[issue14171] warnings from valgrind about openssl as used by CPython

Zooko O'Whielacronx report at bugs.python.org
Fri Mar 2 07:48:20 CET 2012 

New submission from Zooko O'Whielacronx <zooko at zooko.com>:

The buildbot for the Tahoe-LAFS and pycryptopp projects runs CPython under valgrind on Fedora, and valgrind emits warnings like this:

==30127== Conditional jump or move depends on uninitialised value(s)
==30127== at 0x4C2AD01: bcmp (mc_replace_strmem.c:889)
==30127== by 0xC1D1646: fips_get_entropy (fips_drbg_lib.c:166)
==30127== by 0xC1D1D6E: FIPS_drbg_instantiate (fips_drbg_lib.c:234)
==30127== by 0xC15F590: RAND_init_fips (rand_lib.c:286)
==30127== by 0xC0F54D3: OPENSSL_init_library (o_init.c:106)
==30127== by 0xBE76AF8: SSL_library_init (ssl_algs.c:68)
==30127== by 0xBC2B39D: init_hashlib (in /usr/lib64/python2.7/lib-dynload/_hashlib.so)
==30127== by 0x4F1DB00: _PyImport_LoadDynamicModule (in /usr/lib64/libpython2.7.so.1.0)

You can see the full output from such a buildbot run here:

https://tahoe-lafs.org/buildbot-pycryptopp/builders/Ruben%20Fedora%20syslib/builds/58/steps/test%20valgrind/logs/valgrind

Here is information about the versions of software involved:

https://tahoe-lafs.org/buildbot-pycryptopp/builders/Ruben%20Fedora%20syslib/builds/58/steps/show-tool-versions/logs/stdio

The owner of the buildslave machine says that the openssl package was "openssl-1.0.1-0.1.beta2.fc17.x86_64".

Not having looked closer, I assume this is just a case of openssl using uninitialized memory as part of the initialization of the PRNG. Accordingly, I wrote suppressions stanzas for our valgrind suppressions file, which made the warnings go away.

Here are the suppression expressions:

# generated on buildbot.rubenkerkhof.com, which had, according to Ruben
# Fedora's package "openssl-1.0.1-0.1.beta2.fc17.x86_64"
{
   buildbot.rubenkerkhof.com cond fips openssl 1
   Memcheck:Cond
   fun:bcmp
   fun:fips_get_entropy
   fun:FIPS_drbg_instantiate
   fun:RAND_init_fips
   fun:OPENSSL_init_library
   fun:SSL_library_init
   fun:init_hashlib
}

{
   buildbot.rubenkerkhof.com cond fips openssl 2
   Memcheck:Cond
   fun:fips_get_entropy
   fun:FIPS_drbg_instantiate
   fun:RAND_init_fips
   fun:OPENSSL_init_library
   fun:SSL_library_init
   fun:init_hashlib
}

{
   buildbot.rubenkerkhof.com val _x86_64_AES_encrypt_compact
   Memcheck:Value8
   fun:_x86_64_AES_encrypt_compact
   fun:AES_encrypt
}

I opened this ticket on launchpad.net to track the handling of this
issue in various projects such as openssl, pycryptopp, CPython,
valgrind, and Fedora:

https://bugs.launchpad.net/pycryptopp/+bug/944585

----------
components: Library (Lib)
files: cpython-openssl101.supp
messages: 154742
nosy: zooko
priority: normal
severity: normal
status: open
title: warnings from valgrind about openssl as used by CPython
versions: Python 2.7
Added file: http://bugs.python.org/file24701/cpython-openssl101.supp

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue14171>
_______________________________________

More information about the Python-bugs-list mailing list