Hi,
I have prepared a new patch, which is supposed to work well with libc
provided by SUN. It also contains additional changes for t1_enc.c
file. The patch is in attachment.
I have also pinned the patch, provided by Stefan, though I have not
understood why it is necessary to patch the x509_def.c file.
Also, I have removed changes related to MemChecks from the patch.
Regards,
Alex.
On Fri, Jan 23, 2015 at 5:38 PM, stefan.n...@t-online.de
<stefan.n...@t-online.de> wrote:
> Hi,
>
> I tried to comment on the ticket via rt, but apparently there's more
> to it than just sending it to r...@openssl.org using a magic subject line
> (or maybe it doesn't like "subject:" being replaced by the localized
> "Betreff:" as the webmail-frontend I'm using apparently does?
>
> Anyway, let me retry via openssl-dev:
>
> First some comments on the original patch:
>> These strings undesirably reveal absolute paths to the source
>> files of libcrypto.
>
> 1. AFAIR not all versions of libc are happy with NULL being passed
> for a string in printf and related functions (IIRC, e.g. SUN libc crashes
> in such situations), so those NULLs should be replaced by
> something like "\0" or similar, shouldn't they?
> 2. Also, I wonder, if defining OPENSSL_assert(e) instead of calling
> OpenSSLDie without a filename really was intended.
> 3. Lastly, completely turning off MemChecks at the same time as
> removing these strings seems a bit dubious.
>
> Then I previously commented
>> Along the same line of reasoning, there are some strings that
>> reveal paths to your local installation directory (see
>> crypto/x509/x509_def.c). [...]
>
> For completeness, her is a trivial patch for that suggestion (reusing the
> same NDEBUG define).
>
> Regards,
> Stefan
>
>
>
> _______________________________________________
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>
--- openssl/crypto/x509/x509_def.c~ 2014-07-22 21:41:22.000000000 +0200
+++ openssl/crypto/x509/x509_def.c 2014-12-11 16:17:03.000000000 +0100
@@ -61,6 +61,12 @@
#include <openssl/crypto.h>
#include <openssl/x509.h>
+#ifdef NDEBUG
+#define return(a) return NULL;
+#else
+#define return(a) return a;
+#endif
+
const char *X509_get_default_private_dir(void)
{ return(X509_PRIVATE_DIR); }
Binary files openssl-orig/.git/index and openssl-work/.git/index differ
diff -ur openssl-orig/crypto/crypto.h openssl-work/crypto/crypto.h
--- openssl-orig/crypto/crypto.h 2015-01-26 14:53:44.000000000 +0300
+++ openssl-work/crypto/crypto.h 2015-01-26 14:25:53.000000000 +0300
@@ -235,16 +235,29 @@
# ifndef OPENSSL_NO_LOCKING
# ifndef CRYPTO_w_lock
-# define CRYPTO_w_lock(type) \
- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
-# define CRYPTO_w_unlock(type) \
- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
-# define CRYPTO_r_lock(type) \
- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
-# define CRYPTO_r_unlock(type) \
- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
-# define CRYPTO_add(addr,amount,type) \
- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
+# ifndef NDEBUG
+# define CRYPTO_w_lock(type) \
+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+# define CRYPTO_w_unlock(type) \
+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+# define CRYPTO_r_lock(type) \
+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+# define CRYPTO_r_unlock(type) \
+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+# define CRYPTO_add(addr,amount,type) \
+ CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
+# else
+# define CRYPTO_w_lock(type) \
+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,"\0",0)
+# define CRYPTO_w_unlock(type) \
