diff options
| author | Aris Adamantiadis <aris@0xbadc0de.be> | 2017-06-09 22:47:36 +0200 |
|---|---|---|
| committer | Aris Adamantiadis <aris@0xbadc0de.be> | 2017-06-09 23:17:58 +0200 |
| commit | fa4dafd4be9dbd6d119c510197e7760f4a0ba0c8 (patch) | |
| tree | 945ce3fff78165f15659395908d42087e86b2661 | |
| parent | 03af65a0909db67ae1fc9fd31f78fa558350fae8 (diff) | |
| download | libssh-fa4dafd4be9dbd6d119c510197e7760f4a0ba0c8.tar.gz libssh-fa4dafd4be9dbd6d119c510197e7760f4a0ba0c8.tar.xz libssh-fa4dafd4be9dbd6d119c510197e7760f4a0ba0c8.zip | |
libcrypto: disable AES-NI engine when running inside valgrind
Valgrind detects many uninitialized memory false positives from
libcrypto's AES-NI internals. Roll back to software AES when running
tests.
| -rw-r--r-- | ConfigureChecks.cmake | 2 | ||||
| -rw-r--r-- | config.h.cmake | 6 | ||||
| -rw-r--r-- | src/libcrypto.c | 16 |
3 files changed, 24 insertions, 0 deletions
diff --git a/ConfigureChecks.cmake b/ConfigureChecks.cmake index f5645807..f8b56c33 100644 --- a/ConfigureChecks.cmake +++ b/ConfigureChecks.cmake @@ -63,6 +63,7 @@ check_include_file(sys/utime.h HAVE_SYS_UTIME_H) check_include_file(sys/param.h HAVE_SYS_PARAM_H) check_include_file(arpa/inet.h HAVE_ARPA_INET_H) check_include_file(byteswap.h HAVE_BYTESWAP_H) +check_include_file(valgrind/valgrind.h HAVE_VALGRIND_VALGRIND_H) if (WIN32) check_include_file(io.h HAVE_IO_H) @@ -118,6 +119,7 @@ if (OPENSSL_FOUND) set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR}) set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY}) check_function_exists(EVP_CIPHER_CTX_new HAVE_OPENSSL_EVP_CIPHER_CTX_NEW) + check_function_exists(OPENSSL_ia32cap_loc HAVE_OPENSSL_IA32CAP_LOC) endif() if (CMAKE_HAVE_PTHREAD_H) diff --git a/config.h.cmake b/config.h.cmake index 3f34f09b..698d1d6e 100644 --- a/config.h.cmake +++ b/config.h.cmake @@ -20,6 +20,9 @@ /* Define to 1 if you have the <aprpa/inet.h> header file. */ #cmakedefine HAVE_ARPA_INET_H 1 +/* Define to 1 if you have the <valgrind/valgrind.h> header file. */ +#cmakedefine HAVE_VALGRIND_VALGRIND_H 1 + /* Define to 1 if you have the <pty.h> header file. */ #cmakedefine HAVE_PTY_H 1 @@ -97,6 +100,9 @@ /* Define to 1 if you have the `EVP_CIPHER_CTX_new' function. */ #cmakedefine HAVE_OPENSSL_EVP_CIPHER_CTX_NEW 1 +/* Define to 1 if you have the `OPENSSL_ia32cap_loc' function. */ +#cmakedefine HAVE_OPENSSL_IA32CAP_LOC 1 + /* Define to 1 if you have the `snprintf' function. */ #cmakedefine HAVE_SNPRINTF 1 diff --git a/src/libcrypto.c b/src/libcrypto.c index 37bfabb4..45f42cb5 100644 --- a/src/libcrypto.c +++ b/src/libcrypto.c @@ -58,6 +58,11 @@ #define OLD_CRYPTO #endif +#if (HAVE_VALGRIND_VALGRIND_H && HAVE_OPENSSL_IA32CAP_LOC) +#include <valgrind/valgrind.h> +#define CAN_DISABLE_AESNI +#endif + #include "libssh/crypto.h" struct ssh_mac_ctx_struct { @@ -86,6 +91,17 @@ int ssh_crypto_init(void) { ); rc = SSH_ERROR;; } +#ifdef CAN_DISABLE_AESNI + /* + * disable AES-NI when running within Valgrind, because they generate + * too many "uninitialized memory access" false positives + */ + if (RUNNING_ON_VALGRIND){ + SSH_LOG(SSH_LOG_INFO, "Running within Valgrind, disabling AES-NI"); + /* Bit #57 denotes AES-NI instruction set extension */ + OPENSSL_ia32cap &= ~(1LL << 57); + } +#endif OpenSSL_add_all_algorithms(); libcrypto_initialized = 1; } |