building OpenSSL 1.1.1 with -DPURIFY

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

building OpenSSL 1.1.1 with -DPURIFY

tim.j.culhane
Hi,

I've built  OpenSSL 1.1.1c locally on my 64 bit CentOS 7 server.

My application  links with the libraries  contained in this build.

When running tests for my application under valgrind I'm seeing lots of
errors like the  below:

Use of uninitialised value of size 8
    at 0x4C30DDF: memset (vg_replace_strmem.c:1252)
    by 0xB389872: CRYPTO_zalloc (in /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
    by 0xB2C3BDA: bn_expand2 (in /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
    by 0xB2CACFD: bn_lshift_fixed_top (in
/opt/openssl/1.1.1/lib/libcrypto.so.1.1)
    by 0xB2BCC61: bn_div_fixed_top (in
/opt/openssl/1.1.1/lib/libcrypto.so.1.1)
    by 0xB2BD081: BN_div (in /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
    by 0xB2C054E: int_bn_mod_inverse (in
/opt/openssl/1.1.1/lib/libcrypto.so.1.1)
    by 0xB2BC0B5: BN_BLINDING_create_param (in
/opt/openssl/1.1.1/lib/libcrypto.so.1.1)
    by 0xB3BDAB0: RSA_setup_blinding (in
/opt/openssl/1.1.1/lib/libcrypto.so.1.1)
    by 0xB3C276A: rsa_ossl_private_encrypt (in
/opt/openssl/1.1.1/lib/libcrypto.so.1.1)
    by 0xB3C4FE2: pkey_rsa_sign (in /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
    by 0xB37A716: EVP_DigestSignFinal (in
/opt/openssl/1.1.1/lib/libcrypto.so.1.1)
    by 0xAFC4413: tls_construct_cert_verify (in
/opt/openssl/1.1.1/lib/libssl.so.1.1)
    by 0xAFBB526: state_machine (in /opt/openssl/1.1.1/lib/libssl.so.1.1)
    by 0xAFA6937: SSL_do_handshake (in /opt/openssl/1.1.1/lib/libssl.so.1.1)
    by 0xAD64C2C: sncr_tls_negotiation_ex (tls_openssl.c:1766)
    by 0xAD64D84: sncr_tls_negotiation (tls_openssl.c:1846)
    by 0x5A890E: run_smtp_server (receiver.c:1367)
    by 0x5A55A2: smtp_recv_thread (receiver.c:326)
    by 0x73158F: generic_worker_thread (threads.c:301)
    by 0x546BDD4: start_thread (in /usr/lib64/libpthread-2.17.so)
    by 0x61A502C: clone (in /usr/lib64/libc-2.17.so)
  Uninitialised value was created by a stack allocation
    at 0xB3B5000: rand_drbg_get_nonce (in
/opt/openssl/1.1.1/lib/libcrypto.so.1.1)

