[openssl-dev] Overlapping regions check

Wed, 20 Jul 2016 16:31:24 -0700 

With current OpenSSL master, the krb5 PKINIT tests are getting an
assertion failure which I can't attribute to our code (stack trace at
the end).  It appears that EVP_EncryptUpdate() now insists on
non-overlapping regions, but bio_enc.c:enc_read() relies on being able
to decrypt an overlapping region.

The calling code is:

    i = BIO_read(tmpmem, buf, sizeof(buf));

where buf is a local array of size 4096 which is not used for any other
purpose (i.e. has nothing to do with the tmpmem bio).

Program received signal SIGABRT, Aborted.
0x00007ffff710ec37 in __GI_raise (sig=sig@entry=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56  ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) back
#0  0x00007ffff710ec37 in __GI_raise (sig=sig@entry=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007ffff7112028 in __GI_abort () at abort.c:89
#2  0x00007ffff7107bf6 in __assert_fail_base (
    fmt=0x7ffff72583b8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", 
    assertion=assertion@entry=0x7ffff618fc78 "!condition", 
    file=file@entry=0x7ffff618fb90 "crypto/evp/evp_enc.c", 
    line=line@entry=290, 
    function=function@entry=0x7ffff618fd10 <__PRETTY_FUNCTION__.16890>
    "is_partially_overlapping") at assert.c:92
#3  0x00007ffff7107ca2 in __GI___assert_fail (
    assertion=0x7ffff618fc78 "!condition", 
    file=0x7ffff618fb90 "crypto/evp/evp_enc.c", line=290, 
    function=0x7ffff618fd10 <__PRETTY_FUNCTION__.16890>
    "is_partially_overlapping") at assert.c:101
#4  0x00007ffff60d32f2 in is_partially_overlapping (ptr1=0x6286a0, 
    ptr2=0x6286e0, len=1728) at crypto/evp/evp_enc.c:290
#5  0x00007ffff60d33c6 in EVP_EncryptUpdate (ctx=0x624230, out=0x6286a0 "", 
    outl=0x628680, 
    in=0x6286e0 [edited out],
    inl=1728)
    at crypto/evp/evp_enc.c:315
#6  0x00007ffff60d3989 in EVP_DecryptUpdate (ctx=0x624230, out=0x6286a0 "", 
    outl=0x628680, 
    in=0x6286e0 [edited out],
    inl=1728)
    at crypto/evp/evp_enc.c:454
#7  0x00007ffff60d30d5 in EVP_CipherUpdate (ctx=0x624230, out=0x6286a0 "", 
    outl=0x628680, 
    in=0x6286e0 [edited out],
    inl=1728)
    at crypto/evp/evp_enc.c:211
#8  0x00007ffff60c5a95 in enc_read (b=0x63d7e0, 
    out=0x7fffffffbc00 "@\274\377\377\377\177", outl=4096)
    at crypto/evp/bio_enc.c:161
#9  0x00007ffff6034b3f in BIO_read (b=0x63d7e0, out=0x7fffffffbc00, outl=4096)
    at crypto/bio/bio_lib.c:213
#10 0x00007ffff5977ec5 in pkcs7_decrypt (context=0x608150, 
    id_cryptoctx=0x621c60, p7=0x63c990, data=0x63bbe0)
    at
    ../../../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5887
[rest of stack trace elided]

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to