Re: 3.0.3 - EVP_EC_gen() segfault without init

2022-05-04 Thread Tomas Mraz
Fix is here:
https://github.com/openssl/openssl/pull/18247

On Thu, 2022-05-05 at 07:54 +0200, Tomas Mraz wrote:
> Yes, this is unfortunately a bug in 3.0.3 release. Calling
> OPENSSL_init_crypto should not be necessary.
> 
> Tomas Mraz
> 
> On Wed, 2022-05-04 at 21:58 +0200, Klaus Keppler wrote:
> > Hello,
> > 
> > yesterday we updated OpenSSL from 3.0.2 to 3.0.3, what made some of
> > our 
> > unit tests crash.
> > 
> > I've boiled the problem down to the following example code:
> > 
> > ---cut---
> > #include 
> > #include 
> > #include 
> > 
> > int main(int argc, const char *argv[]) {
> >  //OPENSSL_init_crypto(0, NULL);
> >  if (! EVP_EC_gen("P-384")) return -1;
> >  return 0;
> > }
> > ---/cut---
> > 
> > Compile with:
> > 
> >    gcc -Wall -Werror -pedantic -o test test.c -lcrypto
> > 
> > With OpenSSL 3.0.2 this runs just fine, with OpenSSL 3.0.3 we get a
> > segmentation fault during a string comparison within
> > EVP_PKEY_Q_keygen 
> > (EVP_EC_gen is just a macro).
> > 
> > I assume that the curve names are not properly initialized, when you 
> > uncomment the call to "OPENSSL_init_crypto()", everything works just
> > fine.
> > 
> > The documentation [1] of OPENSSL_init_crypto() states that explicit
> > initialization is not required. Man page of EVP_EC_gen [2] says
> > nothing 
> > about initialization.
> > Considering that 3.0.3 is only a minor update and 3.0.2 worked as 
> > expected, we might have hit a bug. If this (above) is "just" a usage 
> > error, the documentation should describe in which cases an explicit
> > initialization is required.
> > 
> > Anyway, thank you for all your efforts!
> > 
> > Best regards
> > 
> >     -Klaus Keppler
> > 
> > 
> > [1] https://www.openssl.org/docs/man3.0/man3/OPENSSL_init_crypto.html
> > [2] https://www.openssl.org/docs/man3.0/man3/EVP_EC_gen.html
> 

-- 
Tomáš Mráz, OpenSSL




Re: 3.0.3 - EVP_EC_gen() segfault without init

2022-05-04 Thread Tomas Mraz
Yes, this is unfortunately a bug in 3.0.3 release. Calling
OPENSSL_init_crypto should not be necessary.

Tomas Mraz

On Wed, 2022-05-04 at 21:58 +0200, Klaus Keppler wrote:
> Hello,
> 
> yesterday we updated OpenSSL from 3.0.2 to 3.0.3, what made some of
> our 
> unit tests crash.
> 
> I've boiled the problem down to the following example code:
> 
> ---cut---
> #include 
> #include 
> #include 
> 
> int main(int argc, const char *argv[]) {
>  //OPENSSL_init_crypto(0, NULL);
>  if (! EVP_EC_gen("P-384")) return -1;
>  return 0;
> }
> ---/cut---
> 
> Compile with:
> 
>    gcc -Wall -Werror -pedantic -o test test.c -lcrypto
> 
> With OpenSSL 3.0.2 this runs just fine, with OpenSSL 3.0.3 we get a 
> segmentation fault during a string comparison within
> EVP_PKEY_Q_keygen 
> (EVP_EC_gen is just a macro).
> 
> I assume that the curve names are not properly initialized, when you 
> uncomment the call to "OPENSSL_init_crypto()", everything works just
> fine.
> 
> The documentation [1] of OPENSSL_init_crypto() states that explicit 
> initialization is not required. Man page of EVP_EC_gen [2] says
> nothing 
> about initialization.
> Considering that 3.0.3 is only a minor update and 3.0.2 worked as 
> expected, we might have hit a bug. If this (above) is "just" a usage 
> error, the documentation should describe in which cases an explicit 
> initialization is required.
> 
> Anyway, thank you for all your efforts!
> 
> Best regards
> 
>     -Klaus Keppler
> 
> 
> [1] https://www.openssl.org/docs/man3.0/man3/OPENSSL_init_crypto.html
> [2] https://www.openssl.org/docs/man3.0/man3/EVP_EC_gen.html

-- 
Tomáš Mráz, OpenSSL




Re: 3.0.3 - EVP_EC_gen() segfault without init

2022-05-04 Thread Klaus Keppler

Oh sorry, forgot to say that.

It's x86-64, compiled on Debian 10.12 (GCC 8.3.0) and CentOS 7 (GCC 
8.3.1) - other distributions/GCC versions not tested yet.


OpenSSL was compiled with common hardening flags:
CFLAGS="-fstack-protector --param ssp-buffer-size=4 -fPIC -O2"
CPPFLAGS="-D_FORTIFY_SOURCE=2"

arm64 and armhf also seem to be not affected (at least our unit tests 
there passed).


Best regards

   -Klaus


Am 04.05.2022 um 22:07 schrieb Blumenthal, Uri - 0553 - MITLL:

What platform?

$ bat ossl3-tst.c
───┬──
│ File: ossl3-tst.c
│ Size: 216 B
───┼──
1   │ #include 
2   │ #include 
3   │ #include 
4   │
5   │ int main(int argc, const char *argv[]) {
6   │  //OPENSSL_init_crypto(0, NULL);
7   │  if (! EVP_EC_gen("P-384")) return -1;
8   │  return 0;
9   │ }
───┴──
$ gcc -Wall -Werror -pedantic -o ossl3-tst ossl3-tst.c -I/opt/local/include 
-L/opt/local/lib -lcrypto
$ ./ossl3-tst
$

Above is on MacOS Monterey with GCC-11.
--
V/R,
Uri
  
There are two ways to design a system. One is to make it so simple there are obviously no deficiencies.

The other is to make it so complex there are no obvious deficiencies.

  -  C. A. R. Hoare
  


On 5/4/22, 15:58, "openssl-users on behalf of Klaus Keppler" 
 wrote:

 Hello,

 yesterday we updated OpenSSL from 3.0.2 to 3.0.3, what made some of our
 unit tests crash.

 I've boiled the problem down to the following example code:

 ---cut---
 #include 
 #include 
 #include 

 int main(int argc, const char *argv[]) {
  //OPENSSL_init_crypto(0, NULL);
  if (! EVP_EC_gen("P-384")) return -1;
  return 0;
 }
 ---/cut---

 Compile with:

gcc -Wall -Werror -pedantic -o test test.c -lcrypto

 With OpenSSL 3.0.2 this runs just fine, with OpenSSL 3.0.3 we get a
 segmentation fault during a string comparison within EVP_PKEY_Q_keygen
 (EVP_EC_gen is just a macro).

 I assume that the curve names are not properly initialized, when you
 uncomment the call to "OPENSSL_init_crypto()", everything works just fine.

 The documentation [1] of OPENSSL_init_crypto() states that explicit
 initialization is not required. Man page of EVP_EC_gen [2] says nothing
 about initialization.
 Considering that 3.0.3 is only a minor update and 3.0.2 worked as
 expected, we might have hit a bug. If this (above) is "just" a usage
 error, the documentation should describe in which cases an explicit
 initialization is required.

 Anyway, thank you for all your efforts!

 Best regards

 -Klaus Keppler


 [1] https://www.openssl.org/docs/man3.0/man3/OPENSSL_init_crypto.html
 [2] https://www.openssl.org/docs/man3.0/man3/EVP_EC_gen.html


Re: 3.0.3 - EVP_EC_gen() segfault without init

2022-05-04 Thread Blumenthal, Uri - 0553 - MITLL
What platform?

$ bat ossl3-tst.c
───┬──
   │ File: ossl3-tst.c
   │ Size: 216 B
───┼──
   1   │ #include 
   2   │ #include 
   3   │ #include 
   4   │ 
   5   │ int main(int argc, const char *argv[]) {
   6   │  //OPENSSL_init_crypto(0, NULL);
   7   │  if (! EVP_EC_gen("P-384")) return -1;
   8   │  return 0;
   9   │ }
───┴──
$ gcc -Wall -Werror -pedantic -o ossl3-tst ossl3-tst.c -I/opt/local/include 
-L/opt/local/lib -lcrypto
$ ./ossl3-tst 
$

Above is on MacOS Monterey with GCC-11.
--
V/R,
Uri
 
There are two ways to design a system. One is to make it so simple there are 
obviously no deficiencies.
The other is to make it so complex there are no obvious deficiencies.

 -  C. A. R. Hoare
 

On 5/4/22, 15:58, "openssl-users on behalf of Klaus Keppler" 
 wrote:

Hello,

yesterday we updated OpenSSL from 3.0.2 to 3.0.3, what made some of our 
unit tests crash.

I've boiled the problem down to the following example code:

---cut---
#include 
#include 
#include 

int main(int argc, const char *argv[]) {
 //OPENSSL_init_crypto(0, NULL);
 if (! EVP_EC_gen("P-384")) return -1;
 return 0;
}
---/cut---

Compile with:

   gcc -Wall -Werror -pedantic -o test test.c -lcrypto

With OpenSSL 3.0.2 this runs just fine, with OpenSSL 3.0.3 we get a 
segmentation fault during a string comparison within EVP_PKEY_Q_keygen 
(EVP_EC_gen is just a macro).

I assume that the curve names are not properly initialized, when you 
uncomment the call to "OPENSSL_init_crypto()", everything works just fine.

The documentation [1] of OPENSSL_init_crypto() states that explicit 
initialization is not required. Man page of EVP_EC_gen [2] says nothing 
about initialization.
Considering that 3.0.3 is only a minor update and 3.0.2 worked as 
expected, we might have hit a bug. If this (above) is "just" a usage 
error, the documentation should describe in which cases an explicit 
initialization is required.

Anyway, thank you for all your efforts!

Best regards

-Klaus Keppler


[1] https://www.openssl.org/docs/man3.0/man3/OPENSSL_init_crypto.html
[2] https://www.openssl.org/docs/man3.0/man3/EVP_EC_gen.html


smime.p7s
Description: S/MIME cryptographic signature


3.0.3 - EVP_EC_gen() segfault without init

2022-05-04 Thread Klaus Keppler

Hello,

yesterday we updated OpenSSL from 3.0.2 to 3.0.3, what made some of our 
unit tests crash.


I've boiled the problem down to the following example code:

---cut---
#include 
#include 
#include 

int main(int argc, const char *argv[]) {
//OPENSSL_init_crypto(0, NULL);
if (! EVP_EC_gen("P-384")) return -1;
return 0;
}
---/cut---

Compile with:

  gcc -Wall -Werror -pedantic -o test test.c -lcrypto

With OpenSSL 3.0.2 this runs just fine, with OpenSSL 3.0.3 we get a 
segmentation fault during a string comparison within EVP_PKEY_Q_keygen 
(EVP_EC_gen is just a macro).


I assume that the curve names are not properly initialized, when you 
uncomment the call to "OPENSSL_init_crypto()", everything works just fine.


The documentation [1] of OPENSSL_init_crypto() states that explicit 
initialization is not required. Man page of EVP_EC_gen [2] says nothing 
about initialization.
Considering that 3.0.3 is only a minor update and 3.0.2 worked as 
expected, we might have hit a bug. If this (above) is "just" a usage 
error, the documentation should describe in which cases an explicit 
initialization is required.


Anyway, thank you for all your efforts!

Best regards

   -Klaus Keppler


[1] https://www.openssl.org/docs/man3.0/man3/OPENSSL_init_crypto.html
[2] https://www.openssl.org/docs/man3.0/man3/EVP_EC_gen.html