Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

1.1.1d test issue 20-test_enc.t #9866

Closed
shamelesscookie opened this issue Sep 11, 2019 · 37 comments
Closed

1.1.1d test issue 20-test_enc.t #9866

shamelesscookie opened this issue Sep 11, 2019 · 37 comments

Comments

@shamelesscookie
Copy link

@shamelesscookie shamelesscookie commented Sep 11, 2019

Building in Docker from Ubuntu:18.04 (a2a15febcdf3)

1e3a91bc1f9dfce01af26026f856e064eab4c8ee0a8f457b5ae30b40b8b711f2 openssl-1.1.1d.tar.gz

Full reproduction steps available at https://github.com/shamelesscookie/openssl/blob/master/1.1.1/Dockerfile

../test/recipes/20-test_enc.t ...................... 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/172 subtests
Test Summary Report
-------------------
../test/recipes/20-test_enc.t                    (Wstat: 256 Tests: 172 Failed: 1)
  Failed test:  171
./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib
perl configdata.pm --dump

Command line (with current working directory = .):

    /usr/bin/perl ./Configure linux-x86_64 --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib

Perl information:

    /usr/bin/perl
    5.26.1 for x86_64-linux-gnu-thread-multi

Enabled features:

    afalgeng
    aria
    asm
    async
    autoalginit
    autoerrinit
    autoload-config
    bf
    blake2
    buildtest-c\+\+
    camellia
    capieng
    cast
    chacha
    cmac
    cms
    comp
    ct
    deprecated
    des
    dgram
    dh
    dsa
    dtls
    dynamic-engine
    ec
    ec2m
    ecdh
    ecdsa
    engine
    err
    filenames
    gost
    hw(-.+)?
    idea
    makedepend
    md4
    mdc2
    multiblock
    nextprotoneg
    pinshared
    ocb
    ocsp
    pic
    poly1305
    posix-io
    psk
    rc2
    rc4
    rdrand
    rfc3779
    rmd160
    scrypt
    seed
    shared
    siphash
    sm2
    sm3
    sm4
    sock
    srp
    srtp
    sse2
    ssl
    static-engine
    stdio
    tests
    threads
    tls
    ts
    ui-console
    whirlpool
    zlib
    tls1
    tls1-method
    tls1_1
    tls1_1-method
    tls1_2
    tls1_2-method
    tls1_3
    dtls1
    dtls1-method
    dtls1_2
    dtls1_2-method

Disabled features:

    asan                    [default] OPENSSL_NO_ASAN
    crypto-mdebug           [default] OPENSSL_NO_CRYPTO_MDEBUG
    crypto-mdebug-backtrace [default] OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
    devcryptoeng            [default] OPENSSL_NO_DEVCRYPTOENG
    ec_nistp_64_gcc_128     [default] OPENSSL_NO_EC_NISTP_64_GCC_128
    egd                     [default] OPENSSL_NO_EGD
    external-tests          [default] OPENSSL_NO_EXTERNAL_TESTS
    fuzz-libfuzzer          [default] OPENSSL_NO_FUZZ_LIBFUZZER
    fuzz-afl                [default] OPENSSL_NO_FUZZ_AFL
    heartbeats              [default] OPENSSL_NO_HEARTBEATS
    md2                     [default] OPENSSL_NO_MD2 (skip crypto/md2)
    msan                    [default] OPENSSL_NO_MSAN
    rc5                     [default] OPENSSL_NO_RC5 (skip crypto/rc5)
    sctp                    [default] OPENSSL_NO_SCTP
    ssl-trace               [default] OPENSSL_NO_SSL_TRACE
    ubsan                   [default] OPENSSL_NO_UBSAN
    unit-test               [default] OPENSSL_NO_UNIT_TEST
    weak-ssl-ciphers        [default] OPENSSL_NO_WEAK_SSL_CIPHERS
    zlib-dynamic            [default] 
    ssl3                    [default] OPENSSL_NO_SSL3
    ssl3-method             [default] OPENSSL_NO_SSL3_METHOD

Config target attributes:

    AR => "ar",
    ARFLAGS => "r",
    CC => "gcc",
    CFLAGS => "-Wall -O3",
    CXX => "g++",
    CXXFLAGS => "-Wall -O3",
    HASHBANGPERL => "/usr/bin/env perl",
    RANLIB => "ranlib",
    RC => "windres",
    aes_asm_src => "aes_core.c aes_cbc.c vpaes-x86_64.s aesni-x86_64.s aesni-sha1-x86_64.s aesni-sha256-x86_64.s aesni-mb-x86_64.s",
    aes_obj => "aes_core.o aes_cbc.o vpaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o",
    apps_aux_src => "",
    apps_init_src => "",
    apps_obj => "",
    bf_asm_src => "bf_enc.c",
    bf_obj => "bf_enc.o",
    bn_asm_src => "asm/x86_64-gcc.c x86_64-mont.s x86_64-mont5.s x86_64-gf2m.s rsaz_exp.c rsaz-x86_64.s rsaz-avx2.s",
    bn_obj => "asm/x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o",
    bn_ops => "SIXTY_FOUR_BIT_LONG",
    build_file => "Makefile",
    build_scheme => [ "unified", "unix" ],
    cast_asm_src => "c_enc.c",
    cast_obj => "c_enc.o",
    cflags => "-pthread -m64",
    chacha_asm_src => "chacha-x86_64.s",
    chacha_obj => "chacha-x86_64.o",
    cmll_asm_src => "cmll-x86_64.s cmll_misc.c",
    cmll_obj => "cmll-x86_64.o cmll_misc.o",
    cppflags => "",
    cpuid_asm_src => "x86_64cpuid.s",
    cpuid_obj => "x86_64cpuid.o",
    cxxflags => "-std=c++11 -pthread -m64",
    defines => [ "ZLIB" ],
    des_asm_src => "des_enc.c fcrypt_b.c",
    des_obj => "des_enc.o fcrypt_b.o",
    disable => [  ],
    dso_extension => ".so",
    dso_scheme => "dlfcn",
    ec_asm_src => "ecp_nistz256.c ecp_nistz256-x86_64.s x25519-x86_64.s",
    ec_obj => "ecp_nistz256.o ecp_nistz256-x86_64.o x25519-x86_64.o",
    enable => [ "afalgeng" ],
    ex_libs => "-lz -ldl -pthread",
    exe_extension => "",
    includes => [  ],
    keccak1600_asm_src => "keccak1600-x86_64.s",
    keccak1600_obj => "keccak1600-x86_64.o",
    lflags => "",
    lib_cflags => "",
    lib_cppflags => "-DOPENSSL_USE_NODELETE -DL_ENDIAN",
    lib_defines => [  ],
    md5_asm_src => "md5-x86_64.s",
    md5_obj => "md5-x86_64.o",
    modes_asm_src => "ghash-x86_64.s aesni-gcm-x86_64.s",
    modes_obj => "ghash-x86_64.o aesni-gcm-x86_64.o",
    module_cflags => "-fPIC",
    module_cxxflags => "",
    module_ldflags => "-Wl,-znodelete -shared -Wl,-Bsymbolic",
    multilib => "64",
    padlock_asm_src => "e_padlock-x86_64.s",
    padlock_obj => "e_padlock-x86_64.o",
    perlasm_scheme => "elf",
    poly1305_asm_src => "poly1305-x86_64.s",
    poly1305_obj => "poly1305-x86_64.o",
    rc4_asm_src => "rc4-x86_64.s rc4-md5-x86_64.s",
    rc4_obj => "rc4-x86_64.o rc4-md5-x86_64.o",
    rc5_asm_src => "rc5_enc.c",
    rc5_obj => "rc5_enc.o",
    rmd160_asm_src => "",
    rmd160_obj => "",
    sha1_asm_src => "sha1-x86_64.s sha256-x86_64.s sha512-x86_64.s sha1-mb-x86_64.s sha256-mb-x86_64.s",
    sha1_obj => "sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o",
    shared_cflag => "-fPIC",
    shared_defflag => "-Wl,--version-script=",
    shared_defines => [  ],
    shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
    shared_extension_simple => ".so",
    shared_ldflag => "-Wl,-znodelete -shared -Wl,-Bsymbolic",
    shared_rcflag => "",
    shared_sonameflag => "-Wl,-soname=",
    shared_target => "linux-shared",
    thread_defines => [  ],
    thread_scheme => "pthreads",
    unistd => "<unistd.h>",
    uplink_aux_src => "",
    uplink_obj => "",
    wp_asm_src => "wp-x86_64.s",
    wp_obj => "wp-x86_64.o",

Recorded environment:

    AR = 
    ARFLAGS = 
    AS = 
    ASFLAGS = 
    BUILDFILE = 
    CC = 
    CFLAGS = 
    CPP = 
    CPPDEFINES = 
    CPPFLAGS = 
    CPPINCLUDES = 
    CROSS_COMPILE = 
    CXX = 
    CXXFLAGS = 
    HASHBANGPERL = 
    LD = 
    LDFLAGS = 
    LDLIBS = 
    MT = 
    MTFLAGS = 
    OPENSSL_LOCAL_CONFIG_DIR = 
    PERL = 
    RANLIB = 
    RC = 
    RCFLAGS = 
    RM = 
    WINDRES = 
    __CNF_CFLAGS = 
    __CNF_CPPDEFINES = 
    __CNF_CPPFLAGS = 
    __CNF_CPPINCLUDES = 
    __CNF_CXXFLAGS = 
    __CNF_LDFLAGS = 
    __CNF_LDLIBS = 

Makevars:

    AR              = ar
    ARFLAGS         = r
    CC              = gcc
    CFLAGS          = -Wall -O3
    CPPDEFINES      = 
    CPPFLAGS        = 
    CPPINCLUDES     = 
    CXX             = g++
    CXXFLAGS        = -Wall -O3
    HASHBANGPERL    = /usr/bin/env perl
    LDFLAGS         = 
    LDLIBS          = 
    PERL            = /usr/bin/perl
    RANLIB          = ranlib
    RC              = windres
    RCFLAGS         = 
@mattcaswell

This comment has been minimized.

Copy link
Member

@mattcaswell mattcaswell commented Sep 11, 2019

What do you get with make TESTS=test_enc V=1 test?

@shamelesscookie

This comment has been minimized.

Copy link
Author

@shamelesscookie shamelesscookie commented Sep 11, 2019

not ok 171 - zlib

#   Failed test 'zlib'
#   at ../test/recipes/20-test_enc.t line 62.
/usr/local/src/openssl-1.1.1d/util/shlib_wrap.sh /usr/local/src/openssl-1.1.1d/apps/openssl zlib -bufsize 113 -a -e -k test -in ./p -out ./p.zlib.cipher => 0
/usr/local/src/openssl-1.1.1d/util/shlib_wrap.sh /usr/local/src/openssl-1.1.1d/apps/openssl zlib -bufsize 157 -a -d -k test -in ./p.zlib.cipher -out ./p.zlib.clear => 0
ok 172 - zlib base64
# Looks like you failed 1 test of 172.
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/172 subtests 

Test Summary Report
-------------------
../test/recipes/20-test_enc.t (Wstat: 256 Tests: 172 Failed: 1)
  Failed test:  171
  Non-zero exit status: 1
Files=1, Tests=172, 11 wallclock secs ( 0.25 usr  0.08 sys +  2.52 cusr  3.24 csys =  6.09 CPU)
Result: FAIL
Makefile:207: recipe for target '_tests' failed
make[1]: *** [_tests] Error 1
make[1]: Leaving directory '/usr/local/src/openssl-1.1.1d'
Makefile:205: recipe for target 'tests' failed
make: *** [tests] Error 2

This is the zlib package I'm using:

https://launchpad.net/ubuntu/bionic/amd64/zlib1g-dev/1:1.2.11.dfsg-0ubuntu2

@mspncp

This comment has been minimized.