 Conditional jump or move depends on uninitialised value(s)
    at 0x4C30DE5: memset (vg_replace_strmem.c:1252)
    by 0xB389872: CRYPTO_zalloc (in /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
    by 0xB2C3BDA: bn_expand2 (in /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
    by 0xB2CACFD: bn_lshift_fixed_top (in
/opt/openssl/1.1.1/lib/libcrypto.so.1.1)
    by 0xB2BCC61: bn_div_fixed_top (in
/opt/openssl/1.1.1/lib/libcrypto.so.1.1)
    by 0xB2BD081: BN_div (in /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
    by 0xB2C054E: int_bn_mod_inverse (in
/opt/openssl/1.1.1/lib/libcrypto.so.1.1)
    by 0xB2BC0B5: BN_BLINDING_create_param (in
/opt/openssl/1.1.1/lib/libcrypto.so.1.1)
    by 0xB3BDAB0: RSA_setup_blinding (in
/opt/openssl/1.1.1/lib/libcrypto.so.1.1)
    by 0xB3C276A: rsa_ossl_private_encrypt (in
/opt/openssl/1.1.1/lib/libcrypto.so.1.1)
    by 0xB3C4FE2: pkey_rsa_sign (in /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
    by 0xB37A716: EVP_DigestSignFinal (in
/opt/openssl/1.1.1/lib/libcrypto.so.1.1)
    by 0xAFC4413: tls_construct_cert_verify (in
/opt/openssl/1.1.1/lib/libssl.so.1.1)
    by 0xAFBB526: state_machine (in /opt/openssl/1.1.1/lib/libssl.so.1.1)
    by 0xAFA6937: SSL_do_handshake (in /opt/openssl/1.1.1/lib/libssl.so.1.1)
    by 0xAD64C2C: sncr_tls_negotiation_ex (tls_openssl.c:1766)
    by 0xAD64D84: sncr_tls_negotiation (tls_openssl.c:1846)
    by 0x5A890E: run_smtp_server (receiver.c:1367)
    by 0x5A55A2: smtp_recv_thread (receiver.c:326)
    by 0x73158F: generic_worker_thread (threads.c:301)
    by 0x546BDD4: start_thread (in /usr/lib64/libpthread-2.17.so)
    by 0x61A502C: clone (in /usr/lib64/libc-2.17.so)
  Uninitialised value was created by a stack allocation
    at 0xB3B5000: rand_drbg_get_nonce (in
/opt/openssl/1.1.1/lib/libcrypto.so.1.1)


Conditional jump or move depends on uninitialised value(s)
    at 0xB2C4070: bn_correct_top (in
/opt/openssl/1.1.1/lib/libcrypto.so.1.1)
    by 0xB2C5397: BN_mod_mul_montgomery (in
/opt/openssl/1.1.1/lib/libcrypto.so.1.1)
    by 0xB3C2704: rsa_ossl_private_encrypt (in
/opt/openssl/1.1.1/lib/libcrypto.so.1.1)
    by 0xB3C4FE2: pkey_rsa_sign (in /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
    by 0xB37A716: EVP_DigestSignFinal (in
/opt/openssl/1.1.1/lib/libcrypto.so.1.1)
    by 0xAFC4413: tls_construct_cert_verify (in
/opt/openssl/1.1.1/lib/libssl.so.1.1)
    by 0xAFBB526: state_machine (in /opt/openssl/1.1.1/lib/libssl.so.1.1)
    by 0xAFA6937: SSL_do_handshake (in /opt/openssl/1.1.1/lib/libssl.so.1.1)
    by 0xAD64C2C: sncr_tls_negotiation_ex (tls_openssl.c:1766)
    by 0xAD64D84: sncr_tls_negotiation (tls_openssl.c:1846)
    by 0x5A890E: run_smtp_server (receiver.c:1367)
    by 0x5A55A2: smtp_recv_thread (receiver.c:326)
    by 0x73158F: generic_worker_thread (threads.c:301)
    by 0x546BDD4: start_thread (in /usr/lib64/libpthread-2.17.so)
    by 0x61A502C: clone (in /usr/lib64/libc-2.17.so)
  Uninitialised value was created by a stack allocation
    at 0xB3E2363: sha256_block_data_order_avx2 (in
/opt/openssl/1.1.1/lib/libcrypto.so.1.1)


There are many, many of these errors with varying  backtraces shown.

But the common  function seems to be either sha256_block_data_order_avx2 or
rand_drbg_get_nonce
I've read somewhere that  compiling OpenSSL with -DPURIFY would help remove
these errors.

However, looking at the CHANGES document which comes with the source I see
the below change in 1.1.0:

*) Always DPURIFY. Remove the use of uninitialized memory in the
RNG, and other conditional uses of DPURIFY. This makes -DPURIFY a no-op.
[Emilia Käsper]

So does this mean that -DPURIFY  is enabled by default?

If so, why am I seeing  these valgrind errors?

