ^
botan_all.cpp:30712:18: error: no member named 'stat' in the global namespace
            if(::stat(full_path.c_str(), &stat_buf) == -1)
               ~~^
botan_all.cpp:30905:13: error: no member named 'getpid' in the global namespace
   return ::getpid();
          ~~^
2 warnings and 3 errors generated.
make: *** [build/obj/lib/botan_all.o] Error 1

Finally, GitHub says the latest release is 2.3.0 but the Python script says it's 2.4.0:

INFO: Botan 2.4.0 (revision git:8258550225d198a3f1f9791d5fc5ce8511dfeb3e) (unreleased undated) build setup is complete

I'm on the latest OSX using the latest Xcode.

[randombit]

False assertion 'RSA sign consistency check' (expression m == c) in raw_sign @botan_all.cpp:20428

That's a rather disconcerting error as it indicates that RSA computed an incorrect signature. Does this test seem to fail reliably? Is this the only test that fails?

botan_all.cpp:30712:18: error: no member named 'stat' in the global namespace botan_all.cpp:30905:13: error: no member named 'getpid' in the global namespace

Ah I see the problem here, the way the amalgamation uniqs header includes does not behave correctly, and (so it happens) on systems with arc4random we fail to include unistd.h or sys/stat.h when we should.

Quick workaround, edit src/build-data/os/darwin.txt and remove arc4random from the target_features block.

Finally, GitHub says the latest release is 2.3.0 but the Python script says it's 2.4.0:

master is 2.4.0-pre, version number in git is always incremented shortly after a release.

[ruipacheco]

That's a rather disconcerting error as it indicates that RSA computed an incorrect signature. Does this test seem to fail reliably? Is this the only test that fails?

Yes. Full test output:

⟩ ./botan-test 
Testing Botan 2.4.0 (unreleased, revision git:8258550225d198a3f1f9791d5fc5ce8511dfeb3e, distribution unspecified)
Starting tests rng:bogus
block:
AES-128 ran 10422 tests in 11.21 msec all ok
AES-192 ran 12150 tests in 14.82 msec all ok
AES-256 ran 13878 tests in 19.05 msec all ok
stream:
CTR-BE(AES-128) ran 270 tests in 1.06 msec all ok
CTR-BE(AES-192) ran 320 tests in 1.08 msec all ok
CTR-BE(AES-256) ran 325 tests in 1.13 msec all ok
hash:
MD5 ran 666 tests in 0.68 msec all ok
Parallel(MD5,SHA-160) ran 12 tests in 0.04 msec all ok
Parallel(SHA-256,SHA-512) ran 6 tests in 0.06 msec all ok
SHA-160 ran 1340 tests in 1.20 msec all ok
SHA-224 ran 14 tests in 0.02 msec all ok
SHA-256 ran 3494 tests in 3.43 msec all ok
SHA-384 ran 57 tests in 0.08 msec all ok
SHA-512 ran 57 tests in 0.07 msec all ok
SHA-512-256 ran 7 tests in 0.01 msec all ok
mac:
HMAC(MD5) ran 32 tests in 0.14 msec all ok
HMAC(SHA-160) ran 48 tests in 0.16 msec all ok
HMAC(SHA-256) ran 40 tests in 0.16 msec all ok
modes:
AES-128/CBC/CTS ran 30 tests in 0.29 msec all ok
AES-128/CBC/NoPadding ran 10 tests in 0.12 msec all ok
AES-192/CBC/NoPadding ran 5 tests in 0.05 msec all ok
AES-256/CBC/NoPadding ran 5 tests in 0.06 msec all ok
CTR-BE(AES-128) ran 18 tests in 0.06 msec all ok
aeadkdf:
pbkdf:
PBKDF2(HMAC(SHA-160)) ran 20 tests in 32.18 msec all ok
PBKDF2(HMAC(SHA-256)) ran 2 tests in 31.84 msec all ok
PBKDF2(HMAC(SHA-384)) ran 2 tests in 18.41 msec all ok
PBKDF2(HMAC(SHA-512)) ran 2 tests in 18.38 msec all ok
hmac_drbg:
x931_rng:
util:
CT utils ran 20 tests all ok
Util load/store ran 229 tests all ok
Util round_down ran 6 tests in 0.01 msec all ok
Util round_up ran 11 tests in 0.16 msec all ok
aead:
AES-128/GCM ran 1052 tests in 6.39 msec all ok
AES-128/GCM(12) ran 184 tests in 1.23 msec all ok
AES-128/GCM(8) ran 48 tests in 0.47 msec all ok
AES-192/GCM ran 364 tests in 1.79 msec all ok
AES-192/GCM(12) ran 136 tests in 0.64 msec all ok
AES-256/GCM ran 364 tests in 1.70 msec all ok
AES-256/GCM(12) ran 136 tests in 0.66 msec all ok
AES-256/GCM(13) ran 136 tests in 0.65 msec all ok
AES-256/GCM(14) ran 136 tests in 0.82 msec all ok
AES-256/GCM(15) ran 136 tests in 1.38 msec all ok
asn1:
BER stack recursion ran 1 tests all ok
base64:
Base64 ran 64 tests in 0.15 msec all ok
bc_pad:
ESP ran 15 tests in 0.01 msec all ok
NoPadding ran 10 tests in 0.01 msec all ok
OneAndZeros ran 13 tests in 0.02 msec all ok
PKCS7 ran 12 tests in 0.01 msec all ok
X9.23 ran 13 tests in 0.01 msec all ok
bigint_unit:
BigInt IO operators ran 8 tests all ok
BigInt encoding functions ran 1 tests all ok
BigInt prime generation ran 151 tests all ok
BigInt size functions ran 72 tests all ok
BigInt::random_integer ran 15010 tests in 4.97 msec all ok
bn_add:
BigInt Addition ran 292 tests in 83.01 msec all ok
bn_div:
BigInt Divide ran 76 tests in 7.52 msec all ok
bn_gcd:
BigInt Mod ran 1 tests in 0.02 msec all ok
bn_invmod:
BigInt InvMod ran 305 tests in 64.74 msec all ok
bn_isprime:
BigInt Test NonPrime ran 107 tests in 142.62 msec all ok
BigInt Test Prime ran 17 tests in 7.86 msec all ok
bn_lshift:
BigInt Lshift ran 100 tests in 43.27 msec all ok
bn_mod:
BigInt Mod ran 171 tests in 11.12 msec all ok
bn_mul:
BigInt Multiply ran 416 tests in 394.16 msec all ok
bn_powmod:
BigInt Powmod ran 213 tests in 291.72 msec all ok
bn_ressol:
BigInt Ressol ran 22 tests in 12.38 msec all ok
bn_rshift:
BigInt Rshift ran 102 tests in 12.08 msec all ok
bn_sqr:
BigInt Square ran 42 tests in 5.80 msec all ok
bn_sub:
BigInt Subtraction ran 126 tests in 40.46 msec all ok
charset:
Charset ran 9 tests in 0.02 msec all ok
Charset negative tests ran 5 tests all ok
compression:
deflate compression ran 17 tests all ok
gzip compression ran 17 tests all ok
zlib compression ran 17 tests all ok
dh_invalid:
DH invalid keys ran 7 tests in 406.15 msec all ok
dh_kat:
DH negative tests ran 2 tests all ok
Diffie-Hellman/Raw Valid key agreement ran 36 tests in 175.52 msec all ok
dh_keygen:
DH modp/ietf/1024 keygen ran 15 tests in 765.66 msec all ok
dl_group:
DL_Group encoding ran 8 tests all ok
DL_Group generate ran 14 tests in 3.80 sec all ok
DL_Group named ran 38 tests in 115.17 msec all ok
dsa_param:
DSA Parameter Generation ran 10 tests in 479.98 msec all ok
ecc_invalid:
ECC invalid keys ran 5 tests in 2.68 msec all ok
ecc_pointmul:
ECC Scalarmult frp256v1 ran 104 tests in 160.14 msec all ok
ECC Scalarmult secp192r1 ran 104 tests in 60.05 msec all ok
ECC Scalarmult secp224r1 ran 104 tests in 71.73 msec all ok
ECC Scalarmult secp256k1 ran 100 tests in 91.77 msec all ok
ECC Scalarmult secp256r1 ran 104 tests in 97.39 msec all ok
ECC Scalarmult secp384r1 ran 104 tests in 143.26 msec all ok
ECC Scalarmult secp521r1 ran 104 tests in 245.07 msec all ok
ecc_randomized:
ECC randomized brainpool160r1 ran 26 tests in 24.46 msec all ok
ECC randomized brainpool192r1 ran 26 tests in 33.49 msec all ok
ECC randomized brainpool224r1 ran 26 tests in 44.73 msec all ok
ECC randomized brainpool256r1 ran 26 tests in 47.84 msec all ok
ECC randomized brainpool320r1 ran 26 tests in 79.85 msec all ok
ECC randomized brainpool384r1 ran 26 tests in 90.95 msec all ok
ECC randomized brainpool512r1 ran 26 tests in 153.22 msec all ok
ECC randomized frp256v1 ran 26 tests in 51.94 msec all ok
ECC randomized gost_256A ran 26 tests in 50.19 msec all ok
ECC randomized secp160k1 ran 26 tests in 26.96 msec all ok
ECC randomized secp160r1 ran 26 tests in 28.56 msec all ok
ECC randomized secp160r2 ran 26 tests in 31.16 msec all ok
ECC randomized secp192k1 ran 26 tests in 31.27 msec all ok
ECC randomized secp192r1 ran 26 tests in 42.42 msec all ok
ECC randomized secp224k1 ran 26 tests in 49.33 msec all ok
ECC randomized secp224r1 ran 26 tests in 42.82 msec all ok
ECC randomized secp256k1 ran 26 tests in 52.06 msec all ok
ECC randomized secp256r1 ran 26 tests in 48.19 msec all ok
ECC randomized secp384r1 ran 26 tests in 79.07 msec all ok
ECC randomized secp521r1 ran 26 tests in 126.66 msec all ok
ECC randomized sm2p256v1 ran 26 tests in 54.85 msec all ok
ECC randomized x962_p192v2 ran 26 tests in 35.73 msec all ok
ECC randomized x962_p192v3 ran 26 tests in 39.20 msec all ok
ECC randomized x962_p239v1 ran 26 tests in 52.15 msec all ok
