On Sat Nov 22 13:19:13 2014, [email protected] wrote: > Find this: > https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=987158 > http://openssl.6102.n7.nabble.com/AES-cbc-encrypt-amp-aesni-cbc- > encrypt-length-parameter-td52370.html > http://www.hardening-consulting.com/en/posts/20140512openssl-and- > valgrind.html > > 2014-11-22 15:09 GMT+03:00 Вячеслав Бадалян <[email protected]>: > > > We fix all leaks in asteris and libsrtp.... many calls have one leak > path > > > > ==44910== Use of uninitialised value of size 8 > > ==44910== at 0x4A08DEF: memcpy (mc_replace_strmem.c:882) > > ==44910== by 0x38E3EFD266: c2i_ASN1_INTEGER (string3.h:52) > > ==44910== by 0x38E3F08823: asn1_ex_c2i (tasn_dec.c:992) > > ==44910== by 0x38E3F0929A: asn1_d2i_ex_primitive (tasn_dec.c:907) > > ==44910== by 0x38E3F09A61: ASN1_item_ex_d2i (tasn_dec.c:233) > > ==44910== by 0x38E3F0A683: ASN1_item_d2i (tasn_dec.c:136) > > ==44910== by 0x38E424D421: d2i_SSL_SESSION (ssl_asn1.c:395) > > ==44910== by 0x38E4232324: tls_decrypt_ticket (t1_lib.c:2235) > > ==44910== by 0x38E423251B: tls1_process_ticket (t1_lib.c:2124) > > ==44910== by 0x38E42474DC: ssl_get_prev_session (ssl_sess.c:482) > > ==44910== by 0x38E421F94E: ssl3_get_client_hello (s3_srvr.c:1017) > > ==44910== by 0x38E42222FC: ssl3_accept (s3_srvr.c:357) > > ==44910== Uninitialised value was created by a stack allocation > > ==44910== at 0x38E3E90077: aesni_cbc_encrypt (aesni- > x86_64.s:2149)
This is a false positive. See the RT ticket linked to from the redhat link you sent above: https://rt.openssl.org/Ticket/Display.html?id=2862 You can configure with no-asm for the purposes of testing to get rid of this. With all the other leaks resolved are you still experiencing crashes? Matt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
