lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-08-05 20:55:46 +03:00
Code Activity

libcrypto: disable AES-NI engine when running inside valgrind

Browse Source 
Valgrind detects many uninitialized memory false positives from
libcrypto's AES-NI internals. Roll back to software AES when running
tests.

Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Aris Adamantiadis
2017-06-09 22:47:36 +02:00
committed by Andreas Schneider
parent 8e002b9415
commit 55252e4d70
3 changed files with 25 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ConfigureChecks.cmake
View File

@@ -64,6 +64,7 @@ check_include_file(sys/param.h HAVE_SYS_PARAM_H)
check_include_file(arpa/inet.h HAVE_ARPA_INET_H) check_include_file(arpa/inet.h HAVE_ARPA_INET_H)
check_include_file(byteswap.h HAVE_BYTESWAP_H) check_include_file(byteswap.h HAVE_BYTESWAP_H)
check_include_file(glob.h HAVE_GLOB_H) check_include_file(glob.h HAVE_GLOB_H)
check_include_file(valgrind/valgrind.h HAVE_VALGRIND_VALGRIND_H)
if (WIN32) if (WIN32)
check_include_file(io.h HAVE_IO_H) check_include_file(io.h HAVE_IO_H)
@@ -128,6 +129,8 @@ if (OPENSSL_FOUND)
set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY}) set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
check_function_exists(RAND_priv_bytes HAVE_OPENSSL_RAND_PRIV_BYTES) check_function_exists(RAND_priv_bytes HAVE_OPENSSL_RAND_PRIV_BYTES)
check_function_exists(OPENSSL_ia32cap_loc HAVE_OPENSSL_IA32CAP_LOC)
unset(CMAKE_REQUIRED_INCLUDES) unset(CMAKE_REQUIRED_INCLUDES)
unset(CMAKE_REQUIRED_LIBRARIES) unset(CMAKE_REQUIRED_LIBRARIES)
endif() endif()

6
config.h.cmake
View File

@@ -23,6 +23,9 @@
/* Define to 1 if you have the <glob.h> header file. */ /* Define to 1 if you have the <glob.h> header file. */
#cmakedefine HAVE_GLOB_H 1 #cmakedefine HAVE_GLOB_H 1
/* Define to 1 if you have the <valgrind/valgrind.h> header file. */
#cmakedefine HAVE_VALGRIND_VALGRIND_H 1
/* Define to 1 if you have the <pty.h> header file. */ /* Define to 1 if you have the <pty.h> header file. */
#cmakedefine HAVE_PTY_H 1 #cmakedefine HAVE_PTY_H 1
@@ -112,6 +115,9 @@
/* Define to 1 if you have the `EVP_CIPHER_CTX_new' function. */ /* Define to 1 if you have the `EVP_CIPHER_CTX_new' function. */
#cmakedefine HAVE_OPENSSL_EVP_CIPHER_CTX_NEW 1 #cmakedefine HAVE_OPENSSL_EVP_CIPHER_CTX_NEW 1
/* Define to 1 if you have the `OPENSSL_ia32cap_loc' function. */
#cmakedefine HAVE_OPENSSL_IA32CAP_LOC 1
/* Define to 1 if you have the `snprintf' function. */ /* Define to 1 if you have the `snprintf' function. */
#cmakedefine HAVE_SNPRINTF 1 #cmakedefine HAVE_SNPRINTF 1

17
src/libcrypto.c
View File

@@ -58,6 +58,11 @@
#define OLD_CRYPTO #define OLD_CRYPTO
#endif #endif
#if (HAVE_VALGRIND_VALGRIND_H && HAVE_OPENSSL_IA32CAP_LOC)
#include <valgrind/valgrind.h>
#define CAN_DISABLE_AESNI
#endif
#include "libssh/crypto.h" #include "libssh/crypto.h"
struct ssh_mac_ctx_struct { struct ssh_mac_ctx_struct {
@@ -1059,7 +1064,17 @@ int ssh_crypto_init(void)
SSLeay_version(SSLeay()) SSLeay_version(SSLeay())
); );
} }
#ifdef CAN_DISABLE_AESNI
/*
* disable AES-NI when running within Valgrind, because they generate
* too many "uninitialized memory access" false positives
*/
if (RUNNING_ON_VALGRIND){
SSH_LOG(SSH_LOG_INFO, "Running within Valgrind, disabling AES-NI");
/* Bit #57 denotes AES-NI instruction set extension */
OPENSSL_ia32cap &= ~(1LL << 57);
}
#endif
OpenSSL_add_all_algorithms(); OpenSSL_add_all_algorithms();
for (i = 0; ssh_ciphertab[i].name != NULL; i++) { for (i = 0; ssh_ciphertab[i].name != NULL; i++) {