Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 11 Oct 2010 02:32:59 GMT
From:      Jeffrey Walton <noloader@gmail.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   misc/151379: libcryptopp.so/libcrypto++.so and Shared Objects
Message-ID:  <201010110232.o9B2Wx2o065441@www.freebsd.org>
Resent-Message-ID: <201010110240.o9B2e0g4070522@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         151379
>Category:       misc
>Synopsis:       libcryptopp.so/libcrypto++.so and Shared Objects
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Oct 11 02:40:00 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Jeffrey Walton
>Release:        None.
>Organization:
None
>Environment:
None
>Description:
Package: Crypto++

Crypto++ received a few GNU Linux based bug reports [1, 2], and Wei Dai vetted out a crash due to global object destruction in a shared object (the bug was not present in a static library). The crash fix was sufficient to support shared objects, and the commit occurred at revision 496 [3].

Please ensure the distribution is using revision 496 or higher of Crypto++. Crypto++ version 5.6.1 includes revision 496, while Crypto 5.6.0 does not include the revision.

In addition to the shared object bug fix committed at revision 496, the 492 commit included a SHA-2 bug fix on x64 with GCC optimizations enabled [4].

A stress test was written while trying to duplicate the shared object issue, and it might make a good test case for the distribution's build bot. The program creates 96 threads which perform dynamic loads/unloads (with lots of overlap) to ensure proper cleanup on library unload. The stress test, released under GPLv3, is available at http://www.cryptopp.com/wiki/Linux#Note_for_Distribution_Packagers.

The Crypto++ library can be downloaded directly from http://www.cryptopp.com in ZIP format. The 5.6.1 ZIP includes shared object support (but the ZIP will get stale over time since the ZIP file is frozen). Crypto++ can also be fetched from SourceForge, which is always up to date. Issue "svn checkout https://cryptopp.svn.sourceforge.net/svnroot/cryptopp/trunk/c5 cryptopp".

Jeffrey Walton,
Friend of the Crypto++ Library

[1] Errors with multiple loading cryptopp as shared lib on Linux,
http://groups.google.com/group/cryptopp-users/browse_thread/thread/68fbc22e8c6e2f48

[2] RTLD_GLOBAL and libcryptopp.so crash,
http://groups.google.com/group/cryptopp-users/browse_thread/thread/7eae009a4e02e726

[3] http://cryptopp.svn.sourceforge.net/viewvc/cryptopp?view=revision&revision=496

[4] http://cryptopp.svn.sourceforge.net/viewvc/cryptopp?view=revision&revision=492

>How-To-Repeat:
See Errors with multiple loading cryptopp as shared lib on Linux,
http://groups.google.com/group/cryptopp-users/browse_thread/thread/68fbc22e8c6e2f48
>Fix:
Update to Crypto 5.6.1.

>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201010110232.o9B2Wx2o065441>