[3.0.3] Failed to load FIPS module using xlClang 16.1 compiler on AIX 7.2

[robmcgee-mag]

Hey guys,

Seeing this problem when building with the xlclang frontend (to get C++11 support) but not when using the xlc frontend.
This frontend was only added with XLC 16.1 as far as I know so your testing may not cover it. It's not mentioned in your build template configurations either. More info on xlclang here: https://www.ibm.com/docs/en/xl-c-and-cpp-aix/16.1?topic=new-clang-based-front-end

I'm overriding CC, CXX and LD before invoking make to use the newer frontend.

30-May-2022 17:37:18 | cwd=/bamboo/bamboo-agent-home/xml-data/build-dir/ThirdParty/openssl/3.0.3/_src/openssl-3.0.3-src/openssl-3.0.3
-- | --
30-May-2022 17:37:18 | gmake test V=1
30-May-2022 17:37:18 | gmake depend && gmake _tests
30-May-2022 17:37:18 | gmake[1]: Entering directory '/bamboo/bamboo-agent-home/xml-data/build-dir/ThirdParty/openssl/3.0.3/_src/openssl-3.0.3-src/openssl-3.0.3'
30-May-2022 17:37:20 | gmake[1]: Leaving directory '/bamboo/bamboo-agent-home/xml-data/build-dir/ThirdParty/openssl/3.0.3/_src/openssl-3.0.3-src/openssl-3.0.3'
30-May-2022 17:37:20 | gmake[1]: Entering directory '/bamboo/bamboo-agent-home/xml-data/build-dir/ThirdParty/openssl/3.0.3/_src/openssl-3.0.3-src/openssl-3.0.3'
30-May-2022 17:37:21 | ( SRCTOP=. \
30-May-2022 17:37:21 | BLDTOP=. \
30-May-2022 17:37:21 | PERL="/usr/bin/perl" \
30-May-2022 17:37:21 | FIPSKEY="f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813" \
30-May-2022 17:37:21 | EXE_EXT= \
30-May-2022 17:37:21 | /usr/bin/perl ./test/run_tests.pl  )
30-May-2022 17:37:21 | 00-prep_fipsmodule_cnf.t ..
30-May-2022 17:37:21 | # The results of this test will end up in test-runs/prep_fipsmodule
30-May-2022 17:37:21 | 1..1
30-May-2022 17:37:21 | Failed to load FIPS module
30-May-2022 17:37:21 | INSTALL FAILED
30-May-2022 17:37:21 | 00000001:error:1C8000D4:Provider routines:SELF_TEST_post:invalid state:providers/fips/self_test.c:262:
30-May-2022 17:37:21 | 00000001:error:1C8000D8:Provider routines:OSSL_provider_init_int:self test post failure:providers/fips/fipsprov.c:743:
30-May-2022 17:37:21 | 00000001:error:078C0105:common libcrypto routines:provider_init:init fail:crypto/provider_core.c:910:name=fips
30-May-2022 17:37:21 | ../../util/wrap.pl ../../apps/openssl fipsinstall -module ../../providers/fips.so -provider_name fips -section_name fips_sect -out ../../test/fipsmodule.cnf => 1
30-May-2022 17:37:21 | not ok 1 - fips install
30-May-2022 17:37:21 |  
30-May-2022 17:37:21 | #   Failed test 'fips install'
30-May-2022 17:37:21 | #   at test/recipes/00-prep_fipsmodule_cnf.t line 33.
30-May-2022 17:37:21 | # Looks like you failed 1 test of 1.
30-May-2022 17:37:21 | Dubious, test returned 1 (wstat 256, 0x100)
30-May-2022 17:37:21 | Failed 1/1 subtests
30-May-2022 17:37:21 |  
30-May-2022 17:37:21 | Test Summary Report
30-May-2022 17:37:21 | -------------------
30-May-2022 17:37:21 | 00-prep_fipsmodule_cnf.t (Wstat: 256 Tests: 1 Failed: 1)
30-May-2022 17:37:21 | Failed test:  1
30-May-2022 17:37:21 | Non-zero exit status: 1
30-May-2022 17:37:21 | Files=1, Tests=1,  0 wallclock secs ( 0.01 usr  0.00 sys +  0.16 cusr  0.02 csys =  0.19 CPU)
30-May-2022 17:37:21 | Result: FAIL
30-May-2022 17:37:21 | gmake[1]: *** [Makefile:3433: run_tests] Error 1
30-May-2022 17:37:21 | gmake[1]: Leaving directory '/bamboo/bamboo-agent-home/xml-data/build-dir/ThirdParty/openssl/3.0.3/_src/openssl-3.0.3-src/openssl-3.0.3'
30-May-2022 17:37:21 | gmake: *** [Makefile:3429: tests] Error 2
30-May-2022 17:38:21 | WARNING: Ping thread timed out after 60 seconds.
30-May-2022 17:38:22 | Traceback (most recent call last):
30-May-2022 17:38:22 | File "booster.py", line 98, in <module>
30-May-2022 17:38:22 | main(sys.argv[1:])
30-May-2022 17:38:22 | File "booster.py", line 42, in main
30-May-2022 17:38:22 | launch_bamboo_build(args.file)
30-May-2022 17:38:22 | File "booster.py", line 74, in launch_bamboo_build
30-May-2022 17:38:22 | build.Execute(build_file)
30-May-2022 17:38:22 | File "/bamboo/bamboo-agent-home/xml-data/build-dir/ATA/Booster/Maintenance/1.0/build.py", line 37, in Execute
30-May-2022 17:38:22 | process(configfile)
30-May-2022 17:38:22 | File "/bamboo/bamboo-agent-home/xml-data/build-dir/ATA/Booster/Maintenance/1.0/build.py", line 93, in process
30-May-2022 17:38:22 | eval(module_name + '.Execute')(element)
30-May-2022 17:38:22 | File "/bamboo/bamboo-agent-home/xml-data/build-dir/ATA/Booster/Maintenance/1.0/Booster/Command.py", line 50, in Execute
30-May-2022 17:38:22 | ExecuteAndLogVerbose(command, cwd, bash)
30-May-2022 17:38:22 | File "/bamboo/bamboo-agent-home/xml-data/build-dir/ATA/Booster/Maintenance/1.0/Booster/Command.py", line 185, in ExecuteAndLogVerbose
30-May-2022 17:38:22 | raise BoosterError(__name__, "Error: command {cmd} has failed\n".format(cmd=command_display))
30-May-2022 17:38:22 | BoosterError: (Booster.Command) detail: Error: command gmake test V=1 has failed
30-May-2022 17:38:22 |  
30-May-2022 17:38:22 | (Booster.Command) detail: Error: command gmake test V=1 has failed

