Re: 3.0.3 - EVP_EC_gen() segfault without init

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

What platform?

$ bat ossl3-tst.c
───────┬──────────────────────────────────────────────────────────────────────────────────────────────────────
       │ File: ossl3-tst.c
       │ Size: 216 B
───────┼──────────────────────────────────────────────────────────────────────────────────────────────────────
   1   │ #include <openssl/crypto.h>
   2   │ #include <openssl/ec.h>
   3   │ #include <openssl/evp.h>
   4   │ 
   5   │ int main(int argc, const char *argv[]) {
   6   │      //OPENSSL_init_crypto(0, NULL);
   7   │      if (! EVP_EC_gen("P-384")) return -1;
   8   │      return 0;
   9   │ }
───────┴──────────────────────────────────────────────────────────────────────────────────────────────────────
$ gcc -Wall -Werror -pedantic -o ossl3-tst ossl3-tst.c -I/opt/local/include -L/opt/local/lib -lcrypto
$ ./ossl3-tst 
$

Above is on MacOS Monterey with GCC-11.
--
V/R,
Uri
 
There are two ways to design a system. One is to make it so simple there are obviously no deficiencies.
The other is to make it so complex there are no obvious deficiencies.
                                                                                                                                     -  C. A. R. Hoare
 

On 5/4/22, 15:58, "openssl-users on behalf of Klaus Keppler" <openssl-users-bounces@xxxxxxxxxxx on behalf of kk@xxxxxxxxxxxxx> wrote:

    Hello,

    yesterday we updated OpenSSL from 3.0.2 to 3.0.3, what made some of our 
    unit tests crash.

    I've boiled the problem down to the following example code:

    ---cut---
    #include <openssl/crypto.h>
    #include <openssl/ec.h>
    #include <openssl/evp.h>

    int main(int argc, const char *argv[]) {
         //OPENSSL_init_crypto(0, NULL);
         if (! EVP_EC_gen("P-384")) return -1;
         return 0;
    }
    ---/cut---

    Compile with:

       gcc -Wall -Werror -pedantic -o test test.c -lcrypto

    With OpenSSL 3.0.2 this runs just fine, with OpenSSL 3.0.3 we get a 
    segmentation fault during a string comparison within EVP_PKEY_Q_keygen 
    (EVP_EC_gen is just a macro).

    I assume that the curve names are not properly initialized, when you 
    uncomment the call to "OPENSSL_init_crypto()", everything works just fine.

    The documentation [1] of OPENSSL_init_crypto() states that explicit 
    initialization is not required. Man page of EVP_EC_gen [2] says nothing 
    about initialization.
    Considering that 3.0.3 is only a minor update and 3.0.2 worked as 
    expected, we might have hit a bug. If this (above) is "just" a usage 
    error, the documentation should describe in which cases an explicit 
    initialization is required.

    Anyway, thank you for all your efforts!

    Best regards

        -Klaus Keppler


    [1] https://www.openssl.org/docs/man3.0/man3/OPENSSL_init_crypto.html
    [2] https://www.openssl.org/docs/man3.0/man3/EVP_EC_gen.html

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux