Re: [openssl-dev] [openssl.org #4509] ECC key generation under valgrind reports: impossible has happened

2016-04-28 Thread Andy Polyakov via RT 
> Valgrind does not necessarily support all instructions, if
> there’s
> any optimized assembly, you might run into problems.
> Are you able to compile a non-assembly version of the OpenSSL
> library?
> Are you able to update to a newer Valgrind?
 Or at least tell valgrind version, because I can't reproduce the
 problem
 with 3.10.1. At any event you can also see if it's problem with
 unsupported instructions, unsupported by [your version of]
 valgrind
 that
 is, by manipulating OPENSSL_ia32cap environment variable. You can
 disable AVX2 code paths by setting it to :~0x20 or simply :0 if
 it
 runs into more "too-new-to-be-possible" instructions.
>>> I tried with valgrind-3.11.0.
>> Tough break... One can actually wonder if valgrind tampers with
>> processor capability vector... And it totally does! I.e. even though
>> my
>> processor is AVX2-capable, when executed under my valgrind openssl
>> doesn't see it as AVX2-capable. I suppose your valgrind passed AVX2
>> flag, but failed to recognize all the instructions it should have...
> 
> I believe that's the case too. The same tests succeed without valgrind
> on the same CPU.

In other words it doesn't sound like OpenSSL problem. I suppose ticket
can be closed.


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4509
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4509] ECC key generation under valgrind reports: impossible has happened

2016-04-28 Thread Nikos Mavrogiannopoulos via RT 
On Wed, 2016-04-27 at 14:38 +, Andy Polyakov via RT wrote:
> > 
> > > 
> > > > 
> > > > Valgrind does not necessarily support all instructions, if
> > > > there’s
> > > > any optimized assembly, you might run into problems.
> > > > Are you able to compile a non-assembly version of the OpenSSL
> > > > library?
> > > > Are you able to update to a newer Valgrind?
> > > Or at least tell valgrind version, because I can't reproduce the
> > > problem
> > > with 3.10.1. At any event you can also see if it's problem with
> > > unsupported instructions, unsupported by [your version of]
> > > valgrind
> > > that
> > > is, by manipulating OPENSSL_ia32cap environment variable. You can
> > > disable AVX2 code paths by setting it to :~0x20 or simply :0 if
> > > it
> > > runs into more "too-new-to-be-possible" instructions.
> > I tried with valgrind-3.11.0.
> Tough break... One can actually wonder if valgrind tampers with
> processor capability vector... And it totally does! I.e. even though
> my
> processor is AVX2-capable, when executed under my valgrind openssl
> doesn't see it as AVX2-capable. I suppose your valgrind passed AVX2
> flag, but failed to recognize all the instructions it should have...

I believe that's the case too. The same tests succeed without valgrind
on the same CPU.

regards,
Nikos


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4509
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4509] ECC key generation under valgrind reports: impossible has happened

2016-04-28 Thread Nikos Mavrogiannopoulos 
On Wed, 2016-04-27 at 14:38 +, Andy Polyakov via RT wrote:
> > 
> > > 
> > > > 
> > > > Valgrind does not necessarily support all instructions, if
> > > > there’s
> > > > any optimized assembly, you might run into problems.
> > > > Are you able to compile a non-assembly version of the OpenSSL
> > > > library?
> > > > Are you able to update to a newer Valgrind?
> > > Or at least tell valgrind version, because I can't reproduce the
> > > problem
> > > with 3.10.1. At any event you can also see if it's problem with
> > > unsupported instructions, unsupported by [your version of]
> > > valgrind
> > > that
> > > is, by manipulating OPENSSL_ia32cap environment variable. You can
> > > disable AVX2 code paths by setting it to :~0x20 or simply :0 if
> > > it
> > > runs into more "too-new-to-be-possible" instructions.
> > I tried with valgrind-3.11.0.
> Tough break... One can actually wonder if valgrind tampers with
> processor capability vector... And it totally does! I.e. even though
> my
> processor is AVX2-capable, when executed under my valgrind openssl
> doesn't see it as AVX2-capable. I suppose your valgrind passed AVX2
> flag, but failed to recognize all the instructions it should have...

I believe that's the case too. The same tests succeed without valgrind
on the same CPU.

regards,
Nikos

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4509] ECC key generation under valgrind reports: impossible has happened

2016-04-27 Thread Andy Polyakov via RT 
>>> Valgrind does not necessarily support all instructions, if there’s
>>> any optimized assembly, you might run into problems.
>>> Are you able to compile a non-assembly version of the OpenSSL
>>> library?
>>> Are you able to update to a newer Valgrind?
>> Or at least tell valgrind version, because I can't reproduce the
>> problem
>> with 3.10.1. At any event you can also see if it's problem with
>> unsupported instructions, unsupported by [your version of] valgrind
>> that
>> is, by manipulating OPENSSL_ia32cap environment variable. You can
>> disable AVX2 code paths by setting it to :~0x20 or simply :0 if it
>> runs into more "too-new-to-be-possible" instructions.
> 
> I tried with valgrind-3.11.0.

Tough break... One can actually wonder if valgrind tampers with
processor capability vector... And it totally does! I.e. even though my
processor is AVX2-capable, when executed under my valgrind openssl
doesn't see it as AVX2-capable. I suppose your valgrind passed AVX2
flag, but failed to recognize all the instructions it should have...



-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4509
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4509] ECC key generation under valgrind reports: impossible has happened

2016-04-27 Thread Nikos Mavrogiannopoulos 
On Wed, 2016-04-27 at 13:33 +, Andy Polyakov via RT wrote:
> > 
> > Valgrind does not necessarily support all instructions, if there’s
> > any optimized assembly, you might run into problems.
> > Are you able to compile a non-assembly version of the OpenSSL
> > library?
> > Are you able to update to a newer Valgrind?
> Or at least tell valgrind version, because I can't reproduce the
> problem
> with 3.10.1. At any event you can also see if it's problem with
> unsupported instructions, unsupported by [your version of] valgrind
> that
> is, by manipulating OPENSSL_ia32cap environment variable. You can
> disable AVX2 code paths by setting it to :~0x20 or simply :0 if it
> runs into more "too-new-to-be-possible" instructions.

I tried with valgrind-3.11.0.


-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4509] ECC key generation under valgrind reports: impossible has happened

2016-04-27 Thread Nikos Mavrogiannopoulos via RT 
On Wed, 2016-04-27 at 13:33 +, Andy Polyakov via RT wrote:
> > 
> > Valgrind does not necessarily support all instructions, if there’s
> > any optimized assembly, you might run into problems.
> > Are you able to compile a non-assembly version of the OpenSSL
> > library?
> > Are you able to update to a newer Valgrind?
> Or at least tell valgrind version, because I can't reproduce the
> problem
> with 3.10.1. At any event you can also see if it's problem with
> unsupported instructions, unsupported by [your version of] valgrind
> that
> is, by manipulating OPENSSL_ia32cap environment variable. You can
> disable AVX2 code paths by setting it to :~0x20 or simply :0 if it
> runs into more "too-new-to-be-possible" instructions.

I tried with valgrind-3.11.0.



-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4509
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4509] ECC key generation under valgrind reports: impossible has happened

2016-04-27 Thread Andy Polyakov via RT 
> Valgrind does not necessarily support all instructions, if there’s any 
> optimized assembly, you might run into problems.
> Are you able to compile a non-assembly version of the OpenSSL library?
> Are you able to update to a newer Valgrind?

Or at least tell valgrind version, because I can't reproduce the problem
with 3.10.1. At any event you can also see if it's problem with
unsupported instructions, unsupported by [your version of] valgrind that
is, by manipulating OPENSSL_ia32cap environment variable. You can
disable AVX2 code paths by setting it to :~0x20 or simply :0 if it runs
into more "too-new-to-be-possible" instructions.


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4509
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4509] ECC key generation under valgrind reports: impossible has happened

2016-04-13 Thread Short, Todd via RT 
Valgrind does not necessarily support all instructions, if there’s any 
optimized assembly, you might run into problems.
Are you able to compile a non-assembly version of the OpenSSL library?
Are you able to update to a newer Valgrind?

You also seem to have a version discrepancy in OpenSSL: 1.0.2d-fips and 1.0.2g?
--
-Todd Short
// tsh...@akamai.com
// "One if by land, two if by sea, three if by the Internet."

On Apr 12, 2016, at 9:41 AM, Nikos Mavrogiannopoulos via RT 
mailto:r...@openssl.org>> wrote:

A part of the gnutls test suite runs under valgrind, and in fedora 23
it occasionally fails, something that I have traced it to softhsm
library and particular hardware.

