building OpenSSL 1.1.1 with -DPURIFY

Eric Deplagne Eric at Deplagne.name
Wed Oct 9 11:57:18 UTC 2019 

On Wed, 09 Oct 2019 11:37:02 +0100, tim.j.culhane at gmail.com wrote:
> Hi,
> 
> I've built  OpenSSL 1.1.1c locally on my 64 bit CentOS 7 server.
> 
> My application  links with the libraries  contained in this build.
> 
> When running tests for my application under valgrind I'm seeing lots of
> errors like the  below:
> 
> Use of uninitialised value of size 8
>     at 0x4C30DDF: memset (vg_replace_strmem.c:1252)
>     by 0xB389872: CRYPTO_zalloc (in /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB2C3BDA: bn_expand2 (in /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB2CACFD: bn_lshift_fixed_top (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB2BCC61: bn_div_fixed_top (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB2BD081: BN_div (in /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB2C054E: int_bn_mod_inverse (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB2BC0B5: BN_BLINDING_create_param (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB3BDAB0: RSA_setup_blinding (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB3C276A: rsa_ossl_private_encrypt (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB3C4FE2: pkey_rsa_sign (in /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB37A716: EVP_DigestSignFinal (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xAFC4413: tls_construct_cert_verify (in
> /opt/openssl/1.1.1/lib/libssl.so.1.1)
>     by 0xAFBB526: state_machine (in /opt/openssl/1.1.1/lib/libssl.so.1.1)
>     by 0xAFA6937: SSL_do_handshake (in /opt/openssl/1.1.1/lib/libssl.so.1.1)
>     by 0xAD64C2C: sncr_tls_negotiation_ex (tls_openssl.c:1766)
>     by 0xAD64D84: sncr_tls_negotiation (tls_openssl.c:1846)
>     by 0x5A890E: run_smtp_server (receiver.c:1367)
>     by 0x5A55A2: smtp_recv_thread (receiver.c:326)
>     by 0x73158F: generic_worker_thread (threads.c:301)
>     by 0x546BDD4: start_thread (in /usr/lib64/libpthread-2.17.so)
>     by 0x61A502C: clone (in /usr/lib64/libc-2.17.so)
>   Uninitialised value was created by a stack allocation
>     at 0xB3B5000: rand_drbg_get_nonce (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
> 
>  Conditional jump or move depends on uninitialised value(s)
>     at 0x4C30DE5: memset (vg_replace_strmem.c:1252)
>     by 0xB389872: CRYPTO_zalloc (in /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB2C3BDA: bn_expand2 (in /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB2CACFD: bn_lshift_fixed_top (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB2BCC61: bn_div_fixed_top (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB2BD081: BN_div (in /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB2C054E: int_bn_mod_inverse (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB2BC0B5: BN_BLINDING_create_param (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB3BDAB0: RSA_setup_blinding (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB3C276A: rsa_ossl_private_encrypt (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB3C4FE2: pkey_rsa_sign (in /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB37A716: EVP_DigestSignFinal (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xAFC4413: tls_construct_cert_verify (in
> /opt/openssl/1.1.1/lib/libssl.so.1.1)
>     by 0xAFBB526: state_machine (in /opt/openssl/1.1.1/lib/libssl.so.1.1)
>     by 0xAFA6937: SSL_do_handshake (in /opt/openssl/1.1.1/lib/libssl.so.1.1)
>     by 0xAD64C2C: sncr_tls_negotiation_ex (tls_openssl.c:1766)
>     by 0xAD64D84: sncr_tls_negotiation (tls_openssl.c:1846)
>     by 0x5A890E: run_smtp_server (receiver.c:1367)
>     by 0x5A55A2: smtp_recv_thread (receiver.c:326)
>     by 0x73158F: generic_worker_thread (threads.c:301)
>     by 0x546BDD4: start_thread (in /usr/lib64/libpthread-2.17.so)
>     by 0x61A502C: clone (in /usr/lib64/libc-2.17.so)
>   Uninitialised value was created by a stack allocation
>     at 0xB3B5000: rand_drbg_get_nonce (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
> 
> 
> Conditional jump or move depends on uninitialised value(s)
>     at 0xB2C4070: bn_correct_top (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB2C5397: BN_mod_mul_montgomery (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB3C2704: rsa_ossl_private_encrypt (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB3C4FE2: pkey_rsa_sign (in /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB37A716: EVP_DigestSignFinal (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xAFC4413: tls_construct_cert_verify (in
> /opt/openssl/1.1.1/lib/libssl.so.1.1)
>     by 0xAFBB526: state_machine (in /opt/openssl/1.1.1/lib/libssl.so.1.1)
>     by 0xAFA6937: SSL_do_handshake (in /opt/openssl/1.1.1/lib/libssl.so.1.1)
>     by 0xAD64C2C: sncr_tls_negotiation_ex (tls_openssl.c:1766)
>     by 0xAD64D84: sncr_tls_negotiation (tls_openssl.c:1846)
>     by 0x5A890E: run_smtp_server (receiver.c:1367)
>     by 0x5A55A2: smtp_recv_thread (receiver.c:326)
>     by 0x73158F: generic_worker_thread (threads.c:301)
>     by 0x546BDD4: start_thread (in /usr/lib64/libpthread-2.17.so)
>     by 0x61A502C: clone (in /usr/lib64/libc-2.17.so)
>   Uninitialised value was created by a stack allocation
>     at 0xB3E2363: sha256_block_data_order_avx2 (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
> 
> 
> There are many, many of these errors with varying  backtraces shown.
> 
> But the common  function seems to be either sha256_block_data_order_avx2 or
> rand_drbg_get_nonce
> I've read somewhere that  compiling OpenSSL with -DPURIFY would help remove
> these errors.
> 
> However, looking at the CHANGES document which comes with the source I see
> the below change in 1.1.0:
> 
> *) Always DPURIFY. Remove the use of uninitialized memory in the
> RNG, and other conditional uses of DPURIFY. This makes -DPURIFY a no-op.
> [Emilia Käsper]
> 
> So does this mean that -DPURIFY  is enabled by default?
> 
> If so, why am I seeing  these valgrind errors?
> 
> I've shown   the output of my openssl version -a  below.
> 
> I could put in suppressions for these valgrind errors but there are so many
> and affect so many areas that it would almost make my valgrind  tests
> useless.

  Sorry for it being kind of a troll,
  but in that matter one has to remember
  what someone at debian obtained
  when trying to satisfy valgrind with openssl.
  (He almost killed the PRNG, 
   and the bug remained from september 2006 to may 2008).

  So only go this way being skilled and cautious...

> Looking forward to any help,
> 
> Tim
> 
> 
> OpenSSL 1.1.1c 28 May 2019
> platform: linux-x86_64 
> options: bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr) 
> compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3
> -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ
> -DOPENSSL_IA32_SSE2 -DOPE
> NSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM
> -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM
> -DVPAES_A
> SM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM
> -DNDEBUG 
> OPENSSLDIR: "/opt/openssl/1.1.1" 
> ENGINESDIR: "/opt/openssl/1.1.1/lib/engines-1.1" 
> Seeding source: os-specific
> 

-- 
  Eric Deplagne
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20191009/ae36386c/attachment.sig>

More information about the openssl-users mailing list