[openssl-dev] [openssl.org #2949] OpenSSL bug

[Rich Salz via RT]

0.9.8 not supported, please re-test and re-open if still an issue on current
releases.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl.org #2949] OpenSSL bug

[Greg Sternberg via RT]

Details: 

• Operating System: 


• Windows 7 Enterprise SP1 - 64-bit 
• 
OpenSSL version: (From opensslv.h) 

• #define OPENSSL_VERSION_NUMBER 0x0090807fL 
• 
Visual Studio: 

• Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 16.00.30319.01 
for 80x86 

Problem: 
Sending an empty string to EVP_EncryptUpdate() causes this message and 
core/program exception: 


.\crypto\evp\evp_enc.c(282): OpenSSL internal error, assertion failed: inl  0 


As an aside, this works fine on Unix 

Compile string: 
cl /wd4996 /EHsc -D _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES=1 
/I/openssl/include /W3 /Zi openssl_bug.c ws2_32.lib advapi32.lib ws2_32.lib 
advapi32.lib user32.lib gdi32.lib /link /libpath:c:\openssl\lib libeay32.lib 
ssleay32.lib 

Sample code: 
#include stdio.h 
#include string.h 

#include openssl/evp.h 

int main () 
{ 
const EVP_CIPHER *cipher = EVP_bf_cbc (); 
EVP_CIPHER_CTX ctx; 
char* plaintext = test; 
unsigned char encrypted_block[1024]; 
unsigned char *encrypted = encrypted_block; 
int encrypted_size; 

EVP_CIPHER_CTX_init (ctx); 

EVP_EncryptInit (ctx, 
cipher, 
NULL, 
NULL); 

// Works 
if (!EVP_EncryptUpdate(ctx, 
encrypted, 
encrypted_size, 
plaintext, 
strlen(plaintext))) { 
printf (Failure @ #1\n); 
} else { 
printf (Success @ #1\n); 
} 

// Doesn't work (cores actually) 
plaintext[0] = '\0'; 
if (!EVP_EncryptUpdate(ctx, 
encrypted, 
encrypted_size, 
plaintext, 
strlen(plaintext))) { 
printf (Failure @ #2\n); 
} else { 
printf (Success @ #2\n); 
} 
} 

Let me know if you need any additional information, 
Greg Sternberg 

Details:Operating System:Windows 7 Enterprise SP1 - 64-bitOpenSSL version: (From opensslv.h)#define OPENSSL_VERSION_NUMBER 0x0090807fLVisual Studio:Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 16.00.30319.01 for 80x86Problem:Sending an empty string to EVP_EncryptUpdate() causes this message and core/program exception:.\crypto\evp\evp_enc.c(282): OpenSSL internal error, assertion failed: inl  0As an aside, this works fine on UnixCompile string:cl /wd4996 /EHsc -D _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES=1 /I/openssl/include /W3 /Zi openssl_bug.c ws2_32.lib advapi32.lib ws2_32.lib advapi32.lib user32.lib gdi32.lib /link /libpath:c:\openssl\lib libeay32.lib ssleay32.libSample code:#include stdio.h#include string.h#include "openssl/evp.h"int main (){ const EVP_CIPHER *cipher = EVP_bf_cbc (); EVP_CIPHER_CTX ctx; char* plaintext = "test"; unsigned char encrypted_block[1024]; unsigned char *encrypted = encrypted_block; int encrypted_size;  EVP_CIPHER_CTX_init (ctx);  EVP_EncryptInit (ctx,  cipher,  NULL,  NULL); // Works if (!EVP_EncryptUpdate(ctx,  encrypted, encrypted_size,  plaintext, strlen(plaintext))) { printf ("Failure @ #1\n"); } else { printf ("Success @ #1\n"); } // Doesn't work (cores actually) plaintext[0] = '\0'; if (!EVP_EncryptUpdate(ctx,  encrypted, encrypted_size,  plaintext, strlen(plaintext))) { printf ("Failure @ #2\n"); } else { printf ("Success @ #2\n"); }}Let me know if you need any additional information,Greg Sternberg