+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,"\0",0)
+# define CRYPTO_r_lock(type) \
+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,"\0",0)
+# define CRYPTO_r_unlock(type) \
+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,"\0",0)
+# define CRYPTO_add(addr,amount,type) \
+ CRYPTO_add_lock(addr,amount,type,"\0",0)
+# endif
# endif
# else
# define CRYPTO_w_lock(a)
@@ -379,19 +392,33 @@
# define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
# define is_MemCheck_on() CRYPTO_is_mem_check_on()
-# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
-# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
-# define OPENSSL_realloc(addr,num) \
- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
-# define OPENSSL_realloc_clean(addr,old_num,num) \
- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
-# define OPENSSL_remalloc(addr,num) \
- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
+# ifndef NDEBUG
+# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
+# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
+# define OPENSSL_realloc(addr,num) \
+ CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
+# define OPENSSL_realloc_clean(addr,old_num,num) \
+ CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
+# define OPENSSL_remalloc(addr,num) \
+ CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
+# define OPENSSL_malloc_locked(num) \
+ CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
+# else
+# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,"\0",0)
+# define OPENSSL_strdup(str) CRYPTO_strdup((str),"\0",0)
+# define OPENSSL_realloc(addr,num) \
+ CRYPTO_realloc((char *)addr,(int)num,"\0",0)
+# define OPENSSL_realloc_clean(addr,old_num,num) \
+ CRYPTO_realloc_clean(addr,old_num,num,"\0",0)
+# define OPENSSL_remalloc(addr,num) \
+ CRYPTO_remalloc((char **)addr,(int)num,"\0",0)
+# define OPENSSL_malloc_locked(num) \
+ CRYPTO_malloc_locked((int)num,"\0",0)
+# endif
+
# define OPENSSL_freeFunc CRYPTO_free
# define OPENSSL_free(addr) CRYPTO_free(addr)
-# define OPENSSL_malloc_locked(num) \
- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
# define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
# define OPENSSL_MALLOC_MAX_NELEMS(type) (((1U<<(sizeof(int)*8-1))-1)/sizeof(type))
@@ -550,8 +577,13 @@
void CRYPTO_set_mem_debug_options(long bits);
long CRYPTO_get_mem_debug_options(void);
-# define CRYPTO_push_info(info) \
- CRYPTO_push_info_(info, __FILE__, __LINE__);
+# ifndef NDEBUG
+# define CRYPTO_push_info(info) \
+ CRYPTO_push_info_(info, __FILE__, __LINE__);
+# else
+# define CRYPTO_push_info(info) \
+ CRYPTO_push_info_(info, "\0", 0);
+# endif
int CRYPTO_push_info_(const char *info, const char *file, int line);
int CRYPTO_pop_info(void);
int CRYPTO_remove_all_info(void);
@@ -594,7 +626,11 @@
/* die if we have to */
void OpenSSLDie(const char *file, int line, const char *assertion);
-# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
+# ifndef NDEBUG
+# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
+# else
+# define OPENSSL_assert(e)
+# endif
unsigned int *OPENSSL_ia32cap_loc(void);
# define OPENSSL_ia32cap ((OPENSSL_ia32cap_loc())[0])
diff -ur openssl-orig/crypto/lock.c openssl-work/crypto/lock.c
--- openssl-orig/crypto/lock.c 2015-01-26 14:53:44.000000000 +0300
+++ openssl-work/crypto/lock.c 2015-01-26 14:25:53.000000000 +0300
@@ -257,7 +257,11 @@
return (0);
}
pointer->references = 1;
+#ifndef NDEBUG
pointer->data = dynlock_create_callback(__FILE__, __LINE__);
+#else
+ pointer->data = dynlock_create_callback("\0", 0);
+#endif
if (pointer->data == NULL) {
OPENSSL_free(pointer);
CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE);
@@ -283,7 +287,11 @@
CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
if (i == -1) {
+#ifndef NDEBUG
dynlock_destroy_callback(pointer->data, __FILE__, __LINE__);
+#else
+ dynlock_destroy_callback(pointer->data, "\0", 0);
+#endif
OPENSSL_free(pointer);
} else
i += 1; /* to avoid 0 */
@@ -322,7 +330,11 @@
CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
if (pointer) {
+#ifndef NDEBUG
dynlock_destroy_callback(pointer->data, __FILE__, __LINE__);
+#else
+ dynlock_destroy_callback(pointer->data, "\0", 0);
+#endif
OPENSSL_free(pointer);
}
}
diff -ur openssl-orig/engines/ccgost/e_gost_err.h openssl-work/engines/ccgost/e_gost_err.h
--- openssl-orig/engines/ccgost/e_gost_err.h 2015-01-26 14:53:44.000000000 +0300
+++ openssl-work/engines/ccgost/e_gost_err.h 2015-01-26 14:51:30.000000000 +0300
@@ -67,7 +67,11 @@
void ERR_load_GOST_strings(void);
void ERR_unload_GOST_strings(void);
void ERR_GOST_error(int function, int reason, char *file, int line);
-# define GOSTerr(f,r) ERR_GOST_error((f),(r),__FILE__,__LINE__)
+# ifndef OPENSSL_NO_ERR
+# define GOSTerr(f,r) ERR_GOST_error((f),(r),__FILE__,__LINE__)
+# else
+# define GOSTerr(f,r) ERR_GOST_error((f),(r),"\0",0)
+# endif
/* Error codes for the GOST functions. */
diff -ur openssl-orig/include/openssl/crypto.h openssl-work/include/openssl/crypto.h
--- openssl-orig/include/openssl/crypto.h 2015-01-26 14:53:44.000000000 +0300
+++ openssl-work/include/openssl/crypto.h 2015-01-26 14:25:53.000000000 +0300
@@ -235,16 +235,29 @@
# ifndef OPENSSL_NO_LOCKING
# ifndef CRYPTO_w_lock
-# define CRYPTO_w_lock(type) \
- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
-# define CRYPTO_w_unlock(type) \
- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
-# define CRYPTO_r_lock(type) \
- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
-# define CRYPTO_r_unlock(type) \
- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
-# define CRYPTO_add(addr,amount,type) \
- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
+# ifndef NDEBUG
+# define CRYPTO_w_lock(type) \
+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+# define CRYPTO_w_unlock(type) \
+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+# define CRYPTO_r_lock(type) \
+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+# define CRYPTO_r_unlock(type) \
+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+# define CRYPTO_add(addr,amount,type) \
+ CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
+# else
+# define CRYPTO_w_lock(type) \
+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,"\0",0)
+# define CRYPTO_w_unlock(type) \
+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,"\0",0)
+# define CRYPTO_r_lock(type) \
+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,"\0",0)
+# define CRYPTO_r_unlock(type) \
+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,"\0",0)
+# define CRYPTO_add(addr,amount,type) \
+ CRYPTO_add_lock(addr,amount,type,"\0",0)
+# endif
# endif
# else
# define CRYPTO_w_lock(a)
@@ -379,19 +392,33 @@
# define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
# define is_MemCheck_on() CRYPTO_is_mem_check_on()
-# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
-# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
-# define OPENSSL_realloc(addr,num) \
- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
-# define OPENSSL_realloc_clean(addr,old_num,num) \
- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
-# define OPENSSL_remalloc(addr,num) \
- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
+# ifndef NDEBUG
+# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
+# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
+# define OPENSSL_realloc(addr,num) \
+ CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
+# define OPENSSL_realloc_clean(addr,old_num,num) \
+ CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
+# define OPENSSL_remalloc(addr,num) \
+ CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
+# define OPENSSL_malloc_locked(num) \
+ CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
+# else
+# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,"\0",0)
+# define OPENSSL_strdup(str) CRYPTO_strdup((str),"\0",0)
+# define OPENSSL_realloc(addr,num) \
+ CRYPTO_realloc((char *)addr,(int)num,"\0",0)
+# define OPENSSL_realloc_clean(addr,old_num,num) \
+ CRYPTO_realloc_clean(addr,old_num,num,"\0",0)
+# define OPENSSL_remalloc(addr,num) \
+ CRYPTO_remalloc((char **)addr,(int)num,"\0",0)
+# define OPENSSL_malloc_locked(num) \
+ CRYPTO_malloc_locked((int)num,"\0",0)
+# endif
+
# define OPENSSL_freeFunc CRYPTO_free
# define OPENSSL_free(addr) CRYPTO_free(addr)
-# define OPENSSL_malloc_locked(num) \
- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
# define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
# define OPENSSL_MALLOC_MAX_NELEMS(type) (((1U<<(sizeof(int)*8-1))-1)/sizeof(type))
@@ -550,8 +577,13 @@
void CRYPTO_set_mem_debug_options(long bits);
long CRYPTO_get_mem_debug_options(void);
-# define CRYPTO_push_info(info) \
- CRYPTO_push_info_(info, __FILE__, __LINE__);
+# ifndef NDEBUG
+# define CRYPTO_push_info(info) \
+ CRYPTO_push_info_(info, __FILE__, __LINE__);
+# else
+# define CRYPTO_push_info(info) \
+ CRYPTO_push_info_(info, "\0", 0);
+# endif
int CRYPTO_push_info_(const char *info, const char *file, int line);
int CRYPTO_pop_info(void);
int CRYPTO_remove_all_info(void);
@@ -594,7 +626,11 @@
/* die if we have to */
void OpenSSLDie(const char *file, int line, const char *assertion);
-# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
+# ifndef NDEBUG
+# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
+# else
+# define OPENSSL_assert(e)
+# endif
unsigned int *OPENSSL_ia32cap_loc(void);
# define OPENSSL_ia32cap ((OPENSSL_ia32cap_loc())[0])
diff -ur openssl-orig/ssl/d1_both.c openssl-work/ssl/d1_both.c
--- openssl-orig/ssl/d1_both.c 2015-01-26 14:52:44.000000000 +0300
+++ openssl-work/ssl/d1_both.c 2015-01-26 15:00:51.000000000 +0300
@@ -1009,7 +1009,11 @@
int dtls1_read_failed(SSL *s, int code)
{
if (code > 0) {
+#ifndef NDEBUG
fprintf(stderr, "invalid state reached %s:%d", __FILE__, __LINE__);
+#else
+ fprintf(stderr, "invalid state reached");
+#endif
return 1;
}
diff -ur openssl-orig/ssl/t1_enc.c openssl-work/ssl/t1_enc.c
--- openssl-orig/ssl/t1_enc.c 2015-01-26 14:53:44.000000000 +0300
+++ openssl-work/ssl/t1_enc.c 2015-01-26 14:35:24.000000000 +0300
@@ -750,6 +750,7 @@
else
ivlen = 0;
if (ivlen > 1) {
+#ifndef NDEBUG
if (rec->data != rec->input)
/*
* we can't write into the input stream: Can this ever
@@ -758,7 +759,9 @@
fprintf(stderr,
"%s:%d: rec->data != rec->input\n",
__FILE__, __LINE__);
- else if (RAND_bytes(rec->input, ivlen) <= 0)
+ else
+#endif
+ if (RAND_bytes(rec->input, ivlen) <= 0)
return -1;
}
}
diff -ur openssl-orig/util/mkerr.pl openssl-work/util/mkerr.pl
--- openssl-orig/util/mkerr.pl 2015-01-26 14:53:44.000000000 +0300
+++ openssl-work/util/mkerr.pl 2015-01-26 14:38:39.000000000 +0300
@@ -473,7 +473,11 @@
${staticloader}void ERR_load_${lib}_strings(void);
${staticloader}void ERR_unload_${lib}_strings(void);
${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line);
+#ifndef OPENSSL_NO_ERR
#define ${lib}err(f,r) ERR_${lib}_error((f),(r),__FILE__,__LINE__)
+#else
+#define ${lib}err(f,r) ERR_${lib}_error((f),(r),"\0",0)
+#endif
EOF
}
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
