Re: 3.0.3 - EVP_EC_gen() segfault without init
Fix is here:
https://github.com/openssl/openssl/pull/18247
On Thu, 2022-05-05 at 07:54 +0200, Tomas Mraz wrote:
> Yes, this is unfortunately a bug in 3.0.3 release. Calling
> OPENSSL_init_crypto should not be necessary.
>
> Tomas Mraz
>
> On Wed, 2022-05-04 at 21:58 +0200, Klaus Keppler wrote:
> > Hello,
> >
> > yesterday we updated OpenSSL from 3.0.2 to 3.0.3, what made some of
> > our
> > unit tests crash.
> >
> > I've boiled the problem down to the following example code:
> >
> > ---cut---
> > #include
> > #include
> > #include
> >
> > int main(int argc, const char *argv[]) {
> > //OPENSSL_init_crypto(0, NULL);
> > if (! EVP_EC_gen("P-384")) return -1;
> > return 0;
> > }
> > ---/cut---
> >
> > Compile with:
> >
> > gcc -Wall -Werror -pedantic -o test test.c -lcrypto
> >
> > With OpenSSL 3.0.2 this runs just fine, with OpenSSL 3.0.3 we get a
> > segmentation fault during a string comparison within
> > EVP_PKEY_Q_keygen
> > (EVP_EC_gen is just a macro).
> >
> > I assume that the curve names are not properly initialized, when you
> > uncomment the call to "OPENSSL_init_crypto()", everything works just
> > fine.
> >
> > The documentation [1] of OPENSSL_init_crypto() states that explicit
> > initialization is not required. Man page of EVP_EC_gen [2] says
> > nothing
> > about initialization.
> > Considering that 3.0.3 is only a minor update and 3.0.2 worked as
> > expected, we might have hit a bug. If this (above) is "just" a usage
> > error, the documentation should describe in which cases an explicit
> > initialization is required.
> >
> > Anyway, thank you for all your efforts!
> >
> > Best regards
> >
> > -Klaus Keppler
> >
> >
> > [1] https://www.openssl.org/docs/man3.0/man3/OPENSSL_init_crypto.html
> > [2] https://www.openssl.org/docs/man3.0/man3/EVP_EC_gen.html
>
--
Tomáš Mráz, OpenSSL
Re: 3.0.3 - EVP_EC_gen() segfault without init
Yes, this is unfortunately a bug in 3.0.3 release. Calling
OPENSSL_init_crypto should not be necessary.
Tomas Mraz
On Wed, 2022-05-04 at 21:58 +0200, Klaus Keppler wrote:
> Hello,
>
> yesterday we updated OpenSSL from 3.0.2 to 3.0.3, what made some of
> our
> unit tests crash.
>
> I've boiled the problem down to the following example code:
>
> ---cut---
> #include
> #include
> #include
>
> int main(int argc, const char *argv[]) {
> //OPENSSL_init_crypto(0, NULL);
> if (! EVP_EC_gen("P-384")) return -1;
> return 0;
> }
> ---/cut---
>
> Compile with:
>
> gcc -Wall -Werror -pedantic -o test test.c -lcrypto
>
> With OpenSSL 3.0.2 this runs just fine, with OpenSSL 3.0.3 we get a
> segmentation fault during a string comparison within
> EVP_PKEY_Q_keygen
> (EVP_EC_gen is just a macro).
>
> I assume that the curve names are not properly initialized, when you
> uncomment the call to "OPENSSL_init_crypto()", everything works just
> fine.
>
> The documentation [1] of OPENSSL_init_crypto() states that explicit
> initialization is not required. Man page of EVP_EC_gen [2] says
> nothing
> about initialization.
> Considering that 3.0.3 is only a minor update and 3.0.2 worked as
> expected, we might have hit a bug. If this (above) is "just" a usage
> error, the documentation should describe in which cases an explicit
> initialization is required.
>
> Anyway, thank you for all your efforts!
>
> Best regards
>
> -Klaus Keppler
>
>
> [1] https://www.openssl.org/docs/man3.0/man3/OPENSSL_init_crypto.html
> [2] https://www.openssl.org/docs/man3.0/man3/EVP_EC_gen.html
--
Tomáš Mráz, OpenSSL
Re: 3.0.3 - EVP_EC_gen() segfault without init
Oh sorry, forgot to say that.
It's x86-64, compiled on Debian 10.12 (GCC 8.3.0) and CentOS 7 (GCC
8.3.1) - other distributions/GCC versions not tested yet.
OpenSSL was compiled with common hardening flags:
CFLAGS="-fstack-protector --param ssp-buffer-size=4 -fPIC -O2"
CPPFLAGS="-D_FORTIFY_SOURCE=2"
arm64 and armhf also seem to be not affected (at least our unit tests
there passed).
Best regards
-Klaus
Am 04.05.2022 um 22:07 schrieb Blumenthal, Uri - 0553 - MITLL:
What platform?
$ bat ossl3-tst.c
───┬──
│ File: ossl3-tst.c
│ Size: 216 B
───┼──
1 │ #include
2 │ #include
3 │ #include
4 │
5 │ int main(int argc, const char *argv[]) {
6 │ //OPENSSL_init_crypto(0, NULL);
7 │ if (! EVP_EC_gen("P-384")) return -1;
8 │ return 0;
9 │ }
───┴──
$ gcc -Wall -Werror -pedantic -o ossl3-tst ossl3-tst.c -I/opt/local/include
-L/opt/local/lib -lcrypto
$ ./ossl3-tst
$
Above is on MacOS Monterey with GCC-11.
--
V/R,
Uri
There are two ways to design a system. One is to make it so simple there are obviously no deficiencies.
