Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 13 May 2013 08:25:17 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Dyna and OpenSSL <1.0.0

On 13 May, 2013, at 7:16 , Alexander Cherepanov <cherepan@...me.ru> wrote:
> Right now dynamic_1030 fails selftest in bleeding on a machine with Debian oldstable (openssl 0.9.8o):
> 
> $ ../run/john --test=0 --format=dynamic_1030
> Error, unknown function: Func=DynamicFunc__WHIRLPOOL_crypt_input1_to_output1_FINAL
> Error parsing section [List.Generic:dynamic_1030]
> Error in line 487 file is ../run/dynamic.conf
> Warning: doing quick benchmarking - the performance numbers will be inaccurate
> Benchmarking: dynamic_1030, dynamic_1030 Whirlpool($pass) (first 32 bytes) [32/64 64x2 (MD5_body)]... FAILED (get_hash[0](0))
> 
> It's explained by the following comment in dynamic.h:
> 
> * Added SHA2 (SHA224, SHA256, SHA384, SHA512), GOST, Whirlpool crypt types.
> * Whirlpool only if OPENSSL_VERSION_NUMBER >= 0x10000000
> 
> But is it supposed to always fail selftest when OPENSSL_VERSION_NUMBER < 0x10000000 or it will somehow turn such formats off?


I think it should de-register (or never register) the (sub)format that had conf errors. But this will only solve the self-test problem, we'll still see the conf load errors - and we'll see them at every invocation of john. I'm not sure how we want it to behave - deciding that might be harder than actually implementing it.

For example, perhaps we should not parse dynamic.conf at all if we are running with -format=some-non-dynamic? This would save us from seeing that errors all the time. I just tried current code after busting dynamic_1001 on purpose:

$ ../run/john -t -form:descrypt
Error, unknown function:  Func=Err_DynamicFunc__overwrite_from_last_output_to_input2_as_base16_no_size_fix
Error parsing section [List.Generic:dynamic_1001]
Error in line 13 file is ../run/dynamic.conf
Benchmarking: descrypt, traditional crypt(3) [DES 128/128 AVX-16]... DONE
Many salts:	5015K c/s real, 5015K c/s virtual
Only one salt:	4779K c/s real, 4779K c/s virtual

$ ../run/john -t -form:dynamic_21
Benchmarking: dynamic_21, dynamic_21: HTTP Digest Access Auth [128/128 AVX intrinsics 10x4x3]... DONE
Many salts:	1803K c/s real, 1803K c/s virtual
Only one salt:	1749K c/s real, 1749K c/s virtual

For some reason, the second run does not emit the error. I think the first run should not either.

magnum

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