Copy link
Contributor

@mspncp mspncp commented Sep 11, 2019

It seems like you posted only the test summary or forgot to add the verbose (V=1) option. The interesting diagnostic information for us comes before the summary. This is how it looks like, when I run the test:

~/src/openssl-1.1.1$ make V=1 TESTS=test_enc tests
make depend && make _tests
make[1]: Entering directory '/home/msp/src/openssl-1.1.1'
make[1]: Leaving directory '/home/msp/src/openssl-1.1.1'
make[1]: Entering directory '/home/msp/src/openssl-1.1.1'
( cd test; \
  mkdir -p test-runs; \
  SRCTOP=../. \
  BLDTOP=../. \
  RESULT_D=test-runs \
  PERL="/usr/bin/perl" \
  EXE_EXT= \
  OPENSSL_ENGINES=`cd .././engines 2>/dev/null && pwd` \
  OPENSSL_DEBUG_MEMORY=on \
    /usr/bin/perl .././test/run_tests.pl test_enc )
../test/recipes/20-test_enc.t .. 
/home/msp/src/openssl-1.1.1/util/shlib_wrap.sh /home/msp/src/openssl-1.1.1/apps/openssl list -cipher-commands => 0
1..170
ok 1 - Running 'openssl list -cipher-commands'
ok 2 - Copying /home/msp/src/openssl-1.1.1/test/recipes/20-test_enc.t to ./p
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
/home/msp/src/openssl-1.1.1/util/shlib_wrap.sh /home/msp/src/openssl-1.1.1/apps/openssl aes-128-cbc -bufsize 113 -e -k test -in ./p -out ./p.aes-128-cbc.cipher => 0
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
/home/msp/src/openssl-1.1.1/util/shlib_wrap.sh /home/msp/src/openssl-1.1.1/apps/openssl aes-128-cbc -bufsize 157 -d -k test -in ./p.aes-128-cbc.cipher -out ./p.aes-128-cbc.clear => 0
ok 3 - aes-128-cbc
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
/home/msp/src/openssl-1.1.1/util/shlib_wrap.sh /home/msp/src/openssl-1.1.1/apps/openssl aes-128-cbc -bufsize 113 -a -e -k test -in ./p -out ./p.aes-128-cbc.cipher => 0

[...]

@mspncp

This comment has been minimized.

Copy link
Contributor

@mspncp mspncp commented Sep 11, 2019

Ah never mind. I overlooked this part of the output.

/usr/local/src/openssl-1.1.1d/util/shlib_wrap.sh /usr/local/src/openssl-1.1.1d/apps/openssl zlib -bufsize 113 -a -e -k test -in ./p -out ./p.zlib.cipher => 0
/usr/local/src/openssl-1.1.1d/util/shlib_wrap.sh /usr/local/src/openssl-1.1.1d/apps/openssl zlib -bufsize 157 -a -d -k test -in ./p.zlib.cipher -out ./p.zlib.clear => 0
@shamelesscookie

This comment has been minimized.

Copy link
Author

@shamelesscookie shamelesscookie commented Sep 11, 2019

@levitte

This comment has been minimized.

Copy link
Member

@levitte levitte commented Sep 11, 2019

So it seems like file comparison failed in the binary zlib test

@mspncp

This comment has been minimized.

Copy link
Contributor

@mspncp mspncp commented Sep 11, 2019

I can confirm the error

[...]
/home/msp/src/openssl-1.1.1/util/shlib_wrap.sh /home/msp/src/openssl-1.1.1/apps/openssl zlib -bufsize 113 -e -k test -in ./p -out ./p.zlib.cipher => 0
/home/msp/src/openssl-1.1.1/util/shlib_wrap.sh /home/msp/src/openssl-1.1.1/apps/openssl zlib -bufsize 157 -d -k test -in ./p.zlib.cipher -out ./p.zlib.clear => 0
not ok 171 - zlib
#   Failed test 'zlib'
#   at ../test/recipes/20-test_enc.t line 62.
/home/msp/src/openssl-1.1.1/util/shlib_wrap.sh /home/msp/src/openssl-1.1.1/apps/openssl zlib -bufsize 113 -a -e -k test -in ./p -out ./p.zlib.cipher => 0
/home/msp/src/openssl-1.1.1/util/shlib_wrap.sh /home/msp/src/openssl-1.1.1/apps/openssl zlib -bufsize 157 -a -d -k test -in ./p.zlib.cipher -out ./p.zlib.clear => 0
ok 172 - zlib base64
# Looks like you failed 1 test of 172.
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/172 subtests 

Test Summary Report
-------------------
../test/recipes/20-test_enc.t (Wstat: 256 Tests: 172 Failed: 1)
  Failed test:  171
  Non-zero exit status: 1
Files=1, Tests=172,  3 wallclock secs ( 0.11 usr  0.01 sys +  1.69 cusr  1.07 csys =  2.88 CPU)
Result: FAIL
make[1]: *** [Makefile:208: _tests] Error 1
make[1]: Leaving directory '/home/msp/src/openssl-1.1.1'
make: *** [Makefile:205: tests] Error 2

It looks like only bufsize bytes were decrypted:

~/src/openssl-1.1.1$ ls -l ./p ./p.zlib.clear 
-rw-r--r-- 1 msp msp 2159 11. Sep 15:43 ./p
-rw-r--r-- 1 msp msp  157 11. Sep 15:44 ./p.zlib.clear
@levitte

This comment has been minimized.

Copy link
Member

@levitte levitte commented Sep 11, 2019

That is quite weird

@mspncp

This comment has been minimized.

Copy link
Contributor

@mspncp mspncp commented Sep 11, 2019

git bisect yields

~/src/openssl-1.1.1$ git bisect bad
8be96f2 is the first bad commit
commit 8be96f2
Author: Richard Levitte levitte@openssl.org
Date: Thu Aug 22 13:34:16 2019 +0200

openssl dgst, openssl enc: check for end of input

The input reading loop in 'openssl dgst' and 'openssl enc' doesn't
check for end of input, and because of the way BIO works, it thereby
won't detect that the end is reached before the read is an error.
With the FILE BIO, an error occurs when trying to read past EOF, which
is fairly much ok, except when the command is used interactively, at
least on Unix.  The result in that case is that the user has to press
Ctrl-D twice for the command to terminate.

The issue is further complicated because both these commands use
filter BIOs on top of the FILE BIO, so a naïve attempt to check
BIO_eof() doesn't quite solve it, since that only checks the state of
the source/sink BIO, and the filter BIO may have some buffered data
that still needs to be read.  Fortunately, there's BIO_pending() that
checks exactly that, if any filter BIO has pending data that needs to
be processed.

We end up having to check both BIO_pending() and BIO_eof().

Thanks to Zsigmond Lőrinczy for the initial effort and inspiration.

Fixes #9355

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9668)

(cherry picked from commit 8ed7bbb411d2a9e0edef928958ad955e0be3d6dd)

:040000 040000 c41985ca56bdcd45f1338fcb44a63ef6c712daef a3bdb13b5d0dc9aed818b47dd216205e69d3e96b M apps

@mspncp

This comment has been minimized.

Copy link
Contributor

@mspncp mspncp commented Sep 11, 2019

Makes sense...

@mspncp

This comment has been minimized.

Copy link
Contributor

@mspncp mspncp commented Sep 11, 2019

I'm out for today. I'll leave the rest to you @levitte.

@levitte

This comment has been minimized.

Copy link
Member

@levitte levitte commented Sep 11, 2019

Yikes, BIO_f_zlib comes back to bite me. A quick look at it shows that it's missing certain critical controls...

@richsalz

This comment has been minimized.

Copy link
Contributor

@richsalz richsalz commented Sep 11, 2019

comes back to bite me.

I now have this very funny image of a BIO creature, looking like PacMan, chasing you around your office. :)

@levitte

This comment has been minimized.

Copy link
Member

@levitte levitte commented Sep 11, 2019

I now have this very funny image of a BIO creature, looking like PacMan, chasing you around your office. :)

That's pretty close to how it feels 😉

@mspncp

This comment has been minimized.

