Re: [openssl.org #1595] [Bug] Text relocations in optimized libcrypto.so

[Kurt Roeckx]

On Mon, Oct 22, 2007 at 12:07:30PM +0200, Simon Vallet via RT wrote:
> Hi,
> 
> On 10/22/07, Andy Polyakov via RT <[EMAIL PROTECTED]> wrote:
> 
> > > avc:  denied  { execmod } for  pid=1875 comm="ntpdate" \
> > >     path="/usr/lib/i686/cmov/libcrypto.so.0.9.8" dev=sda8 ino=325290 \
> > >     scontext=system_u:system_r:initrc_t:s0 \
> > >     tcontext=system_u:object_r:lib_t:s0 tclass=file
> >
> > How do you map this message to "still contain text relocations"?
> 
> 
> Well, I don't have access to the box right now, but running
> eu-findtextrel (http://people.redhat.com/drepper/textrelocs.html)
> on the optimized .so files indicates that some object files contain
> such relocations

On a Debian system, I see:
objdump -p /usr/lib/i686/cmov/libcrypto.so.0.9.8 |grep TEXTREL
  TEXTREL     0x0

$ eu-findtextrel /usr/lib/i686/cmov/libcrypto.so.0.9.8
either the file containing the function '_init' or the file containing the 
function 'CRYPTO_num_locks' is not compiled with -fpic/-fPIC
the file containing the function 'DES_encrypt3' is not compiled with 
-fpic/-fPICthe file containing the function 'DES_decrypt3' is not compiled with 
-fpic/-fPICthe file containing the function 'DES_ncbc_encrypt' is not compiled 
with -fpic/-fPIC
the file containing the function 'DES_ede3_cbc_encrypt' is not compiled with 
-fpic/-fPIC
the file containing the function 'AES_encrypt' is not compiled with -fpic/-fPIC
the file containing the function 'AES_cbc_encrypt' is not compiled with 
-fpic/-fPIC
the file containing the function 'AES_decrypt' is not compiled with -fpic/-fPIC
the file containing the function 'AES_set_decrypt_key' is not compiled with 
-fpic/-fPIC
the file containing the function 'BF_cbc_encrypt' is not compiled with 
-fpic/-fPIC

$ eu-findtextrel /usr/lib/i686/cmov/libssl.so.0.9.8
eu-findtextrel: no text relocations reported in 
'/usr/lib/i686/cmov/libssl.so.0.9.8'

All files were build using -fPIC and -Wa,--noexecstack

The 486, 586 and 686 version all have the text relocations,
the 386 (that doesn't use any assembler) doesn't have it.

A full build log is available on:
http://buildd.debian.org/fetch.cgi?pkg=openssl;ver=0.9.8g-1;arch=i386;stamp=1192885956


> > Looking at the build system, it seems the culprits are the following
> > > files:
> > >
> > > crypto/x86cpuid-elf.s
> > > crypto/des/dx86-elf.s
> > > crypto/aes/ax86-elf.s
> > > crypto/bf/bx86-elf.s
> >
> > Well, these .o files can contain relocations, but they get resolved and
> > *disappear* when libcrypto.so is linked. If you want confirmation that
> > they disappear run 'readelf -r libcrypto.so' and verify that no
> > relocations are accounted to .text segment [you'd have to run 'readelf
> > -e libcrypto.so' to find where .text is located].

Section Headers:
  [Nr] Name              Type            Addr     Off    Size   ES Flg Lk Inf Al
[...]
  [12] .text             PROGBITS        00045a40 045a40 0ce574 00  AX  0   0 64
  [13] .fini             PROGBITS        00113fb4 113fb4 00001c 00  AX  0   0  4

So .text goes from 0x00045a40 to 0x00113fb3

Relocation section '.rel.dyn' at offset 0x29ca8 contains 9054 entries:
 Offset     Info    Type            Sym.Value  Sym. Name
[...]
0006360c  000ce102 R_386_PC32        000626f0   DES_encrypt2
00063620  000ce102 R_386_PC32        000626f0   DES_encrypt2
00063634  000ce102 R_386_PC32        000626f0   DES_encrypt2
0006373c  000ce102 R_386_PC32        000626f0   DES_encrypt2
00063750  000ce102 R_386_PC32        000626f0   DES_encrypt2
00063764  000ce102 R_386_PC32        000626f0   DES_encrypt2
00063832  000cde02 R_386_PC32        000617c0   DES_encrypt1
0006389a  000cde02 R_386_PC32        000617c0   DES_encrypt1
000638cb  000cde02 R_386_PC32        000617c0   DES_encrypt1
00063917  000cde02 R_386_PC32        000617c0   DES_encrypt1
00063a1b  000ce302 R_386_PC32        00063580   DES_encrypt3
00063a83  000ce302 R_386_PC32        00063580   DES_encrypt3
00063abb  0009da02 R_386_PC32        000636b0   DES_decrypt3
00063b07  0009da02 R_386_PC32        000636b0   DES_decrypt3
00068973  000a8902 R_386_PC32        00067ec0   _x86_AES_encrypt
000696a6  000a8902 R_386_PC32        00067ec0   _x86_AES_encrypt
00069557  00021902 R_386_PC32        00068990   _x86_AES_decrypt
00069854  00021902 R_386_PC32        00068990   _x86_AES_decrypt
00069903  00021902 R_386_PC32        00068990   _x86_AES_decrypt
00069c7b  00090102 R_386_PC32        000699b0   AES_set_encrypt_key
0006be95  00018402 R_386_PC32        0006b600   BF_encrypt
0006bf05  00018402 R_386_PC32        0006b600   BF_encrypt
0006bf3f  000c3e02 R_386_PC32        0006ba20   BF_decrypt
0006bf93  000c3e02 R_386_PC32        0006ba20   BF_decrypt

There is also an:
0003ed81  00057d02 R_386_PC32        00045d40   OPENSSL_cpuid_setup

Which is in section .init


Kurt

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           [EMAIL PROTECTED]