[openssl] master update

Dr. Paul Dale pauli at openssl.org
Thu Jul 1 03:20:15 UTC 2021 

The branch master has been updated
       via  a5a4dac988c536bb021c4145ebba88e1507834f8 (commit)
       via  514b76917c36836ae4243392e71785f01d8233c9 (commit)
      from  d720e60357c0a477ff547edac539d15b0a9e320e (commit)


- Log -----------------------------------------------------------------
commit a5a4dac988c536bb021c4145ebba88e1507834f8
Author: Pauli <pauli at openssl.org>
Date:   Wed Jun 30 09:25:40 2021 +1000

    ci: add a memory sanitiser test run
    
    This omission noted in #15950
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15952)

commit 514b76917c36836ae4243392e71785f01d8233c9
Author: Pauli <pauli at openssl.org>
Date:   Wed Jun 30 10:21:17 2021 +1000

    afalg: add some memory initialisation calls to pacify memory sanitisation.
    
    The engine is modifying memory without the sanitiser realising.  By pre-
    initialising this memory, the sanitiser now thinks that read accesses are okay.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15952)

-----------------------------------------------------------------------

Summary of changes:
 .github/workflows/ci.yml | 14 +++++++++++++-
 engines/e_afalg.c        |  9 +++++++++
 test/afalgtest.c         | 50 ++++++++++++++++++++++++++++++------------------
 3 files changed, 53 insertions(+), 20 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index a34ab933c0..5ff0750681 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -125,7 +125,7 @@ jobs:
     - name: make test
       run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0 TESTS="-test_fuzz* -test_ssl_* -test_evp -test_cmp_http -test_verify -test_cms -test_store -test_enc -[01][0-9]"
 
-  sanitizers:
+  address_ub_sanitizer:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout at v2
@@ -136,6 +136,18 @@ jobs:
     - name: make test
       run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0
 
+  memory_sanitizer:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout at v2
+    - name: config
+      # --debug -O1 is to produce a debug build that runs in a reasonable amount of time
+      run: CC=clang ./config --banner=Configured --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump
+    - name: make
+      run: make -s -j4
+    - name: make test
+      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0
+
   threads_sanitizer:
     runs-on: ubuntu-latest
     steps:
diff --git a/engines/e_afalg.c b/engines/e_afalg.c
index f36665acf6..d8d3ef610c 100644
--- a/engines/e_afalg.c
+++ b/engines/e_afalg.c
@@ -324,6 +324,15 @@ static int afalg_fin_cipher_aio(afalg_aio *aio, int sfd, unsigned char *buf,
         }
         if (eval > 0) {
 