Config dump:
buildconfig.txt

As always, thanks in advance for your help :)

[mattcaswell]

My guess would be that the Default Entry Point code is failing with this compiler/platform:

openssl/providers/fips/self_test.c

Lines 77 to 156 in 6537beb

	/*
	* This is the Default Entry Point (DEP) code.
	* See FIPS 140-2 IG 9.10
	*/
	#if defined(_WIN32) || defined(__CYGWIN__)
	# ifdef __CYGWIN__
	/* pick DLL_[PROCESS|THREAD]_[ATTACH|DETACH] definitions */
	# include <windows.h>
	/*
	* this has side-effect of _WIN32 getting defined, which otherwise is
	* mutually exclusive with __CYGWIN__...
	*/
	# endif
	BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved);
	BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
	{
	switch (fdwReason) {
	case DLL_PROCESS_ATTACH:
	init();
	break;
	case DLL_PROCESS_DETACH:
	cleanup();
	break;
	default:
	break;
	}
	return TRUE;
	}
	#elif defined(__GNUC__)
	# undef DEP_INIT_ATTRIBUTE
	# undef DEP_FINI_ATTRIBUTE
	# define DEP_INIT_ATTRIBUTE static __attribute__((constructor))
	# define DEP_FINI_ATTRIBUTE static __attribute__((destructor))
	#elif defined(__sun)
	# pragma init(init)
	# pragma fini(cleanup)
	#elif defined(_AIX)
	void _init(void);
	void _cleanup(void);
	# pragma init(_init)
	# pragma fini(_cleanup)
	void _init(void)
	{
	init();
	}
	void _cleanup(void)
	{
	cleanup();
	}
	#elif defined(__hpux)
	# pragma init "init"
	# pragma fini "cleanup"
	#elif defined(__TANDEM)
	/* Method automatically called by the NonStop OS when the DLL loads */
	void __INIT__init(void) {
	init();
	}
	/* Method automatically called by the NonStop OS prior to unloading the DLL */
	void __TERM__cleanup(void) {
	cleanup();
	}
	#else
	/*
	* This build does not support any kind of DEP.
	* We force the self-tests to run as part of the FIPS provider initialisation
	* rather than being triggered by the DEP.
	*/
	# undef DEP_INIT_ATTRIBUTE
	# undef DEP_FINI_ATTRIBUTE
	# undef DEP_INITIAL_STATE
	# define DEP_INITIAL_STATE FIPS_STATE_SELFTEST
	#endif

Possibly it is falling through to the "This build does not support any kind of DEP" section, or possibly the pragmas in the AIX specific code are not operating as expected?

[robmcgee-mag]

Thanks Matt, I'll take a look at that.

[robmcgee-mag]

_AIX does appear to be defined with xlclang too. I'm not sure how to debug the pragmas here (or if they actually are the problem).
Any pointers?

[t8m]

Is __GNUC__ defined with xlclang?

[t8m]

If not you can try to modify #elif defined(__GNUC__) to #elif defined(__GNUC__) || defined(__clang__)

[makr]

According to the 16.1 compiler docs, the #pragma init and #pragma fini statements are valid for xlc only. The migration doc states that the "legacy XL pragmas" fini and init are unsupported by xlclang/xlclang++. That would leave the specification of init and fini to the binders option -binitfini:_init:_cleanup to be specified at link time.

[robmcgee-mag]

@t8m

Is GNUC defined with xlclang?

Nope.

If not you can try to modify #elif defined(GNUC) to #elif defined(GNUC) || defined(clang)

Tried this, produced this error on 32bit, similar to what we saw in #17087:

01-Jun-2022 13:00:35 | ld: 0711-317 ERROR: Undefined symbol: .__atomic_is_lock_free
-- | --
01-Jun-2022 13:00:35 | ld: 0711-345 Use the -bloadmap or -bnoquiet option to obtain more information.
01-Jun-2022 13:00:35 | gmake[1]: *** [Makefile:16258: fuzz/cmp-test] Error 8

Looks like xlclang has different macros though:

-bash-4.2$ xlc -q64 -qshowmacros -E test.c | grep PPC64
"test.c", line 1: 1506-229 (W) File is empty.
#define _ARCH_PPC64GRSQ 1
#define _ARCH_PPC64GR 1
#define _ARCH_PPC64 1
-bash-4.2$ xlc -q32 -qshowmacros -E test.c | grep PPC64
"test.c", line 1: 1506-229 (W) File is empty.
#define _ARCH_PPC64GRSQ 1
#define _ARCH_PPC64GR 1
#define _ARCH_PPC64 1
-bash-4.2$ xlclang -q32 -qshowmacros -E test.c | grep PPC64
-bash-4.2$ xlclang -q64 -qshowmacros -E test.c | grep PPC64
#define _ARCH_PPC64 1
#define __PPC64__ 1
-bash-4.2$ xlc -q64 -qshowmacros -E test.c | grep ILP32
"test.c", line 1: 1506-229 (W) File is empty.
-bash-4.2$ xlc -q32 -qshowmacros -E test.c | grep ILP32
"test.c", line 1: 1506-229 (W) File is empty.
#define _ILP32 1
#define __ILP32__ 1
-bash-4.2$ xlclang -q64 -qshowmacros -E test.c | grep ILP32
-bash-4.2$ xlclang -q32 -qshowmacros -E test.c | grep ILP32
#define _ILP32 1
#define __ILP32__ 1

I'll try it on 64bit to confirm if it works there and then modify the ifdef in crypto/bn/bn_ppc.c

Edit: It doesn't work on 64bit either, fails with the original error again Failed to load FIPS module.
After another look, the fix in #17087 should still work for xlclang 32bit anyway...