Copy link
Contributor

@mspncp mspncp commented Sep 12, 2019

Note: this issue was also reported on the openssl-users mailing list.

@levitte is it safe to assume that only the zlib BIO filter is affected? Or might there be other filters with similar deficiencies? (See my reply on openssl-users).

@mattcaswell

This comment has been minimized.

Copy link
Member

@mattcaswell mattcaswell commented Sep 12, 2019

I'd also like to understand why run-checker has not identified this issue.

@t8m

This comment has been minimized.

Copy link
Member

@t8m t8m commented Sep 12, 2019

We should have a target with zlib enabled in travis.

@levitte

This comment has been minimized.

Copy link
Member

@levitte levitte commented Sep 12, 2019

I'd also like to understand why run-checker has not identified this issue.

I wonder too...

@mattcaswell

This comment has been minimized.

Copy link
Member

@mattcaswell mattcaswell commented Sep 12, 2019

We should have a target with zlib enabled in travis.

I'm not so keen on that. zlib is actually quite an unusual option. With travis we want it to run on every PR/push to master. If we were to have travis testing of all our config options it would take way too long to run - and I don't think I would prioritise zlib as one of the most important options to test with travis.

Rather we should be testing it with run-checker (our cron job that runs through all of the config options in turn and tries out each one). run-checker should have caught this, so its important to understand why it didn't.

@levitte

This comment has been minimized.

Copy link
Member

@levitte levitte commented Sep 12, 2019

@levitte is it safe to assume that only the zlib BIO filter is affected?

[ahem] the zlib support was written a long time ago, and there were things I didn't know or understand at the time that I understand better now. zlib has been kind of a sore spot, frankly...

@mspncp

This comment has been minimized.

Copy link
Contributor

@mspncp mspncp commented Sep 12, 2019

Oh, I didn't intend to pinpoint any sins of your youth. ;) It's just because you mentioned some missing controls in the zlib BIO I was wondering whether there might be other filter BIOs which might need a check, too.

@levitte

This comment has been minimized.

Copy link
Member

@levitte levitte commented Sep 12, 2019

I have no idea. From what I understand, they should all support BIO_CTRL_PENDING and possibly BIO_CTRL_WPENDING, so if you find one lacking those, they are probably incomplete.

levitte added a commit to levitte/openssl that referenced this issue Sep 12, 2019
This filter was lacking support to check if there's any more pending
data, which may result in the last zlib block being lost.

Fixes openssl#9866
@levitte

This comment has been minimized.

Copy link
Member

@levitte levitte commented Sep 12, 2019

Fixing BIO_f_zlib() turned out to be quite easy, at least for this particular problem. PR coming up!

@levitte

This comment has been minimized.

Copy link
Member

@levitte levitte commented Sep 12, 2019

@levitte

This comment has been minimized.

Copy link
Member

@levitte levitte commented Sep 12, 2019

This issue also indicates that we need some kind of guides on writing BIOs...

@tomop-tg

This comment has been minimized.

Copy link

@tomop-tg tomop-tg commented Sep 12, 2019

This issue also occurred on my environment.
After applying the PR #9876, 20-test_enc.t passes now.

Thanks!

t8m added a commit to t8m/openssl that referenced this issue Sep 12, 2019
…lls.

There can be data to write in output buffer and data to read that were
not yet read in the input stream.

Fixes openssl#9866
@levitte levitte closed this in 6beb8b3 Sep 12, 2019
levitte pushed a commit that referenced this issue Sep 12, 2019
…lls.

There can be data to write in output buffer and data to read that were
not yet read in the input stream.

Fixes #9866

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from #9877)

(cherry picked from commit 6beb8b3)
@romen

This comment has been minimized.

Copy link
Member

@romen romen commented Sep 12, 2019

I'd also like to understand why run-checker has not identified this issue.

@mattcaswell
Should the no-ec2m issue in 1.1.0 also have been caught by run-checker?

@mattcaswell

This comment has been minimized.

