openssl: 3.0.0 Alpha13 Broken on NonStop x86

The following result occurs at commit 6bbff162f1. This is new compared with alpha12.

( SRCTOP=. \
  BLDTOP=. \
  PERL="perl" \
  FIPSKEY="f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813" \
  EXE_EXT= \
  perl ./test/run_tests.pl  )
01-test_abort.t .................... ok
01-test_fipsmodule_cnf.t ...........
version not found
VERIFY FAILED
00000000:error:0700006C:configuration file routines:NCONF_get_string:no value:/home/ituglib/randall/openssl-3.0/crypto/conf/conf_lib.c:282:group=fips_sect name=install-version
../../util/wrap.pl ../../apps/openssl fipsinstall -in ../../providers/fipsmodule.cnf -module ../../providers/fips.so -verify => 1
not ok 1 - fipsinstall verify

About this issue

Original URL
State: closed
Created 3 years ago
Comments: 89 (85 by maintainers)

Commits related to this issue

Force flush in BIO_free. CLA: Trivial Fixes: #14517 Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com> — committed to rsbeckerca/openssl by rsbeckerca 3 years ago

Most upvoted comments

Makes me wonder how s390x is doing.

Actually quite well

levitte on Mar 19, 2021

BTW, it’s quite possible that this diff fixes things:

diff --git a/providers/build.info b/providers/build.info
index 1fab34c28d..4296aa05a6 100644
--- a/providers/build.info
+++ b/providers/build.info
@@ -150,7 +150,7 @@ IF[{- !$disabled{fips} -}]
   DEPEND[|tests|]=fipsmodule.cnf
   GENERATE[fipsmodule.cnf]=../apps/openssl fipsinstall \
         -module providers/$(FIPSMODULENAME) -provider_name fips \
-        -mac_name HMAC -section_name fips_sect -out -
+        -mac_name HMAC -section_name fips_sect
   DEPEND[fipsmodule.cnf]=$FIPSGOAL
 ENDIF

levitte on Mar 18, 2021

I can’t push right now. It looks like the HEAD commit ee067bc is bad.

Here’s the patch to fix it:

diff --git a/providers/implementations/rands/seeding/rand_cpu_x86.c b/providers/implementations/rands/seeding/rand_cpu_x86.c
index 0bdf1c302f..39da74e293 100644
--- a/providers/implementations/rands/seeding/rand_cpu_x86.c
+++ b/providers/implementations/rands/seeding/rand_cpu_x86.c
@@ -35,7 +35,7 @@ static size_t get_hardware_random_value(unsigned char *buf, size_t len);
  * Returns the total entropy count, if it exceeds the requested
  * entropy count. Otherwise, returns an entropy count of 0.
  */
-size_t prov_acquire_entropy_from_cpu(RAND_POOL *pool)
+size_t ossl_prov_acquire_entropy_from_cpu(RAND_POOL *pool)
 {
     size_t bytes_needed;
     unsigned char *buffer;

I submitted it as #14609, and marked it urgent.

levitte on Mar 18, 2021

I think I’m missing something regarding the BIO infrastructure:

That’s the compiler complaining that the line isn’t looking at the returned value. It’s pretty easy to shut the compiler up, though:

    (void)BIO_flush(a);

levitte on Mar 18, 2021

I can’t push right now. It looks like the HEAD commit ee067bc066 is bad.

**** ERROR **** [1210]:
   providers/libnonfips.a(libnonfips-lib-rand_unix.o): In function
   `ossl_pool_acquire_entropy':
   libnonfips-lib-rand_unix.o(.text+0x6d): unresolved reference to
   ossl_prov_acquire_entropy_from_cpu.

This particular problem started this morning’s pull.

rsbeckerca on Mar 18, 2021

It was merged as part of a block, the end will compile okay.

paulidale on Mar 12, 2021