[gnutls-devel] GnuTLS | UB+ASAN: Fail tests if UB detected (!1136)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Thu Jan 2 14:03:08 CET 2020
Tim Rühsen commented on a discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/merge_requests/1136#note_266474413
> - - make -j$(nproc) -C gl
> - - make -j$(nproc) -C lib CFLAGS="-Werror -O2 -g -Wimplicit-fallthrough=2"
> - - make -j$(nproc) -C libdane CFLAGS="-Werror -O2 -g -Wimplicit-fallthrough=2"
> - - make -j$(nproc) -C src/gl
> - - make -j$(nproc) -C src CFLAGS="-Werror -O2 -g -fsanitize=undefined -Wno-error=parentheses -Wno-error=unused-macros -Wimplicit-fallthrough=2 -Wno-duplicated-branches"
> + - export UBSAN_OPTIONS=print_stacktrace=1:suppressions=$(pwd)/devel/ubsan.supp
> + - export LSAN_OPTIONS=suppressions=$(pwd)/devel/lsan.supp
> + - export CFLAGS="-std=c99 -O1 -g -Wno-cpp -Werror -fno-omit-frame-pointer -fsanitize=undefined,bool,alignment,null,enum,bounds-strict,address,leak,nonnull-attribute -fno-sanitize-recover=all -fsanitize-address-use-after-scope"
> + - export CXXFLAGS="$CFLAGS"
> + - dash ./configure --cache-file cache/config.cache --disable-guile --disable-doc --disable-hardware-acceleration
> + - sed -i 's/-Werror/-Wno-parentheses -Werror/g' src/Makefile
> - make -j$(nproc)
> - - make check -j$(nproc)
> - - CFLAGS="-std=c99 -fsanitize=undefined -fsanitize=bool -fsanitize=alignment -fsanitize=null -fsanitize=bounds-strict -fsanitize=enum -fno-sanitize-recover -g -O2" CXXFLAGS=$CFLAGS LDFLAGS="-static-libubsan" dash ./configure
> - --cache-file cache/config.cache --disable-non-suiteb-curves --disable-guile --disable-doc --disable-full-test-suite --with-default-trust-store-pkcs11="pkcs11:"
> + - sed -i 's/-Werror//g' fuzz/Makefile tests/Makefile tests/slow/Makefile
test/slow:
```
cipher-override.c: In function ‘myaes_setkey’:
cipher-override.c:62:3: warning: ‘nettle_aes_set_encrypt_key’ is deprecated [-Wdeprecated-declarations]
62 | aes_set_encrypt_key(&ctx->aes, keysize, userkey);
| ^~~~~~~~~~~~~~~~~~~
In file included from cipher-override.c:18:
/usr/include/nettle/aes.h:158:1: note: declared here
158 | aes_set_encrypt_key(struct aes_ctx *ctx,
| ^~~~~~~~~~~~~~~~~~~
cipher-override.c:64:3: warning: ‘nettle_aes_set_decrypt_key’ is deprecated [-Wdeprecated-declarations]
64 | aes_set_decrypt_key(&ctx->aes, keysize, userkey);
| ^~~~~~~~~~~~~~~~~~~
In file included from cipher-override.c:18:
/usr/include/nettle/aes.h:163:1: note: declared here
163 | aes_set_decrypt_key(struct aes_ctx *ctx,
| ^~~~~~~~~~~~~~~~~~~
cipher-override.c: In function ‘myaes_encrypt’:
cipher-override.c:84:2: warning: ‘nettle_aes_encrypt’ is deprecated [-Wdeprecated-declarations]
84 | cbc_encrypt(&ctx->aes, (nettle_cipher_func*)aes_encrypt, 16, ctx->iv, src_size, dst, src);
| ^~~~~~~~~~~
In file included from cipher-override.c:18:
/usr/include/nettle/aes.h:173:1: note: declared here
173 | aes_encrypt(const struct aes_ctx *ctx,
| ^~~~~~~~~~~
cipher-override.c: In function ‘myaes_decrypt’:
cipher-override.c:95:2: warning: ‘nettle_aes_decrypt’ is deprecated [-Wdeprecated-declarations]
95 | cbc_decrypt(&ctx->aes, (nettle_cipher_func*)aes_decrypt, 16, ctx->iv, src_size, dst, src);
| ^~~~~~~~~~~
In file included from cipher-override.c:18:
/usr/include/nettle/aes.h:177:1: note: declared here
177 | aes_decrypt(const struct aes_ctx *ctx,
| ^~~~~~~~~~~
```
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1136#note_266474413
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200102/1e791af0/attachment-0001.html>
More information about the Gnutls-devel
mailing list