[openssl] master update

Dr. Paul Dale pauli at openssl.org
Fri Jul 23 08:01:30 UTC 2021 

The branch master has been updated
       via  e6f0c8d3a78671065a80e89df4c8c070a5b4e518 (commit)
      from  74b7f339aa58af57c0e71b7efca66e6f2db5ae2e (commit)


- Log -----------------------------------------------------------------
commit e6f0c8d3a78671065a80e89df4c8c070a5b4e518
Author: Pauli <pauli at openssl.org>
Date:   Thu Jul 22 10:56:29 2021 +1000

    ci: reinstate the passwd tests for the no-cached-fetch run.
    
    By selectively skipping the high round test cases, the out of memory problem
    can be avoided.
    
    partially fixes #16127
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16132)

-----------------------------------------------------------------------

Summary of changes:
 .github/workflows/ci.yml      |  2 +-
 test/recipes/20-test_passwd.t | 40 +++++++++++++++++++++++++++-------------
 2 files changed, 28 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index a3a93b6602..4f9bfbfb8a 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -123,7 +123,7 @@ jobs:
     - name: make
       run: make -s -j4
     - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0 TESTS="-test_fuzz* -test_ssl_* -test_sslapi -test_passwd -test_evp -test_cmp_http -test_verify -test_cms -test_store -test_enc -[01][0-9]"
+      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0 TESTS="-test_fuzz* -test_ssl_* -test_sslapi -test_evp -test_cmp_http -test_verify -test_cms -test_store -test_enc -[01][0-9]"
 
   address_ub_sanitizer:
     runs-on: ubuntu-latest
diff --git a/test/recipes/20-test_passwd.t b/test/recipes/20-test_passwd.t
index 9707ecc3f2..69920773a4 100644
--- a/test/recipes/20-test_passwd.t
+++ b/test/recipes/20-test_passwd.t
@@ -34,14 +34,6 @@ my @sha_tests =
        salt => 'rounds=1400$anotherlongsaltstring',
        key => 'a very much longer text to encrypt.  This one even stretches over morethan one line.',
        expected => '$5$rounds=1400$anotherlongsalts$Rx.j8H.h8HjEDGomFU8bDkXm3XIUnzyxf12oP84Bnq1' },
-     { type => '5',
-       salt => 'rounds=77777$short',
-       key => 'we have a short salt string but not a short password',
-       expected => '$5$rounds=77777$short$JiO1O3ZpDAxGJeaDIuqCoEFysAe1mZNJRs3pw0KQRd/' },
-     { type => '5',
-       salt => 'rounds=123456$asaltof16chars..',
-       key => 'a short string',
-       expected => '$5$rounds=123456$asaltof16chars..$gP3VQ/6X7UUEW3HkBn2w1/Ptq2jxPyzV/cZKmF/wJvD' },
      { type => '5',
        salt => 'rounds=10$roundstoolow',
        key => 'the minimum number is still observed',
@@ -62,6 +54,22 @@ my @sha_tests =
        salt => 'rounds=1400$anotherlongsaltstring',
        key => 'a very much longer text to encrypt.  This one even stretches over morethan one line.',
        expected => '$6$rounds=1400$anotherlongsalts$POfYwTEok97VWcjxIiSOjiykti.o/pQs.wPvMxQ6Fm7I6IoYN3CmLs66x9t0oSwbtEW7o7UmJEiDwGqd8p4ur1' },
+     { type => '6',
+       salt => 'rounds=10$roundstoolow',
+       key => 'the minimum number is still observed',
+       expected => '$6$rounds=1000$roundstoolow$kUMsbe306n21p9R.FRkW3IGn.S9NPN0x50YhH1xhLsPuWGsUSklZt58jaTfF4ZEQpyUNGc0dqbpBYYBaHHrsX.' }
+    );
+# From the same source as above, these tests use a number of rounds > 10000.  They are separated because this can
+# cause out of memory problems in the address sanitizer in the no-cache-fetch build.
+my @sha_high_rounds_tests =
+    ({ type => '5',
+       salt => 'rounds=77777$short',
+       key => 'we have a short salt string but not a short password',
+       expected => '$5$rounds=77777$short$JiO1O3ZpDAxGJeaDIuqCoEFysAe1mZNJRs3pw0KQRd/' },
+     { type => '5',
+       salt => 'rounds=123456$asaltof16chars..',
+       key => 'a short string',
+       expected => '$5$rounds=123456$asaltof16chars..$gP3VQ/6X7UUEW3HkBn2w1/Ptq2jxPyzV/cZKmF/wJvD' },
      { type => '6',
        salt => 'rounds=77777$short',
        key => 'we have a short salt string but not a short password',
@@ -70,13 +78,9 @@ my @sha_tests =
        salt => 'rounds=123456$asaltof16chars..',
        key => 'a short string',
        expected => '$6$rounds=123456$asaltof16chars..$BtCwjqMJGx5hrJhZywWvt0RLE8uZ4oPwcelCjmw2kSYu.Ec6ycULevoBK25fs2xXgMNrCzIMVcgEJAstJeonj1' },
-     { type => '6',
-       salt => 'rounds=10$roundstoolow',
-       key => 'the minimum number is still observed',
-       expected => '$6$rounds=1000$roundstoolow$kUMsbe306n21p9R.FRkW3IGn.S9NPN0x50YhH1xhLsPuWGsUSklZt58jaTfF4ZEQpyUNGc0dqbpBYYBaHHrsX.' }
     );
 
-plan tests => 9 + scalar @sha_tests;
+plan tests => 9 + scalar @sha_tests + scalar @sha_high_rounds_tests;
 
 
 ok(compare1stline_re([qw{openssl passwd -1 password}], '^\$1\$.{8}\$.{22}\R$'),
@@ -105,6 +109,16 @@ foreach (@sha_tests) {
        { 5 => 'SHA256', 6 => 'SHA512' }->{$_->{type}} . ' password with salt ' . $_->{salt});
 }
 
+SKIP: {
+    skip "Skipping high rounds tests in non caching builds", scalar @sha_high_rounds_tests
+        if disabled("cached-fetch");
+
+    foreach (@sha_high_rounds_tests) {
+        ok(compare1stline([qw{openssl passwd}, '-'.$_->{type}, '-salt', $_->{salt},
+                           $_->{key}], $_->{expected}),
+           { 5 => 'SHA256', 6 => 'SHA512' }->{$_->{type}} . ' password with salt ' . $_->{salt});
+    }
+}
 
 sub compare1stline_re {
     my ($cmdarray, $regexp) = @_;

More information about the openssl-commits mailing list