Comments (18)
Hi @Jan-E ,
All 119 tests run at the end but for me crypto-test.exe is skipped… (don’t know why)
START: crypto-test.exe
SKIP: crypto-test 1: basic password encryption/decryption test
SKIP: crypto-test 2: password checktext generation/validation
END: crypto-test.exe
ELAPSED: crypto-test.exe 0:00:00.047000
-
All deps (including openssl) are set in the path
-
I launch
win-tests.py --release –cleanup
-
Build conf are :
-
python gen-make.py --release -t vcproj --with-jdk=C:\jdk8\%ARCH% --with-serf=C:\httpd-sdk\install\include --with-sqlite=C:\httpd-sdk\src\sqlite-amalgamation --vsnet-version=2017 --with-openssl=C:\httpd-sdk\install --with-apr-util=C:\httpd-sdk\install --with-apr=C:\httpd-sdk\install --with-apr-iconv=C:\httpd-sdk\install --with-zlib=C:\httpd-sdk\install --with-apr_memcache=C:\httpd-sdk\install --with-httpd=C:\httpd-sdk\install
-
MSBuild.exe subversion_vcnet.sln /nowarn:C4702 /nowarn:LNK4087 /nowarn:C4703 /nowarn:C4132 /nowarn:C4389 /nowarn:C4244 /nowarn:C4245 /nowarn:C4267 /nowarn:C4018 /nowarn:C4334 /nowarn:C4189 /nowarn:C4312 /nowarn:C4090 /nowarn:C4152 /nowarn:C4146 /nologo /m:8 /t:Clean;__ALL__;__JAVAHL__;__ALL_TESTS__ /p:Configuration=Release /p:Platform=%archmsbuild% /p:DebugSymbols=true /p:DebugType=None
-
-
tests.zip detailled results
If you have any idea in what may be wrong in my test case, give me a feedback!
from win-svn.
What is in your apu.h (and/or apu.hw)? It should contain
#define APU_HAVE_CRYPTO 1
#ifndef APU_DSO_MODULE_BUILD
#define APU_HAVE_OPENSSL 1
#define APU_HAVE_NSS 0
#define APU_HAVE_COMMONCRYPTO 0
#endif
from win-svn.
It was:
#define APU_HAVE_CRYPTO 1
#ifndef APU_DSO_MODULE_BUILD
#define APU_HAVE_OPENSSL 1
#define APU_HAVE_NSS 0
#define APU_HAVE_COMMONCRYPTO 0
#endif
change APU_HAVE_CRYPTO
& APU_HAVE_OPENSSL
to 1, build & launch crypto-test.exe which now,effectively, never end ; blocked and looping on this stack (1 full core cpu fully loaded):
ntoskrnl.exe!KiCpuId+0xaa
ntoskrnl.exe!KeReleaseSpinLock+0x612
ntoskrnl.exe!KeWaitForMutexObject+0x1a3
ntoskrnl.exe!KeQueryActiveProcessorCountEx+0x218
ntoskrnl.exe!RtlNumberOfSetBitsUlongPtr+0x10cd
ntoskrnl.exe!KiCpuId+0x2553
libcrypto-1_1-x64.dll!CRYPTO_malloc+0x20
libcrypto-1_1-x64.dll!CRYPTO_THREAD_lock_new+0x3a
libcrypto-1_1-x64.dll!OPENSSL_init_crypto+0xb2
apr_crypto_openssl-1.dll+0x104d
libaprutil-1.dll!apr_crypto_get_driver+0x106
crypto-test.exe!svn_crypto__context_create+0x127
crypto-test.exe!test_encrypt_decrypt_password+0x96
crypto-test.exe!do_test_num+0x18a
crypto-test.exe!svn_test_main+0xb07
crypto-test.exe!__scrt_common_main_seh+0x10c
kernel32.dll!BaseThreadInitThunk+0xd
ntdll.dll!RtlUserThreadStart+0x1d
from win-svn.
will have a look on it but seems to be it looks like openssl/openssl#2865
from win-svn.
Good to know that you were able to reproduce it and that it wasn't caused by my setup.
from win-svn.
I've just pushed apr_crypto_openssl-1.dll
patched for bypassing this issue (see readme...)
Working for me for the 4 build type but @Jan-E could you try on your side and give me a feedback ?
Thanks!
from win-svn.
In the OpenSSL issue openssl/openssl#2865 was a link to http://www.luke1410.de:8090/browse/MAXSVN-83. Quote:
Issue 4
Trying to run the Serf tests eventually leads to an endless loop.The endless loop occurs in CRYPTO_malloc() where the "malloc_impl != CRYPTO_malloc"-check fails to detect that it's in the current function (presumably with OpenSSL being built in debug configuration this would trigger a stack overflow).
In particular malloc_impl is set to the statically linked CRYPTO_malloc function pointer, while CRYPTO_malloc points to the malloc function in the DLL.
With the support from xemdetia on the OpenSSL-IRC-channel, it was determined that Serf incorrectly issues SSL-calls prior to calling SSL_library_init() (which according to the OpenSSL-documentation must be called prior to any other OpenSSL-function - see: https://www.openssl.org/docs/man1.1.0/ssl/SSL_library_init.html ).
The attached patch resolves that flaw by moving the call to SSL_library_init() to before the other OpenSSL-calls.
