3.0.3 - EVP_EC_gen() segfault without init

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

yesterday we updated OpenSSL from 3.0.2 to 3.0.3, what made some of our unit tests crash.

I've boiled the problem down to the following example code:

---cut---
#include <openssl/crypto.h>
#include <openssl/ec.h>
#include <openssl/evp.h>

int main(int argc, const char *argv[]) {
    //OPENSSL_init_crypto(0, NULL);
    if (! EVP_EC_gen("P-384")) return -1;
    return 0;
}
---/cut---

Compile with:

  gcc -Wall -Werror -pedantic -o test test.c -lcrypto

With OpenSSL 3.0.2 this runs just fine, with OpenSSL 3.0.3 we get a segmentation fault during a string comparison within EVP_PKEY_Q_keygen (EVP_EC_gen is just a macro).

I assume that the curve names are not properly initialized, when you uncomment the call to "OPENSSL_init_crypto()", everything works just fine.

The documentation [1] of OPENSSL_init_crypto() states that explicit initialization is not required. Man page of EVP_EC_gen [2] says nothing about initialization. Considering that 3.0.3 is only a minor update and 3.0.2 worked as expected, we might have hit a bug. If this (above) is "just" a usage error, the documentation should describe in which cases an explicit initialization is required.

Anyway, thank you for all your efforts!

Best regards

   -Klaus Keppler


[1] https://www.openssl.org/docs/man3.0/man3/OPENSSL_init_crypto.html
[2] https://www.openssl.org/docs/man3.0/man3/EVP_EC_gen.html



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux