Re: [openssl.org #3356] bug report: segfault from aes ccm encryption after RSA key generation and EVP_PKEY_assign_RSA
On 05/15/2014 05:11 PM, Stephen Henson via RT wrote: On Thu May 15 16:54:47 2014, jens.hiller.c...@hotmail.de wrote: Hi, I was testing aes ccm encryption when I stumbled over a segmentation fault. I was able to reproduce this error using code from the openssl demos. I started with demos/evp/aesccm.c and added rsa key generation as used in 'demos/tunala/cb.c' and convert this rsa key into an EVP_PKEY key as done in 'demos/selfsign.c'. Then I added this rsa key generation function in front of the aes ccm encryption and decryption. Finally, a for loop repeatedly performs the keygeneration, aes encryption and aes decryption. This eventually results in a segmentation fault during aes ccm encryption (see gdb output below) on a x64 Ubuntu 12.04 with latest openssl version as provided by ubuntu package system (1.0.1- 4ubuntu5.13). Note that the segfault only occurs if the rsa key is assigned to an EVP_PKEY. Otherwise, if only the RSA key is generated, the segfault does not occur. When encountering this error in my own code I could observe that the error occurred more often on a machine that only runs the standard processes and is accessed remotely by ssh, compared to a local workstation with running webbrowser, development IDE, etc., where the error occurred rather seldom. Hence, I have the feeling that this could be related to too little randomness for the RNG, but I do not have any idea how to debug this. [Note that there is another segmentation fault that occurs if I call EVP_PKEY_free() on the generated key (see code), which I do not understand. However, my main problem is the first segmentation fault.] Does this happen with standard versions of OpenSSL from www.openssl.org? I tried this with the latest 1.0.1 stable branch can can't reproduce it. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org You are right. I forgot to check against the standard versions, I'm sorry. I will send the bug report to the ubuntu package maintainers. Best regards, Jens __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3356] bug report: segfault from aes ccm encryption after RSA key generation and EVP_PKEY_assign_RSA
Hi, I was testing aes ccm encryption when I stumbled over a segmentation fault. I was able to reproduce this error using code from the openssl demos. I started with demos/evp/aesccm.c and added rsa key generation as used in 'demos/tunala/cb.c' and convert this rsa key into an EVP_PKEY key as done in 'demos/selfsign.c'. Then I added this rsa key generation function in front of the aes ccm encryption and decryption. Finally, a for loop repeatedly performs the keygeneration, aes encryption and aes decryption. This eventually results in a segmentation fault during aes ccm encryption (see gdb output below) on a x64 Ubuntu 12.04 with latest openssl version as provided by ubuntu package system (1.0.1-4ubuntu5.13). Note that the segfault only occurs if the rsa key is assigned to an EVP_PKEY. Otherwise, if only the RSA key is generated, the segfault does not occur. When encountering this error in my own code I could observe that the error occurred more often on a machine that only runs the standard processes and is accessed remotely by ssh, compared to a local workstation with running webbrowser, development IDE, etc., where the error occurred rather seldom. Hence, I have the feeling that this could be related to too little randomness for the RNG, but I do not have any idea how to debug this. [Note that there is another segmentation fault that occurs if I call EVP_PKEY_free() on the generated key (see code), which I do not understand. However, my main problem is the first segmentation fault.] === gdb backtrace === (gdb) run Starting program: /home/hiller/openssl_bug/aesccm AES CCM Encrypt: Plaintext: - c8 d2 75 f9 19 e1 7d 7f-e6 9c 2a 1f 58 93 9d fe ..u...