The other is to make it so complex there are no obvious deficiencies.
- C. A. R. Hoare
On 5/4/22, 15:58, "openssl-users on behalf of Klaus Keppler"
wrote:
Hello,
yesterday we updated OpenSSL from 3.0.2 to 3.0.3, what made some of our
unit tests crash.
I've boiled the problem down to the following example code:
---cut---
#include
#include
#include
int main(int argc, const char *argv[]) {
//OPENSSL_init_crypto(0, NULL);
if (! EVP_EC_gen("P-384")) return -1;
return 0;
}
---/cut---
Compile with:
gcc -Wall -Werror -pedantic -o test test.c -lcrypto
With OpenSSL 3.0.2 this runs just fine, with OpenSSL 3.0.3 we get a
segmentation fault during a string comparison within EVP_PKEY_Q_keygen
(EVP_EC_gen is just a macro).
I assume that the curve names are not properly initialized, when you
uncomment the call to "OPENSSL_init_crypto()", everything works just fine.
The documentation [1] of OPENSSL_init_crypto() states that explicit
initialization is not required. Man page of EVP_EC_gen [2] says nothing
about initialization.
Considering that 3.0.3 is only a minor update and 3.0.2 worked as
expected, we might have hit a bug. If this (above) is "just" a usage
error, the documentation should describe in which cases an explicit
initialization is required.
Anyway, thank you for all your efforts!
Best regards
-Klaus Keppler
[1] https://www.openssl.org/docs/man3.0/man3/OPENSSL_init_crypto.html
[2] https://www.openssl.org/docs/man3.0/man3/EVP_EC_gen.html
Re: 3.0.3 - EVP_EC_gen() segfault without init
What platform?
$ bat ossl3-tst.c
───┬──
│ File: ossl3-tst.c
│ Size: 216 B
───┼──
1 │ #include
2 │ #include
3 │ #include
4 │
5 │ int main(int argc, const char *argv[]) {
6 │ //OPENSSL_init_crypto(0, NULL);
7 │ if (! EVP_EC_gen("P-384")) return -1;
8 │ return 0;
9 │ }
───┴──
$ gcc -Wall -Werror -pedantic -o ossl3-tst ossl3-tst.c -I/opt/local/include
-L/opt/local/lib -lcrypto
$ ./ossl3-tst
$
Above is on MacOS Monterey with GCC-11.
--
V/R,
Uri
There are two ways to design a system. One is to make it so simple there are
obviously no deficiencies.
The other is to make it so complex there are no obvious deficiencies.
- C. A. R. Hoare
On 5/4/22, 15:58, "openssl-users on behalf of Klaus Keppler"
wrote:
Hello,
yesterday we updated OpenSSL from 3.0.2 to 3.0.3, what made some of our
unit tests crash.
I've boiled the problem down to the following example code:
---cut---
#include
#include
#include
int main(int argc, const char *argv[]) {
//OPENSSL_init_crypto(0, NULL);
if (! EVP_EC_gen("P-384")) return -1;
return 0;
}
---/cut---
Compile with:
gcc -Wall -Werror -pedantic -o test test.c -lcrypto
With OpenSSL 3.0.2 this runs just fine, with OpenSSL 3.0.3 we get a
segmentation fault during a string comparison within EVP_PKEY_Q_keygen
(EVP_EC_gen is just a macro).
I assume that the curve names are not properly initialized, when you
uncomment the call to "OPENSSL_init_crypto()", everything works just fine.
The documentation [1] of OPENSSL_init_crypto() states that explicit
initialization is not required. Man page of EVP_EC_gen [2] says nothing
about initialization.
Considering that 3.0.3 is only a minor update and 3.0.2 worked as
expected, we might have hit a bug. If this (above) is "just" a usage
error, the documentation should describe in which cases an explicit
initialization is required.
Anyway, thank you for all your efforts!
Best regards
-Klaus Keppler
[1] https://www.openssl.org/docs/man3.0/man3/OPENSSL_init_crypto.html
[2] https://www.openssl.org/docs/man3.0/man3/EVP_EC_gen.html
smime.p7s
Description: S/MIME cryptographic signature
3.0.3 - EVP_EC_gen() segfault without init
Hello,
yesterday we updated OpenSSL from 3.0.2 to 3.0.3, what made some of our
unit tests crash.
I've boiled the problem down to the following example code:
---cut---
#include
#include
#include
int main(int argc, const char *argv[]) {
//OPENSSL_init_crypto(0, NULL);
if (! EVP_EC_gen("P-384")) return -1;
return 0;
}
---/cut---
Compile with:
gcc -Wall -Werror -pedantic -o test test.c -lcrypto
With OpenSSL 3.0.2 this runs just fine, with OpenSSL 3.0.3 we get a
segmentation fault during a string comparison within EVP_PKEY_Q_keygen
(EVP_EC_gen is just a macro).
I assume that the curve names are not properly initialized, when you
uncomment the call to "OPENSSL_init_crypto()", everything works just fine.
The documentation [1] of OPENSSL_init_crypto() states that explicit
initialization is not required. Man page of EVP_EC_gen [2] says nothing
about initialization.
Considering that 3.0.3 is only a minor update and 3.0.2 worked as
expected, we might have hit a bug. If this (above) is "just" a usage
error, the documentation should describe in which cases an explicit
initialization is required.
Anyway, thank you for all your efforts!
Best regards
-Klaus Keppler
[1] https://www.openssl.org/docs/man3.0/man3/OPENSSL_init_crypto.html
[2] https://www.openssl.org/docs/man3.0/man3/EVP_EC_gen.html