+#ifdef OSSL_SANITIZE_MEMORY
+            /*
+             * In a memory sanitiser build, the changes to memory made by the
+             * system call aren't reliably detected.  By initialising the
+             * memory here, the sanitiser is told that they are okay.
+             */
+            memset(events, 0, sizeof(events));
+#endif
+
             /* Get results of AIO read */
             r = io_getevents(aio->aio_ctx, 1, MAX_INFLIGHTS,
                              events, &timeout);
diff --git a/test/afalgtest.c b/test/afalgtest.c
index 6e6bbd5530..1177ceaf8e 100644
--- a/test/afalgtest.c
+++ b/test/afalgtest.c
@@ -48,27 +48,39 @@ static int test_afalg_aes_cbc(int keysize_idx)
 {
     EVP_CIPHER_CTX *ctx;
     const EVP_CIPHER *cipher;
-    unsigned char key[] = "\x06\xa9\x21\x40\x36\xb8\xa1\x5b"
-                          "\x51\x2e\x03\xd5\x34\x12\x00\x06"
-                          "\x06\xa9\x21\x40\x36\xb8\xa1\x5b"
-                          "\x51\x2e\x03\xd5\x34\x12\x00\x06";
-    unsigned char iv[] = "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30"
-                         "\xb4\x22\xda\x80\x2c\x9f\xac\x41";
-    /* input = "Single block msg\n"  17Bytes*/
-    unsigned char in[BUFFER_SIZE] = "\x53\x69\x6e\x67\x6c\x65\x20\x62"
-                                    "\x6c\x6f\x63\x6b\x20\x6d\x73\x67\x0a";
     unsigned char ebuf[BUFFER_SIZE + 32];
     unsigned char dbuf[BUFFER_SIZE + 32];
-    unsigned char encresult_128[] = "\xe3\x53\x77\x9c\x10\x79\xae\xb8"
-                                    "\x27\x08\x94\x2d\xbe\x77\x18\x1a\x2d";
-    unsigned char encresult_192[] = "\xf7\xe4\x26\xd1\xd5\x4f\x8f\x39"
-                                    "\xb1\x9e\xe0\xdf\x61\xb9\xc2\x55\xeb";
-    unsigned char encresult_256[] = "\xa0\x76\x85\xfd\xc1\x65\x71\x9d"
-                                    "\xc7\xe9\x13\x6e\xae\x55\x49\xb4\x13";
-    unsigned char *enc_result = NULL;
-
+    const unsigned char *enc_result = NULL;
     int encl, encf, decl, decf;
     int ret = 0;
+    static const unsigned char key[] =
+        "\x06\xa9\x21\x40\x36\xb8\xa1\x5b\x51\x2e\x03\xd5\x34\x12\x00\x06"
+        "\x06\xa9\x21\x40\x36\xb8\xa1\x5b\x51\x2e\x03\xd5\x34\x12\x00\x06";
+    static const unsigned char iv[] =
+        "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30\xb4\x22\xda\x80\x2c\x9f\xac\x41";
+    /* input = "Single block msg\n" 17 Bytes*/
+    static const unsigned char in[BUFFER_SIZE] =
+        "\x53\x69\x6e\x67\x6c\x65\x20\x62\x6c\x6f\x63\x6b\x20\x6d\x73\x67"
+        "\x0a";
+    static const unsigned char encresult_128[BUFFER_SIZE] =
+        "\xe3\x53\x77\x9c\x10\x79\xae\xb8\x27\x08\x94\x2d\xbe\x77\x18\x1a"
+        "\x2d";
+    static const unsigned char encresult_192[BUFFER_SIZE] =
+        "\xf7\xe4\x26\xd1\xd5\x4f\x8f\x39\xb1\x9e\xe0\xdf\x61\xb9\xc2\x55"
+        "\xeb";
+    static const unsigned char encresult_256[BUFFER_SIZE] =
+        "\xa0\x76\x85\xfd\xc1\x65\x71\x9d\xc7\xe9\x13\x6e\xae\x55\x49\xb4"
+        "\x13";
+
+#ifdef OSSL_SANITIZE_MEMORY
+    /*
+     * Initialise the encryption & decryption buffers to pacify the memory
+     * sanitiser.  The sanitiser doesn't know that this memory is modified
+     * by the engine, this tells it that all is good.
+     */
+    OPENSSL_cleanse(ebuf, sizeof(ebuf));
+    OPENSSL_cleanse(dbuf, sizeof(dbuf));
+#endif
 
     switch (keysize_idx) {
         case 0:
@@ -91,7 +103,7 @@ static int test_afalg_aes_cbc(int keysize_idx)
 
     if (!TEST_true(EVP_CipherInit_ex(ctx, cipher, e, key, iv, 1))
             || !TEST_true(EVP_CipherUpdate(ctx, ebuf, &encl, in, BUFFER_SIZE))
-            || !TEST_true(EVP_CipherFinal_ex(ctx, ebuf+encl, &encf)))
+            || !TEST_true(EVP_CipherFinal_ex(ctx, ebuf + encl, &encf)))
         goto end;
     encl += encf;
 
@@ -101,7 +113,7 @@ static int test_afalg_aes_cbc(int keysize_idx)
     if (!TEST_true(EVP_CIPHER_CTX_reset(ctx))
             || !TEST_true(EVP_CipherInit_ex(ctx, cipher, e, key, iv, 0))
             || !TEST_true(EVP_CipherUpdate(ctx, dbuf, &decl, ebuf, encl))
-            || !TEST_true(EVP_CipherFinal_ex(ctx, dbuf+decl, &decf)))
+            || !TEST_true(EVP_CipherFinal_ex(ctx, dbuf + decl, &decf)))
         goto end;
     decl += decf;

More information about the openssl-commits mailing list