Bug 1223336 - openssl-3: variations in openssl-3-debugsource
Summary: openssl-3: variations in openssl-3-debugsource
Status: NEW
Alias: None
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Other (show other bugs)
Version: Current
Hardware: Other All
: P5 - None : Normal (vote)
Target Milestone: ---
Assignee: Pedro Monreal Gonzalez
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 1062303
  Show dependency treegraph
 
Reported: 2024-04-24 06:32 UTC by Bernhard Wiedemann
Modified: 2024-07-15 06:59 UTC (History)
2 users (show)

See Also:
Found By: Development
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
fix (616 bytes, patch)
2024-07-12 10:45 UTC, Bernhard Wiedemann 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Bernhard Wiedemann 2024-04-24 06:32:41 UTC 
While working on reproducible builds for openSUSE, I found that
our openssl-3 package debugsource varies in
/usr/src/debug/openssl-3.1.4/crypto/modes/aes-gcm-avx512.s

--- old//usr/src/debug/openssl-3.1.4/crypto/modes/aes-gcm-avx512.s
+++ new//usr/src/debug/openssl-3.1.4/crypto/modes/aes-gcm-avx512.s
@@ -24,14 +24,14 @@

        movl    240(%rdi),%eax
        cmpl    $9,%eax
-       je      .Laes_128_rujxAgiqdxpwrqy
+       je      .Laes_128_ovGcEknxlsxtefb
        cmpl    $11,%eax
-       je      .Laes_192_rujxAgiqdxpwrqy
+       je      .Laes_192_ovGcEknxlsxtefb
        cmpl    $13,%eax
...

This file is created by
["/usr/bin/perl", "crypto/modes/asm/../../perlasm/x86_64-xlate.pl", "elf", "crypto/modes/aes-gcm-avx512.s"]

called by
["/usr/bin/perl", "crypto/modes/asm/aes-gcm-avx512.pl", "elf", "-I.", "-Iinclude", "-Iproviders/common/include", "-Iproviders/implementations/include", "-fPIC", "-pthread", "-m64", "-Wa,--noexecstack", "-Wall", "-O3", "-march=x86-64-v3", "-O2", "-Wall", "-U_FORTIFY_SOURCE", "-fstack-protector-strong", "-funwind-tables", "-fasynchronous-unwind-tables", "-fstack-clash-protection", "-Werror=return-type", "-flto=auto", "-Wa,--noexecstack", "-fno-common", "-Wall", "-DOPENSSL_USE_NODELETE", "-DL_ENDIAN", "-DOPENSSL_PIC", "-DOPENSSLDIR=\"/etc/ssl\"", "-DENGINESDIR=\"/usr/lib64/engines-3\"", "-DMODULESDIR=\"/usr/lib64/ossl-modules\"", "-DOPENSSL_BUILDING_OPENSSL", "-DZLIB", "-DNDEBUG", "-D_FORTIFY_SOURCE=3", "-DTERMIO", "-DPURIFY", "-D_GNU_SOURCE", "-DOPENSSL_NO_BUF_FREELISTS", "-DSYSTEM_CIPHERS_FILE=\"/etc/crypto-policies/back-ends/openssl.config\"", "-DAES_ASM", "-DBSAES_ASM", "-DCMLL_ASM", "-DECP_NISTZ256_ASM", "-DGHASH_ASM", "-DKECCAK1600_ASM", "-DMD5_ASM", "-DOPENSSL_BN_ASM_GF2m", "-DOPENSSL_BN_ASM_MONT", "-DOPENSSL_BN_ASM_MONT5", "-DOPENSSL_CPUID_OBJ", "-DOPENSSL_IA32_SSE2", "-DPOLY1305_ASM", "-DRC4_ASM", "-DSHA1_ASM", "-DSHA256_ASM", "-DSHA512_ASM", "-DVPAES_ASM", "-DWHIRLPOOL_ASM", "-DX25519_ASM", "crypto/modes/aes-gcm-avx512.s"]

and another such call without -march=x86-64-v3
Comment 1 Marcus Meissner 2024-04-24 07:08:21 UTC 
crypto/modes/asm/aes-gcm-avx512.pl

# ; Generates "random" local labels
sub random_string() {
  my @chars  = ('a' .. 'z', 'A' .. 'Z', '0' .. '9', '_');
  my $length = 15;
  my $str;
  map { $str .= $chars[rand(33)] } 1 .. $length;
  return $str;
}
Comment 2 Bernhard Wiedemann 2024-04-24 09:20:41 UTC 
A determistic replacement could be a hash over relevant inputs.
Or just use a $counter++ for uniqueness.
Comment 3 Bernhard Wiedemann 2024-07-12 10:45:31 UTC 
Created attachment 876025 [details]
fix
Comment 4 Pedro Monreal Gonzalez 2024-07-12 11:14:24 UTC 
Upstream references as discussed with Bernhard:
  * https://github.com/openssl/openssl/issues/20954
  * https://github.com/openssl/openssl/commit/0fbc50ef
Comment 5 Pedro Monreal Gonzalez 2024-07-15 06:59:59 UTC 
Factory submission: https://build.opensuse.org/request/show/1187470