warnings from valgrind about openssl as used by CPython
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenSSL |
Invalid
|
Unknown
|
|||
Python |
Fix Released
|
Unknown
|
|||
pycryptopp |
Fix Released
|
Unknown
|
|||
openssl (Fedora) |
New
|
Undecided
|
Unassigned | ||
pycryptopp (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
The buildbot for the Tahoe-LAFS and pycryptopp projects runs CPython under valgrind on Fedora, and valgrind emits warnings like this:
==30127== Conditional jump or move depends on uninitialised value(s)
==30127== at 0x4C2AD01: bcmp (mc_replace_
==30127== by 0xC1D1646: fips_get_entropy (fips_drbg_
==30127== by 0xC1D1D6E: FIPS_drbg_
==30127== by 0xC15F590: RAND_init_fips (rand_lib.c:286)
==30127== by 0xC0F54D3: OPENSSL_
==30127== by 0xBE76AF8: SSL_library_init (ssl_algs.c:68)
==30127== by 0xBC2B39D: init_hashlib (in /usr/lib64/
==30127== by 0x4F1DB00: _PyImport_
You can see the full output from such a buildbot run here:
Here is information about the versions of software involved:
The owner of the buildslave machine says that the openssl package was "openssl-
Not having looked closer, I assume this is just a case of using uninitialized memory as part of the initialization of the PRNG. Accordingly, I wrote suppressions stanzas for our valgrind suppressions file, which made the warnings go away.
Here are the suppression expressions:
# generated on buildbot.
# Fedora's package "openssl-
{
buildbot.
Memcheck:Cond
fun:bcmp
fun:
fun:
fun:
fun:
fun:
fun:init_hashlib
}
{
buildbot.
Memcheck:Cond
fun:
fun:
fun:
fun:
fun:
fun:init_hashlib
}
{
buildbot.
Memcheck:Value8
fun:
fun:AES_encrypt
}
Changed in python: | |
status: | Unknown → Fix Released |
Changed in pycryptopp: | |
status: | Unknown → Fix Released |
Changed in openssl: | |
status: | Unknown → Invalid |
The attachment "cpython- openssl101. supp" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-reviewers team please also unsubscribe the team from this bug report.
[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]