ECC randomized x962_p239v2 ran 26 tests in 39.28 msec all ok
ECC randomized x962_p239v3 ran 26 tests in 53.58 msec all ok
ecc_unit:
ECC Unit ran 99 tests all ok
ecdh_kat:
ECDH/Raw frp256v1 key agreement ran 25 tests in 130.38 msec all ok
ECDH/Raw secp192r1 key agreement ran 25 tests in 108.27 msec all ok
ECDH/Raw secp224r1 key agreement ran 25 tests in 103.49 msec all ok
ECDH/Raw secp256r1 key agreement ran 25 tests in 142.57 msec all ok
ECDH/Raw secp384r1 key agreement ran 25 tests in 197.63 msec all ok
ECDH/Raw secp521r1 key agreement ran 25 tests in 341.34 msec all ok
ecdh_keygen:
ECDH brainpool256r1 keygen ran 15 tests in 37.65 msec all ok
ECDH brainpool384r1 keygen ran 15 tests in 77.61 msec all ok
ECDH brainpool512r1 keygen ran 15 tests in 121.55 msec all ok
ECDH frp256v1 keygen ran 15 tests in 38.72 msec all ok
ECDH secp256r1 keygen ran 15 tests in 37.32 msec all ok
ECDH secp384r1 keygen ran 15 tests in 67.01 msec all ok
ECDH secp521r1 keygen ran 15 tests in 125.15 msec all ok
ecdh_unit:
ecdsa_invalid:
ECDSA invalid keys ran 78 tests in 392.52 msec all ok
ecdsa_keygen:
ECDSA frp256v1 keygen ran 15 tests in 45.56 msec all ok
ECDSA secp256r1 keygen ran 15 tests in 43.02 msec all ok
ECDSA secp384r1 keygen ran 15 tests in 69.60 msec all ok
ECDSA secp521r1 keygen ran 15 tests in 109.63 msec all ok
ecdsa_sign:
ECDSA/EMSA1(SHA-1) signature generation ran 8 tests in 28.21 msec all ok
ECDSA/EMSA1(SHA-224) signature generation ran 368 tests in 1.02 sec all ok
ECDSA/EMSA1(SHA-256) signature generation ran 360 tests in 975.81 msec all ok
ECDSA/EMSA1(SHA-384) signature generation ran 360 tests in 1.02 sec all ok
ECDSA/EMSA1(SHA-512) signature generation ran 360 tests in 972.15 msec all ok
ecdsa_unit:
ECDSA Unit ran 48 tests all ok
entropy:
hostname:
Hostname ran 21 tests in 0.05 msec all ok
iv_carryover:
CBC IV carry ran 4 tests all ok
CTR IV carry ran 54 tests all ok
kdf:
TLS-12-PRF(HMAC(SHA-224)) ran 4 tests in 0.05 msec all ok
TLS-12-PRF(HMAC(SHA-256)) ran 4 tests in 0.04 msec all ok
TLS-12-PRF(HMAC(SHA-384)) ran 4 tests in 0.04 msec all ok
TLS-12-PRF(HMAC(SHA-512)) ran 4 tests in 0.04 msec all ok
TLS-PRF ran 128 tests in 0.83 msec all ok
mp_unit:
bigint_cnd_abs ran 6 tests all ok
bigint_cnd_add ran 4 tests all ok
bigint_cnd_sub ran 4 tests all ok
bigint_cnd_swap ran 12 tests all ok
nist_redc:
NIST P-192 reduction ran 34 tests in 5.50 msec all ok
NIST P-224 reduction ran 34 tests in 5.63 msec all ok
NIST P-256 reduction ran 34 tests in 6.49 msec all ok
NIST P-384 reduction ran 34 tests in 13.80 msec all ok
NIST P-521 reduction ran 34 tests in 21.30 msec all ok
ocsp:
OCSP request check ran 3 tests all ok
OCSP request encoding ran 3 tests all ok
OCSP response certificate access ran 3 tests all ok
OCSP response parsing ran 3 tests all ok
octetstring:
OctetString ran 14 tests all ok
os_utils:
OS::get_high_resolution_clock ran 2 tests all ok
OS::get_process_id ran 2 tests all ok
OS::get_processor_timestamp ran 1 tests all ok
OS::get_system_timestamp_ns ran 2 tests all ok
OS::run_cpu_instruction_probe ran 2 tests all ok
pk_pad_eme:
PKCS1v15 Decoding ran 39 tests in 0.07 msec all ok
pk_workfactor:
DL_Exponent_Size work factor calculation ran 6 tests in 0.02 msec all ok
RSA_Strength work factor calculation ran 8 tests in 0.04 msec all ok
pkcs_hash_id:
PKCS hash id for MD5 ran 2 tests all ok
PKCS hash id for RIPEMD-160 ran 2 tests all ok
PKCS hash id for SHA-160 ran 2 tests all ok
PKCS hash id for SHA-224 ran 2 tests all ok
PKCS hash id for SHA-256 ran 2 tests all ok
PKCS hash id for SHA-3(224) ran 2 tests all ok
PKCS hash id for SHA-3(256) ran 2 tests all ok
PKCS hash id for SHA-3(384) ran 2 tests all ok
PKCS hash id for SHA-3(512) ran 2 tests all ok
PKCS hash id for SHA-384 ran 2 tests all ok
PKCS hash id for SHA-512 ran 2 tests all ok
PKCS hash id for SHA-512-256 ran 2 tests all ok
PKCS hash id for SM3 ran 2 tests all ok
PKCS hash id for Tiger(24,3) ran 2 tests all ok
rsa_blinding:
rsa_encrypt:
RSA/EME-PKCS1-v1_5 decryption ran 20 tests in 22.35 msec all ok
rsa_kem:
rsa_keygen:
RSA 1024 keygen ran 15 tests in 172.47 msec all ok
RSA 1280 keygen ran 15 tests in 691.41 msec all ok
rsa_pss:
RSA/PSSR(SHA-224,MGF1,15) signature generation ran 80 tests in 57.84 msec all ok
RSA/PSSR(SHA-224,MGF1,28) signature generation ran 80 tests in 148.42 msec all ok
RSA/PSSR(SHA-256,MGF1,20) signature generation ran 80 tests in 59.02 msec all ok
RSA/PSSR(SHA-256,MGF1,32) signature generation ran 80 tests in 137.15 msec all ok
RSA/PSSR(SHA-384,MGF1,25) signature generation ran 80 tests in 65.72 msec all ok
RSA/PSSR(SHA-384,MGF1,48) signature generation ran 80 tests in 143.13 msec all ok
RSA/PSSR(SHA-512,MGF1,30) signature generation ran 80 tests in 56.81 msec all ok
RSA/PSSR(SHA-512,MGF1,62) signature generation ran 80 tests in 141.17 msec all ok
rsa_pss_raw:
RSA/PSSR_Raw(SHA-224,MGF1,15) signature generation ran 80 tests in 59.27 msec all ok
RSA/PSSR_Raw(SHA-224,MGF1,28) signature generation ran 80 tests in 144.24 msec all ok
RSA/PSSR_Raw(SHA-256,MGF1,20) signature generation ran 80 tests in 56.18 msec all ok
RSA/PSSR_Raw(SHA-256,MGF1,32) signature generation ran 80 tests in 138.91 msec all ok
RSA/PSSR_Raw(SHA-384,MGF1,25) signature generation ran 80 tests in 56.03 msec all ok
RSA/PSSR_Raw(SHA-384,MGF1,48) signature generation ran 80 tests in 135.92 msec all ok
RSA/PSSR_Raw(SHA-512,MGF1,30) signature generation ran 80 tests in 58.54 msec all ok
RSA/PSSR_Raw(SHA-512,MGF1,62) signature generation ran 80 tests in 132.49 msec all ok
rsa_sign:
RSA/EMSA1(SHA-1) signature generation ran 24 tests in 3.52 msec all ok
RSA/EMSA3(MD5) signature generation ran 72 tests in 46.13 msec all ok
RSA/EMSA3(Raw) signature generation ran 40 tests in 9.75 msec all ok
RSA/EMSA3(Raw,MD5) signature generation ran 8 tests in 1.39 msec all ok
RSA/EMSA3(SHA-1) signature generation ran 80 tests in 11.16 msec all ok
RSA/EMSA3(SHA-224) signature generation ran 24 tests in 7.77 msec all ok
RSA/EMSA3(SHA-256) signature generation ran 32 tests in 7.35 msec all ok
RSA/EMSA3(SHA-384) signature generation ran 32 tests in 7.41 msec all ok
RSA/EMSA3(SHA-512) signature generation ran 32 tests in 7.62 msec all ok
RSA/EMSA4(SHA-1) signature generation ran 240 tests in 56.72 msec all ok
