FYI dsa_lib.c and dh_lib.c in openssl-0.9.6b and latest snapshot

Lutz Jaenicke Lutz.Jaenicke at aet.TU-Cottbus.DE
Tue Nov 6 22:11:19 EST 2001


On Tue, Nov 06, 2001 at 03:40:38AM +0300, Michael Tokarev wrote:
> > Scott Burch wrote:
> []
> > The source changes I made are below for openssl (suggested by several here):
> > 
> > Please change line 69 in openssl-0.9.6b/crypto/dsa/dsa_lib.c from
> >   static DSA_METHOD *default_DSA_method;
> > to
> >   static DSA_METHOD *default_DSA_method = NULL;
> 
> Hmmm...
> Such variables should be initialized by a compiler/linker/whatether.
> Interesting to see if this is in some C specs or not.  Gcc with
> GNU ld will definitely initialize the variable in question to
> zero (NULL = 0, isn't it?).  Note for example numerous flame wars
> on linux-kernel when Linus rejected a patch that contains
> initializations like this -- due to resulting executable growth.
> That is, without initializer, code works just like with it, but
> an initializer makes resulting executable bigger.  I almost shure
> this is a bug in compiler or linker and NOT in the code, but I
> don't know specs that says so.  Well, those static variables can
> be initialized explicitly as a work around buggy compiling
> environment...

We had this topic quite some time ago. According to the C standard,
static variables like the ones discussed here must be initialized to
0/NULL/... Unfortunately there seems to be a bug in the runtime
routines responsible to initialize the locations, it could be reproduced
for both Sun's compiler and gcc.
I tracked this problem down and committed the fix mentioned above to
the OpenSSL source tree, but it won't be available before 0.9.6c
(the code was restructured after 0.9.5, so the problem appears with
0.9.6, 0.9.6a, 0.9.6b).
A workaround would be to call
  DSA_set_default_method(NULL);
and
  DH_set_default_method(NULL);
before first calling DSA_new() and DH_new() respectively. This workaround
may be wrapped by a OpenSSL version specific #ifdef construct.
(I don't know, whether the default method may ever be something different
than NULL at this point, but it may well be possible that with support for some
crypto hardware stuff things may change...)
If you find such a contruct ugly: you are wright, but please remember that
this is a bug in Solaris, that is only triggered by OpenSSL, we are not
responsible for this problem... (We may be responsible for enough other
problems, but at least not for this one :-)

Best regards,
	Lutz
-- 
Lutz Jaenicke                             Lutz.Jaenicke at aet.TU-Cottbus.DE
BTU Cottbus               http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik                  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus              Fax. +49 355 69-4153



More information about the openssh-unix-dev mailing list