Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e559 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m Build log ended with (last 100 lines): 65-test_cmp_status.t ... ok 65-test_cmp_vfy.t .. ok 70-test_asyncio.t .. ok 70-test_bad_dtls.t . ok 70-test_clienthello.t .. ok 70-test_comp.t . ok 70-test_key_share.t ok 70-test_packet.t ... ok 70-test_recordlen.t ok 70-test_renegotiation.t ok 70-test_servername.t ... ok 70-test_sslcbcpadding.t ok 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok # 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t . ok 90-test_tls13encryption.t .. ok 90-test_tls13secrets.t . ok 90-test_v3name.t ... ok 95-test_external_boringssl.t ... skipped: No external tests in this configuration 95-test_external_gost_engine.t . skipped: No external tests in this configuration 95-test_external_krb5.t skipped: No external tests in this configuration 95-test_external_pyca.t skipped: No external tests in this configuration 99-test_ecstress.t . ok 99-test_fuzz.t . ok Test Summary Report --- 04-test_err.t(Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=207, Tests=3113, 796 wallclock secs (11.35 usr 1.14 sys + 737.51 cusr 57.48 csys = 807.48 CPU) Result: FAIL Makefile:3151: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-autoerrinit' Makefile:3149: recipe for target 'tests' failed make: *** [tests] Error 2
Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e559 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m Build log ended with (last 100 lines): # Server sent alert unexpected_message but client received no alert. # 80179486A47F:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_srvr.c:318: not ok 9 - iteration 9 # -- not ok 1 - test_handshake # -- ../../util/wrap.pl ../../test/ssl_test 25-cipher.cnf.default default => 1 not ok 6 - running ssl_test 25-cipher.cnf # -- # Looks like you failed 2 tests of 9. not ok 26 - Test configuration 25-cipher.cnf # -- # Looks like you failed 1 test of 31.80-test_ssl_new.t .. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #2, ECDHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 80D7580FD27F:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 3 - iteration 3 # -- # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #3, DHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 80D7580FD27F:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 4 - iteration 4 # -- not ok 1 - test_ssl_corrupt # -- ../../util/wrap.pl ../../test/sslcorrupttest ../../../openssl/apps/server.pem ../../../openssl/apps/server.pem => 1 not ok 1 - running sslcorrupttest # -- # Failed test 'running sslcorrupttest' # at ../openssl/test/recipes/80-test_sslcorrupt.t line 19. # Looks like you failed 1 test of 1.80-test_sslcorrupt.t ... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 80-test_tsa.t .. ok 80-test_x509aux.t .. ok # 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t skipped: Test only supported in a shared build 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t . ok 90-test_tls13encryption.t .. ok 90-test_tls13secrets.t . skipped: tls13secrets is not supported in this build 90-test_v3name.t ... ok 95-test_external_boringssl.t ... skipped: No external tests
Still Failing: openssl/openssl#36411 (master - cfae32c)
Build Update for openssl/openssl - Build: #36411 Status: Still Failing Duration: 1 hr, 21 mins, and 4 secs Commit: cfae32c (master) Author: Nicola Tuveri Message: [test][ectest] Minor touches to custom_generator_test Minor changes to `custom_generator_test`: - this is to align to the 1.1.1 version of the test (simplify the code as there is no need to use `EC_GROUP_get_field_type()`) - add comment to explain how the buffer size is computed Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12507) View the changeset: https://github.com/openssl/openssl/compare/79410c5f8b13...cfae32c69a0d View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/177713346?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated via cfae32c69a0dde5a47fbd5aed4103fb01fc59acf (commit) via f5384f064ec2ef9f1975877da46e6f64c776427c (commit) from 79410c5f8b139c423be436810b4fe4de4637fc24 (commit) - Log - commit cfae32c69a0dde5a47fbd5aed4103fb01fc59acf Author: Nicola Tuveri Date: Tue Jul 21 23:12:59 2020 +0300 [test][ectest] Minor touches to custom_generator_test Minor changes to `custom_generator_test`: - this is to align to the 1.1.1 version of the test (simplify the code as there is no need to use `EC_GROUP_get_field_type()`) - add comment to explain how the buffer size is computed Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12507) commit f5384f064ec2ef9f1975877da46e6f64c776427c Author: Nicola Tuveri Date: Tue Jul 21 18:04:38 2020 +0300 [test] Vertically test explicit EC params API patterns This commit adds a new test (run on all the built-in curves) to create `EC_GROUP` with **unknown** *explicit parameters*: from a built-in group we create an alternative group from scratch that differs in the generator used. At the `EC_GROUP` layer we perform a basic math check to ensure that the math on the alternative group still makes sense, using comparable results from the origin group. We then create two `EC_KEY` objects on top of this alternative group and run key generation from the `EC_KEY` layer. Then we promote these two `EC_KEY`s to `EVP_PKEY` objects and try to run the derive operation at the highest abstraction layer, comparing results in both directions. Finally, we create provider-native keys using `EVP_PKEY_fromdata` and data derived from the previous objects, we compute an equivalent shared secret from these provider keys, and compare it to the result obtained from the previous steps. Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12507) --- Summary of changes: test/ectest.c | 287 +- 1 file changed, 282 insertions(+), 5 deletions(-) diff --git a/test/ectest.c b/test/ectest.c index 8cceaa67e7..3678c42f71 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -32,6 +32,9 @@ # include # include # include +# include "openssl/core_names.h" +# include "openssl/param_build.h" +# include "openssl/evp.h" static size_t crv_len = 0; static EC_builtin_curve *curves = NULL; @@ -2361,10 +2364,8 @@ static int custom_generator_test(int id) goto err; /* expected byte length of encoded points */ -bsize = (EC_GROUP_get_field_type(group) == NID_X9_62_prime_field) ? - BN_num_bytes(EC_GROUP_get0_field(group)) : - (EC_GROUP_get_degree(group) + 7) / 8; -bsize = 2 * bsize + 1; +bsize = (EC_GROUP_get_degree(group) + 7) / 8; +bsize = 1 + 2 * bsize; /* UNCOMPRESSED_POINT format */ if (!TEST_ptr(k = BN_CTX_get(ctx)) /* fetch a testing scalar k != 0,1 */ @@ -2402,7 +2403,7 @@ static int custom_generator_test(int id) POINT_CONVERSION_UNCOMPRESSED, b2, bsize, ctx), bsize) /* Q1 = kG = k/2 G2 = Q2 should hold */ -|| !TEST_int_eq(CRYPTO_memcmp(b1, b2, bsize), 0)) +|| !TEST_mem_eq(b1, bsize, b2, bsize)) goto err; ret = 1; @@ -2420,6 +2421,281 @@ static int custom_generator_test(int id) return ret; } +/* + * check creation of curves from explicit params through the public API + */ +static int custom_params_test(int id) +{ +int ret = 0, nid, bsize; +const char *curve_name = NULL; +EC_GROUP *group = NULL, *altgroup = NULL; +EC_POINT *G2 = NULL, *Q1 = NULL, *Q2 = NULL; +const EC_POINT *Q = NULL; +BN_CTX *ctx = NULL; +BIGNUM *k = NULL; +unsigned char *buf1 = NULL, *buf2 = NULL; +const BIGNUM *z = NULL, *cof = NULL, *priv1 = NULL; +BIGNUM *p = NULL, *a = NULL, *b = NULL; +int is_prime = 0; +EC_KEY *eckey1 = NULL, *eckey2 = NULL; +EVP_PKEY *pkey1 = NULL, *pkey2 = NULL; +EVP_PKEY_CTX *pctx1 = NULL, *pctx2 = NULL; +size_t sslen, t; +unsigned char *pub1 = NULL , *pub2 = NULL; +OSSL_PARAM_BLD *param_bld = NULL; +OSSL_PARAM *params1 = NULL, *params2 = NULL; + +/* Do some setup */ +nid = curves[id].nid; +curve_name = OBJ_nid2sn(nid); +TEST_note("Curve %s", curve_name); + +if (nid == NID_sm2) +return TEST_skip("custom params not supported with SM2"); + +if (!TEST_ptr(ctx = BN_CTX_new())) +return 0; + +if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) +goto err; + +is_prime = EC_GROUP_get_field_type(group) ==
Still Failing: openssl/openssl#36401 (master - 79410c5)
Build Update for openssl/openssl - Build: #36401 Status: Still Failing Duration: 1 hr, 1 min, and 10 secs Commit: 79410c5 (master) Author: Pauli Message: namemap: fix threading issue The locking was too fine grained when adding entries to a namemap. Refactored the working code into unlocked functions and call these with appropriate locking. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12545) View the changeset: https://github.com/openssl/openssl/compare/5cd996227238...79410c5f8b13 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/177565839?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated via 79410c5f8b139c423be436810b4fe4de4637fc24 (commit) from 5cd9962272388fc9a51711495a8c6a3f230ab5ce (commit) - Log - commit 79410c5f8b139c423be436810b4fe4de4637fc24 Author: Pauli Date: Tue Jul 28 11:14:14 2020 +1000 namemap: fix threading issue The locking was too fine grained when adding entries to a namemap. Refactored the working code into unlocked functions and call these with appropriate locking. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12545) --- Summary of changes: crypto/core_namemap.c | 87 ++- 1 file changed, 52 insertions(+), 35 deletions(-) diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c index e17b3ac0e2..b08fb84556 100644 --- a/crypto/core_namemap.c +++ b/crypto/core_namemap.c @@ -143,11 +143,24 @@ void ossl_namemap_doall_names(const OSSL_NAMEMAP *namemap, int number, CRYPTO_THREAD_unlock(namemap->lock); } +static int namemap_name2num_n(const OSSL_NAMEMAP *namemap, + const char *name, size_t name_len) +{ +NAMENUM_ENTRY *namenum_entry, namenum_tmpl; + +if ((namenum_tmpl.name = OPENSSL_strndup(name, name_len)) == NULL) +return 0; +namenum_tmpl.number = 0; +namenum_entry = +lh_NAMENUM_ENTRY_retrieve(namemap->namenum, _tmpl); +OPENSSL_free(namenum_tmpl.name); +return namenum_entry != NULL ? namenum_entry->number : 0; +} + int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap, const char *name, size_t name_len) { -NAMENUM_ENTRY *namenum_entry, namenum_tmpl; -int number = 0; +int number; #ifndef FIPS_MODULE if (namemap == NULL) @@ -157,16 +170,9 @@ int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap, if (namemap == NULL) return 0; -if ((namenum_tmpl.name = OPENSSL_strndup(name, name_len)) == NULL) -return 0; -namenum_tmpl.number = 0; CRYPTO_THREAD_read_lock(namemap->lock); -namenum_entry = -lh_NAMENUM_ENTRY_retrieve(namemap->namenum, _tmpl); -if (namenum_entry != NULL) -number = namenum_entry->number; +number = namemap_name2num_n(namemap, name, name_len); CRYPTO_THREAD_unlock(namemap->lock); -OPENSSL_free(namenum_tmpl.name); return number; } @@ -205,45 +211,50 @@ const char *ossl_namemap_num2name(const OSSL_NAMEMAP *namemap, int number, return data.name; } -int ossl_namemap_add_name_n(OSSL_NAMEMAP *namemap, int number, -const char *name, size_t name_len) +static int namemap_add_name_n(OSSL_NAMEMAP *namemap, int number, + const char *name, size_t name_len) { NAMENUM_ENTRY *namenum = NULL; int tmp_number; -#ifndef FIPS_MODULE -if (namemap == NULL) -namemap = ossl_namemap_stored(NULL); -#endif - -if (name == NULL || name_len == 0 || namemap == NULL) -return 0; - -if ((tmp_number = ossl_namemap_name2num_n(namemap, name, name_len)) != 0) -return tmp_number; /* Pretend success */ - -CRYPTO_THREAD_write_lock(namemap->lock); +/* If it already exists, we don't add it */ +if ((tmp_number = namemap_name2num_n(namemap, name, name_len)) != 0) +return tmp_number; if ((namenum = OPENSSL_zalloc(sizeof(*namenum))) == NULL || (namenum->name = OPENSSL_strndup(name, name_len)) == NULL) goto err; -namenum->number = tmp_number = +namenum->number = number != 0 ? number : 1 + tsan_counter(>max_number); (void)lh_NAMENUM_ENTRY_insert(namemap->namenum, namenum); if (lh_NAMENUM_ENTRY_error(namemap->namenum)) goto err; - -CRYPTO_THREAD_unlock(namemap->lock); - -return tmp_number; +return namenum->number; err: namenum_free(namenum); +return 0; +} +int ossl_namemap_add_name_n(OSSL_NAMEMAP *namemap, int number, +const char *name, size_t name_len) +{ +int tmp_number; + +#ifndef FIPS_MODULE +if (namemap == NULL) +namemap = ossl_namemap_stored(NULL); +#endif + +if (name == NULL || name_len == 0 || namemap == NULL) +return 0; + +CRYPTO_THREAD_write_lock(namemap->lock); +tmp_number = namemap_add_name_n(namemap, number, name, name_len); CRYPTO_THREAD_unlock(namemap->lock); -return 0; +return tmp_number; } int ossl_namemap_add_name(OSSL_NAMEMAP *namemap, int number, const char *name) @@ -266,6 +277,7 @@ int ossl_namemap_add_names(OSSL_NAMEMAP *namemap, int number, return 0; } +CRYPTO_THREAD_write_lock(namemap->lock); /* * Check that no name is an empty string, and that all names have at * most one numeric identity together. @@ -278,11 +290,11 @@ int