Re: cvs commit: openssl/crypto/dsa dsa_lib.c

Sat, 28 Jul 2001 14:46:14 -0700 

On Sat, Jul 28, 2001 at 07:09:41PM +0100, Ben Laurie wrote:
> [EMAIL PROTECTED] wrote:
> >   Log:
> >   Fix problem occuring when used from OpenSSH on Solaris 8.
> >   +  *) Initialize static variable in crypto/dsa/dsa_lib.c explicitely to
> >   +     NULL, as at least on Solaris 8 this seems not to be done automatically
> >   +     (in contradiction to the requirements of the C standard).
> >   +     This made problems when used from OpenSSH.
> >   +     [Lutz Jaenicke]
> 
> I really don't believe this! Are you sure? Have you get a test case?

We had a quite longish discussion about this issue on openssh-unix-dev.
Thread: Debugging ssh-keygen dsa on Solaris8.
Scott Burch <[EMAIL PROTECTED]> reported, that ssh-keygen (with 0.9.6b)
would fail with a core dump but would run with 0.9.5. From a stack
trace produced it was obvious, that the only possible explanation
would be an uninitialized static. After applying the fix, ssh-keygen
worked flawlessly. (The same construct was in dh_lib.c and as expected,
Scott Burch also ran into it when building connections for the first time.)

Andy Polyakov suspects, that the change in behaviour between 0.9.5
and 0.9.6 is the permanent build with PIC enabled. This is clearly
a bug in the runtime environment and/or loader (the problem occurs
with both Sun's compiler and gcc, so it is not a compiler issue).
It may well be possible that the behaviour may depend on the patch level.
I don't have Suns around, so I don't have a clue about their setup.
Other people running other patch levels could not reproduce the problem.
BTW. There was a posting several weeks ago from David Edward Shapiro
<[EMAIL PROTECTED]> about dsatest problems that nobody
could reproduce or explain [[EMAIL PROTECTED]: dsatest failure]
I would consider it to be a possiblity, that the problem was related
to this effect.

The fixes I applied do not hurt anybody. In fact, most statics in
OpenSSL are explicitly initialized to 0 even if it would not be needed
according to the standard. I even think it improves readability.
Interestingly, in rsa/rsa_lib.c, the corresponding pointer was explicitly
initialized. Maybe we would have heard about this problem earlier, as RSA
is far used far more often...

Best regards,
        Lutz
-- 
Lutz Jaenicke                             [EMAIL PROTECTED]
BTU Cottbus               http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik                  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus              Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to