I've shown   the output of my openssl version -a  below.

I could put in suppressions for these valgrind errors but there are so many
and affect so many areas that it would almost make my valgrind  tests
useless.

Looking forward to any help,

Tim


OpenSSL 1.1.1c 28 May 2019
platform: linux-x86_64
options: bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3
-DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ
-DOPENSSL_IA32_SSE2 -DOPE
NSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM
-DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM
-DVPAES_A
SM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM
-DNDEBUG
OPENSSLDIR: "/opt/openssl/1.1.1"
ENGINESDIR: "/opt/openssl/1.1.1/lib/engines-1.1"
Seeding source: os-specific

Reply | Threaded
Open this post in threaded view
|

Re: building OpenSSL 1.1.1 with -DPURIFY

Eric Deplagne-4
On Wed, 09 Oct 2019 11:37:02 +0100, [hidden email] wrote:

> Hi,
>
> I've built  OpenSSL 1.1.1c locally on my 64 bit CentOS 7 server.
>
> My application  links with the libraries  contained in this build.
>
> When running tests for my application under valgrind I'm seeing lots of
> errors like the  below:
>
> Use of uninitialised value of size 8
>     at 0x4C30DDF: memset (vg_replace_strmem.c:1252)
>     by 0xB389872: CRYPTO_zalloc (in /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB2C3BDA: bn_expand2 (in /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB2CACFD: bn_lshift_fixed_top (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB2BCC61: bn_div_fixed_top (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB2BD081: BN_div (in /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB2C054E: int_bn_mod_inverse (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB2BC0B5: BN_BLINDING_create_param (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB3BDAB0: RSA_setup_blinding (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB3C276A: rsa_ossl_private_encrypt (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB3C4FE2: pkey_rsa_sign (in /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB37A716: EVP_DigestSignFinal (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xAFC4413: tls_construct_cert_verify (in
> /opt/openssl/1.1.1/lib/libssl.so.1.1)
>     by 0xAFBB526: state_machine (in /opt/openssl/1.1.1/lib/libssl.so.1.1)
>     by 0xAFA6937: SSL_do_handshake (in /opt/openssl/1.1.1/lib/libssl.so.1.1)
>     by 0xAD64C2C: sncr_tls_negotiation_ex (tls_openssl.c:1766)
>     by 0xAD64D84: sncr_tls_negotiation (tls_openssl.c:1846)
>     by 0x5A890E: run_smtp_server (receiver.c:1367)
>     by 0x5A55A2: smtp_recv_thread (receiver.c:326)
>     by 0x73158F: generic_worker_thread (threads.c:301)
>     by 0x546BDD4: start_thread (in /usr/lib64/libpthread-2.17.so)
>     by 0x61A502C: clone (in /usr/lib64/libc-2.17.so)
>   Uninitialised value was created by a stack allocation
>     at 0xB3B5000: rand_drbg_get_nonce (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>
>  Conditional jump or move depends on uninitialised value(s)
>     at 0x4C30DE5: memset (vg_replace_strmem.c:1252)
>     by 0xB389872: CRYPTO_zalloc (in /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB2C3BDA: bn_expand2 (in /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB2CACFD: bn_lshift_fixed_top (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB2BCC61: bn_div_fixed_top (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB2BD081: BN_div (in /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB2C054E: int_bn_mod_inverse (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB2BC0B5: BN_BLINDING_create_param (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB3BDAB0: RSA_setup_blinding (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB3C276A: rsa_ossl_private_encrypt (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB3C4FE2: pkey_rsa_sign (in /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB37A716: EVP_DigestSignFinal (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xAFC4413: tls_construct_cert_verify (in
> /opt/openssl/1.1.1/lib/libssl.so.1.1)