The failures are due to the softhsm library which uses openssl
underneath and in particular EC key generation. This can be reproduced
using only the openssl tools:

$ openssl version
OpenSSL 1.0.2d-fips 9 Jul 2015

$ valgrind openssl genpkey -algorithm ec  -pkeyopt ec_paramgen_curve:P-256

vex: the `impossible' happened:
   isZeroU
vex storage: T total 270175784 bytes allocated
vex storage: P total 640 bytes allocated

valgrind: the 'impossible' happened:
   LibVEX called failure_exit().

[...]

sched status:
  running_tid=1

Thread 1: status = VgTs_Runnable (lwpid 28037)
==28037==at 0x5B14C80: ecp_nistz256_avx2_select_w7 (in 
/usr/lib64/libcrypto.so.1.0.2g)
==28037==by 0x5AFA92F: EC_POINT_mul (in /usr/lib64/libcrypto.so.1.0.2g)
==28037==by 0x5AF9876: EC_POINT_new (in /usr/lib64/libcrypto.so.1.0.2g)
==28037==by 0x5B02835: EC_KEY_generate_key (in 
/usr/lib64/libcrypto.so.1.0.2g)
==28037==by 0x5B51B82: EVP_PKEY_keygen (in /usr/lib64/libcrypto.so.1.0.2g)
==28037==by 0x436A29: ??? (in /usr/bin/openssl)
==28037==by 0x41A457: ??? (in /usr/bin/openssl)
==28037==by 0x41A0D6: ??? (in /usr/bin/openssl)
==28037==by 0x62B357F: (below main) (libc-start.c:289)


This may be a bug in valgrind, or according to some valgrind posts,
caused by an illegal instruction. Thus reported here.


The failed system is:
model name : Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 
clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm 
constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc 
aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 
sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt 
tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch ida arat 
epb pln pts dtherm intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase 
tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt


originally at: https://bugzilla.redhat.com/show_bug.cgi?id=1326024


--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4509
Please log in as guest with password guest if prompted

--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4509
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4509] ECC key generation under valgrind reports: impossible has happened

2016-04-12 Thread Nikos Mavrogiannopoulos via RT 
A part of the gnutls test suite runs under valgrind, and in fedora 23
it occasionally fails, something that I have traced it to softhsm
library and particular hardware.

The failures are due to the softhsm library which uses openssl
underneath and in particular EC key generation. This can be reproduced
using only the openssl tools:

$ openssl version
OpenSSL 1.0.2d-fips 9 Jul 2015

$ valgrind openssl genpkey -algorithm ec  -pkeyopt ec_paramgen_curve:P-256 

vex: the `impossible' happened:
   isZeroU
vex storage: T total 270175784 bytes allocated
vex storage: P total 640 bytes allocated

valgrind: the 'impossible' happened:
   LibVEX called failure_exit().

[...]

sched status:
  running_tid=1

Thread 1: status = VgTs_Runnable (lwpid 28037)
==28037==at 0x5B14C80: ecp_nistz256_avx2_select_w7 (in 
/usr/lib64/libcrypto.so.1.0.2g)
==28037==by 0x5AFA92F: EC_POINT_mul (in /usr/lib64/libcrypto.so.1.0.2g)
==28037==by 0x5AF9876: EC_POINT_new (in /usr/lib64/libcrypto.so.1.0.2g)
==28037==by 0x5B02835: EC_KEY_generate_key (in 
/usr/lib64/libcrypto.so.1.0.2g)
==28037==by 0x5B51B82: EVP_PKEY_keygen (in /usr/lib64/libcrypto.so.1.0.2g)
==28037==by 0x436A29: ??? (in /usr/bin/openssl)
==28037==by 0x41A457: ??? (in /usr/bin/openssl)
==28037==by 0x41A0D6: ??? (in /usr/bin/openssl)
==28037==by 0x62B357F: (below main) (libc-start.c:289)


This may be a bug in valgrind, or according to some valgrind posts,
caused by an illegal instruction. Thus reported here.


The failed system is:
model name  : Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz
flags   : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov 
pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb 
rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology 
nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est 
tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt 
tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch ida arat 
epb pln pts dtherm intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase 
tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt


originally at: https://bugzilla.redhat.com/show_bug.cgi?id=1326024


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4509
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev