This issue tracker has been migrated to GitHub ,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2012年03月02日 06:48 by zooko, last changed 2022年04月11日 14:57 by admin. This issue is now closed.
| Files | ||||
|---|---|---|---|---|
| File name | Uploaded | Description | Edit | |
| cpython-openssl101.supp | zooko, 2012年03月02日 06:48 | valgrind suppressions file | ||
| Messages (7) | |||
|---|---|---|---|
| msg154742 - (view) | Author: Zooko O'Whielacronx (zooko) | Date: 2012年03月02日 06:48 | |
The buildbot for the Tahoe-LAFS and pycryptopp projects runs CPython under valgrind on Fedora, and valgrind emits warnings like this: ==30127== Conditional jump or move depends on uninitialised value(s) ==30127== at 0x4C2AD01: bcmp (mc_replace_strmem.c:889) ==30127== by 0xC1D1646: fips_get_entropy (fips_drbg_lib.c:166) ==30127== by 0xC1D1D6E: FIPS_drbg_instantiate (fips_drbg_lib.c:234) ==30127== by 0xC15F590: RAND_init_fips (rand_lib.c:286) ==30127== by 0xC0F54D3: OPENSSL_init_library (o_init.c:106) ==30127== by 0xBE76AF8: SSL_library_init (ssl_algs.c:68) ==30127== by 0xBC2B39D: init_hashlib (in /usr/lib64/python2.7/lib-dynload/_hashlib.so) ==30127== by 0x4F1DB00: _PyImport_LoadDynamicModule (in /usr/lib64/libpython2.7.so.1.0) You can see the full output from such a buildbot run here: https://tahoe-lafs.org/buildbot-pycryptopp/builders/Ruben%20Fedora%20syslib/builds/58/steps/test%20valgrind/logs/valgrind Here is information about the versions of software involved: https://tahoe-lafs.org/buildbot-pycryptopp/builders/Ruben%20Fedora%20syslib/builds/58/steps/show-tool-versions/logs/stdio The owner of the buildslave machine says that the openssl package was "openssl-1.0.1-0.1.beta2.fc17.x86_64". Not having looked closer, I assume this is just a case of openssl using uninitialized memory as part of the initialization of the PRNG. Accordingly, I wrote suppressions stanzas for our valgrind suppressions file, which made the warnings go away. Here are the suppression expressions: # generated on buildbot.rubenkerkhof.com, which had, according to Ruben # Fedora's package "openssl-1.0.1-0.1.beta2.fc17.x86_64" { buildbot.rubenkerkhof.com cond fips openssl 1 Memcheck:Cond fun:bcmp fun:fips_get_entropy fun:FIPS_drbg_instantiate fun:RAND_init_fips fun:OPENSSL_init_library fun:SSL_library_init fun:init_hashlib } { buildbot.rubenkerkhof.com cond fips openssl 2 Memcheck:Cond fun:fips_get_entropy fun:FIPS_drbg_instantiate fun:RAND_init_fips fun:OPENSSL_init_library fun:SSL_library_init fun:init_hashlib } { buildbot.rubenkerkhof.com val _x86_64_AES_encrypt_compact Memcheck:Value8 fun:_x86_64_AES_encrypt_compact fun:AES_encrypt } I opened this ticket on launchpad.net to track the handling of this issue in various projects such as openssl, pycryptopp, CPython, valgrind, and Fedora: https://bugs.launchpad.net/pycryptopp/+bug/944585 |
|||
| msg154817 - (view) | Author: Martin v. Löwis (loewis) * (Python committer) | Date: 2012年03月03日 01:03 | |
Why are you reporting this issue here? |
|||
| msg154823 - (view) | Author: Zooko O'Whielacronx (zooko) | Date: 2012年03月03日 03:33 | |
Oh, I'm sorry I didn't make that clear at first. First of all, so that others who encounter these warnings can see how I worked-around them so that they can do that as well. Second, because Python comes with a valgrind suppressions file. Here is a patch to that file to suppress these warnings. --- a/Misc/valgrind-python.supp Wed Feb 22 00:28:46 2012 +0100 +++ b/Misc/valgrind-python.supp Fri Mar 02 20:31:55 2012 -0700 @@ -286,6 +286,38 @@ ### fun:MD5_Update ###} +# Fedora's package "openssl-1.0.1-0.1.beta2.fc17.x86_64" on x86_64 +# See http://bugs.python.org/issue14171 +{ + openssl 1.0.1 prng 1 + Memcheck:Cond + fun:bcmp + fun:fips_get_entropy + fun:FIPS_drbg_instantiate + fun:RAND_init_fips + fun:OPENSSL_init_library + fun:SSL_library_init + fun:init_hashlib +} + +{ + openssl 1.0.1 prng 2 + Memcheck:Cond + fun:fips_get_entropy + fun:FIPS_drbg_instantiate + fun:RAND_init_fips + fun:OPENSSL_init_library + fun:SSL_library_init + fun:init_hashlib +} + +{ + openssl 1.0.1 prng 3 + Memcheck:Value8 + fun:_x86_64_AES_encrypt_compact + fun:AES_encrypt +} + # # All of these problems come from using test_socket_ssl # |
|||
| msg154837 - (view) | Author: Stefan Krah (skrah) * (Python committer) | Date: 2012年03月03日 13:38 | |
> # generated on buildbot.rubenkerkhof.com, which had, according to Ruben > # Fedora's package "openssl-1.0.1-0.1.beta2.fc17.x86_64" I think openssl needs to be compiled with -DPURIFY to avoid this. |
|||
| msg154858 - (view) | Author: STINNER Victor (vstinner) * (Python committer) | Date: 2012年03月03日 23:18 | |
It remembers me a funny story. http://wiki.debian.org/SSLkeys |
|||
| msg154908 - (view) | Author: Roundup Robot (python-dev) (Python triager) | Date: 2012年03月04日 20:16 | |
New changeset 9a69b47f194e by Martin v. Löwis in branch 'default': Issue #14171: Add valgrind suppressions for OpenSSL issue. http://hg.python.org/cpython/rev/9a69b47f194e |
|||
| msg154909 - (view) | Author: Martin v. Löwis (loewis) * (Python committer) | Date: 2012年03月04日 20:17 | |
It may indeed be that recompiling OpenSSL properly could fix this. I added this anyway since it probably doesn't cause harm. Thanks for the patch. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022年04月11日 14:57:27 | admin | set | github: 58379 |
| 2012年03月04日 20:17:45 | loewis | set | status: open -> closed resolution: fixed messages: + msg154909 |
| 2012年03月04日 20:16:47 | python-dev | set | nosy:
+ python-dev messages: + msg154908 |
| 2012年03月03日 23:18:17 | vstinner | set | nosy:
+ vstinner messages: + msg154858 |
| 2012年03月03日 13:38:27 | skrah | set | nosy:
+ skrah messages: + msg154837 |
| 2012年03月03日 03:33:31 | zooko | set | messages: + msg154823 |
| 2012年03月03日 01:03:18 | loewis | set | nosy:
+ loewis messages: + msg154817 |
| 2012年03月02日 06:48:20 | zooko | create | |