Re: [openssl-dev] [openssl.org #2293] OpenSSL dependence on external threading functions is a critical design flaw
On 09/03/2014 11:50 PM, Rich Salz via RT wrote: We're going to try to clean up the threads situation post-1.0.2, but closing this particular ticket. Can you at least change the FAQ to make sure that OpenSSL is *not* thread safe by default? Currently, it claims the opposite. The error reporting library critically depends on working locking functions. You get strange results if you believe the FAQ that OpenSSL is thread-safe, even if you do not use any objects across threads. -- Florian Weimer / Red Hat Product Security ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] three-arg open() call
If you are using OpenSSL on a supported platform that does not support the three-argument call to open(), please let me know. Thanks. /r$ ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] Seg fault during make test
Is anyone seeing a segmentation fault during the test_verify phase of make test on 32-bit systems? I haven't done a full triage yet. But it appears to have been introduced by 5b38d54753acdabbf6b1d5e15d38ee81fb0612a2. The problem no longer occurs when backing out this commit. This could be a faulty commit since the sizeof invocations in this commit would return different values for 32/64 bit systems. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] openssl-1.0.2-stable-SNAP-20150504 error
This also occured in openssl-1.0.2-stable-SNAP-20150503 Script started on Mon May 4 07:06:41 2015 ns2.nl2k.ab.ca//usr/source/openssl-1.0.2-stable-SNAP-20150504$ egrep bsdi Confi gure bsdi-elf-gcc, gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR), debug-bsdi-x86-elf, gcc3:-DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O2 -Wall -g::${BSDthreads}::-lgmp -ldl -lm -lc:THIRY_TWO_BIT_LONG RC4_CHUNK BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR), ns2.nl2k.ab.ca//usr/source/openssl-1.0.2-stable-SNAP-20150504$ mak make test [Ans2.nl2k.ab.ca//usr/source/openssl-1.0.2-stable-SNAP-20150504$ mak make tes[Kt sh: mak: command not found ns2.nl2k.ab.ca//usr/source/openssl-1.0.2-stable-SNAP-20150504$ ^k^ke make make test making all in crypto... making all in crypto/objects... making all in crypto/md4... making all in crypto/md5... making all in crypto/sha... making all in crypto/mdc2... making all in crypto/hmac... making all in crypto/ripemd... making all in crypto/whrlpool... making all in crypto/des... making all in crypto/aes... making all in crypto/rc2... making all in crypto/rc4... making all in crypto/rc5... making all in crypto/idea... making all in crypto/bf... making all in crypto/cast... making all in crypto/camellia... making all in crypto/seed... making all in crypto/modes... making all in crypto/bn... making all in crypto/ec... making all in crypto/rsa... making all in crypto/dsa... making all in crypto/ecdsa... making all in crypto/dh... making all in crypto/ecdh... making all in crypto/dso... making all in crypto/engine... making all in crypto/buffer... making all in crypto/bio... making all in crypto/stack... making all in crypto/lhash... making all in crypto/rand... making all in crypto/err... making all in crypto/evp... making all in crypto/asn1... making all in crypto/pem... making all in crypto/x509... making all in crypto/x509v3... making all in crypto/conf... making all in crypto/txt_db... making all in crypto/pkcs7... making all in crypto/pkcs12... making all in crypto/comp... making all in crypto/ocsp... making all in crypto/ui... making all in crypto/krb5... making all in crypto/cms... making all in crypto/pqueue... making all in crypto/ts... making all in crypto/jpake... making all in crypto/srp... making all in crypto/store... making all in crypto/cmac... if [ -n libcrypto.so.1.0.0 libssl.so.1.0.0 ]; then (cd ..; make libcrypto.so.1.0.0); fi [ -z ] || gcc3 -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O2 -Wall -g -DOPENSSL_EXPERIMENTAL_JPAKE -DOPENSSL_EXPERIMENTAL_LIBUNBOUND -DOPENSSL_EXPERIMENTAL_STORE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DGHASH_ASM -Iinclude -DFINGERPRINT_PREMAIN_DSO_LOAD -o fips_premain_dso fips_premain.c fipscanister.o libcrypto.a -lgmp -ldl -lm -lc making all in ssl... if [ -n libcrypto.so.1.0.0 libssl.so.1.0.0 ]; then (cd ..; make libssl.so.1.0.0); fi [ -z ] || gcc3 -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O2 -Wall -g -DOPENSSL_EXPERIMENTAL_JPAKE -DOPENSSL_EXPERIMENTAL_LIBUNBOUND -DOPENSSL_EXPERIMENTAL_STORE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DGHASH_ASM -Iinclude -DFINGERPRINT_PREMAIN_DSO_LOAD -o fips_premain_dso fips_premain.c fipscanister.o libcrypto.a -lgmp -ldl -lm -lc making all in engines... echo making all in engines/ccgost... making all in apps... making all in test... making all in tools... testing... making all in apps... ../util/shlib_wrap.sh ./destest Doing cbcm Doing ecb Doing ede ecb Doing cbc Doing desx cbc Doing ede cbc Doing pcbc Doing cfb8 cfb16 cfb32 cfb48 cfb64 cfb64() ede_cfb64() done Doing ofb Doing ofb64 Doing ede_ofb64 Doing cbc_cksum Doing quad_cksum input word alignment test 0 1 2 3 output word alignment test 0 1 2 3 fast crypt test ../util/shlib_wrap.sh ./ideatest ecb idea ok cbc idea ok cfb64 idea ok ../util/shlib_wrap.sh ./shatest test 1 ok test 2 ok test 3 ok ../util/shlib_wrap.sh ./sha1test test 1 ok test 2 ok test 3 ok ../util/shlib_wrap.sh ./sha256t Testing SHA-256 ... passed. Testing SHA-224 ... passed. ../util/shlib_wrap.sh ./sha512t Testing SHA-512 ... passed. Testing SHA-384 ... passed. ../util/shlib_wrap.sh ./md4test test 1 ok test 2 ok test 3 ok test 4 ok test 5 ok test 6 ok test 7 ok ../util/shlib_wrap.sh ./md5test test 1 ok test 2 ok test 3 ok test 4 ok test 5 ok test
Re: [openssl-dev] Seg fault during make test
Am 04.05.15 um 14:51 schrieb John Foley: Is anyone seeing a segmentation fault during the test_verify phase of make test on 32-bit systems? I haven't done a full triage yet. But it appears to have been introduced by 5b38d54753acdabbf6b1d5e15d38ee81fb0612a2. The problem no longer occurs when backing out this commit. This could be a faulty commit since the sizeof invocations in this commit would return different values for 32/64 bit systems. The sizeof invocations do not return the pointer sizes, but the size of the structures pointed to. The problem is that there's apparently a copypaste error: https://github.com/openssl/openssl/commit/53ba0a9e91ad203de2943edaf1090ab17ec435fa 172 memset(param, 0, sizeof *paramid); 173 memset(paramid, 0, sizeof *paramid); The first memset should be fixed to use *param instead of *paramid: memset(param, 0, sizeof *param); Regards Stephan ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Seg fault during make test
I think you're wrong about sizeof and pointers. It'll return 4 or 8 depending if it's a 32 or 64 bit system. Try the following code: #include stdio.h typedef struct _s1 { int x; int y; int z; } S1; typedef struct _s2 { double d1; double d2; double d3; double d4; int x1; int x2; } S2; int main (int argc, char *argv[]) { S1 *first; S2 *second; printf(%d %d\n, sizeof(first), sizeof(second)); } You're right about the memset, good catch. So it appears there are two issues with this commit. On 05/04/2015 09:35 AM, Stephan Mühlstrasser wrote: Am 04.05.15 um 14:51 schrieb John Foley: Is anyone seeing a segmentation fault during the test_verify phase of make test on 32-bit systems? I haven't done a full triage yet. But it appears to have been introduced by 5b38d54753acdabbf6b1d5e15d38ee81fb0612a2. The problem no longer occurs when backing out this commit. This could be a faulty commit since the sizeof invocations in this commit would return different values for 32/64 bit systems. The sizeof invocations do not return the pointer sizes, but the size of the structures pointed to. The problem is that there's apparently a copypaste error: https://github.com/openssl/openssl/commit/53ba0a9e91ad203de2943edaf1090ab17ec435fa 172 memset(param, 0, sizeof *paramid); 173 memset(paramid, 0, sizeof *paramid); The first memset should be fixed to use *param instead of *paramid: memset(param, 0, sizeof *param); Regards Stephan ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Seg fault during make test
172 memset(param, 0, sizeof *paramid); 173 memset(paramid, 0, sizeof *paramid); The first memset should be fixed to use *param instead of *paramid: Yes, oops. Fixed shortl. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Seg fault during make test
printf(%d %d\n, sizeof(first), sizeof(second)); } But the code does sizeof *first and sizeof *second Stephan's write, the memset is bug that slipped through. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Seg fault during make test
Am 04.05.15 um 16:19 schrieb John Foley: I think you're wrong about sizeof and pointers. It'll return 4 or 8 depending if it's a 32 or 64 bit system. Try the following code: #include stdio.h typedef struct _s1 { int x; int y; int z; } S1; typedef struct _s2 { double d1; double d2; double d3; double d4; int x1; int x2; } S2; int main (int argc, char *argv[]) { S1 *first; S2 *second; printf(%d %d\n, sizeof(first), sizeof(second)); } Yes, but that is different from what is relevant in the commit 53ba0a9e91ad203de2943edaf1090ab17ec435fa. You're right that in your test program you will get always different output on 32-bit and 64-bit systems because the pointer size is different. But the code in the OpenSSL uses sizeof(*pointer) and not sizeof(pointer). sizeof(*pointer) gets the size of the structure to which pointer points. So try the following in your test program printf(%d %d\n, sizeof(*first), sizeof(*second)); This might return different output on 32-bit and 64-bit systems, but it might also return the same output, depending on the size of the basic types and the padding in the structures. You're right about the memset, good catch. So it appears there are two issues with this commit. On 05/04/2015 09:35 AM, Stephan Mühlstrasser wrote: Am 04.05.15 um 14:51 schrieb John Foley: Is anyone seeing a segmentation fault during the test_verify phase of make test on 32-bit systems? I haven't done a full triage yet. But it appears to have been introduced by 5b38d54753acdabbf6b1d5e15d38ee81fb0612a2. The problem no longer occurs when backing out this commit. This could be a faulty commit since the sizeof invocations in this commit would return different values for 32/64 bit systems. The sizeof invocations do not return the pointer sizes, but the size of the structures pointed to. The problem is that there's apparently a copypaste error: https://github.com/openssl/openssl/commit/53ba0a9e91ad203de2943edaf1090ab17ec435fa 172 memset(param, 0, sizeof *paramid); 173 memset(paramid, 0, sizeof *paramid); The first memset should be fixed to use *param instead of *paramid: memset(param, 0, sizeof *param); Regards Stephan ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Seg fault during make test
My bad, I overlooked the dereference operator. Thanks for correcting me. On 05/04/2015 10:36 AM, Stephan Mühlstrasser wrote: Am 04.05.15 um 16:19 schrieb John Foley: I think you're wrong about sizeof and pointers. It'll return 4 or 8 depending if it's a 32 or 64 bit system. Try the following code: #include stdio.h typedef struct _s1 { int x; int y; int z; } S1; typedef struct _s2 { double d1; double d2; double d3; double d4; int x1; int x2; } S2; int main (int argc, char *argv[]) { S1 *first; S2 *second; printf(%d %d\n, sizeof(first), sizeof(second)); } Yes, but that is different from what is relevant in the commit 53ba0a9e91ad203de2943edaf1090ab17ec435fa. You're right that in your test program you will get always different output on 32-bit and 64-bit systems because the pointer size is different. But the code in the OpenSSL uses sizeof(*pointer) and not sizeof(pointer). sizeof(*pointer) gets the size of the structure to which pointer points. So try the following in your test program printf(%d %d\n, sizeof(*first), sizeof(*second)); This might return different output on 32-bit and 64-bit systems, but it might also return the same output, depending on the size of the basic types and the padding in the structures. You're right about the memset, good catch. So it appears there are two issues with this commit. On 05/04/2015 09:35 AM, Stephan Mühlstrasser wrote: Am 04.05.15 um 14:51 schrieb John Foley: Is anyone seeing a segmentation fault during the test_verify phase of make test on 32-bit systems? I haven't done a full triage yet. But it appears to have been introduced by 5b38d54753acdabbf6b1d5e15d38ee81fb0612a2. The problem no longer occurs when backing out this commit. This could be a faulty commit since the sizeof invocations in this commit would return different values for 32/64 bit systems. The sizeof invocations do not return the pointer sizes, but the size of the structures pointed to. The problem is that there's apparently a copypaste error: https://github.com/openssl/openssl/commit/53ba0a9e91ad203de2943edaf1090ab17ec435fa 172 memset(param, 0, sizeof *paramid); 173 memset(paramid, 0, sizeof *paramid); The first memset should be fixed to use *param instead of *paramid: memset(param, 0, sizeof *param); Regards Stephan ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev . ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Test coverage report + small patch
Hi Rich, On Fri, 1 May 2015, Salz, Rich wrote: I am curious to see what the numbers look like from, say, yesterday compared to, roughly, early next week. We've compared the code coverage of the tests between the 1.0.2a release and today's master state: it rose from 28.1% to 29.6%! And as you predicted the code simplifications might be responsible: the number of decision points went down from 70192 to 67845. Which is good. Provided that the software still does the same thing as before ;) We are well into a huge overall edit that turns code like If (p) free(p) Into free(p); And not just for free, but for several dozen OpenSSL functions. This will probably remove a couple of thousand decision points. The code certainly looks much simpler. Drilling down into the file changes of the last two weeks one can see cases of the if()/free() simplification happening in untested code however: http://www.opencoverage.net/projects/openssl-diff/index_html/source_33.html I'm not blaming anyone for that, though. Just pointing out the risk of potentially unnoticed regressions. Harri. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Test coverage report + small patch
We've compared the code coverage of the tests between the 1.0.2a release and today's master state: it rose from 28.1% to 29.6%! I don't know that 1.5% deserves an exclamation point, but thanks. :) And as you predicted the code simplifications might be responsible: the number of decision points went down from 70192 to 67845. Which is good. That number is more interesting to me. Reducing the run-time complexity of OpenSSL is important. Thanks very much for doing this! Keep us posted. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Seg fault during make test
On Mon, May 04, 2015 at 02:37:54PM +, Salz, Rich wrote: printf(%d %d\n, sizeof(first), sizeof(second)); } But the code does sizeof *first and sizeof *second THe problem is a cut/paste error: memset(param, 0, sizeof *paramid); memset(paramid, 0, sizeof *paramid); The first of these should be param, not paramid. -- Viktor. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] openssl-1.0.2-stable-SNAP-20150504 error
On Mon, May 04, 2015 at 07:21:11AM -0600, The Doctor wrote: This also occured in openssl-1.0.2-stable-SNAP-20150503 This will most likely be fixed in the next snapshot. Kurt ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev