Re: [openssl.org #3356] bug report: segfault from aes ccm encryption after RSA key generation and EVP_PKEY_assign_RSA
On 05/15/2014 05:11 PM, Stephen Henson via RT wrote: On Thu May 15 16:54:47 2014, jens.hiller.c...@hotmail.de wrote: Hi, I was testing aes ccm encryption when I stumbled over a segmentation fault. I was able to reproduce this error using code from the openssl demos. I started with demos/evp/aesccm.c and added rsa key generation as used in 'demos/tunala/cb.c' and convert this rsa key into an EVP_PKEY key as done in 'demos/selfsign.c'. Then I added this rsa key generation function in front of the aes ccm encryption and decryption. Finally, a for loop repeatedly performs the keygeneration, aes encryption and aes decryption. This eventually results in a segmentation fault during aes ccm encryption (see gdb output below) on a x64 Ubuntu 12.04 with latest openssl version as provided by ubuntu package system (1.0.1- 4ubuntu5.13). Note that the segfault only occurs if the rsa key is assigned to an EVP_PKEY. Otherwise, if only the RSA key is generated, the segfault does not occur. When encountering this error in my own code I could observe that the error occurred more often on a machine that only runs the standard processes and is accessed remotely by ssh, compared to a local workstation with running webbrowser, development IDE, etc., where the error occurred rather seldom. Hence, I have the feeling that this could be related to too little randomness for the RNG, but I do not have any idea how to debug this. [Note that there is another segmentation fault that occurs if I call EVP_PKEY_free() on the generated key (see code), which I do not understand. However, my main problem is the first segmentation fault.] Does this happen with standard versions of OpenSSL from www.openssl.org? I tried this with the latest 1.0.1 stable branch can can't reproduce it. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org You are right. I forgot to check against the standard versions, I'm sorry. I will send the bug report to the ubuntu package maintainers. Best regards, Jens __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3356] bug report: segfault from aes ccm encryption after RSA key generation and EVP_PKEY_assign_RSA
Hi,
I was testing aes ccm encryption when I stumbled over a segmentation fault.
I was able to reproduce this error using code from the openssl demos.
I started with demos/evp/aesccm.c and added rsa key generation as used
in 'demos/tunala/cb.c' and convert this rsa key into an EVP_PKEY key as
done in 'demos/selfsign.c'.
Then I added this rsa key generation function in front of the aes ccm
encryption and decryption.
Finally, a for loop repeatedly performs the keygeneration, aes
encryption and aes decryption.
This eventually results in a segmentation fault during aes ccm
encryption (see gdb output below) on a x64 Ubuntu 12.04 with latest
openssl version as provided by ubuntu package system (1.0.1-4ubuntu5.13).
Note that the segfault only occurs if the rsa key is assigned to an
EVP_PKEY. Otherwise, if only the RSA key is generated, the segfault does
not occur.
When encountering this error in my own code I could observe that the
error occurred more often on a machine that only runs the standard
processes and is accessed remotely by ssh, compared to a local
workstation with running webbrowser, development IDE, etc., where the
error occurred rather seldom.
Hence, I have the feeling that this could be related to too little
randomness for the RNG, but I do not have any idea how to debug this.
[Note that there is another segmentation fault that occurs if I call
EVP_PKEY_free() on the generated key (see code), which I do not
understand. However, my main problem is the first segmentation fault.]
=== gdb backtrace ===
(gdb) run
Starting program: /home/hiller/openssl_bug/aesccm
AES CCM Encrypt:
Plaintext:
- c8 d2 75 f9 19 e1 7d 7f-e6 9c 2a 1f 58 93 9d fe ..u...}...*.X...
0010 - 4d 40 37 91 b5 df 13 10- M@7.
Ciphertext:
- 8a 0f 3d 82 29 e4 8e 74-87 fd 95 a2 8a d3 92 c8 ..=.)..t
0010 - 0b 36 81 d4 fb c7 bb fd- .6..
Tag:
- 2d d6 ef 1c 45 d4 cc b7-23 dc 07 44 14 db 50 6d -...E...#..D..Pm
AES CCM Derypt:
Ciphertext:
- 8a 0f 3d 82 29 e4 8e 74-87 fd 95 a2 8a d3 92 c8 ..=.)..t
0010 - 0b 36 81 d4 fb c7 bb fd- .6..
Plaintext:
- c8 d2 75 f9 19 e1 7d 7f-e6 9c 2a 1f 58 93 9d fe ..u...}...*.X...
0010 - 4d 40 37 91 b5 df 13 10- M@7.
AES CCM Encrypt:
[ the output above is repeated several times ]
Program received signal SIGSEGV, Segmentation fault.
0x0090 in ?? ()
(gdb) backtrace
#0 0x0090 in ?? ()
#1 0x77a948d4 in CRYPTO_ccm128_encrypt_ccm64 (ctx=0x604fd0,
inp=0x401240
\310\322u\371\031\341}\177\346\234*\037X\223\235\376M@7\221\265\337\023\020,
out=0x7fffe0c0
\310\322u\371\031\341}\177\346\234*\037X\223\235\376M@7\221\265\337\023\020,
len=24, stream=optimized out) at ccm128.c:354
#2 0x77af1688 in aes_ccm_cipher (ctx=0x604e10,
out=0x7fffe0c0
\310\322u\371\031\341}\177\346\234*\037X\223\235\376M@7\221\265\337\023\020,
in=0x401240
\310\322u\371\031\341}\177\346\234*\037X\223\235\376M@7\221\265\337\023\020,
len=24) at e_aes.c:1275
#3 0x77aedaa2 in EVP_EncryptUpdate (ctx=0x604e10,
out=0x7fffe0c0
\310\322u\371\031\341}\177\346\234*\037X\223\235\376M@7\221\265\337\023\020,
outl=0x7fffe0bc,
in=0x401240
\310\322u\371\031\341}\177\346\234*\037X\223\235\376M@7\221\265\337\023\020,
inl=optimized out) at evp_enc.c:314
#4 0x00400e37 in aes_ccm_encrypt () at aesccm.c:106
#5 0x004010ce in main (argc=1, argv=0x7fffe5e8) at aesccm.c:161
/* Simple AES CCM test program, uses the same NIST data used for the FIPS
* self test but uses the application level EVP APIs.
*/
#include stdio.h
#include openssl/bio.h
#include openssl/evp.h
#include openssl/rsa.h
/* AES-CCM test data from NIST public test vectors */
static const unsigned char ccm_key[] = {
0xce,0xb0,0x09,0xae,0xa4,0x45,0x44,0x51,0xfe,0xad,0xf0,0xe6,
0xb3,0x6f,0x45,0x55,0x5d,0xd0,0x47,0x23,0xba,0xa4,0x48,0xe8
};
static const unsigned char ccm_nonce[] = {
0x76,0x40,0x43,0xc4,0x94,0x60,0xb7
};
static const unsigned char ccm_adata[] = {
0x6e,0x80,0xdd,0x7f,0x1b,0xad,0xf3,0xa1,0xc9,0xab,0x25,0xc7,
0x5f,0x10,0xbd,0xe7,0x8c,0x23,0xfa,0x0e,0xb8,0xf9,0xaa,0xa5,
0x3a,0xde,0xfb,0xf4,0xcb,0xf7,0x8f,0xe4
};
static const unsigned char ccm_pt[] = {
0xc8,0xd2,0x75,0xf9,0x19,0xe1,0x7d,0x7f,0xe6,0x9c,0x2a,0x1f,
0x58,0x93,0x9d,0xfe,0x4d,0x40,0x37,0x91,0xb5,0xdf,0x13,0x10
};
static const unsigned char ccm_ct[] = {
0x8a,0x0f,0x3d,0x82,0x29,0xe4,0x8e,0x74,0x87,0xfd,0x95,0xa2,
0x8a,0xd3,0x92,0xc8,0x0b,0x36,0x81,0xd4,0xfb,0xc7,0xbb,0xfd
};
static const unsigned char ccm_tag[] = {
0x2d,0xd6,0xef,0x1c,0x45,0xd4,0xcc,0xb7,0x23,0xdc,0x07,0x44,
0x14,0xdb,0x50,0x6d
};
/** function from /openssl/demos/tunala/cb.c */
RSA *cb_generate_tmp_rsa(int keylength)
{
/* TODO: Perhaps make it so our global key can be generated on-the-fly
* after certain intervals? */
static RSA *rsa_tmp = NULL;
BIGNUM *bn =
[openssl.org #3356] bug report: segfault from aes ccm encryption after RSA key generation and EVP_PKEY_assign_RSA
On Thu May 15 16:54:47 2014, jens.hiller.c...@hotmail.de wrote: Hi, I was testing aes ccm encryption when I stumbled over a segmentation fault. I was able to reproduce this error using code from the openssl demos. I started with demos/evp/aesccm.c and added rsa key generation as used in 'demos/tunala/cb.c' and convert this rsa key into an EVP_PKEY key as done in 'demos/selfsign.c'. Then I added this rsa key generation function in front of the aes ccm encryption and decryption. Finally, a for loop repeatedly performs the keygeneration, aes encryption and aes decryption. This eventually results in a segmentation fault during aes ccm encryption (see gdb output below) on a x64 Ubuntu 12.04 with latest openssl version as provided by ubuntu package system (1.0.1- 4ubuntu5.13). Note that the segfault only occurs if the rsa key is assigned to an EVP_PKEY. Otherwise, if only the RSA key is generated, the segfault does not occur. When encountering this error in my own code I could observe that the error occurred more often on a machine that only runs the standard processes and is accessed remotely by ssh, compared to a local workstation with running webbrowser, development IDE, etc., where the error occurred rather seldom. Hence, I have the feeling that this could be related to too little randomness for the RNG, but I do not have any idea how to debug this. [Note that there is another segmentation fault that occurs if I call EVP_PKEY_free() on the generated key (see code), which I do not understand. However, my main problem is the first segmentation fault.] Does this happen with standard versions of OpenSSL from www.openssl.org? I tried this with the latest 1.0.1 stable branch can can't reproduce it. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #3356] bug report: segfault from aes ccm encryption after RSA key generation and EVP_PKEY_assign_RSA
On 05/15/2014 05:11 PM, Stephen Henson via RT wrote: On Thu May 15 16:54:47 2014, jens.hiller.c...@hotmail.de wrote: Hi, I was testing aes ccm encryption when I stumbled over a segmentation fault. I was able to reproduce this error using code from the openssl demos. I started with demos/evp/aesccm.c and added rsa key generation as used in 'demos/tunala/cb.c' and convert this rsa key into an EVP_PKEY key as done in 'demos/selfsign.c'. Then I added this rsa key generation function in front of the aes ccm encryption and decryption. Finally, a for loop repeatedly performs the keygeneration, aes encryption and aes decryption. This eventually results in a segmentation fault during aes ccm encryption (see gdb output below) on a x64 Ubuntu 12.04 with latest openssl version as provided by ubuntu package system (1.0.1- 4ubuntu5.13). Note that the segfault only occurs if the rsa key is assigned to an EVP_PKEY. Otherwise, if only the RSA key is generated, the segfault does not occur. When encountering this error in my own code I could observe that the error occurred more often on a machine that only runs the standard processes and is accessed remotely by ssh, compared to a local workstation with running webbrowser, development IDE, etc., where the error occurred rather seldom. Hence, I have the feeling that this could be related to too little randomness for the RNG, but I do not have any idea how to debug this. [Note that there is another segmentation fault that occurs if I call EVP_PKEY_free() on the generated key (see code), which I do not understand. However, my main problem is the first segmentation fault.] Does this happen with standard versions of OpenSSL from www.openssl.org? I tried this with the latest 1.0.1 stable branch can can't reproduce it. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org You are right. I forgot to check against the standard versions, I'm sorry. I will send the bug report to the ubuntu package maintainers. Best regards, Jens __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3356] bug report: segfault from aes ccm encryption after RSA key generation and EVP_PKEY_assign_RSA
Closing this ticket. Problem was with ubuntu package. Matt __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
