Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module
Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module Commit log since last time: 30af356df4 Don't call EVP_CIPHER_CTX_block_size() to find the block size Build log ended with (last 100 lines): # warn_cert_msg:../openssl/apps/cmp.c:687:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert # setup_client_ctx:../openssl/apps/cmp.c:1980:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received PKICONF # save_free_certs:../openssl/apps/cmp.c:2030:CMP info: received 1 enrolled certificate(s), saving to file '../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo1.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 0 -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo1.pem -out_trusted root.crt => 0 not ok 43 - popo RAVERIFIED # -- # cmp_main:../openssl/apps/cmp.c:2663:CMP info: using section(s) 'Mock enrollment' of OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2263:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:687:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert # setup_client_ctx:../openssl/apps/cmp.c:1980:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received PKICONF # save_free_certs:../openssl/apps/cmp.c:2030:CMP info: received 1 enrolled certificate(s), saving to file '../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo5.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo -1 -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo5.pem -out_trusted root.crt => 0 not ok 47 - popo NONE # -- # Failed test 'popo NONE' # at ../openssl/test/recipes/81-test_cmp_cli.t line 183. # cmp_main:../openssl/apps/cmp.c:2663:CMP info: using section(s) 'Mock enrollment' of OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2263:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:687:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert # setup_client_ctx:../openssl/apps/cmp.c:1980:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received PKICONF # save_free_certs:../openssl/apps/cmp.c:2030:CMP info: received 1 enrolled certificate(s), saving to file '../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo6.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 2 -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo6.pem -out_trusted root.crt => 0 not ok 48 - popo KEYENC not supported # -- # Looks like you failed 3 tests of 92. not ok 7 - CMP app CLI Mock enrollment # --
[openssl] master update
The branch master has been updated via ea08f8b294d129371536649463c76a81dc4d4e55 (commit) via 49fff26d674adb65f3532eec4f0f37369b41a594 (commit) via db6bcc81ab86fca74730566f0b471a7c3757c95c (commit) via d5e742de653954bfae88f0e5f6c8f0a7a5f6c437 (commit) from 30af356df487b2dad571be15574b454daf70743c (commit) - Log - commit ea08f8b294d129371536649463c76a81dc4d4e55 Author: Matt Caswell Date: Wed Dec 23 11:35:54 2020 + Add a test for the new CRYPTO_atomic_* functions Also tests the older CRYPTO_atomic_add() which was without a test Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/13733) commit 49fff26d674adb65f3532eec4f0f37369b41a594 Author: Matt Caswell Date: Wed Dec 23 11:15:03 2020 + Add documentation for CRYPTO_atomic_or and CRYPTO_atomic_load Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/13733) commit db6bcc81ab86fca74730566f0b471a7c3757c95c Author: Matt Caswell Date: Tue Dec 22 17:44:07 2020 + Optimise OPENSSL_init_crypto If everything has already been initialised we can check this with a single test at the beginning of OPENSSL_init_crypto() and therefore reduce the amount of time spent in this function. Since this is called via very many codepaths this should have significant performance benefits. Partially fixes #13725 and #13578 Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/13733) commit d5e742de653954bfae88f0e5f6c8f0a7a5f6c437 Author: Matt Caswell Date: Tue Dec 22 17:43:07 2020 + Add some more CRYPTO_atomic functions We add an implementation for CRYPTO_atomic_or() and CRYPTO_atomic_load() Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/13733) --- Summary of changes: crypto/init.c | 38 +++ crypto/threads_none.c | 16 crypto/threads_pthread.c| 50 +++- crypto/threads_win.c| 19 -- doc/man3/CRYPTO_THREAD_run_once.pod | 43 - include/openssl/crypto.h.in | 3 ++ test/threadstest.c | 76 + util/libcrypto.num | 2 + 8 files changed, 233 insertions(+), 14 deletions(-) diff --git a/crypto/init.c b/crypto/init.c index f1100df169..50aec32c3d 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -34,6 +34,7 @@ #include static int stopped = 0; +static uint64_t optsdone = 0; typedef struct ossl_init_stop_st OPENSSL_INIT_STOP; struct ossl_init_stop_st { @@ -464,6 +465,28 @@ void OPENSSL_cleanup(void) */ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) { +uint64_t tmp; +int aloaddone = 0; + +/* + * We ignore failures from this function. It is probably because we are + * on a platform that doesn't support lockless atomic loads (we may not + * have created init_lock yet so we can't use it). This is just an + * optimisation to skip the full checks in this function if we don't need + * to, so we carry on regardless in the event of failure. + * + * There could be a race here with other threads, so that optsdone has not + * been updated yet, even though the options have in fact been initialised. + * This doesn't matter - it just means we will run the full function + * unnecessarily - but all the critical code is contained in RUN_ONCE + * functions anyway so we are safe. + */ +if (CRYPTO_atomic_load(&optsdone, &tmp, NULL)) { +if ((tmp & opts) == opts) +return 1; +aloaddone = 1; +} + /* * TODO(3.0): This function needs looking at with a view to moving most/all * of this into OSSL_LIB_CTX. @@ -492,6 +515,18 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) if (opts & OPENSSL_INIT_BASE_ONLY) return 1; +/* + * init_lock should definitely be set up now, so we can now repeat the + * same check from above but be sure that it will work even on platforms + * without lockless CRYPTO_atomic_load + */ +if (!aloaddone) { +if (!CRYPTO_atomic_load(&optsdone, &tmp, init_lock)) +return 0; +if ((tmp & opts) == opts) +return 1; +} + /* * Now we don't always set up exit handlers, the INIT_BASE_ONLY calls * should not have the side-effect of setting up exit handlers, and @@ -614,6 +649,9 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) return 0; #endif +if (!CRYPTO_atomic_or(&optsdone, opts, &tmp, init_lock)) +return 0; + r
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dso
Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dso Commit log since last time: 30af356df4 Don't call EVP_CIPHER_CTX_block_size() to find the block size Build log ended with (last 100 lines): clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_server_test-bin-cmp_server_test.d.tmp -MT test/cmp_server_test-bin-cmp_server_test.o -c -o test/cmp_server_test-bin-cmp_server_test.o ../openssl/test/cmp_server_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/helpers/cmp_server_test-bin-cmp_testlib.d.tmp -MT test/helpers/cmp_server_test-bin-cmp_testlib.o -c -o test/helpers/cmp_server_test-bin-cmp_testlib.o ../openssl/test/helpers/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_status_test-bin-cmp_status_test.d.tmp -MT test/cmp_status_test-bin-cmp_status_test.o -c -o test/cmp_status_test-bin-cmp_status_test.o ../openssl/test/cmp_status_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/helpers/cmp_status_test-bin-cmp_testlib.d.tmp -MT test/helpers/cmp_status_test-bin-cmp_testlib.o -c -o test/helpers/cmp_status_test-bin-cmp_testlib.o ../openssl/test/helpers/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_vfy_test-bin-cmp_vfy_test.d.tmp -MT test/cmp_vfy_test-bin-cmp_vfy_test.o -c -o test/cmp_vfy_test-bin-cmp_vfy_test.o ../openssl/test/cmp_vfy_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread