Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module
Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module Commit log since last time: 30af356df4 Don't call EVP_CIPHER_CTX_block_size() to find the block size Build log ended with (last 100 lines): # warn_cert_msg:../openssl/apps/cmp.c:687:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert # setup_client_ctx:../openssl/apps/cmp.c:1980:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received PKICONF # save_free_certs:../openssl/apps/cmp.c:2030:CMP info: received 1 enrolled certificate(s), saving to file '../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo1.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 0 -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo1.pem -out_trusted root.crt => 0 not ok 43 - popo RAVERIFIED # -- # cmp_main:../openssl/apps/cmp.c:2663:CMP info: using section(s) 'Mock enrollment' of OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2263:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:687:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert # setup_client_ctx:../openssl/apps/cmp.c:1980:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received PKICONF # save_free_certs:../openssl/apps/cmp.c:2030:CMP info: received 1 enrolled certificate(s), saving to file '../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo5.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo -1 -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo5.pem -out_trusted root.crt => 0 not ok 47 - popo NONE # -- # Failed test 'popo NONE' # at ../openssl/test/recipes/81-test_cmp_cli.t line 183. # cmp_main:../openssl/apps/cmp.c:2663:CMP info: using section(s) 'Mock enrollment' of OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2263:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:687:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert # setup_client_ctx:../openssl/apps/cmp.c:1980:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received PKICONF # save_free_certs:../openssl/apps/cmp.c:2030:CMP info: received 1 enrolled certificate(s), saving to file '../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo6.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 2 -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo6.pem -out_trusted root.crt => 0 not ok 48 - popo KEYENC not supported # -- # Looks like you failed 3 tests of 92. not ok 7 - CMP app CLI Mock enrollment #
[openssl] master update
The branch master has been updated
via ea08f8b294d129371536649463c76a81dc4d4e55 (commit)
via 49fff26d674adb65f3532eec4f0f37369b41a594 (commit)
via db6bcc81ab86fca74730566f0b471a7c3757c95c (commit)
via d5e742de653954bfae88f0e5f6c8f0a7a5f6c437 (commit)
from 30af356df487b2dad571be15574b454daf70743c (commit)
- Log -
commit ea08f8b294d129371536649463c76a81dc4d4e55
Author: Matt Caswell
Date: Wed Dec 23 11:35:54 2020 +
Add a test for the new CRYPTO_atomic_* functions
Also tests the older CRYPTO_atomic_add() which was without a test
Reviewed-by: Dmitry Belyavskiy
(Merged from https://github.com/openssl/openssl/pull/13733)
commit 49fff26d674adb65f3532eec4f0f37369b41a594
Author: Matt Caswell
Date: Wed Dec 23 11:15:03 2020 +
Add documentation for CRYPTO_atomic_or and CRYPTO_atomic_load
Reviewed-by: Dmitry Belyavskiy
(Merged from https://github.com/openssl/openssl/pull/13733)
commit db6bcc81ab86fca74730566f0b471a7c3757c95c
Author: Matt Caswell
Date: Tue Dec 22 17:44:07 2020 +
Optimise OPENSSL_init_crypto
If everything has already been initialised we can check this with a
single test at the beginning of OPENSSL_init_crypto() and therefore
reduce the amount of time spent in this function. Since this is called
via very many codepaths this should have significant performance benefits.
Partially fixes #13725 and #13578
Reviewed-by: Dmitry Belyavskiy
(Merged from https://github.com/openssl/openssl/pull/13733)
commit d5e742de653954bfae88f0e5f6c8f0a7a5f6c437
Author: Matt Caswell
Date: Tue Dec 22 17:43:07 2020 +
Add some more CRYPTO_atomic functions
We add an implementation for CRYPTO_atomic_or() and CRYPTO_atomic_load()
Reviewed-by: Dmitry Belyavskiy
(Merged from https://github.com/openssl/openssl/pull/13733)
---
Summary of changes:
crypto/init.c | 38 +++
crypto/threads_none.c | 16
crypto/threads_pthread.c| 50 +++-
crypto/threads_win.c| 19 --
doc/man3/CRYPTO_THREAD_run_once.pod | 43 -
include/openssl/crypto.h.in | 3 ++
test/threadstest.c | 76 +
util/libcrypto.num | 2 +
8 files changed, 233 insertions(+), 14 deletions(-)
diff --git a/crypto/init.c b/crypto/init.c
index f1100df169..50aec32c3d 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -34,6 +34,7 @@
#include
static int stopped = 0;
+static uint64_t optsdone = 0;
typedef struct ossl_init_stop_st OPENSSL_INIT_STOP;
struct ossl_init_stop_st {
@@ -464,6 +465,28 @@ void OPENSSL_cleanup(void)
*/
int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
{
+uint64_t tmp;
+int aloaddone = 0;
+
+/*
+ * We ignore failures from this function. It is probably because we are
+ * on a platform that doesn't support lockless atomic loads (we may not
+ * have created init_lock yet so we can't use it). This is just an
+ * optimisation to skip the full checks in this function if we don't need
+ * to, so we carry on regardless in the event of failure.
+ *
+ * There could be a race here with other threads, so that optsdone has not
+ * been updated yet, even though the options have in fact been initialised.
+ * This doesn't matter - it just means we will run the full function
+ * unnecessarily - but all the critical code is contained in RUN_ONCE
+ * functions anyway so we are safe.
+ */
+if (CRYPTO_atomic_load(, , NULL)) {
+if ((tmp & opts) == opts)
+return 1;
+aloaddone = 1;
+}
+
/*
* TODO(3.0): This function needs looking at with a view to moving most/all
* of this into OSSL_LIB_CTX.
@@ -492,6 +515,18 @@ int OPENSSL_init_crypto(uint64_t opts, const
OPENSSL_INIT_SETTINGS *settings)
if (opts & OPENSSL_INIT_BASE_ONLY)
return 1;
+/*
+ * init_lock should definitely be set up now, so we can now repeat the
+ * same check from above but be sure that it will work even on platforms
+ * without lockless CRYPTO_atomic_load
+ */
+if (!aloaddone) {
+if (!CRYPTO_atomic_load(, , init_lock))
+return 0;
+if ((tmp & opts) == opts)
+return 1;
+}
+
/*
* Now we don't always set up exit handlers, the INIT_BASE_ONLY calls
* should not have the side-effect of setting up exit handlers, and
@@ -614,6 +649,9 @@ int OPENSSL_init_crypto(uint64_t opts, const
OPENSSL_INIT_SETTINGS *settings)
return 0;
#endif
+if (!CRYPTO_atomic_or(, opts, , init_lock))
+return 0;
+
return 1;
}
diff --git
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dso
Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dso Commit log since last time: 30af356df4 Don't call EVP_CIPHER_CTX_block_size() to find the block size Build log ended with (last 100 lines): clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_server_test-bin-cmp_server_test.d.tmp -MT test/cmp_server_test-bin-cmp_server_test.o -c -o test/cmp_server_test-bin-cmp_server_test.o ../openssl/test/cmp_server_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/helpers/cmp_server_test-bin-cmp_testlib.d.tmp -MT test/helpers/cmp_server_test-bin-cmp_testlib.o -c -o test/helpers/cmp_server_test-bin-cmp_testlib.o ../openssl/test/helpers/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_status_test-bin-cmp_status_test.d.tmp -MT test/cmp_status_test-bin-cmp_status_test.o -c -o test/cmp_status_test-bin-cmp_status_test.o ../openssl/test/cmp_status_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/helpers/cmp_status_test-bin-cmp_testlib.d.tmp -MT test/helpers/cmp_status_test-bin-cmp_testlib.o -c -o test/helpers/cmp_status_test-bin-cmp_testlib.o ../openssl/test/helpers/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_vfy_test-bin-cmp_vfy_test.d.tmp -MT test/cmp_vfy_test-bin-cmp_vfy_test.o -c -o test/cmp_vfy_test-bin-cmp_vfy_test.o ../openssl/test/cmp_vfy_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread
