openssl: OpenSSL 3.0.6 Fails in Rand code on NonStop ia64 (big endian)
The 3.0.6 release has an issue as follows:
05-test_pbe.t ...................... ok
# ERROR: (bool) 'EVP_RAND_generate(z, buf2, sizeof(buf2), 0, 1, NULL, 0) == true' failed @ /home/jenkins/.jenkins/workspace/OpenSSL-3.0_Pipeline/test/drbgtest.c:869
# false
# 00000000:error:1C8000BD:Provider routines:ossl_prov_drbg_reseed:error retrieving entropy:/home/jenkins/.jenkins/workspace/OpenSSL-3.0_Pipeline/providers/implementations/rands/drbg.c:584:
# 00000000:error:1C8000C5:Provider routines:ossl_prov_drbg_generate:reseed error:/home/jenkins/.jenkins/workspace/OpenSSL-3.0_Pipeline/providers/implementations/rands/drbg.c:676:
# 00000000:error:1C8000BF:Provider routines:ossl_drbg_get_seed:generate error:/home/jenkins/.jenkins/workspace/OpenSSL-3.0_Pipeline/providers/implementations/rands/drbg.c:180:
# 00000000:error:1C8000BD:Provider routines:ossl_prov_drbg_reseed:error retrieving entropy:/home/jenkins/.jenkins/workspace/OpenSSL-3.0_Pipeline/providers/implementations/rands/drbg.c:584:
# 00000000:error:1C8000C5:Provider routines:ossl_prov_drbg_generate:reseed error:/home/jenkins/.jenkins/workspace/OpenSSL-3.0_Pipeline/providers/implementations/rands/drbg.c:676:
# 00000000:error:1C8000BF:Provider routines:ossl_drbg_get_seed:generate error:/home/jenkins/.jenkins/workspace/OpenSSL-3.0_Pipeline/providers/implementations/rands/drbg.c:180:
# 00000000:error:1C8000BD:Provider routines:ossl_prov_drbg_reseed:error retrieving entropy:/home/jenkins/.jenkins/workspace/OpenSSL-3.0_Pipeline/providers/implementations/rands/drbg.c:584:
# 00000000:error:1C8000C5:Provider routines:ossl_prov_drbg_generate:reseed error:/home/jenkins/.jenkins/workspace/OpenSSL-3.0_Pipeline/providers/implementations/rands/drbg.c:676:
# 00000000:error:030000D6:digital envelope routines:evp_rand_generate_locked:generate error:/home/jenkins/.jenkins/workspace/OpenSSL-3.0_Pipeline/crypto/evp/evp_rand.c:560:
# OPENSSL_TEST_RAND_ORDER=1665521042
not ok 3 - test_rand_prediction_resistance
The Configuration is:
Command line (with current working directory = .):
perl ./Configure nonstop-nse_64 --prefix=/usr/local-ssl3.0 --openssldir=/usr/local-ssl3.0/ssl no-fips --with-rand-seed=egd
Perl information:
perl
5.26.3 for NSE-W-nonstop_kernel
Enabled features:
aria
async
autoalginit
autoerrinit
autoload-config
bf
blake2
bulk
cached-fetch
camellia
capieng
cast
chacha
cmac
cmp
cms
comp
ct
deprecated
des
dgram
dh
dsa
dso
dtls
dynamic-engine
ec
ec2m
ecdh
ecdsa
egd
engine
err
filenames
gost
idea
legacy
loadereng
makedepend
md4
mdc2
module
multiblock
nextprotoneg
ocb
ocsp
padlockeng
pic
pinshared
poly1305
posix-io
psk
rc2
rc4
rdrand
rfc3779
rmd160
scrypt
secure-memory
seed
shared
siphash
siv
sm2
sm3
sm4
sock
srp
srtp
sse2
ssl
ssl-trace
static-engine
stdio
tests
tls
ts
ui-console
whirlpool
tls1
tls1-method
tls1_1
tls1_1-method
tls1_2
tls1_2-method
tls1_3
dtls1
dtls1-method
dtls1_2
dtls1_2-method
Disabled features:
acvp-tests [cascade] OPENSSL_NO_ACVP_TESTS
afalgeng [not-linux] OPENSSL_NO_AFALGENG
asan [default] OPENSSL_NO_ASAN
asm [no asm_arch] OPENSSL_NO_ASM
buildtest-c++ [default]
crypto-mdebug [default] OPENSSL_NO_CRYPTO_MDEBUG
devcryptoeng [default] OPENSSL_NO_DEVCRYPTOENG
ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128
external-tests [default] OPENSSL_NO_EXTERNAL_TESTS
fips [option]
fips-securitychecks [cascade] OPENSSL_NO_FIPS_SECURITYCHECKS
fuzz-afl [default] OPENSSL_NO_FUZZ_AFL
fuzz-libfuzzer [default] OPENSSL_NO_FUZZ_LIBFUZZER
ktls [default] OPENSSL_NO_KTLS
md2 [default] OPENSSL_NO_MD2 (skip crypto/md2)
msan [default] OPENSSL_NO_MSAN
rc5 [default] OPENSSL_NO_RC5 (skip crypto/rc5)
sctp [default] OPENSSL_NO_SCTP
threads [config]
trace [default] OPENSSL_NO_TRACE
ubsan [default] OPENSSL_NO_UBSAN
unit-test [default] OPENSSL_NO_UNIT_TEST
uplink [no uplink_arch] OPENSSL_NO_UPLINK
weak-ssl-ciphers [default] OPENSSL_NO_WEAK_SSL_CIPHERS
zlib [default]
zlib-dynamic [default]
ssl3 [default] OPENSSL_NO_SSL3
ssl3-method [default] OPENSSL_NO_SSL3_METHOD
Config target attributes:
AR => "ar",
ARFLAGS => "qc",
CC => "c99",
HASHBANGPERL => "/usr/bin/env perl",
