BIO_read() crash
Hi team, I find a segment fault in BIO_read() on openssl 3.0 about calculate digest with BIO using md4 algorithm. This is my test code, put it in a.c, build & run, it will crash. If don't load legacy provider: 1. Set dgst = "md4", EVP_get_digestbyname(dgst) won't return NULL, but a non-NULL object. If use EVP_MD_fetch(NULL, dgst, NULL) instead, it will return NULL. 2. When call BIO_read(), this program crashes. If load legacy provider, this program works ok. #include #include #include #include #include #include #include #include int main() { EVP_MD *md = NULL; const char *datain = "a.c"; const int BUF_SIZE = 8192; char *buff = NULL; char *ptr = NULL; const char *dgst = "md4"; int ret = 0, len = 0, i = 0; BIO *in = NULL, *out = NULL, *bmd = NULL, *rbio = NULL, *err; if ((err = BIO_new(BIO_s_file())) != NULL) BIO_set_fp(err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); md = EVP_get_digestbyname(dgst); if (!md) { printf("Error EVP_get_digestbyname %s\n", dgst); goto err_exit; } in = BIO_new_file(datain, "rb"); if (!in) { printf("Error BIO_new_file %s\n", datain); goto err_exit; } out = BIO_new(BIO_s_mem()); if (!out) { printf("Error BIO_new out\n"); goto err_exit; } rbio = in; bmd = BIO_new(BIO_f_md()); if (!bmd){ printf("Error BIO_new bmd\n"); goto err_exit; } BIO_set_md(bmd, md); rbio = BIO_push(bmd, rbio); buff = (char *)malloc(BUF_SIZE); if (!buff) { printf("Error malloc\n"); goto err_exit; } for (;;) { ret = BIO_read(rbio, buff, BUF_SIZE); /* this call will segment fault */ if (ret <= 0) break; } len = BIO_gets(rbio, buff, BUF_SIZE); len = BIO_write(out, buff, len); if (!BIO_flush(out)) { printf("Error BIO_flush\n"); goto err_exit; } len = BIO_get_mem_data(out, ); printf("digest success, len=%d\n", len); for (i = 0; i < len; i++) printf("%d ", ptr[i]); printf("\n"); err_exit: ERR_print_errors(err); if (in) BIO_free(in); if (out) BIO_free_all(out); if (err) BIO_free(err); if (bmd) BIO_free(bmd); if (buff) free(buff); if (md) EVP_MD_free(md); ERR_clear_error(); return 0; } - Rocket Software, Inc. and subsidiaries ? 77 Fourth Avenue, Waltham MA 02451 ? Main Office Toll Free Number: +1 855.577.4323 Contact Customer Support: https://my.rocketsoftware.com/RocketCommunity/RCEmailSupport Unsubscribe from Marketing Messages/Manage Your Subscription Preferences - http://www.rocketsoftware.com/manage-your-email-preferences Privacy Policy - http://www.rocketsoftware.com/company/legal/privacy-policy This communication and any attachments may contain confidential information of Rocket Software, Inc. All unauthorized use, disclosure or distribution is prohibited. If you are not the intended recipient, please notify Rocket Software immediately and destroy all copies of this communication. Thank you.
how to programmatically specify the path of fipsmodule.cnf and load it in application without using openssl.cnf in OpenSSL 3.0
Hi team, Do you know how to programmatically specify the path of fipsmodule.cnf and load it in application without using openssl.cnf in OpenSSL 3.0? Historically, my product uses customized OpenSSL and doesn't have an openssl.cnf. I need to use FIPS module, and I try to load it, it fails until I specify the fipsmodule.cnf path in openssl.cnf. openssl.cnf is generated when make install, and fipsmodule.cnf is generated by openssl fipsinstall command. Rocket Software, Inc. and subsidiaries ? 77 Fourth Avenue, Waltham MA 02451 ? Main Office Toll Free Number: +1 855.577.4323 Contact Customer Support: https://my.rocketsoftware.com/RocketCommunity/RCEmailSupport Unsubscribe from Marketing Messages/Manage Your Subscription Preferences - http://www.rocketsoftware.com/manage-your-email-preferences Privacy Policy - http://www.rocketsoftware.com/company/legal/privacy-policy This communication and any attachments may contain confidential information of Rocket Software, Inc. All unauthorized use, disclosure or distribution is prohibited. If you are not the intended recipient, please notify Rocket Software immediately and destroy all copies of this communication. Thank you.
OpenSSL 3.0.7 make test failed on AIX 7100-04
Hi team, I compile OpenSSL 3.0.5 and 3.0.7 on AIX 7100, make and make install succeed, but make test failed at very beginning when doing "00-prep_fipsmodule_cnf.t". This is my config options: ./Configure -Wl,-R,/.uvlibs1 aix64-cc enable-fips enable-acvp-tests no-mdc2 no-idea shared --prefix=/disk1/wzhy/openssl_build/install The strange thing is that if I just add the --debug option in config options, make test succeeds. Then I try openssl fipsinstall, it shows the same error log with make test: Unable to get MAC of type HMAC INSTALL FAILED 0001:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (HMAC : 0), Properties () I think add -debug should not be a good solution, can you give me some help? I paste my compile information as follow: $ pwd /disk1/wzhy/openssl_build/openssl-3.0.7 $ make test make depend && make _tests ( SRCTOP=. BLDTOP=. PERL="perl" FIPSKEY="f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813" EXE_EXT= perl ./test/run_tests.pl ) 00-prep_fipsmodule_cnf.t .. Unable to get MAC of type HMAC INSTALL FAILED 0001:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (HMAC : 0), Properties () ../../util/wrap.pl ../../apps/openssl fipsinstall -module ../../providers/fips.so -provider_name fips -section_name fips_sect -out ../../test/fipsmodule.cnf => 1 not ok 1 - fips install 00-prep_fipsmodule_cnf.t .. 1/? # Failed test 'fips install' # at test/recipes/00-prep_fipsmodule_cnf.t line 33. 00-prep_fipsmodule_cnf.t .. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests Test Summary Report --- 00-prep_fipsmodule_cnf.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=1, Tests=1, 0 wallclock secs ( 0.01 usr 0.00 sys + 0.10 cusr 0.01 csys = 0.12 CPU) Result: FAIL make: The error code from the last command is 1. Stop. make: 1254-004 The error code from the last command is 2. Stop. $ apps/openssl fipsinstall -module providers/fips.so -out fips1.cnf Unable to get MAC of type HMAC INSTALL FAILED 0001:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (HMAC : 0), Properties () $ /disk1/wzhy/openssl_build/install/bin/openssl fipsinstall -module /disk1/wzhy/openssl_build/install/lib//ossl-modules/fips.so -out fips1.cnf Unable to get MAC of type HMAC INSTALL FAILED 0001:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (HMAC : 0), Properties () $ /disk1/wzhy/openssl_build/install/bin/openssl version -a OpenSSL 3.0.7 1 Nov 2022 (Library: OpenSSL 3.0.7 1 Nov 2022) built on: Thu Nov 3 05:50:08 2022 UTC platform: aix64-cc options: bn(64,64) compiler: cc -qpic -q64 -qmaxmem=16384 -qro -qroconst -qthreaded -O -DB_ENDIAN -DOPENSSL_PIC -D_THREAD_SAFE -DOPENSSL_BUILDING_OPENSSL -DNDEBUG OPENSSLDIR: "/disk1/wzhy/openssl_build/install/ssl" ENGINESDIR: "/disk1/wzhy/openssl_build/install/lib/engines-3" MODULESDIR: "/disk1/wzhy/openssl_build/install/lib/ossl-modules" Seeding source: os-specific CPUINFO: N/A $ oslevel -r 7100-04 $ perl configdata.pm --dump Command line (with current working directory = .): perl ./Configure -Wl,-R,/.uvlibs1 aix64-cc enable-fips enable-acvp-tests no-mdc2 no-idea shared --prefix=/disk1/wzhy/openssl_build/install Perl information: perl 5.10.1 for aix-thread-multi Enabled features: acvp-tests aria asm async autoalginit autoerrinit autoload-config bf blake2 bulk cached-fetch camellia capieng cast chacha cmac cmp cms comp ct deprecated des dgram dh dsa dso dtls dynamic-engine ec ec2m ecdh ecdsa engine err filenames fips fips-securitychecks gost legacy loadereng md4 module multiblock nextprotoneg ocb ocsp padlockeng pic pinshared poly1305 posix-io psk rc2 rc4 rdrand rfc3779 rmd160 scrypt secure-memory seed shared siphash siv sm2 sm3 sm4 sock srp srtp sse2 ssl ssl-trace static-engine stdio tests threads tls ts ui-console whirlpool tls1 tls1-method tls1_1 tls1_1-method tls1_2 tls1_2-method tls1_3 dtls1 dtls1-method dtls1_2 dtls1_2-method Disabled features: afalgeng[not-linux] OPENSSL_NO_AFALGENG asan[default]OPENSSL_NO_ASAN buildtest-c++ [default] crypto-mdebug [default]