Re: [openssl-dev] [openssl.org #2293] OpenSSL dependence on external threading functions is a critical design flaw
On 09/03/2014 11:50 PM, Rich Salz via RT wrote: We're going to try to clean up the threads situation post-1.0.2, but closing this particular ticket. Can you at least change the FAQ to make sure that OpenSSL is *not* thread safe by default? Currently, it claims the opposite. The error reporting library critically depends on working locking functions. You get strange results if you believe the FAQ that OpenSSL is thread-safe, even if you do not use any objects across threads. -- Florian Weimer / Red Hat Product Security ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] three-arg open() call
If you are using OpenSSL on a supported platform that does not support the three-argument call to open(), please let me know. Thanks. /r$ ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] Seg fault during make test
Is anyone seeing a segmentation fault during the test_verify phase of make test on 32-bit systems? I haven't done a full triage yet. But it appears to have been introduced by 5b38d54753acdabbf6b1d5e15d38ee81fb0612a2. The problem no longer occurs when backing out this commit. This could be a faulty commit since the sizeof invocations in this commit would return different values for 32/64 bit systems. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] openssl-1.0.2-stable-SNAP-20150504 error
This also occured in openssl-1.0.2-stable-SNAP-20150503
Script started on Mon May 4 07:06:41 2015
ns2.nl2k.ab.ca//usr/source/openssl-1.0.2-stable-SNAP-20150504$ egrep bsdi Confi
gure
bsdi-elf-gcc, gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3
-march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des}
${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR),
debug-bsdi-x86-elf, gcc3:-DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer
-O2 -Wall -g::${BSDthreads}::-lgmp -ldl -lm -lc:THIRY_TWO_BIT_LONG RC4_CHUNK
BN_LLONG ${x86_gcc_des}
${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR),
ns2.nl2k.ab.ca//usr/source/openssl-1.0.2-stable-SNAP-20150504$ mak make test
[Ans2.nl2k.ab.ca//usr/source/openssl-1.0.2-stable-SNAP-20150504$ mak make
tes[Kt
sh: mak: command not found
ns2.nl2k.ab.ca//usr/source/openssl-1.0.2-stable-SNAP-20150504$ ^k^ke
make make test
making all in crypto...
making all in crypto/objects...
making all in crypto/md4...
making all in crypto/md5...
making all in crypto/sha...
making all in crypto/mdc2...
making all in crypto/hmac...
making all in crypto/ripemd...
making all in crypto/whrlpool...
making all in crypto/des...
making all in crypto/aes...
making all in crypto/rc2...
making all in crypto/rc4...
making all in crypto/rc5...
making all in crypto/idea...
making all in crypto/bf...
making all in crypto/cast...
making all in crypto/camellia...
making all in crypto/seed...
making all in crypto/modes...
making all in crypto/bn...
making all in crypto/ec...
making all in crypto/rsa...
making all in crypto/dsa...
making all in crypto/ecdsa...
making all in crypto/dh...
making all in crypto/ecdh...
making all in crypto/dso...
making all in crypto/engine...
making all in crypto/buffer...
making all in crypto/bio...
making all in crypto/stack...
making all in crypto/lhash...
making all in crypto/rand...
making all in crypto/err...
making all in crypto/evp...
making all in crypto/asn1...
making all in crypto/pem...
making all in crypto/x509...
making all in crypto/x509v3...
making all in crypto/conf...
making all in crypto/txt_db...
making all in crypto/pkcs7...
making all in crypto/pkcs12...
making all in crypto/comp...
making all in crypto/ocsp...
making all in crypto/ui...
making all in crypto/krb5...
making all in crypto/cms...
making all in crypto/pqueue...
making all in crypto/ts...
making all in crypto/jpake...
making all in crypto/srp...
making all in crypto/store...
making all in crypto/cmac...
if [ -n libcrypto.so.1.0.0 libssl.so.1.0.0 ]; then (cd ..; make
libcrypto.so.1.0.0); fi
[ -z ] || gcc3 -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS
-pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT
-DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O2 -Wall -g
-DOPENSSL_EXPERIMENTAL_JPAKE -DOPENSSL_EXPERIMENTAL_LIBUNBOUND
-DOPENSSL_EXPERIMENTAL_STORE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM
-DRMD160_ASM -DAES_ASM -DGHASH_ASM -Iinclude -DFINGERPRINT_PREMAIN_DSO_LOAD -o
fips_premain_dso fips_premain.c fipscanister.o libcrypto.a -lgmp -ldl -lm -lc
making all in ssl...
if [ -n libcrypto.so.1.0.0 libssl.so.1.0.0 ]; then (cd ..; make
libssl.so.1.0.0); fi
[ -z ] || gcc3 -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS
-pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT
-DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O2 -Wall -g
-DOPENSSL_EXPERIMENTAL_JPAKE -DOPENSSL_EXPERIMENTAL_LIBUNBOUND
-DOPENSSL_EXPERIMENTAL_STORE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM
-DRMD160_ASM -DAES_ASM -DGHASH_ASM -Iinclude -DFINGERPRINT_PREMAIN_DSO_LOAD -o
fips_premain_dso fips_premain.c fipscanister.o libcrypto.a -lgmp -ldl -lm -lc
making all in engines...
echo
making all in engines/ccgost...
making all in apps...
making all in test...
making all in tools...
testing...
making all in apps...
../util/shlib_wrap.sh ./destest
Doing cbcm
Doing ecb
Doing ede ecb
Doing cbc
Doing desx cbc
Doing ede cbc
Doing pcbc
Doing cfb8 cfb16 cfb32 cfb48 cfb64 cfb64() ede_cfb64() done
Doing ofb
Doing ofb64
Doing ede_ofb64
Doing cbc_cksum
Doing quad_cksum
input word alignment test 0 1 2 3
output word alignment test 0 1 2 3
fast crypt test
../util/shlib_wrap.sh ./ideatest
ecb idea ok
cbc idea ok
cfb64 idea ok
../util/shlib_wrap.sh ./shatest
test 1 ok
test 2 ok
test 3 ok
../util/shlib_wrap.sh ./sha1test
test 1 ok
test 2 ok
test 3 ok
../util/shlib_wrap.sh ./sha256t
Testing SHA-256 ... passed.
Testing SHA-224 ... passed.
../util/shlib_wrap.sh ./sha512t
Testing SHA-512 ... passed.
Testing SHA-384 ... passed.
../util/shlib_wrap.sh ./md4test
test 1 ok
test 2 ok
test 3 ok
test 4 ok
test 5 ok
test 6 ok
test 7 ok
../util/shlib_wrap.sh ./md5test
test 1 ok
test 2 ok
test 3 ok
test 4 ok
test 5 ok
test
Re: [openssl-dev] Seg fault during make test
Am 04.05.15 um 14:51 schrieb John Foley: Is anyone seeing a segmentation fault during the test_verify phase of make test on 32-bit systems? I haven't done a full triage yet. But it appears to have been introduced by 5b38d54753acdabbf6b1d5e15d38ee81fb0612a2. The problem no longer occurs when backing out this commit. This could be a faulty commit since the sizeof invocations in this commit would return different values for 32/64 bit systems. The sizeof invocations do not return the pointer sizes, but the size of the structures pointed to. The problem is that there's apparently a copypaste error: https://github.com/openssl/openssl/commit/53ba0a9e91ad203de2943edaf1090ab17ec435fa 172 memset(param, 0, sizeof *paramid); 173 memset(paramid, 0, sizeof *paramid); The first memset should be fixed to use *param instead of *paramid: memset(param, 0, sizeof *param); Regards Stephan ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Seg fault during make test
I think you're wrong about sizeof and pointers. It'll return 4 or 8
depending if it's a 32 or 64 bit system. Try the following code:
#include stdio.h
typedef struct _s1 {
int x;
int y;
int z;
} S1;
typedef struct _s2 {
double d1;
double d2;
double d3;
double d4;
int x1;
int x2;
} S2;
int main (int argc, char *argv[]) {
S1 *first;
S2 *second;
printf(%d %d\n, sizeof(first), sizeof(second));
}
You're right about the memset, good catch. So it appears there are two
issues with this commit.
On 05/04/2015 09:35 AM, Stephan Mühlstrasser wrote:
Am 04.05.15 um 14:51 schrieb John Foley:
Is anyone seeing a segmentation fault during the test_verify phase of
make test on 32-bit systems? I haven't done a full triage yet. But it
appears to have been introduced by
5b38d54753acdabbf6b1d5e15d38ee81fb0612a2. The problem no longer occurs
when backing out this commit. This could be a faulty commit since the
sizeof invocations in this commit would return different values for
32/64 bit systems.
The sizeof invocations do not return the pointer sizes, but the size
of the structures pointed to.
The problem is that there's apparently a copypaste error:
https://github.com/openssl/openssl/commit/53ba0a9e91ad203de2943edaf1090ab17ec435fa
172 memset(param, 0, sizeof *paramid);
173 memset(paramid, 0, sizeof *paramid);
The first memset should be fixed to use *param instead of *paramid:
memset(param, 0, sizeof *param);
Regards
Stephan
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Seg fault during make test
172 memset(param, 0, sizeof *paramid); 173 memset(paramid, 0, sizeof *paramid); The first memset should be fixed to use *param instead of *paramid: Yes, oops. Fixed shortl. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Seg fault during make test
printf(%d %d\n, sizeof(first), sizeof(second)); } But the code does sizeof *first and sizeof *second Stephan's write, the memset is bug that slipped through. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Seg fault during make test
Am 04.05.15 um 16:19 schrieb John Foley:
I think you're wrong about sizeof and pointers. It'll return 4 or 8
depending if it's a 32 or 64 bit system. Try the following code:
#include stdio.h
typedef struct _s1 {
int x;
int y;
int z;
} S1;
typedef struct _s2 {
double d1;
double d2;
double d3;
double d4;
int x1;
int x2;
} S2;
int main (int argc, char *argv[]) {
S1 *first;
S2 *second;
printf(%d %d\n, sizeof(first), sizeof(second));
}
Yes, but that is different from what is relevant in the commit
53ba0a9e91ad203de2943edaf1090ab17ec435fa.
You're right that in your test program you will get always different
output on 32-bit and 64-bit systems because the pointer size is different.
But the code in the OpenSSL uses sizeof(*pointer) and not
sizeof(pointer). sizeof(*pointer) gets the size of the structure to
which pointer points.
So try the following in your test program
printf(%d %d\n, sizeof(*first), sizeof(*second));
This might return different output on 32-bit and 64-bit systems, but it
might also return the same output, depending on the size of the basic
types and the padding in the structures.
You're right about the memset, good catch. So it appears there are two
issues with this commit.
On 05/04/2015 09:35 AM, Stephan Mühlstrasser wrote:
Am 04.05.15 um 14:51 schrieb John Foley:
Is anyone seeing a segmentation fault during the test_verify phase of
make test on 32-bit systems? I haven't done a full triage yet. But it
appears to have been introduced by
5b38d54753acdabbf6b1d5e15d38ee81fb0612a2. The problem no longer occurs
when backing out this commit. This could be a faulty commit since the
sizeof invocations in this commit would return different values for
32/64 bit systems.
The sizeof invocations do not return the pointer sizes, but the size
of the structures pointed to.
The problem is that there's apparently a copypaste error:
https://github.com/openssl/openssl/commit/53ba0a9e91ad203de2943edaf1090ab17ec435fa
172 memset(param, 0, sizeof *paramid);
173 memset(paramid, 0, sizeof *paramid);
The first memset should be fixed to use *param instead of *paramid:
memset(param, 0, sizeof *param);
Regards
Stephan
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Seg fault during make test
My bad, I overlooked the dereference operator. Thanks for correcting me.
On 05/04/2015 10:36 AM, Stephan Mühlstrasser wrote:
Am 04.05.15 um 16:19 schrieb John Foley:
I think you're wrong about sizeof and pointers. It'll return 4 or 8
depending if it's a 32 or 64 bit system. Try the following code:
#include stdio.h
typedef struct _s1 {
int x;
int y;
int z;
} S1;
typedef struct _s2 {
double d1;
double d2;
double d3;
double d4;
int x1;
int x2;
} S2;
int main (int argc, char *argv[]) {
S1 *first;
S2 *second;
printf(%d %d\n, sizeof(first), sizeof(second));
}
Yes, but that is different from what is relevant in the commit
53ba0a9e91ad203de2943edaf1090ab17ec435fa.
You're right that in your test program you will get always different
output on 32-bit and 64-bit systems because the pointer size is
different.
But the code in the OpenSSL uses sizeof(*pointer) and not
sizeof(pointer). sizeof(*pointer) gets the size of the structure
to which pointer points.
So try the following in your test program
printf(%d %d\n, sizeof(*first), sizeof(*second));
This might return different output on 32-bit and 64-bit systems, but
it might also return the same output, depending on the size of the
basic types and the padding in the structures.
You're right about the memset, good catch. So it appears there are two
issues with this commit.
On 05/04/2015 09:35 AM, Stephan Mühlstrasser wrote:
Am 04.05.15 um 14:51 schrieb John Foley:
Is anyone seeing a segmentation fault during the test_verify phase of
make test on 32-bit systems? I haven't done a full triage yet.
But it
appears to have been introduced by
5b38d54753acdabbf6b1d5e15d38ee81fb0612a2. The problem no longer
occurs
when backing out this commit. This could be a faulty commit since the
sizeof invocations in this commit would return different values for
32/64 bit systems.
The sizeof invocations do not return the pointer sizes, but the size
of the structures pointed to.
The problem is that there's apparently a copypaste error:
https://github.com/openssl/openssl/commit/53ba0a9e91ad203de2943edaf1090ab17ec435fa
172 memset(param, 0, sizeof *paramid);
173 memset(paramid, 0, sizeof *paramid);
The first memset should be fixed to use *param instead of *paramid:
memset(param, 0, sizeof *param);
Regards
Stephan
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
.
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Test coverage report + small patch
Hi Rich, On Fri, 1 May 2015, Salz, Rich wrote: I am curious to see what the numbers look like from, say, yesterday compared to, roughly, early next week. We've compared the code coverage of the tests between the 1.0.2a release and today's master state: it rose from 28.1% to 29.6%! And as you predicted the code simplifications might be responsible: the number of decision points went down from 70192 to 67845. Which is good. Provided that the software still does the same thing as before ;) We are well into a huge overall edit that turns code like If (p) free(p) Into free(p); And not just for free, but for several dozen OpenSSL functions. This will probably remove a couple of thousand decision points. The code certainly looks much simpler. Drilling down into the file changes of the last two weeks one can see cases of the if()/free() simplification happening in untested code however: http://www.opencoverage.net/projects/openssl-diff/index_html/source_33.html I'm not blaming anyone for that, though. Just pointing out the risk of potentially unnoticed regressions. Harri. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Test coverage report + small patch
We've compared the code coverage of the tests between the 1.0.2a release and today's master state: it rose from 28.1% to 29.6%! I don't know that 1.5% deserves an exclamation point, but thanks. :) And as you predicted the code simplifications might be responsible: the number of decision points went down from 70192 to 67845. Which is good. That number is more interesting to me. Reducing the run-time complexity of OpenSSL is important. Thanks very much for doing this! Keep us posted. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Seg fault during make test
On Mon, May 04, 2015 at 02:37:54PM +, Salz, Rich wrote: printf(%d %d\n, sizeof(first), sizeof(second)); } But the code does sizeof *first and sizeof *second THe problem is a cut/paste error: memset(param, 0, sizeof *paramid); memset(paramid, 0, sizeof *paramid); The first of these should be param, not paramid. -- Viktor. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] openssl-1.0.2-stable-SNAP-20150504 error
On Mon, May 04, 2015 at 07:21:11AM -0600, The Doctor wrote: This also occured in openssl-1.0.2-stable-SNAP-20150503 This will most likely be fixed in the next snapshot. Kurt ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
