CVE-2016-7420 and dev-brach 'trap' ready for testing
7 views
Skip to first unread message
Jeffrey Walton
Sep 16, 2016, 11:51:36 AM9/16/16
to Crypto++ Users
Hi Everyone,
CVE-2016-7420 caused us to cut-in CRYPTOPP_ASSERT a little earlier than expected. <trap.h> and CRYPTOPP_ASSERT have existed in Master for over a year. We set up a dev-branch called 'trap' to isolate the cut-in during testing.
The cut-over to CRYPTOPP_ASSERT occurred at https://github.com/weidai11/cryptopp/commit/399a1546de71f41598c15edada28e7f0d616f541 . It tested OK under modern versions of Clang, CGG, Solaris and Visual Studio.
The defining factor of CRYPTOPP_ASSERT is it abandons Posix NDEBUG, which we used to rely upon to remove asserts. We switched strategies, and now we enable CRYPTOPP_ASSERT if any the following are defined: CRYPTOPP_DEBUG, DEBUG, _DEBUG. This strategy side steps bad release/production configurations due to policy (Debian never defines NDEBUG) and errors/omissions (users or Autotools or CMake or Eclipse <other build system> fails to define NDEBUG).
CRYPTOPP_ASSERT also adds a nice feature: it raises SIGTRAP rather than SIGABRT. SIGABRT will snap the debugger, if present. And it won't follow Posix's idiotic footsteps and crash the program with a SIGABRT while a developer is debugging it.
The last two, DEBUG and _DEBUG, are set in Visual Studio projects by Microsoft; and they cause CRYPTOPP_DEBUG to be set automatically. BSD, Linux, Solaris and Unix user will have to -DCRYPTOPP_DEBUG=1 or uncomment CRYPTOPP_DEBUG in config.h.
If all goes well with testing, then we will merge Trap dev-branch into Master this weekend or early next week. Our test script takes two or three days to run on IoT gadets like BeableBoards and CubieTrucks, so the earliest we can merge will be late Saturday or Sunday.
Jeff
CVE-2016-7420 caused us to cut-in CRYPTOPP_ASSERT a little earlier than expected. <trap.h> and CRYPTOPP_ASSERT have existed in Master for over a year. We set up a dev-branch called 'trap' to isolate the cut-in during testing.
The cut-over to CRYPTOPP_ASSERT occurred at https://github.com/weidai11/cryptopp/commit/399a1546de71f41598c15edada28e7f0d616f541 . It tested OK under modern versions of Clang, CGG, Solaris and Visual Studio.
The defining factor of CRYPTOPP_ASSERT is it abandons Posix NDEBUG, which we used to rely upon to remove asserts. We switched strategies, and now we enable CRYPTOPP_ASSERT if any the following are defined: CRYPTOPP_DEBUG, DEBUG, _DEBUG. This strategy side steps bad release/production configurations due to policy (Debian never defines NDEBUG) and errors/omissions (users or Autotools or CMake or Eclipse <other build system> fails to define NDEBUG).
CRYPTOPP_ASSERT also adds a nice feature: it raises SIGTRAP rather than SIGABRT. SIGABRT will snap the debugger, if present. And it won't follow Posix's idiotic footsteps and crash the program with a SIGABRT while a developer is debugging it.
The last two, DEBUG and _DEBUG, are set in Visual Studio projects by Microsoft; and they cause CRYPTOPP_DEBUG to be set automatically. BSD, Linux, Solaris and Unix user will have to -DCRYPTOPP_DEBUG=1 or uncomment CRYPTOPP_DEBUG in config.h.
If all goes well with testing, then we will merge Trap dev-branch into Master this weekend or early next week. Our test script takes two or three days to run on IoT gadets like BeableBoards and CubieTrucks, so the earliest we can merge will be late Saturday or Sunday.
Jeff
Jeffrey Walton
Sep 17, 2016, 3:04:39 PM9/17/16
to Crypto++ Users
Hi Everyone,
I mildly changed things on the trap dev-branch. First, I added an 'ossig.h' to separate SignalHandler class from 'misc.h'. It sidesteps a circular dependency issue, and allows us to 'typedef SignalHandler<SIGTRAP, false> DebugTrapHandler;'.
I need to test the changes on Cygwin next. After Cygwin testing, the trap dev-branch will be merged into master.
For those interested, here's the history of changes to accommodate CRYPTOPP_ASSERT: http://github.com/weidai11/cryptopp/issues/277#issuecomment-247456285 .
Jeff
I mildly changed things on the trap dev-branch. First, I added an 'ossig.h' to separate SignalHandler class from 'misc.h'. It sidesteps a circular dependency issue, and allows us to 'typedef SignalHandler<SIGTRAP, false> DebugTrapHandler;'.
I need to test the changes on Cygwin next. After Cygwin testing, the trap dev-branch will be merged into master.
For those interested, here's the history of changes to accommodate CRYPTOPP_ASSERT: http://github.com/weidai11/cryptopp/issues/277#issuecomment-247456285 .
Jeff
Jeffrey Walton
Sep 17, 2016, 5:27:24 PM9/17/16
to Crypto++ Users
CVE-2016-7420 caused us to cut-in CRYPTOPP_ASSERT a little earlier than expected. <trap.h> and CRYPTOPP_ASSERT have existed in Master for over a year. We set up a dev-branch called 'trap' to isolate the cut-in during testing.
We merged the Trap dev-branch into Master at http://github.com/weidai11/cryptopp/commit/01b4ada1482f7e02266be75178b9da65df498267 .
Jeff
Jeffrey Walton
Sep 18, 2016, 1:39:37 AM9/18/16
to Crypto++ Users
On Saturday, September 17, 2016 at 5:27:24 PM UTC-4, Jeffrey Walton wrote:
CVE-2016-7420 caused us to cut-in CRYPTOPP_ASSERT a little earlier than expected. <trap.h> and CRYPTOPP_ASSERT have existed in Master for over a year. We set up a dev-branch called 'trap' to isolate the cut-in during testing.
We merged the Trap dev-branch into Master at http://github.com/weidai11/cryptopp/commit/01b4ada1482f7e02266be75178b9da65df498267 .
The dev-branch has been deleted.
Reply all
Reply to author
Forward
0 new messages