Re: Static global - bug? (Re: Two valgrind warnings in OpenSSL - possible bug???)
Most definitely not. ... Yes you are right. To qualify what I want to do: openssl does a lot of sharing and locking. I would like to use the minimum by have one context per thread. I use my own session cache so there 'should' not need to be anything else that needs sharing. Further, I use my own BIO buffers and rand object. So in my app, openssl does not go to the operating system for anything. Can you please give me some hints what I should look at changing in openssl to do this? Paul Sent via my BlackBerry from Vodacom - let your email find you! -Original Message- From: David Schwartz [EMAIL PROTECTED] Date: Sun, 20 Jan 2008 11:59:00 To:openssl-dev@openssl.org Subject: RE: Static global - bug? (Re: Two valgrind warnings in OpenSSL - possible bug???) I should be able to create a multithreaded application using a non-multithreaded openssl build provided that I have an ssl context per thread. Most definitely not. At a minimum, the definition of things like 'errno' and 'malloc' might be different between a multithreaded build and a non-multithreaded build. There is no supported way to combine multithreaded code and code that was not compiled to be multithreaded. It may happen to work, but that's a lousy way to make security-sensitive software. DS __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] :§IÏ®ÞrØm¶ÿà (¥éì²Z+7¯zZ)éí1¨¥xËh¥éì²W^¾^Ë%¢¸ ºÚj×.+-1©Úêæj:+v¨¢§²Éh®
Re: Two valgrind warnings in OpenSSL - possible bug???
I must ask if you compiled OpenSSL with the 'PURIFY' option. My build is substantially silenced: only two distinct valgrind 'uninitialiased value' errors when using my custom rand replacement. This is throughout a full regression test of my software. I did not use the purify option - there are only two purify ifdefs in all the openssl code. Both unrelated. This problem is in BM_get_flags() - flags should be initialized, surely? Thanks -paul Sent via my BlackBerry from Vodacom - let your email find you! -Original Message- From: Brad House [EMAIL PROTECTED] Date: Sat, 19 Jan 2008 15:40:12 To:openssl-dev@openssl.org Subject: Re: Two valgrind warnings in OpenSSL - possible bug??? I compiled OpenSSL (0.9.8g) with my own random number engine - in order to generate pseudo random numbers that are not based on unitialized values (if you run openssl without doing this you get infinite warnings - of course). The results are as follows The code that gives the error is the BN_get_flags() macro (see bn_div.c extract about line 190 below): Could this be highlighting a bug in OpenSSL? Without actually looking into this first, I must ask if you compiled OpenSSL with the 'PURIFY' option. That will silence valgrind significantly. -Brad __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Static global - bug? (Re: Two valgrind warnings in OpenSSL - possible bug???)
The reason he said he used his own pseudo random number generator is actually because of the PURIFY option that he didn't turn on. Actually the reason I use my own random number generator is because the openssl generator is not thread safe in the following way: I should be able to create a multithreaded application using a non-multithreaded openssl build provided that I have an ssl context per thread. I cannot do this because the rand module has static globals and a wicked assert statement to abort when it detects unlocked concurrent access. No matter: it was simple enough to role my own but static globals??? - that is just evil! :-) The curing of valgrind errors was just an advantagous side effect. Must admit that uninitialized vars add some random bits in their own right... -paul Sent via my BlackBerry from Vodacom - let your email find you! -Original Message- From: Kurt Roeckx [EMAIL PROTECTED] Date: Sun, 20 Jan 2008 00:17:57 To:openssl-dev@openssl.org Subject: Re: Two valgrind warnings in OpenSSL - possible bug??? On Sat, Jan 19, 2008 at 03:40:12PM -0500, Brad House wrote: I compiled OpenSSL (0.9.8g) with my own random number engine - in order to generate pseudo random numbers that are not based on unitialized values (if you run openssl without doing this you get infinite warnings - of course). The results are as follows The code that gives the error is the BN_get_flags() macro (see bn_div.c extract about line 190 below): Could this be highlighting a bug in OpenSSL? Without actually looking into this first, I must ask if you compiled OpenSSL with the 'PURIFY' option. That will silence valgrind significantly. The reason he said he used his own pseudo random number generator is actually because of the PURIFY option that he didn't turn on. I've seen them too with the option turned on and it still gave me some warnings. I didn't look at it yet. Kurt __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]