Hi there! I'm using the GOST engine to sign files on an ARM platform and I got a crash with bt pointing to the GOST engine. When gost2001_do_sign() fails for some reason (missing /dev/urandom in my case) it doesn't set 'newsig' to NULL and hence returns a dangling pointer. pkey_gost01_cp_sign() gets misled by it and everything goes downhill from there.
The bt I got: #0 0x400ccbc0 in BN_num_bits (a=0x0) at bn_lib.c:250 #1 0x403a73f0 in store_bignum (bn=0x0, buf=0x1f120 "", len=32) at gost_sign.c:316 #2 0x403a6a94 in pack_sign_cp (s=0x1f4d0, order=32, sig=0x1f120 "", siglen=0xbe97fc18) at gost_sign.c:123 #3 0x403a5644 in pkey_gost01_cp_sign (ctx=0x1f470, sig=0x1f120 "", siglen=0xbe97fc18, tbs=0xbe97fc38 "��?��!Шe��Jm�uzݾ�\211�U�\203Hk3\207�\211\017�", tbs_len=32) at gost_pmeth.c:366 #4 0x40157de4 in EVP_PKEY_sign (ctx=0x1f470, sig=0x1f120 "", siglen=0xbe97fc18, tbs=0xbe97fc38 "��?��!Шe��Jm�uzݾ�\211�U�\203Hk3\207�\211\017�", -+ tbslen=32) at pmeth_fn.c:116 #5 0x4014dd90 in EVP_SignFinal (ctx=0xbe980cbc, sigret=0x1f120 "", siglen=0xbe980cb8, pkey=0x1f448) at p_sign.c:104 #6 0x000090e4 in sign_file (name=0xbe980f52 "ipsum", e=0x1db00, md=0x403b2d50, pkey=0x1f448) at sign.c:122 #7 0x00009548 in main (argc=2, argv=0xbe980e74) at sign.c:223 With the attached patch pkey_gost01_cp_sign() fails properly and I get a pretty clear error message. -- Dmitry Ivanov KDE PIM developer (pim.kde.org) partimage-ng developer (partimage-ng.net)
--- openssl-1.0.0-stable-SNAP-20100215/engines/ccgost/gost2001.c 2008-02-28 16:45:05.000000000 +0300 +++ lpc/openssl/openssl-1.0.0-stable-SNAP-20100215/engines/ccgost/gost2001.c 2010-02-16 14:45:03.000000000 +0300 @@ -136,12 +136,14 @@ DSA_SIG *gost2001_do_sign(const unsigned { GOSTerr(GOST_F_GOST2001_DO_SIGN,GOST_R_RANDOM_NUMBER_GENERATOR_FAILED); DSA_SIG_free(newsig); + newsig = NULL; goto err; } if (!EC_POINT_mul(group,C,k,NULL,NULL,ctx)) { GOSTerr(GOST_F_GOST2001_DO_SIGN,ERR_R_EC_LIB); DSA_SIG_free(newsig); + newsig = NULL; goto err; } if (!X) X=BN_CTX_get(ctx); @@ -149,6 +151,7 @@ DSA_SIG *gost2001_do_sign(const unsigned { GOSTerr(GOST_F_GOST2001_DO_SIGN,ERR_R_EC_LIB); DSA_SIG_free(newsig); + newsig = NULL; goto err; } if (!r) r=BN_CTX_get(ctx);