>     by 0xAFBB526: state_machine (in /opt/openssl/1.1.1/lib/libssl.so.1.1)
>     by 0xAFA6937: SSL_do_handshake (in /opt/openssl/1.1.1/lib/libssl.so.1.1)
>     by 0xAD64C2C: sncr_tls_negotiation_ex (tls_openssl.c:1766)
>     by 0xAD64D84: sncr_tls_negotiation (tls_openssl.c:1846)
>     by 0x5A890E: run_smtp_server (receiver.c:1367)
>     by 0x5A55A2: smtp_recv_thread (receiver.c:326)
>     by 0x73158F: generic_worker_thread (threads.c:301)
>     by 0x546BDD4: start_thread (in /usr/lib64/libpthread-2.17.so)
>     by 0x61A502C: clone (in /usr/lib64/libc-2.17.so)
>   Uninitialised value was created by a stack allocation
>     at 0xB3B5000: rand_drbg_get_nonce (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>
>
> Conditional jump or move depends on uninitialised value(s)
>     at 0xB2C4070: bn_correct_top (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB2C5397: BN_mod_mul_montgomery (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB3C2704: rsa_ossl_private_encrypt (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB3C4FE2: pkey_rsa_sign (in /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xB37A716: EVP_DigestSignFinal (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>     by 0xAFC4413: tls_construct_cert_verify (in
> /opt/openssl/1.1.1/lib/libssl.so.1.1)
>     by 0xAFBB526: state_machine (in /opt/openssl/1.1.1/lib/libssl.so.1.1)
>     by 0xAFA6937: SSL_do_handshake (in /opt/openssl/1.1.1/lib/libssl.so.1.1)
>     by 0xAD64C2C: sncr_tls_negotiation_ex (tls_openssl.c:1766)
>     by 0xAD64D84: sncr_tls_negotiation (tls_openssl.c:1846)
>     by 0x5A890E: run_smtp_server (receiver.c:1367)
>     by 0x5A55A2: smtp_recv_thread (receiver.c:326)
>     by 0x73158F: generic_worker_thread (threads.c:301)
>     by 0x546BDD4: start_thread (in /usr/lib64/libpthread-2.17.so)
>     by 0x61A502C: clone (in /usr/lib64/libc-2.17.so)
>   Uninitialised value was created by a stack allocation
>     at 0xB3E2363: sha256_block_data_order_avx2 (in
> /opt/openssl/1.1.1/lib/libcrypto.so.1.1)
>
>
> There are many, many of these errors with varying  backtraces shown.
>
> But the common  function seems to be either sha256_block_data_order_avx2 or
> rand_drbg_get_nonce
> I've read somewhere that  compiling OpenSSL with -DPURIFY would help remove
> these errors.
>
> However, looking at the CHANGES document which comes with the source I see
> the below change in 1.1.0:
>
> *) Always DPURIFY. Remove the use of uninitialized memory in the
> RNG, and other conditional uses of DPURIFY. This makes -DPURIFY a no-op.
> [Emilia Käsper]
>
> So does this mean that -DPURIFY  is enabled by default?
>
> If so, why am I seeing  these valgrind errors?
>
> I've shown   the output of my openssl version -a  below.
>
> I could put in suppressions for these valgrind errors but there are so many
> and affect so many areas that it would almost make my valgrind  tests
> useless.
  Sorry for it being kind of a troll,
  but in that matter one has to remember
  what someone at debian obtained
  when trying to satisfy valgrind with openssl.
  (He almost killed the PRNG,
   and the bug remained from september 2006 to may 2008).

  So only go this way being skilled and cautious...

> Looking forward to any help,
>
> Tim
>
>
> OpenSSL 1.1.1c 28 May 2019
> platform: linux-x86_64
> options: bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr)
> compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3
> -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ
> -DOPENSSL_IA32_SSE2 -DOPE
> NSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM
> -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM
> -DVPAES_A
> SM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM
> -DNDEBUG
> OPENSSLDIR: "/opt/openssl/1.1.1"
> ENGINESDIR: "/opt/openssl/1.1.1/lib/engines-1.1"
> Seeding source: os-specific
>
--
  Eric Deplagne

signature.asc (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: building OpenSSL 1.1.1 with -DPURIFY

OpenSSL - User mailing list
Emilia's work removed the need to add -DPURIFY; you never need to add it.