@makr
I tried running CC=xlclang LDFLAGS="$LDFLAGS -binitfini:_init:_cleanup" /usr/bin/perl ./Configure aix64-cc shared enable-fips but it also fails with:

01-Jun-2022 13:21:28 | ${LDCMD:-xlclang} -q64 -qmaxmem=16384 -qro -qroconst -qthreaded -O -L. -Wl,-bsvr4 -binitfini:_init:_cleanup \
-- | --
01-Jun-2022 13:21:28 | -o apps/openssl \
01-Jun-2022 13:21:28 | apps/lib/openssl-bin-cmp_mock_srv.o \
01-Jun-2022 13:21:28 | apps/openssl-bin-asn1parse.o apps/openssl-bin-ca.o \
01-Jun-2022 13:21:28 | apps/openssl-bin-ciphers.o apps/openssl-bin-cmp.o \
01-Jun-2022 13:21:28 | apps/openssl-bin-cms.o apps/openssl-bin-crl.o \
01-Jun-2022 13:21:28 | apps/openssl-bin-crl2pkcs7.o apps/openssl-bin-dgst.o \
01-Jun-2022 13:21:28 | apps/openssl-bin-dhparam.o apps/openssl-bin-dsa.o \
01-Jun-2022 13:21:28 | apps/openssl-bin-dsaparam.o apps/openssl-bin-ec.o \
01-Jun-2022 13:21:28 | apps/openssl-bin-ecparam.o apps/openssl-bin-enc.o \
01-Jun-2022 13:21:28 | apps/openssl-bin-engine.o apps/openssl-bin-errstr.o \
01-Jun-2022 13:21:28 | apps/openssl-bin-fipsinstall.o apps/openssl-bin-gendsa.o \
01-Jun-2022 13:21:28 | apps/openssl-bin-genpkey.o apps/openssl-bin-genrsa.o \
01-Jun-2022 13:21:28 | apps/openssl-bin-info.o apps/openssl-bin-kdf.o \
01-Jun-2022 13:21:28 | apps/openssl-bin-list.o apps/openssl-bin-mac.o \
01-Jun-2022 13:21:28 | apps/openssl-bin-nseq.o apps/openssl-bin-ocsp.o \
01-Jun-2022 13:21:28 | apps/openssl-bin-openssl.o apps/openssl-bin-passwd.o \
01-Jun-2022 13:21:28 | apps/openssl-bin-pkcs12.o apps/openssl-bin-pkcs7.o \
01-Jun-2022 13:21:28 | apps/openssl-bin-pkcs8.o apps/openssl-bin-pkey.o \
01-Jun-2022 13:21:28 | apps/openssl-bin-pkeyparam.o apps/openssl-bin-pkeyutl.o \
01-Jun-2022 13:21:28 | apps/openssl-bin-prime.o apps/openssl-bin-progs.o \
01-Jun-2022 13:21:28 | apps/openssl-bin-rand.o apps/openssl-bin-rehash.o \
01-Jun-2022 13:21:28 | apps/openssl-bin-req.o apps/openssl-bin-rsa.o \
01-Jun-2022 13:21:28 | apps/openssl-bin-rsautl.o apps/openssl-bin-s_client.o \
01-Jun-2022 13:21:28 | apps/openssl-bin-s_server.o apps/openssl-bin-s_time.o \
01-Jun-2022 13:21:28 | apps/openssl-bin-sess_id.o apps/openssl-bin-smime.o \
01-Jun-2022 13:21:28 | apps/openssl-bin-speed.o apps/openssl-bin-spkac.o \
01-Jun-2022 13:21:28 | apps/openssl-bin-srp.o apps/openssl-bin-storeutl.o \
01-Jun-2022 13:21:28 | apps/openssl-bin-ts.o apps/openssl-bin-verify.o \
01-Jun-2022 13:21:28 | apps/openssl-bin-version.o apps/openssl-bin-x509.o \
01-Jun-2022 13:21:28 | apps/libapps.a -lssl -lcrypto -lpthreads
01-Jun-2022 13:21:28 | ld: 0711-328 ERROR: Undefined initfini symbol: _init
01-Jun-2022 13:21:28 | gmake[1]: *** [Makefile:15974: apps/openssl] Error 8
01-Jun-2022 13:21:28 | gmake[1]: Leaving directory '/bamboo/bamboo-agent-home/xml-data/build-dir/ThirdParty/openssl/3.0.3/_src/openssl-3.0.3-src/openssl-3.0.3'
01-Jun-2022 13:21:28 | gmake: *** [Makefile:3395: build_sw] Error 2
01-Jun-2022 13:22:28 | WARNING: Ping thread timed out after 60 seconds.

Am I doing that wrong? Should I also remove the pragmas in [self_test.c]?

openssl/providers/fips/self_test.c

Lines 77 to 156 in 6537beb

	/*
	* This is the Default Entry Point (DEP) code.
	* See FIPS 140-2 IG 9.10
	*/
	#if defined(_WIN32) || defined(__CYGWIN__)
	# ifdef __CYGWIN__
	/* pick DLL_[PROCESS|THREAD]_[ATTACH|DETACH] definitions */
	# include <windows.h>
	/*
	* this has side-effect of _WIN32 getting defined, which otherwise is
	* mutually exclusive with __CYGWIN__...
	*/
	# endif
	BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved);
	BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
	{
	switch (fdwReason) {
	case DLL_PROCESS_ATTACH:
	init();
	break;
	case DLL_PROCESS_DETACH:
	cleanup();
	break;
	default:
	break;
	}
	return TRUE;
	}
	#elif defined(__GNUC__)
	# undef DEP_INIT_ATTRIBUTE
	# undef DEP_FINI_ATTRIBUTE
	# define DEP_INIT_ATTRIBUTE static __attribute__((constructor))
	# define DEP_FINI_ATTRIBUTE static __attribute__((destructor))
	#elif defined(__sun)
	# pragma init(init)
	# pragma fini(cleanup)
	#elif defined(_AIX)
	void _init(void);
	void _cleanup(void);
	# pragma init(_init)
	# pragma fini(_cleanup)
	void _init(void)
	{
	init();
	}
	void _cleanup(void)
	{
	cleanup();
	}
	#elif defined(__hpux)
	# pragma init "init"
	# pragma fini "cleanup"
	#elif defined(__TANDEM)
	/* Method automatically called by the NonStop OS when the DLL loads */
	void __INIT__init(void) {
	init();
	}
	/* Method automatically called by the NonStop OS prior to unloading the DLL */
	void __TERM__cleanup(void) {
	cleanup();
	}
	#else
	/*
	* This build does not support any kind of DEP.
	* We force the self-tests to run as part of the FIPS provider initialisation
	* rather than being triggered by the DEP.
	*/
	# undef DEP_INIT_ATTRIBUTE
	# undef DEP_FINI_ATTRIBUTE
	# undef DEP_INITIAL_STATE
	# define DEP_INITIAL_STATE FIPS_STATE_SELFTEST
	#endif

[makr]

Hm ... the pragmas will probably just be ignored. The binder flag, however, might only be valid for linking shared objects. So it boils down to creating a aix64-clang build configuration for OpenSSL and add the flag there.
While I was just elaborating about how to do it, I recognized, that it has been done already. The aix-common base configuriation already specifies the binder flag for the fips-module. Could you please run a complete build again without specifying it in LDFLAGS, redirecting the output into a log file and then grep for binitfini? It should be in there and if it isn't this is what we need to chase.