Copy link
Member

@mattcaswell mattcaswell commented Sep 12, 2019

run-checker only runs against master - so if an issue only affects one of the branches then we wouldn't pick it up. We used to run it against some of the branches too, but IIRC, I think we had some problems because it takes so long to do a complete run through of all the options, so we stopped it.

clrpackages pushed a commit to clearlinux-pkgs/openssl that referenced this issue Sep 18, 2019
Version 1.1.1d includes fixes for CVE-2019-1547, CVE-2019-1549, and
CVE-2019-1563.

Also backport a patch fixing a regression in 1.1.1d. See here:
openssl/openssl#9866

Signed-off-by: California Sullivan <california.l.sullivan@intel.com>
@whataboutpereira

This comment has been minimized.

Copy link

@whataboutpereira whataboutpereira commented Sep 19, 2019

Facing the same error compiling 1.1.1d on CentOS 7. How should I go about fixing it? I don't suppose it's the best idea for me to download the master.

@mspncp

This comment has been minimized.

Copy link
Contributor

@mspncp mspncp commented Sep 19, 2019

Just use the most current version of the 1.1.1 stable branch. If you are not familiar with git, you can obtain a daily snapshot from https://www.openssl.org/source/snapshot.

@mattcaswell

This comment has been minimized.

Copy link
Member

@mattcaswell mattcaswell commented Sep 19, 2019

Facing the same error compiling 1.1.1d on CentOS 7. How should I go about fixing it? I don't suppose it's the best idea for me to download the master.

You have 3 options:

  • Ignore it. It's not a big deal so don't worry about it.
  • Apply the patch from #9877 manually
  • Use the latest 1.1.1 stable branch (OpenSSL_1_1_1-stable) from git as suggested by @mspncp
@mspncp

This comment has been minimized.

Copy link
Contributor

@mspncp mspncp commented Sep 19, 2019

This issue also occurred on my environment.
After applying the PR #9876, 20-test_enc.t passes now.

Thanks!

@tomop-tg please note that the fix #9876 was replaced by #9877, which has been merged to the 1.1.1 stable branch in the meantime.

@whataboutpereira

This comment has been minimized.

Copy link

@whataboutpereira whataboutpereira commented Sep 19, 2019

Thanks!

@xcodejoy

This comment has been minimized.

Copy link

@xcodejoy xcodejoy commented Dec 14, 2019

Hi guys! Please help me make out. How to apply this hotfix #9877 to https://www.openssl.org/source/openssl-1.1.1d.tar.gz I don't want to use stable branch because it don't build correct now: https://github.com/openssl/openssl/tree/OpenSSL_1_1_1-stable

@mspncp

This comment has been minimized.

Copy link
Contributor

@mspncp mspncp commented Dec 14, 2019

Hi @xcodejoy, what do you mean with: the OpenSSL 1.1.1 tree doesn't build? Do you get build errors or are you talking about the current CI failures on the 1.1.1 branch? If you are talking about the latter: it's the external pyca and krb5 tests which are failing and as far as I understand it, it's not an OpenSSL problem. See this thread on openssl-project.

@xcodejoy

This comment has been minimized.

Copy link

@xcodejoy xcodejoy commented Dec 15, 2019

@mspncp, Thanks for explaining.

@mspncp

This comment has been minimized.

Copy link
Contributor

@mspncp mspncp commented Dec 15, 2019

@xcodejoy FYI: I sent a reminder to the openssl-project thread.

kiyolee added a commit to kiyolee/openssl that referenced this issue Jan 18, 2020
…lls.

There can be data to write in output buffer and data to read that were
not yet read in the input stream.

Fixes openssl#9866

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from openssl#9877)

(cherry picked from commit 6beb8b3)
kiyolee added a commit to kiyolee/openssl that referenced this issue Jan 18, 2020
…lls.

There can be data to write in output buffer and data to read that were
not yet read in the input stream.

Fixes openssl#9866

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from openssl#9877)

(cherry picked from commit 6beb8b3)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
10 participants
You can’t perform that action at this time.