[gnutls-devel] GnuTLS | UB+ASAN: Fail tests if UB detected (!1136)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Thu Jan 2 14:03:08 CET 2020




Tim Rühsen commented on a discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/merge_requests/1136#note_266474413

> -  - make -j$(nproc) -C gl
> -  - make -j$(nproc) -C lib CFLAGS="-Werror -O2 -g -Wimplicit-fallthrough=2"
> -  - make -j$(nproc) -C libdane CFLAGS="-Werror -O2 -g -Wimplicit-fallthrough=2"
> -  - make -j$(nproc) -C src/gl
> -  - make -j$(nproc) -C src CFLAGS="-Werror -O2 -g -fsanitize=undefined -Wno-error=parentheses -Wno-error=unused-macros -Wimplicit-fallthrough=2 -Wno-duplicated-branches"
> +  - export UBSAN_OPTIONS=print_stacktrace=1:suppressions=$(pwd)/devel/ubsan.supp
> +  - export LSAN_OPTIONS=suppressions=$(pwd)/devel/lsan.supp
> +  - export CFLAGS="-std=c99 -O1 -g -Wno-cpp -Werror -fno-omit-frame-pointer -fsanitize=undefined,bool,alignment,null,enum,bounds-strict,address,leak,nonnull-attribute -fno-sanitize-recover=all -fsanitize-address-use-after-scope"
> +  - export CXXFLAGS="$CFLAGS"
> +  - dash ./configure --cache-file cache/config.cache --disable-guile --disable-doc --disable-hardware-acceleration
> +  - sed -i 's/-Werror/-Wno-parentheses -Werror/g' src/Makefile
>    - make -j$(nproc)
> -  - make check -j$(nproc)
> -  - CFLAGS="-std=c99 -fsanitize=undefined -fsanitize=bool -fsanitize=alignment -fsanitize=null -fsanitize=bounds-strict -fsanitize=enum -fno-sanitize-recover -g -O2" CXXFLAGS=$CFLAGS LDFLAGS="-static-libubsan" dash ./configure
> -   --cache-file cache/config.cache --disable-non-suiteb-curves --disable-guile --disable-doc --disable-full-test-suite --with-default-trust-store-pkcs11="pkcs11:"
> +  - sed -i 's/-Werror//g' fuzz/Makefile tests/Makefile tests/slow/Makefile

test/slow:
```
cipher-override.c: In function ‘myaes_setkey’:
cipher-override.c:62:3: warning: ‘nettle_aes_set_encrypt_key’ is deprecated [-Wdeprecated-declarations]
   62 |   aes_set_encrypt_key(&ctx->aes, keysize, userkey);
      |   ^~~~~~~~~~~~~~~~~~~
In file included from cipher-override.c:18:
/usr/include/nettle/aes.h:158:1: note: declared here
  158 | aes_set_encrypt_key(struct aes_ctx *ctx,
      | ^~~~~~~~~~~~~~~~~~~
cipher-override.c:64:3: warning: ‘nettle_aes_set_decrypt_key’ is deprecated [-Wdeprecated-declarations]
   64 |   aes_set_decrypt_key(&ctx->aes, keysize, userkey);
      |   ^~~~~~~~~~~~~~~~~~~
In file included from cipher-override.c:18:
/usr/include/nettle/aes.h:163:1: note: declared here
  163 | aes_set_decrypt_key(struct aes_ctx *ctx,
      | ^~~~~~~~~~~~~~~~~~~
cipher-override.c: In function ‘myaes_encrypt’:
cipher-override.c:84:2: warning: ‘nettle_aes_encrypt’ is deprecated [-Wdeprecated-declarations]
   84 |  cbc_encrypt(&ctx->aes, (nettle_cipher_func*)aes_encrypt, 16, ctx->iv, src_size, dst, src);
      |  ^~~~~~~~~~~
In file included from cipher-override.c:18:
/usr/include/nettle/aes.h:173:1: note: declared here
  173 | aes_encrypt(const struct aes_ctx *ctx,
      | ^~~~~~~~~~~
cipher-override.c: In function ‘myaes_decrypt’:
cipher-override.c:95:2: warning: ‘nettle_aes_decrypt’ is deprecated [-Wdeprecated-declarations]
   95 |  cbc_decrypt(&ctx->aes, (nettle_cipher_func*)aes_decrypt, 16, ctx->iv, src_size, dst, src);
      |  ^~~~~~~~~~~
In file included from cipher-override.c:18:
/usr/include/nettle/aes.h:177:1: note: declared here
  177 | aes_decrypt(const struct aes_ctx *ctx,
      | ^~~~~~~~~~~
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1136#note_266474413
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200102/1e791af0/attachment-0001.html>


More information about the Gnutls-devel mailing list