RANLIB => "ranlib",
RC => "windres",
bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR",
build_file => "Makefile",
build_scheme => [ "unified", "unix" ],
cflags => "-g -O2 -Wextensions -Wnowarn=203,220,272,734,770,1506 -Wbuild_neutral_library -Wverbose -Wtarget=tns/e -Wsystype=oss -Wlp64 -WIEEE_float",
cppflags => "",
defines => [ "OPENSSL_BUILDING_OPENSSL", "OPENSSL_VPROC=\$(OPENSSL_VPROC)", "_XOPEN_SOURCE", "_XOPEN_SOURCE_EXTENDED=1", "_TANDEM_SOURCE", "B_ENDIAN", "_TANDEM_ARCH=2" ],
disable => [ "threads" ],
dso_scheme => "DLFCN",
enable => [ "egd" ],
ex_libs => "-lrld",
includes => [ ],
lflags => "-Weld=\"-set systype oss\" -Weld=\"-set floattype ieee_float\"",
lib_cflags => "",
lib_cppflags => "",
lib_defines => [ ],
module_cflags => "",
module_cxxflags => undef,
module_ldflags => "-Wshared",
multilib => "64",
perl => "/usr/bin/perl",
perl_platform => "Unix",
shared_argfileflag => "-Weld_obey=",
shared_cflag => "",
shared_defflag => "-Weld_obey=",
shared_defines => [ ],
shared_extension => ".so",
shared_ldflag => "-Wshared",
shared_rcflag => "",
shared_target => "nonstop-shared",
sys_id => "TANDEM",
thread_defines => [ ],
thread_scheme => "(unknown)",
unistd => "<unistd.h>",
Recorded environment:
AR =
ARFLAGS =
AS =
ASFLAGS =
BUILDFILE =
CC =
CFLAGS =
CPP =
CPPDEFINES =
CPPFLAGS =
CPPINCLUDES =
CROSS_COMPILE =
CXX =
CXXFLAGS =
HASHBANGPERL =
LD =
LDFLAGS =
LDLIBS =
MT =
MTFLAGS =
OPENSSL_LOCAL_CONFIG_DIR =
PERL =
RANLIB =
RC =
RCFLAGS =
RM =
WINDRES =
__CNF_CFLAGS =
__CNF_CPPDEFINES =
__CNF_CPPFLAGS =
__CNF_CPPINCLUDES =
__CNF_CXXFLAGS =
__CNF_LDFLAGS =
__CNF_LDLIBS =
Makevars:
AR = ar
ARFLAGS = qc
CC = c99
CFLAGS =
CPPDEFINES =
CPPFLAGS =
CPPINCLUDES =
CXXFLAGS =
HASHBANGPERL = /usr/bin/env perl
LDFLAGS =
LDLIBS =
PERL = perl
RANLIB = ranlib
RC = windres
RCFLAGS =
NOTE: These variables only represent the configuration view. The build file
template may have processed these variables further, please have a look at the
build file for more exact data:
Makefile
build file:
Makefile
build file templates:
Configurations/common0.tmpl
Configurations/unix-Makefile.tmpl
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Comments: 38 (38 by maintainers)
Commits related to this issue
- test: don't check for FIPS provider if it isn't being built Fixes #19396 — committed to paulidale/openssl by paulidale 2 years ago
- Workaround egd rand source deficiencies With egd as the rand source the reseed after fork confuses the egd. Also the prediction resistance test does not work with egd on NonStop. Fixes #19396 — committed to t8m/openssl by t8m 2 years ago
- Workaround egd rand source deficiencies With egd as the rand source the reseed after fork confuses the egd. Fixes #19396 — committed to t8m/openssl by t8m 2 years ago
- Workaround egd rand source deficiencies With egd as the rand source the reseed after fork confuses the egd. Fixes #19396 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@o... — committed to openssl/openssl by t8m 2 years ago
- Workaround egd rand source deficiencies With egd as the rand source the reseed after fork confuses the egd. Fixes #19396 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@o... — committed to beldmit/openssl by t8m 2 years ago
@t8m All selected tests now PASS on non-FIPS ia64 build (and continue to on the FIPS x86 build). Thank you.
Well, I do not think there is any real regression, it’s just that the newly enabled test (by removing the
#ifdef FIPS_MODULE) fails. It would fail in earlier releases too.So maybe the right (at least temporary) fix is to disable the new test if egd is enabled.
I will. It may take a day or two - $DAYJOB issues.
Nice detective work @rsbeckerca! Good that it is a test-only change so no regression in the library.
Just an update - yes, it is taking time. The above commit, after 2 bisects, is on the good side. Still in progress.
3.0.6. I am testing 1.1.1r separately - The port-related changes for 1.1.1 are not in the main OpenSSL code base. Basically 3.0.6 on x86 works fine with the hardware randomizer. On ia64, we are stuck with PRNGD, and that appears to be where the breakage is.