[robmcgee-mag]

I do see it on on this one line in the log for the original build I posted:

build	30-May-2022 17:33:38	/usr/bin/perl ./util/mkdef.pl --ordinals util/providers.num  --name providers/fips --OS aix > providers/fips.ld
build	30-May-2022 17:33:38	xlclang -qpic -q64 -qmaxmem=16384 -qro -qroconst -qthreaded -O -Wl,-G,-bsymbolic,-bnoentry -Wl,-bsvr4  \
build	30-May-2022 17:33:38		-o providers/fips.so -Wl,-bE:providers/fips.ld -Wl,-binitfini:_init:_cleanup \
build	30-May-2022 17:33:38		providers/fips/fips-dso-fips_entry.o \
build	30-May-2022 17:33:38		providers/libfips.a -lpthreads

This failed the tests though:

build	30-May-2022 17:37:18	gmake test V=1
build	30-May-2022 17:37:18	gmake depend && gmake _tests
build	30-May-2022 17:37:18	gmake[1]: Entering directory '/bamboo/bamboo-agent-home/xml-data/build-dir/ThirdParty/openssl/3.0.3/_src/openssl-3.0.3-src/openssl-3.0.3'
build	30-May-2022 17:37:20	gmake[1]: Leaving directory '/bamboo/bamboo-agent-home/xml-data/build-dir/ThirdParty/openssl/3.0.3/_src/openssl-3.0.3-src/openssl-3.0.3'
build	30-May-2022 17:37:20	gmake[1]: Entering directory '/bamboo/bamboo-agent-home/xml-data/build-dir/ThirdParty/openssl/3.0.3/_src/openssl-3.0.3-src/openssl-3.0.3'
build	30-May-2022 17:37:21	( SRCTOP=. \
build	30-May-2022 17:37:21	  BLDTOP=. \
build	30-May-2022 17:37:21	  PERL="/usr/bin/perl" \
build	30-May-2022 17:37:21	  FIPSKEY="f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813" \
build	30-May-2022 17:37:21	  EXE_EXT= \
build	30-May-2022 17:37:21	  /usr/bin/perl ./test/run_tests.pl  )
build	30-May-2022 17:37:21	00-prep_fipsmodule_cnf.t ..
build	30-May-2022 17:37:21	# The results of this test will end up in test-runs/prep_fipsmodule
build	30-May-2022 17:37:21	1..1
build	30-May-2022 17:37:21	Failed to load FIPS module
build	30-May-2022 17:37:21	INSTALL FAILED
build	30-May-2022 17:37:21	00000001:error:1C8000D4:Provider routines:SELF_TEST_post:invalid state:providers/fips/self_test.c:262:
build	30-May-2022 17:37:21	00000001:error:1C8000D8:Provider routines:OSSL_provider_init_int:self test post failure:providers/fips/fipsprov.c:743:
build	30-May-2022 17:37:21	00000001:error:078C0105:common libcrypto routines:provider_init:init fail:crypto/provider_core.c:910:name=fips
build	30-May-2022 17:37:21	../../util/wrap.pl ../../apps/openssl fipsinstall -module ../../providers/fips.so -provider_name fips -section_name fips_sect -out ../../test/fipsmodule.cnf => 1
build	30-May-2022 17:37:21	not ok 1 - fips install
build	30-May-2022 17:37:21	
build	30-May-2022 17:37:21	#   Failed test 'fips install'
build	30-May-2022 17:37:21	#   at test/recipes/00-prep_fipsmodule_cnf.t line 33.
build	30-May-2022 17:37:21	# Looks like you failed 1 test of 1.
build	30-May-2022 17:37:21	Dubious, test returned 1 (wstat 256, 0x100)
build	30-May-2022 17:37:21	Failed 1/1 subtests

[robmcgee-mag]

Just noticed the 32bit plan using xlclang fails earlier than 64bit:

build	02-Jun-2022 12:36:01	ld: 0711-317 ERROR: Undefined symbol: .__atomic_is_lock_free
build	02-Jun-2022 12:36:01	ld: 0711-345 Use the -bloadmap or -bnoquiet option to obtain more information.
build	02-Jun-2022 12:36:01	gmake[1]: *** [Makefile:16249: fuzz/cmp-test] Error 8
build	02-Jun-2022 12:36:01	gmake[1]: Leaving directory '/bamboo/bamboo-agent-home/xml-data/build-dir/ThirdParty/openssl/3.0.3/_src/openssl-3.0.3-src/openssl-3.0.3'
build	02-Jun-2022 12:36:01	gmake: *** [Makefile:3391: build_sw] Error 2

I've only set CC=xlclang in both of these plans.

[mattcaswell]

With the 64-bit test failure I wonder if it is possible for you to run this in a debugger? It would be useful to set a breakpoint in the "init" function and see if it is ever hit. Or failing that just a "printf" in that function or similar.

[robmcgee-mag]

I'm not very familiar with the DBX debugger but I've heard it's a pain to use.
I tried using printf but didn't see any output in the build.
Is it being redirected by default in the makefile or something?

[paulidale]

My guess would be that the Default Entry Point code is failing with this compiler/platform:

openssl/providers/fips/self_test.c

Lines 77 to 156 in 6537beb

	/*
	* This is the Default Entry Point (DEP) code.
	* See FIPS 140-2 IG 9.10
	*/
	#if defined(_WIN32) || defined(__CYGWIN__)
	# ifdef __CYGWIN__
	/* pick DLL_[PROCESS|THREAD]_[ATTACH|DETACH] definitions */
	# include <windows.h>
	/*
	* this has side-effect of _WIN32 getting defined, which otherwise is
	* mutually exclusive with __CYGWIN__...
	*/
	# endif
	BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved);
	BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
	{
	switch (fdwReason) {
	case DLL_PROCESS_ATTACH:
	init();
	break;
	case DLL_PROCESS_DETACH:
	cleanup();
	break;
	default:
	break;
	}
	return TRUE;
	}
	#elif defined(__GNUC__)
	# undef DEP_INIT_ATTRIBUTE
	# undef DEP_FINI_ATTRIBUTE
	# define DEP_INIT_ATTRIBUTE static __attribute__((constructor))
	# define DEP_FINI_ATTRIBUTE static __attribute__((destructor))
	#elif defined(__sun)
	# pragma init(init)
	# pragma fini(cleanup)
	#elif defined(_AIX)
	void _init(void);
	void _cleanup(void);
	# pragma init(_init)
	# pragma fini(_cleanup)
	void _init(void)
	{
	init();
	}
	void _cleanup(void)
	{
	cleanup();
	}
	#elif defined(__hpux)
	# pragma init "init"
	# pragma fini "cleanup"
	#elif defined(__TANDEM)
	/* Method automatically called by the NonStop OS when the DLL loads */
	void __INIT__init(void) {
	init();
	}
	/* Method automatically called by the NonStop OS prior to unloading the DLL */
	void __TERM__cleanup(void) {
	cleanup();
	}
	#else
	/*
	* This build does not support any kind of DEP.
	* We force the self-tests to run as part of the FIPS provider initialisation
	* rather than being triggered by the DEP.
	*/
	# undef DEP_INIT_ATTRIBUTE
	# undef DEP_FINI_ATTRIBUTE
	# undef DEP_INITIAL_STATE
	# define DEP_INITIAL_STATE FIPS_STATE_SELFTEST
	#endif

There is a check for AIX at line 117 in that lot, so I doubt it's failing through.

The way to check if the DEP is the problem is to force the code through the fallback on lines 152 - 155. If that makes things work, the DEP is at fault. If it doesn't we're probably looking in the wrong place.
Just temporarily delete the unwanted bits. Change lines 77 - 156 to:

/*
 * This is the Default Entry Point (DEP) code.
 * See FIPS 140-2 IG 9.10
 */
/*
 * This build does not support any kind of DEP.
 * We force the self-tests to run as part of the FIPS provider initialisation
 * rather than being triggered by the DEP.
 */
# undef DEP_INIT_ATTRIBUTE
# undef DEP_FINI_ATTRIBUTE
# undef DEP_INITIAL_STATE
# define DEP_INITIAL_STATE  FIPS_STATE_SELFTEST

build and try to run.

[robmcgee-mag]

Finally getting back to this..
@paulidale 64 bit builds and now runs tests with your fix, but there are some other failures now.

18-Jul-2022 15:34:54 | 80-test_pkcs12.t ................... ok
-- | --
18-Jul-2022 15:37:14 |  
18-Jul-2022 15:37:14 | # ERROR: (int) 'result->result == test_ctx->expected_result' failed @ test/ssl_test.c:36
18-Jul-2022 15:37:14 | # [2] compared to [0]
18-Jul-2022 15:37:14 | # INFO:  @ test/ssl_test.c:39
18-Jul-2022 15:37:14 | # ExpectedResult mismatch: expected Success, got ClientFail.
18-Jul-2022 15:37:14 | # 00000001:error:0A000415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
18-Jul-2022 15:37:14 | # OPENSSL_TEST_RAND_ORDER=1658183834
18-Jul-2022 15:37:14 | not ok 2 - iteration 2
18-Jul-2022 15:37:14 | # ------------------------------------------------------------------------------
18-Jul-2022 15:37:14 | # ERROR: (int) 'result->result == test_ctx->expected_result' failed @ test/ssl_test.c:36
18-Jul-2022 15:37:14 | # [2] compared to [0]
18-Jul-2022 15:37:14 | # INFO:  @ test/ssl_test.c:39
18-Jul-2022 15:37:14 | # ExpectedResult mismatch: expected Success, got ClientFail.
18-Jul-2022 15:37:14 | # 00000001:error:0A000415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
18-Jul-2022 15:37:14 | # OPENSSL_TEST_RAND_ORDER=1658183834
18-Jul-2022 15:37:14 | not ok 4 - iteration 4
18-Jul-2022 15:37:14 | # ------------------------------------------------------------------------------
18-Jul-2022 15:37:14 | # ERROR: (int) 'result->result == test_ctx->expected_result' failed @ test/ssl_test.c:36
18-Jul-2022 15:37:14 | # [4] compared to [0]
18-Jul-2022 15:37:14 | # INFO:  @ test/ssl_test.c:39
18-Jul-2022 15:37:14 | # ExpectedResult mismatch: expected Success, got FirstHandshakeFailed.
18-Jul-2022 15:37:14 | # 00000001:error:0A000415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
18-Jul-2022 15:37:14 | # OPENSSL_TEST_RAND_ORDER=1658183834
18-Jul-2022 15:37:14 | not ok 5 - iteration 5
18-Jul-2022 15:37:14 | # ------------------------------------------------------------------------------
18-Jul-2022 15:37:14 | # ERROR: (int) 'result->result == test_ctx->expected_result' failed @ test/ssl_test.c:36
18-Jul-2022 15:37:14 | # [4] compared to [0]
18-Jul-2022 15:37:14 | # INFO:  @ test/ssl_test.c:39
18-Jul-2022 15:37:14 | # ExpectedResult mismatch: expected Success, got FirstHandshakeFailed.
18-Jul-2022 15:37:14 | # 00000001:error:0A000415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
18-Jul-2022 15:37:14 | # OPENSSL_TEST_RAND_ORDER=1658183834
18-Jul-2022 15:37:14 | not ok 6 - iteration 6
18-Jul-2022 15:37:14 | # ------------------------------------------------------------------------------
18-Jul-2022 15:37:14 | # OPENSSL_TEST_RAND_ORDER=1658183834
18-Jul-2022 15:37:14 | not ok 1 - test_handshake
18-Jul-2022 15:37:14 | # ------------------------------------------------------------------------------
18-Jul-2022 15:37:14 | ../../util/wrap.pl ../../test/ssl_test 12-ct.cnf.none none => 1
18-Jul-2022 15:37:14 | not ok 3 - running ssl_test 12-ct.cnf
18-Jul-2022 15:37:14 | # ------------------------------------------------------------------------------
18-Jul-2022 15:37:14 | # ERROR: (int) 'result->result == test_ctx->expected_result' failed @ test/ssl_test.c:36
18-Jul-2022 15:37:14 | # [2] compared to [0]
18-Jul-2022 15:37:14 | # INFO:  @ test/ssl_test.c:39
18-Jul-2022 15:37:14 | # ExpectedResult mismatch: expected Success, got ClientFail.
18-Jul-2022 15:37:14 | # 00000001:error:0A000415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
18-Jul-2022 15:37:14 | # OPENSSL_TEST_RAND_ORDER=1658183834
18-Jul-2022 15:37:14 | not ok 2 - iteration 2
18-Jul-2022 15:37:15 | # ------------------------------------------------------------------------------
18-Jul-2022 15:37:15 | # ERROR: (int) 'result->result == test_ctx->expected_result' failed @ test/ssl_test.c:36
18-Jul-2022 15:37:15 | # [2] compared to [0]
18-Jul-2022 15:37:15 | # INFO:  @ test/ssl_test.c:39
18-Jul-2022 15:37:15 | # ExpectedResult mismatch: expected Success, got ClientFail.
18-Jul-2022 15:37:15 | # 00000001:error:0A000415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
18-Jul-2022 15:37:15 | # OPENSSL_TEST_RAND_ORDER=1658183834
18-Jul-2022 15:37:15 | not ok 4 - iteration 4
18-Jul-2022 15:37:15 | # ------------------------------------------------------------------------------
18-Jul-2022 15:37:15 | # ERROR: (int) 'result->result == test_ctx->expected_result' failed @ test/ssl_test.c:36
18-Jul-2022 15:37:15 | # [4] compared to [0]
18-Jul-2022 15:37:15 | # INFO:  @ test/ssl_test.c:39
18-Jul-2022 15:37:15 | # ExpectedResult mismatch: expected Success, got FirstHandshakeFailed.
18-Jul-2022 15:37:15 | # 00000001:error:0A000415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
18-Jul-2022 15:37:15 | # OPENSSL_TEST_RAND_ORDER=1658183834
18-Jul-2022 15:37:15 | not ok 5 - iteration 5
18-Jul-2022 15:37:15 | # ------------------------------------------------------------------------------
18-Jul-2022 15:37:15 | # ERROR: (int) 'result->result == test_ctx->expected_result' failed @ test/ssl_test.c:36
18-Jul-2022 15:37:15 | # [4] compared to [0]
18-Jul-2022 15:37:15 | # INFO:  @ test/ssl_test.c:39
18-Jul-2022 15:37:15 | # ExpectedResult mismatch: expected Success, got FirstHandshakeFailed.
18-Jul-2022 15:37:15 | # 00000001:error:0A000415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
18-Jul-2022 15:37:15 | # OPENSSL_TEST_RAND_ORDER=1658183834
18-Jul-2022 15:37:15 | not ok 6 - iteration 6
18-Jul-2022 15:37:15 | # ------------------------------------------------------------------------------
18-Jul-2022 15:37:15 | # OPENSSL_TEST_RAND_ORDER=1658183834
18-Jul-2022 15:37:15 | not ok 1 - test_handshake
18-Jul-2022 15:37:15 | # ------------------------------------------------------------------------------
18-Jul-2022 15:37:15 | ../../util/wrap.pl ../../test/ssl_test 12-ct.cnf.default default => 1
18-Jul-2022 15:37:15 | not ok 6 - running ssl_test 12-ct.cnf
18-Jul-2022 15:37:15 | # ------------------------------------------------------------------------------
18-Jul-2022 15:37:15 | # ERROR: (int) 'result->result == test_ctx->expected_result' failed @ test/ssl_test.c:36
18-Jul-2022 15:37:15 | # [2] compared to [0]
18-Jul-2022 15:37:15 | # INFO:  @ test/ssl_test.c:39
18-Jul-2022 15:37:15 | # ExpectedResult mismatch: expected Success, got ClientFail.
18-Jul-2022 15:37:15 | # 00000001:error:0A000415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
18-Jul-2022 15:37:15 | # OPENSSL_TEST_RAND_ORDER=1658183835
18-Jul-2022 15:37:15 | not ok 2 - iteration 2
18-Jul-2022 15:37:15 | # ------------------------------------------------------------------------------
18-Jul-2022 15:37:15 | # ERROR: (int) 'result->result == test_ctx->expected_result' failed @ test/ssl_test.c:36
18-Jul-2022 15:37:15 | # [2] compared to [0]
18-Jul-2022 15:37:15 | # INFO:  @ test/ssl_test.c:39
18-Jul-2022 15:37:15 | # ExpectedResult mismatch: expected Success, got ClientFail.
18-Jul-2022 15:37:15 | # 00000001:error:0A000415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
18-Jul-2022 15:37:15 | # OPENSSL_TEST_RAND_ORDER=1658183835
18-Jul-2022 15:37:15 | not ok 4 - iteration 4
18-Jul-2022 15:37:15 | # ------------------------------------------------------------------------------
18-Jul-2022 15:37:15 | # ERROR: (int) 'result->result == test_ctx->expected_result' failed @ test/ssl_test.c:36
18-Jul-2022 15:37:15 | # [4] compared to [0]
18-Jul-2022 15:37:15 | # INFO:  @ test/ssl_test.c:39
18-Jul-2022 15:37:15 | # ExpectedResult mismatch: expected Success, got FirstHandshakeFailed.
18-Jul-2022 15:37:15 | # 00000001:error:0A000415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
18-Jul-2022 15:37:15 | # OPENSSL_TEST_RAND_ORDER=1658183835
18-Jul-2022 15:37:15 | not ok 5 - iteration 5
18-Jul-2022 15:37:15 | # ------------------------------------------------------------------------------
18-Jul-2022 15:37:15 | # ERROR: (int) 'result->result == test_ctx->expected_result' failed @ test/ssl_test.c:36
18-Jul-2022 15:37:15 | # [4] compared to [0]
18-Jul-2022 15:37:15 | # INFO:  @ test/ssl_test.c:39
18-Jul-2022 15:37:15 | # ExpectedResult mismatch: expected Success, got FirstHandshakeFailed.
18-Jul-2022 15:37:15 | # 00000001:error:0A000415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
18-Jul-2022 15:37:15 | # OPENSSL_TEST_RAND_ORDER=1658183835
18-Jul-2022 15:37:15 | not ok 6 - iteration 6
18-Jul-2022 15:37:15 | # ------------------------------------------------------------------------------
18-Jul-2022 15:37:15 | # OPENSSL_TEST_RAND_ORDER=1658183835
18-Jul-2022 15:37:15 | not ok 1 - test_handshake
18-Jul-2022 15:37:15 | # ------------------------------------------------------------------------------
18-Jul-2022 15:37:15 | ../../util/wrap.pl ../../test/ssl_test 12-ct.cnf.fips fips ../../test/fips-and-base.cnf => 1
18-Jul-2022 15:37:15 | not ok 9 - running ssl_test 12-ct.cnf
18-Jul-2022 15:37:15 | # ------------------------------------------------------------------------------
18-Jul-2022 15:37:15 |  
18-Jul-2022 15:37:15 | #   Failed test 'running ssl_test 12-ct.cnf'
18-Jul-2022 15:37:15 | #   at test/recipes/80-test_ssl_new.t line 167.
18-Jul-2022 15:37:15 | # Looks like you failed 3 tests of 9.
18-Jul-2022 15:37:15 | not ok 12 - Test configuration 12-ct.cnf
18-Jul-2022 15:38:09 | # ------------------------------------------------------------------------------
18-Jul-2022 15:38:09 | # Looks like you failed 1 test of 30.80-test_ssl_new.t ..................
18-Jul-2022 15:38:09 | Dubious, test returned 1 (wstat 256, 0x100)
18-Jul-2022 15:38:09 | Failed 1/30 subtests

Re-running that now to get you verbose logs...

32 bit still has this error from before:

18-Jul-2022 15:33:22 | ${LDCMD:-xlclang} -q32 -qmaxmem=16384 -qro -qroconst -qthreaded -O -Wl,-bsvr4  \
-- | --
18-Jul-2022 15:33:22 | -o fuzz/cmp-test \
18-Jul-2022 15:33:22 | fuzz/cmp-test-bin-cmp.o fuzz/cmp-test-bin-fuzz_rand.o \
18-Jul-2022 15:33:22 | fuzz/cmp-test-bin-test-corpus.o \
18-Jul-2022 15:33:22 | libcrypto_a.a -lpthreads
18-Jul-2022 15:33:22 | ld: 0711-317 ERROR: Undefined symbol: .__atomic_is_lock_free
18-Jul-2022 15:33:22 | ld: 0711-345 Use the -bloadmap or -bnoquiet option to obtain more information.
18-Jul-2022 15:33:22 | gmake[1]: *** [Makefile:16251: fuzz/cmp-test] Error 8
18-Jul-2022 15:33:22 | gmake[1]: Leaving directory '/bamboo/bamboo-agent-home/xml-data/build-dir/ThirdParty/openssl/3.0.3/_src/openssl-3.0.3-src/openssl-3.0.3'
18-Jul-2022 15:33:22 | gmake: *** [Makefile:3393: build_sw] Error 2
18-Jul-2022 15:34:22 | WARNING: Ping thread timed out after 60 seconds.

It's been a while since I looked at this but I thought we fixed that in another commit.

[paulidale]

Many of the test certificates we used expired recently. Updating the source tree should address those failures.

[robmcgee-mag]

Grabbed the 3.0.5 release and 64 bit built and passed unit tests!

I don't have git installed so can't easily make a pull request, but I just updated two ifdefs in self_test.c so the new AIX compiler - xLClang - would hit the fallback. The older compiler - xLC - should be unaffected since __GNUC__ isn't defined there.

#elif defined(__GNUC__) && !defined(_AIX)
# undef DEP_INIT_ATTRIBUTE
# undef DEP_FINI_ATTRIBUTE
# define DEP_INIT_ATTRIBUTE static __attribute__((constructor))
# define DEP_FINI_ATTRIBUTE static __attribute__((destructor))

#elif defined(__sun)
# pragma init(init)
# pragma fini(cleanup)

#elif defined(_AIX) && !defined(__GNUC__)
void _init(void);
void _cleanup(void);
# pragma init(_init)
# pragma fini(_cleanup)
void _init(void)
{
    init();
}
void _cleanup(void)
{
    cleanup();
}

Unfortunately, there appears to be a regression/refactor causing the 32bit build to fail.

18-Jul-2022 18:50:24 | ${LDCMD:-xlclang} -q32 -qmaxmem=16384 -qro -qroconst -qthreaded -O -Wl,-bsvr4  \
-- | --
18-Jul-2022 18:50:24 | -o fuzz/cmp-test \
18-Jul-2022 18:50:24 | fuzz/cmp-test-bin-cmp.o fuzz/cmp-test-bin-fuzz_rand.o \
18-Jul-2022 18:50:24 | fuzz/cmp-test-bin-test-corpus.o \
18-Jul-2022 18:50:24 | libcrypto_a.a -lpthreads
18-Jul-2022 18:50:24 | ld: 0711-317 ERROR: Undefined symbol: .__atomic_is_lock_free
18-Jul-2022 18:50:24 | ld: 0711-345 Use the -bloadmap or -bnoquiet option to obtain more information.
18-Jul-2022 18:50:24 | gmake[1]: *** [Makefile:16253: fuzz/cmp-test] Error 8
18-Jul-2022 18:50:24 | gmake[1]: Leaving directory '/bamboo/bamboo-agent-home/xml-data/build-dir/ThirdParty/openssl/3.0.5/_src/openssl-3.0.5-src/openssl-3.0.5'
18-Jul-2022 18:50:24 | gmake: *** [Makefile:3395: build_sw] Error 2

The old fix was made here: https://github.com/openssl/openssl/pull/17497/files
but the PPC-related ifdefs were removed on June 15th 2022 by @t8m.
https://github.com/openssl/openssl/commits/master/crypto/bn/bn_ppc.c

Was it a breaking change?

[robmcgee-mag]

If you'd prefer to re-open #17087, please go ahead and close this after you've tried my code fix mentioned above.

This 32bit build is the only one I need now to start using openssl 3.x across the board so let me know what your plans are here, if any.

[t8m]

The bug that was fixed with #17497 was the

ld: 0711-317 ERROR: Undefined symbol: .bn_mul_mont_fixed_n6
 .bn_mul_mont_fixed_n6     [26]    ER PR crypto/bn/bn_ppc.c(libcrypto_a.a[libcrypto-lib-bn_ppc.o])
                                   0000006c .text    R_RBR    [14]    <.bn_mul_mont@AF147_2>
ld: 0711-317 ERROR: Undefined symbol: .bn_mul_mont_300_fixed_n6
 .bn_mul_mont_300_fixed_n6 [28]    ER PR crypto/bn/bn_ppc.c(libcrypto_a.a[libcrypto-lib-bn_ppc.o])
                                   00000084 .text    R_RBR    [14]    <.bn_mul_mont@AF147_2>

build fix for XLC. These are irrelevant now as this code was completely dropped by the revert in 712d9cc

For the __atomic_is_lock_free missing - could you please try to add -latomic to the ./Configure command line?

[robmcgee-mag]

Sorry, you're right. I did briefly mention this issue on that old ticket too but then completely forgot about it since we were only focusing on xLC at the time.
I've tried it again and I get this after enabling verbose logging:

${LDCMD:-xlclang} -q32 -qmaxmem=16384 -qro -qroconst -qthreaded -O -bnoquiet -Wl,-bsvr4  \
        -o fuzz/cmp-test \
        fuzz/cmp-test-bin-cmp.o fuzz/cmp-test-bin-fuzz_rand.o \
        fuzz/cmp-test-bin-test-corpus.o \
        libcrypto_a.a -lpthreads -latomic
(ld): halt 4
(ld): setopt noexpall
(ld): setopt rtl
(ld): setopt rtllib
(ld): setopt expfull
(ld): setopt svr4
(ld): setopt symbolic:1
(ld): setfflag 4
(ld): savename fuzz/cmp-test
(ld): filelist 12 1
(ld): i /lib/crt0.o
(ld): i fuzz/cmp-test-bin-cmp.o
(ld): i fuzz/cmp-test-bin-fuzz_rand.o
(ld): i fuzz/cmp-test-bin-test-corpus.o
(ld): i libcrypto_a.a
(ld): lib /usr/lib/libpthreads.a
(ld): lib /usr/lib/libatomic.a
(ld): lib /opt/IBM/xlc/16.1.0/lib/libxlopt.a
(ld): lib /opt/IBM/xlc/16.1.0/lib/libxlipa.a
(ld): lib /opt/IBM/xlc/16.1.0/lib/libxl.a
(ld): lib /usr/lib/libc.a
(ld): lib /usr/lib/librtl.a
LIBRARY: Shared object libpthreads.a[shr_comm.o]: 179 symbols imported.
LIBRARY: Shared object libpthreads.a[shr_xpg5.o]: 174 symbols imported.
LIBRARY: Shared object libatomic.a[libatomic.so.1]: 40 symbols imported.
LIBRARY: Shared object libc.a[shr.o]: 3308 symbols imported.
LIBRARY: Shared object libc.a[meth.o]: 2 symbols imported.
LIBRARY: Shared object libc.a[posix_aio.o]: 20 symbols imported.
LIBRARY: Shared object libc.a[aio.o]: 18 symbols imported.
LIBRARY: Shared object libc.a[pse.o]: 8 symbols imported.
LIBRARY: Shared object libc.a[dl.o]: 4 symbols imported.
LIBRARY: Shared object libc.a[pty.o]: 1 symbols imported.
LIBRARY: Shared object libc.a[cthread.o]: 25 symbols imported.
LIBRARY: Shared object libc.a[uchar.o]: 4 symbols imported.
LIBRARY: Shared object librtl.a[shr.o]: 1 symbols imported.
LIBRARY: Shared object librtl.a[lazy42.o]: 3 symbols imported.
FILELIST: Number of previously inserted files processed: 12
(ld): resolve
RESOLVE: 20908 of 52415 symbols were kept.
(ld): addgl /usr/lib/glink.o
ADDGL: Glink code added for 108 symbols.
(ld): er full
ld: 0711-318 ERROR: Undefined symbols were found.
        The following symbols are in error:
 Symbol                    Inpndx  TY CL Source-File(Object-File) OR Import-File{Shared-object}
                              RLD: Address  Section  Rld-type Referencing Symbol
 ----------------------------------------------------------------------------------------------
 .__atomic_is_lock_free    [146]   ER PR crypto/threads_pthread.c(libcrypto_a.a[libcrypto-lib-threads_pthread.o])
                                   000003bc .text    R_RBR    [38]    .CRYPTO_atomic_or
                                   0000052c .text    R_RBR    [40]    .CRYPTO_atomic_load
ER: The return code is 8.
gmake[1]: *** [Makefile:16247: fuzz/cmp-test] Error 8
gmake[1]: Leaving directory '/bamboo/bamboo-agent-home/xml-data/build-dir/ThirdParty/openssl/3.0.5/_src/openssl-3.0.5-src/openssl-3.0.5'
gmake: *** [Makefile:3389: build_sw] Error 2

Last time I was thinking that maybe we didn't have the necessary library installed/updated to contain this symbol but I'm not so sure now. It looks like there were some atomic functionality changes in xlclang:
https://www.ibm.com/docs/en/xl-c-and-cpp-aix/16.1?topic=migration-checklist-when-moving-from-xl-based-front-end-clang-based-front-end

[t8m]

I am afraid this is some kind of problem with the xlclang frontend which should be discussed with IBM. I think adding -DBROKEN_CLANG_ATOMICS instead of -latomic might help to workaround it - of course at the cost of making the atomic operations using locks.

[robmcgee-mag]

I don't know our current support status with AIX so I'll have to ask around about that, thanks.

I tried your suggestion and it does get a little further this time but there's another error:

build	22-Jul-2022 15:15:31	${LDCMD:-xlclang} -q32 -qmaxmem=16384 -qro -qroconst -qthreaded -O -L. -Wl,-bsvr4  \
build	22-Jul-2022 15:15:31		-o test/confdump \
build	22-Jul-2022 15:15:31		test/confdump-bin-confdump.o \
build	22-Jul-2022 15:15:31		-lcrypto -lpthreads
build	22-Jul-2022 15:15:31	xlclang  -Iinclude -Iapps/include  -q32 -qmaxmem=16384 -qro -qroconst -qthreaded -O -D_THREAD_SAFE -DOPENSSL_BUILDING_OPENSSL -DNDEBUG -DBROKEN_CLANG_ATOMICS  -c -o test/constant_time_test-bin-constant_time_test.o test/constant_time_test.c
build	22-Jul-2022 15:15:31	In file included from test/constant_time_test.c:14:
build	22-Jul-2022 15:15:31	include/internal/constant_time.h:257:23: error: 1540-5400 Option "-q32" is not compatiable with "long long" type that is used in the asm operand.
build	22-Jul-2022 15:15:31	    __asm__("" : "=r"(r) : "0"(a));
build	22-Jul-2022 15:15:31	                      ^
build	22-Jul-2022 15:15:31	1 error generated.
build	22-Jul-2022 15:15:31	Error while processing test/constant_time_test.c.
build	22-Jul-2022 15:15:31	gmake[1]: *** [Makefile:17812: test/constant_time_test-bin-constant_time_test.o] Error 1
build	22-Jul-2022 15:15:31	gmake[1]: Leaving directory '/bamboo/bamboo-agent-home/xml-data/build-dir/ThirdParty/openssl/3.0.5/_src/openssl-3.0.5-src/openssl-3.0.5'
build	22-Jul-2022 15:15:31	gmake: *** [Makefile:3399: build_sw] Error 2

[t8m]

Unfortunately for that the only workaround would be to build with no-asm which is a too big hammer.

[robmcgee-mag]

That allowed me to build it at least. We'll test performance and decide whether to use it or stick with 1.1.1 for AIX.

Thanks for all the help :D
I've set up git and created a pull request to use the DEP fallback when building with xlclang.
Hope I've done this right. #18873