Note that the BN code is clever, it doesn't bother to zero everything when it knows which bits within a word it is using.

 

Reply | Threaded
Open this post in threaded view
|

Re: building OpenSSL 1.1.1 with -DPURIFY

Tomas Mraz-2
In reply to this post by tim.j.culhane
On Wed, 2019-10-09 at 11:37 +0100, [hidden email] wrote:
> Hi,
>
> I've built  OpenSSL 1.1.1c locally on my 64 bit CentOS 7 server.
>
> My application  links with the libraries  contained in this build.
>
> When running tests for my application under valgrind I'm seeing lots
> of
> errors like the  below:

You can either try 1.1.1d or the patch from
https://github.com/openssl/openssl/pull/9217

It should solve the problem.

--
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]


Reply | Threaded
Open this post in threaded view
|

RE: building OpenSSL 1.1.1 with -DPURIFY

tim.j.culhane
Hi Tomás

I've downloaded and build openssl 1.1.1d.

However, when I run the tests there appears to be failures.

Extract of the make test output  below:


../test/recipes/20-test_enc.t ......................
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/172 subtests

Test summary shows:


Test Summary Report
-------------------
../test/recipes/20-test_enc.t                    (Wstat: 256 Tests: 172 Failed: 1)
  Failed test:  171
  Non-zero exit status: 1
Files=155, Tests=1457, 97 wallclock secs ( 1.74 usr  0.17 sys + 85.00 cusr 21.23 csys = 108.14 CPU)
Result: FAIL
gmake[1]: *** [_tests] Error 1
gmake[1]: Leaving directory `/root/openssl-1.1.1d'
gmake: *** [tests] Error 2


Is this something I need to resolve  before installing 1.1.1d and if so how can I resolve the test failures?

Thanks,

Tim

-----Original Message-----
From: Tomas Mraz <[hidden email]>
Sent: Wednesday 9 October 2019 14:30
To: [hidden email]; [hidden email]
Subject: Re: building OpenSSL 1.1.1 with -DPURIFY

On Wed, 2019-10-09 at 11:37 +0100, [hidden email] wrote:
> Hi,
>
> I've built  OpenSSL 1.1.1c locally on my 64 bit CentOS 7 server.
>
> My application  links with the libraries  contained in this build.
>
> When running tests for my application under valgrind I'm seeing lots
> of errors like the  below:

You can either try 1.1.1d or the patch from
https://github.com/openssl/openssl/pull/9217

It should solve the problem.

--
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb [You'll know whether the road is wrong if you carefully listen to your conscience.]



Reply | Threaded
Open this post in threaded view
|

AW: building OpenSSL 1.1.1 with -DPURIFY

Matthias St. Pierre
Hi Tim,

> However, when I run the tests there appears to be failures.
>
> Extract of the make test output  below:
>
>
> ../test/recipes/20-test_enc.t ......................
> Dubious, test returned 1 (wstat 256, 0x100)
> Failed 1/172 subtests

Your test failure looks like issue
https://github.com/openssl/openssl/issues/9866

which was fixed by Tomas in commit
https://github.com/openssl/openssl/commit/86ed78676c660b553696cc10c682962522dfeb6c

The easiest way to obtain the fix is to update to the current head of the 1.1.1. stable branch.
https://github.com/openssl/openssl/commits/OpenSSL_1_0_1-stable

Regards,
Matthias

Reply | Threaded
Open this post in threaded view
|

Re: AW: building OpenSSL 1.1.1 with -DPURIFY

Matt Caswell-2


On 09/10/2019 22:57, Dr. Matthias St. Pierre wrote:

> Hi Tim,
>
>> However, when I run the tests there appears to be failures.
>>
>> Extract of the make test output  below:
>>
>>
>> ../test/recipes/20-test_enc.t ......................
>> Dubious, test returned 1 (wstat 256, 0x100)
>> Failed 1/172 subtests
>
> Your test failure looks like issue
> https://github.com/openssl/openssl/issues/9866
>
> which was fixed by Tomas in commit
> https://github.com/openssl/openssl/commit/86ed78676c660b553696cc10c682962522dfeb6c
>
> The easiest way to obtain the fix is to update to the current head of the 1.1.1. stable branch.
> https://github.com/openssl/openssl/commits/OpenSSL_1_0_1-stable

I think you meant to link to the 1.1.1 branch not 1.0.1!

https://github.com/openssl/openssl/commits/OpenSSL_1_1_1-stable

Matt


>
> Regards,
> Matthias
>
Reply | Threaded
Open this post in threaded view
|

RE: building OpenSSL 1.1.1 with -DPURIFY

tim.j.culhane
In reply to this post by Matthias St. Pierre
Hi all,

Glad to report that using the latest 1.1.1 stable build from git, all tests pass successfully and also my issue with the valgrind issues is resolved.

Many thanks for your prompt help.

Tim


-----Original Message-----
From: Dr. Matthias St. Pierre <[hidden email]>
Sent: Wednesday 9 October 2019 22:58
To: [hidden email]; 'Tomas Mraz' <[hidden email]>; [hidden email]
Subject: AW: building OpenSSL 1.1.1 with -DPURIFY

Hi Tim,

> However, when I run the tests there appears to be failures.
>
> Extract of the make test output  below:
>
>
> ../test/recipes/20-test_enc.t ......................
> Dubious, test returned 1 (wstat 256, 0x100) Failed 1/172 subtests

Your test failure looks like issue
https://github.com/openssl/openssl/issues/9866

which was fixed by Tomas in commit
https://github.com/openssl/openssl/commit/86ed78676c660b553696cc10c682962522dfeb6c

The easiest way to obtain the fix is to update to the current head of the 1.1.1. stable branch.
https://github.com/openssl/openssl/commits/OpenSSL_1_0_1-stable

Regards,
Matthias



Dr. Matthias St. Pierre
Senior Software Engineer
[hidden email]
Phone: +49 911 9968-0
 www.ncp-e.com

Headquarters Germany: NCP engineering GmbH • Dombuehler Str. 2 • 90449 • Nuremberg North American HQ: NCP engineering Inc. • 678 Georgia Ave. • Sunnyvale, CA 94085 East Coast Office: NCP engineering Inc. • 601 Cleveland Str., Suite 501-25 • Clearwater, FL 33755

Authorized representatives: Peter Soell, Patrick Oliver Graf, Beate Dietrich Registry Court: Lower District Court of Nuremberg Commercial register No.: HRB 7786 Nuremberg, VAT identification No.: DE 133557619

This e-mail message including any attachments is for the sole use of the intended recipient(s) and may contain privileged or confidential information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately contact the sender by reply e-mail and delete the original message and destroy all copies thereof.

Reply | Threaded
Open this post in threaded view
|

AW: AW: building OpenSSL 1.1.1 with -DPURIFY

Matthias St. Pierre
In reply to this post by Matt Caswell-2
> > The easiest way to obtain the fix is to update to the current head of the 1.1.1. stable branch.
> > https://github.com/openssl/openssl/commits/OpenSSL_1_0_1-stable
>
> I think you meant to link to the 1.1.1 branch not 1.0.1!
>
> https://github.com/openssl/openssl/commits/OpenSSL_1_1_1-stable
>
> Matt

You are right, thanks for the correction. I must have selected the wrong entry in the GitHub branch
selection box without noticing it. Fortunately, Tim didn't follow my advice blindly ;-)

Matthias