rsa_verify:
RSA/EMSA4(SHA-1) signature verification ran 98 tests in 4.62 msec all ok
RSA/EMSA4(SHA-224) signature verification ran 28 tests in 1.47 msec all ok
RSA/EMSA4(SHA-256) signature verification ran 28 tests in 1.46 msec all ok
RSA/EMSA_PKCS1(SHA-256) signature verification ran 7 tests in 0.25 msec all ok
rsa_verify_invalid:
RSA/EMSA_PKCS1(SHA-256) verify invalid signature ran 141 tests in 10.95 msec all ok
testcode:
Test Framework ran 17 tests all ok
tls:
DTLS v1.2 ran 360 tests in 272.32 msec all ok
TLS Policy ran 5 tests all ok
TLS v1.2 ran 461 tests in 339.74 msec all ok
TLS::Alert::type_string ran 33 tests all ok
TLS::Ciphersuite ran 54 tests all ok
tls_messages:
alert parsing ran 9 tests in 0.04 msec all ok
cert_status parsing ran 8 tests in 0.11 msec all ok
cert_verify parsing ran 8 tests in 0.06 msec all ok
client_hello parsing ran 18 tests in 0.16 msec all ok
hello_request parsing ran 2 tests in 0.02 msec all ok
hello_verify parsing ran 5 tests in 0.03 msec all ok
hello_verify_request construction ran 1 tests all ok
new_session_ticket parsing ran 5 tests in 0.03 msec all ok
server_hello parsing ran 12 tests in 0.07 msec all ok
tls_policy:
TLS Policy DH key verification ran 1 tests all ok
TLS Policy ECDH key verification ran 2 tests all ok
TLS Policy ECDSA key verification ran 2 tests all ok
TLS Policy RSA key verification ran 2 tests all ok
util_dates:
Date parsing ran 81 tests in 0.18 msec all ok
calendar_point::to_string ran 1 tests all ok
x509_dn_cmp:
X509_DN comparisons ran 4 tests in 0.08 msec all ok
x509_path_extended:
Extended X509 path validation ran 3 tests in 8.30 msec all ok
x509_path_name_constraint:
X509v3 Name Constraints: Invalid_DN_Name_Constraint.crt ran 1 tests all ok
X509v3 Name Constraints: Invalid_Email_Name_Constraint.crt ran 1 tests all ok
X509v3 Name Constraints: Invalid_IP_Name_Constraint.crt ran 1 tests all ok
X509v3 Name Constraints: Valid_DNS_Name_Constraint.crt ran 1 tests all ok
X509v3 Name Constraints: Valid_DN_Name_Constraint.crt ran 1 tests all ok
X509v3 Name Constraints: Valid_IP_Name_Constraint.crt ran 1 tests all ok
x509_path_nist:
NIST path validation ran 71 tests in 220.74 msec all ok
x509_path_x509test:
X509test path validation ran 37 tests in 74.45 msec all ok
x509_unit:
Certificate_Status_Code to_string ran 73 tests all ok
X509 Extensions ran 16 tests all ok
X509 Hashes ran 20 tests all ok
X509 Self Issued ran 2 tests all ok
X509 Time ran 75 tests all ok
X509 Unit ran 42 tests all ok
X509 Usage ran 8 tests 1 FAILED
Failure 1: X509 Usage test_usage RSA with error False assertion 'RSA sign consistency check' (expression m == c) in raw_sign @botan_all.cpp:20428
Note 1: X509 Usage Skipping due to missing signature algorithm: DSA
Note 2: X509 Usage Skipping due to missing signature algorithm: ECGDSA
Note 3: X509 Usage Skipping due to missing signature algorithm: ECKCDSA
Note 4: X509 Usage Skipping due to missing signature algorithm: GOST-34.10
X509 Valid Constraints ran 26 tests all ok
Tests complete ran 71367 tests in 22.34 sec 1 tests failed
Error: Test error Test suite failure

[ruipacheco]

I'd like to use Botan for MD5, SHA1 and TLS. I understand a failing test is a serious issue but can I use the library for development while I wait for a fix for the failed test? Or should I wait/use an older version?

[randombit]

Given the other RSA tests pass I think it's safe enough to continue to develop using latest version. (On the other hand, if you're able to check an older version, say 2.0.0, and see if the test fails there as well that might provide useful information.)

Also can you post the complete output of ./configure.py when you setup your build, as well as the output of clang -v?

[ruipacheco]

python configure.py --minimized-build --enable-modules=zlib,md5,sha1,tls --single-amalgamation-file --amalgamation
   INFO: configure.py invoked with options "--minimized-build --enable-modules=zlib,md5,sha1,tls --single-amalgamation-file --amalgamation"
   INFO: Platform: OS="Darwin" machine="x86_64" proc="i386"
   INFO: Guessing target OS is darwin (use --os to set)
   INFO: Guessing to use compiler clang (use --cc to set)
   INFO: Guessing target processor is a x86_64/x86_64 (use --cpu to set)
   INFO: Canonicalized CPU target x86_64 to x86_64/x86_64
   INFO: Mapping Apple Clang version 900 to LLVM version 4.0
   INFO: Auto-detected compiler version 4.0
   INFO: Target is clang:4.0-darwin-x86_64-x86_64
   INFO: Skipping (incompatible CPU): aes_armv8 pmull sha1_armv8 sha2_32_armv8
   INFO: Skipping (incompatible OS): getentropy locking_allocator win32_stats
   INFO: Skipping (not requested): adler32 aes_ni aes_ssse3 aont aria auto_rng bcrypt blake2 blowfish camellia cascade cast cbc_mac ccm cecpq1 certstor_sql certstor_sqlite3 cfb chacha chacha20poly1305 chacha_rng chacha_sse2 clmul cmac codec_filt comb4p crc24 crc32 cryptobox curve25519 darwin_secrandom des dev_random dlies dsa dyn_load eax ecgdsa ecies eckcdsa ed25519 elgamal eme_oaep eme_raw emsa_raw emsa_x931 fd_unix ffi filters fpe_fe1 gmac gost_28147 gost_3410 gost_3411 hkdf hmac_drbg hotp http_util idea idea_sse2 iso9796 kasumi kdf1 kdf1_iso18033 kdf2 keccak lion mce mceies md4 misty1 newhope noekeon noekeon_simd ocb ofb passhash9 pbkdf1 pgp_s2k pkcs11 poly1305 poly_dbl prf_x942 proc_walk rc4 rdrand rdrand_rng rdseed rfc3394 rfc6979 rmd160 salsa20 seed serpent serpent_simd sessions_sql sessions_sqlite3 sha1_sse2 sha1_x86 sha2_32_x86 sha3 shacal2 shacal2_simd shacal2_x86 shake shake_cipher simd siphash siv skein sm2 sm3 sm4 sp800_108 sp800_56a sp800_56c srp6 stateful_rng streebog system_rng threefish threefish_avx2 tiger tls_cbc tss twofish whirlpool x919_mac xmss xtea xts
   INFO: Skipping (requires external dependency): bearssl boost bzip2 lzma openssl sqlite3 tpm
   INFO: Enabling use of external dependency zlib
   INFO: Loading modules: aead aes asn1 base base64 bigint block cbc compression cpuid ctr dh dl_algo dl_group ec_gfp ec_group ecc_key ecdh ecdsa eme_pkcs1 emsa1 emsa_pkcs1 emsa_pssr entropy gcm hash hash_id hex hmac kdf keypair mac md5 mdx_hash mgf1 mode_pad modes mp numbertheory par_hash pbes2 pbkdf pbkdf2 pem pk_pad prf_tls pubkey rng rsa sha1 sha2_32 sha2_64 stream tls utils x509 zlib
   INFO: Assuming CPU is little endian
   INFO: Assuming unaligned memory access works
   INFO: Using symlink to link files into build dir (use --link-method to change)
   INFO: Writing amalgamation header to botan_all.h
   INFO: Writing amalgamation header to botan_all_internal.h
   INFO: Writing amalgamation source to botan_all.cpp
   INFO: Botan 2.4.0 (revision git:8258550225d198a3f1f9791d5fc5ce8511dfeb3e) (unreleased undated) build setup is complete

⟩ clang -v
Apple LLVM version 9.0.0 (clang-900.0.38)
Target: x86_64-apple-darwin17.0.0
Thread model: posix
InstalledDir: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin

[randombit]

@ruipacheco Unfortunately I am unable to reproduce this. Is the test still failing for you? If so can you please apply the following patch

diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp
index aa315aabf..a6e3fb082 100644
--- a/src/lib/pubkey/rsa/rsa.cpp
+++ b/src/lib/pubkey/rsa/rsa.cpp
@@ -5,6 +5,7 @@
 * Botan is released under the Simplified BSD License (see license.txt)
 */

+#include <iostream>
 #include <botan/rsa.h>
 #include <botan/internal/pk_ops_impl.h>
 #include <botan/keypair.h>
@@ -259,6 +260,16 @@ class RSA_Signature_Operation final : public PK_Ops::Signature_with_EMSA,
          const BigInt m(msg, msg_len);
          const BigInt x = blinded_private_op(m);
          const BigInt c = m_powermod_e_n(x);
+
+         if(m != c)
+            {
+            std::cout << "m = " << m << "\n";
+            std::cout << "c = " << c << "\n";
+            std::cout << "x = " << x << "\n";
+            std::cout << "y = " << private_op(m) << "\n";
+            std::cout << "n = " << m_n << "\n";
+            std::cout << "q = " << m_q << "\n";
+            }
          BOTAN_ASSERT(m == c, "RSA sign consistency check");
          return BigInt::encode_1363(x, m_n.bytes());
          }

The output will hopefully give me enough information to diagnose the issue. Thanks.

[ruipacheco]

I'm no longer working on this particular project so can't test.

[randombit]

OK thanks. I think in that case, given this error has not been reproduced or reported by other users I will close.