Patch:
Index: buckets/ssl_buckets.c
===================================================================
--- buckets/ssl_buckets.c (revision 1778230)
+++ buckets/ssl_buckets.c (working copy)
@@ -1143,6 +1143,10 @@
int i, numlocks;
#endif
+ /* SSL_library_init() must be called prior to any other OpenSSL
+ action. */
+ SSL_library_init();
+
#ifdef SSL_VERBOSE
/* Warn when compile-time and run-time version of OpenSSL differ in
major/minor version number. */
@@ -1163,7 +1167,6 @@
#endif
ERR_load_crypto_strings();
SSL_load_error_strings();
- SSL_library_init();
OpenSSL_add_all_algorithms();
#if APR_HAS_THREADS && !defined(USE_OPENSSL_1_1_API)
Index: test/server/test_sslserver.c
===================================================================
--- test/server/test_sslserver.c (revision 1778230)
+++ test/server/test_sslserver.c (working copy)
@@ -228,6 +228,8 @@
/* Init OpenSSL globally */
if (!init_done)
{
+ /* SSL_library_init() must be called prior to any other OpenSSL action. */
+ SSL_library_init();
#ifdef USE_OPENSSL_1_1_API
OPENSSL_malloc_init();
#else
@@ -235,7 +237,6 @@
#endif
ERR_load_crypto_strings();
SSL_load_error_strings();
- SSL_library_init();
OpenSSL_add_all_algorithms();
init_done = 1;
}
Probably it is better to add a SSL_library_init();
before OPENSSL_malloc_init();
than to remove the malloc_init.
from win-svn.
The strange thing is that mod_ssl.c in Apache 2.4.x does it the other way around:
http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/mod_ssl.c?view=markup#l398
/* We must register the library in full, to ensure our configuration
* code can successfully test the SSL environment.
*/
#if MODSSL_USE_OPENSSL_PRE_1_1_API || defined(LIBRESSL_VERSION_NUMBER)
(void)CRYPTO_malloc_init();
#else
OPENSSL_malloc_init();
#endif
ERR_load_crypto_strings();
SSL_load_error_strings();
SSL_library_init();
#if HAVE_ENGINE_LOAD_BUILTIN_ENGINES
ENGINE_load_builtin_engines();
#endif
OpenSSL_add_all_algorithms();
OPENSSL_load_builtin_modules();
from win-svn.
Could you try this patch for https://svn.apache.org/viewvc/apr/apr-util/branches/1.6.x/crypto/apr_crypto_openssl.c?view=markup#l127
--- crypto/apr_crypto_openssl.c.orig 2017-10-08 13:32:30.000000000 +0200
+++ crypto/apr_crypto_openssl.c 2019-02-01 23:04:13.083613500 +0100
@@ -30,6 +30,7 @@
#if APU_HAVE_CRYPTO
+#include <openssl/ssl.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/engine.h>
@@ -133,6 +134,8 @@
#if APR_USE_OPENSSL_PRE_1_1_API
(void)CRYPTO_malloc_init();
#else
+ /* SSL_library_init() must be called prior to any other OpenSSL action. */
+ SSL_library_init();
OPENSSL_malloc_init();
#endif
ERR_load_crypto_strings();
My results now:
START: crypto-test.exe
PASS: crypto-test 1: basic password encryption/decryption test
PASS: crypto-test 2: password checktext generation/validation
END: crypto-test.exe
ELAPSED: crypto-test.exe 0:00:00.219000
from win-svn.
Log file of building 1.10.4 with VC14, OpenSSL 1.1.1a x86
buildvc14o111_x86.zip
Found apr 1.6.5
Found apr-util 1.6.1
Found apr_memcache 1.6.1
Found expat 2.2.6
Found httpd 2.4.38
Found mod_dav 2.4.38
Found openssl 1.1.1a
Found sasl 2.1.27
Found serf 1.3.9
Found sqlite 3.23.1
Found zlib 1.2.11
Using bundled lz4 1.7.5
Using bundled utf8proc 2.1.0
from win-svn.
Hi @Jan-E,
Thanks for your search!
I built apr_crypto_openssl with your patch and everything is working well so far!
I also put the patched dll in my httpd exec path to see what's going on...
Please test on your side - from my master branch - and if you didn't see regress, I'll update tag 1.11.1
from win-svn.
The server in this Apachelounge reply is running with the patched apr_crypto_openssl.dll:
https://www.apachelounge.com/viewtopic.php?p=37841#37841
Seems OK.
from win-svn.
1.11.1 tag updated
from win-svn.
The server in this Apachelounge reply is running with the patched apr_crypto_openssl.dll:
https://www.apachelounge.com/viewtopic.php?p=37841#37841
Seems OK.
@Jan-E so far so good ^^ https://www.ssllabs.com/ssltest/analyze.html?d=nono303.net
from win-svn.
I filed a bug report at https://bz.apache.org/bugzilla/show_bug.cgi?id=63139
from win-svn.
Just pushed on master apr_crypto_openssl patched with OPENSSL_init_ssl(0, NULL); instead of SSL_library_init();
my httpd & crypto_test run fine with...
@Jan-E if you can test in your side and give me a feedback
from win-svn.
openssl/openssl@ef45aa1
If I understand this commit correctly, it should work with the original, unpatched. apr_crypto_ssl (provided you build OpenSSL with the fix).
from win-svn.
Hi @Jan-E,
Just pushed on master (1c5d882) new build with patched openssl 1.1.1a & original apr_util 1.6.1.
Sounds good for me without any patched deps, according to this header fix ;)
from win-svn.
Related Issues (7)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from win-svn.