Let's consider following code:
ENGINE * e;
EVP_CIPHER_CTX ctx;
const EVP_CIPHER * cipher;
const unsigned char iv[EVP_MAX_IV_LENGTH] = {0};
const unsigned char key[32] = {0};
ASN1_TYPE asn = {0};
ENGINE_load_builtin_engines();
e = ENGINE_by_id("gost");
if(e == NULL || ENGINE_init(e) == NULL)
return 0;
ENGINE_set_default(e, ENGINE_METHOD_ALL);
OpenSSL_add_all_algorithms();
cipher = EVP_get_cipherbyname("gost89-cnt");
if(cipher == NULL)
return 0;
EVP_CIPHER_CTX_init(&ctx);
EVP_EncryptInit_ex(&ctx, cipher, e, key, iv);
EVP_CIPHER_param_to_asn1(&ctx, &asn);
EVP_CIPHER_asn1_to_param(&ctx, &asn);
This code will fail (tested on 1.0.0d, 1.0.0f), because of NULL-pointer
dereference in function EVP_CIPHER_asn1_to_param (goes to
gost89_get_asn1_parameters) on line
..
if (len != ctx->cipher->iv_len)
..
EVP_CIPHER_param_to_asn1 and EVP_CIPHER_asn1_to_param supposed to do equal
transformations?
So, as far as I understand, this problem is caused by internal asn1-decoding
functions.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