}...*.X... 0010 - 4d 40 37 91 b5 df 13 10- M@7. Ciphertext: - 8a 0f 3d 82 29 e4 8e 74-87 fd 95 a2 8a d3 92 c8 ..=.)..t 0010 - 0b 36 81 d4 fb c7 bb fd- .6.. Tag: - 2d d6 ef 1c 45 d4 cc b7-23 dc 07 44 14 db 50 6d -...E...#..D..Pm AES CCM Derypt: Ciphertext: - 8a 0f 3d 82 29 e4 8e 74-87 fd 95 a2 8a d3 92 c8 ..=.)..t 0010 - 0b 36 81 d4 fb c7 bb fd- .6.. Plaintext: - c8 d2 75 f9 19 e1 7d 7f-e6 9c 2a 1f 58 93 9d fe ..u...}...*.X... 0010 - 4d 40 37 91 b5 df 13 10- M@7. AES CCM Encrypt: [ the output above is repeated several times ] Program received signal SIGSEGV, Segmentation fault. 0x0090 in ?? () (gdb) backtrace #0 0x0090 in ?? () #1 0x77a948d4 in CRYPTO_ccm128_encrypt_ccm64 (ctx=0x604fd0, inp=0x401240 \310\322u\371\031\341}\177\346\234*\037X\223\235\376M@7\221\265\337\023\020, out=0x7fffe0c0 \310\322u\371\031\341}\177\346\234*\037X\223\235\376M@7\221\265\337\023\020, len=24, stream=optimized out) at ccm128.c:354 #2 0x77af1688 in aes_ccm_cipher (ctx=0x604e10, out=0x7fffe0c0 \310\322u\371\031\341}\177\346\234*\037X\223\235\376M@7\221\265\337\023\020, in=0x401240 \310\322u\371\031\341}\177\346\234*\037X\223\235\376M@7\221\265\337\023\020, len=24) at e_aes.c:1275 #3 0x77aedaa2 in EVP_EncryptUpdate (ctx=0x604e10, out=0x7fffe0c0 \310\322u\371\031\341}\177\346\234*\037X\223\235\376M@7\221\265\337\023\020, outl=0x7fffe0bc, in=0x401240 \310\322u\371\031\341}\177\346\234*\037X\223\235\376M@7\221\265\337\023\020, inl=optimized out) at evp_enc.c:314 #4 0x00400e37 in aes_ccm_encrypt () at aesccm.c:106 #5 0x004010ce in main (argc=1, argv=0x7fffe5e8) at aesccm.c:161 /* Simple AES CCM test program, uses the same NIST data used for the FIPS * self test but uses the application level EVP APIs. */ #include stdio.h #include openssl/bio.h #include openssl/evp.h #include openssl/rsa.h /* AES-CCM test data from NIST public test vectors */ static const unsigned char ccm_key[] = { 0xce,0xb0,0x09,0xae,0xa4,0x45,0x44,0x51,0xfe,0xad,0xf0,0xe6, 0xb3,0x6f,0x45,0x55,0x5d,0xd0,0x47,0x23,0xba,0xa4,0x48,0xe8 }; static const unsigned char ccm_nonce[] = { 0x76,0x40,0x43,0xc4,0x94,0x60,0xb7 }; static const unsigned char ccm_adata[] = { 0x6e,0x80,0xdd,0x7f,0x1b,0xad,0xf3,0xa1,0xc9,0xab,0x25,0xc7, 0x5f,0x10,0xbd,0xe7,0x8c,0x23,0xfa,0x0e,0xb8,0xf9,0xaa,0xa5, 0x3a,0xde,0xfb,0xf4,0xcb,0xf7,0x8f,0xe4 }; static const unsigned char ccm_pt[] = { 0xc8,0xd2,0x75,0xf9,0x19,0xe1,0x7d,0x7f,0xe6,0x9c,0x2a,0x1f, 0x58,0x93,0x9d,0xfe,0x4d,0x40,0x37,0x91,0xb5,0xdf,0x13,0x10 }; static const unsigned char ccm_ct[] = { 0x8a,0x0f,0x3d,0x82,0x29,0xe4,0x8e,0x74,0x87,0xfd,0x95,0xa2, 0x8a,0xd3,0x92,0xc8,0x0b,0x36,0x81,0xd4,0xfb,0xc7,0xbb,0xfd }; static const unsigned char ccm_tag[] = { 0x2d,0xd6,0xef,0x1c,0x45,0xd4,0xcc,0xb7,0x23,0xdc,0x07,0x44, 0x14,0xdb,0x50,0x6d }; /** function from /openssl/demos/tunala/cb.c */ RSA *cb_generate_tmp_rsa(int keylength) { /* TODO: Perhaps make it so our global key can be generated on-the-fly * after certain intervals? */ static RSA *rsa_tmp = NULL; BIGNUM *bn =
[openssl.org #3356] bug report: segfault from aes ccm encryption after RSA key generation and EVP_PKEY_assign_RSA
On Thu May 15 16:54:47 2014, jens.hiller.c...@hotmail.de wrote: Hi, I was testing aes ccm encryption when I stumbled over a segmentation fault. I was able to reproduce this error using code from the openssl demos. I started with demos/evp/aesccm.c and added rsa key generation as used in 'demos/tunala/cb.c' and convert this rsa key into an EVP_PKEY key as done in 'demos/selfsign.c'. Then I added this rsa key generation function in front of the aes ccm encryption and decryption. Finally, a for loop repeatedly performs the keygeneration, aes encryption and aes decryption. This eventually results in a segmentation fault during aes ccm encryption (see gdb output below) on a x64 Ubuntu 12.04 with latest openssl version as provided by ubuntu package system (1.0.1- 4ubuntu5.13). Note that the segfault only occurs if the rsa key is assigned to an EVP_PKEY. Otherwise, if only the RSA key is generated, the segfault does not occur. When encountering this error in my own code I could observe that the error occurred more often on a machine that only runs the standard processes and is accessed remotely by ssh, compared to a local workstation with running webbrowser, development IDE, etc., where the error occurred rather seldom. Hence, I have the feeling that this could be related to too little randomness for the RNG, but I do not have any idea how to debug this. [Note that there is another segmentation fault that occurs if I call EVP_PKEY_free() on the generated key (see code), which I do not understand. However, my main problem is the first segmentation fault.] Does this happen with standard versions of OpenSSL from www.openssl.org? I tried this with the latest 1.0.1 stable branch can can't reproduce it. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #3356] bug report: segfault from aes ccm encryption after RSA key generation and EVP_PKEY_assign_RSA
On 05/15/2014 05:11 PM, Stephen Henson via RT wrote: On Thu May 15 16:54:47 2014, jens.hiller.c...@hotmail.de wrote: Hi, I was testing aes ccm encryption when I stumbled over a segmentation fault. I was able to reproduce this error using code from the openssl demos. I started with demos/evp/aesccm.c and added rsa key generation as used in 'demos/tunala/cb.c' and convert this rsa key into an EVP_PKEY key as done in 'demos/selfsign.c'. Then I added this rsa key generation function in front of the aes ccm encryption and decryption. Finally, a for loop repeatedly performs the keygeneration, aes encryption and aes decryption. This eventually results in a segmentation fault during aes ccm encryption (see gdb output below) on a x64 Ubuntu 12.04 with latest openssl version as provided by ubuntu package system (1.0.1- 4ubuntu5.13). Note that the segfault only occurs if the rsa key is assigned to an EVP_PKEY. Otherwise, if only the RSA key is generated, the segfault does not occur. When encountering this error in my own code I could observe that the error occurred more often on a machine that only runs the standard processes and is accessed remotely by ssh, compared to a local workstation with running webbrowser, development IDE, etc., where the error occurred rather seldom. Hence, I have the feeling that this could be related to too little randomness for the RNG, but I do not have any idea how to debug this. [Note that there is another segmentation fault that occurs if I call EVP_PKEY_free() on the generated key (see code), which I do not understand. However, my main problem is the first segmentation fault.] Does this happen with standard versions of OpenSSL from www.openssl.org? I tried this with the latest 1.0.1 stable branch can can't reproduce it. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org You are right. I forgot to check against the standard versions, I'm sorry. I will send the bug report to the ubuntu package maintainers. Best regards, Jens __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3356] bug report: segfault from aes ccm encryption after RSA key generation and EVP_PKEY_assign_RSA
Closing this ticket. Problem was with ubuntu package. Matt __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org