[Pkg-openssl-devel] Bug#793565: Bug#793565: libssl1.0.0: HMAC broken after upgrade to 1.0.2d-1
Marc Lehmann
schmorp at schmorp.de
Thu Jul 30 19:56:13 UTC 2015
On Thu, Jul 30, 2015 at 09:39:56PM +0200, Kurt Roeckx <kurt at roeckx.be> wrote:
> > I guess correctly then - I built a gvpe binary with it and it works for a
> > while now. I will have to look into building openssl this way - any tips
> > on how to most easily achieve that with the debian openssl package?
>
> It should pick them up from dpkg-buildflags.
>
> So setting DEB_CFLAGS_APPEND="-fsanitize=address" in the
> environment should do it.
Well, I am a bloody beginner w.r.t. building debian packages, so thanks,
thats useful to know.
Anyways, I built a new libssl package from testing with -fsanitize=address,
same with gvpe, verified that it is indeed statically linked and...
marco(udp/x.x.x.x:407): hmac authentication error, received invalid packet
could be an attack, or just corruption or a synchronization error.
Otherwise, it seems to work. I enabled a stack underflow to check whether
-fsanitize=address is active, and triggered it immediatelly, so its
active, but apparently there are no obvious out of bounds accesses in gvpe
(and libcrypto, and their combination).
I haven't tried this with stable's libcrypto, because I didn't expect
useful info to come out of it (other than that it works with libssl from
stable, which we already know).
--
The choice of a Deliantra, the free code+content MORPG
-----==- _GNU_ http://www.deliantra.net
----==-- _ generation
---==---(_)__ __ ____ __ Marc Lehmann
--==---/ / _ \/ // /\ \/ / schmorp at schmorp.de
-=====/_/_//_/\_,_/ /_/\_\
More information about the Pkg-openssl-devel
mailing list