bug in 0.9.7d (on alpha/Tru64 UNIX V4.0F)

Mon, 29 Mar 2004 14:58:09 -0800 

Hi,

I'm wondering if the following but has been found and fixed.  If so,
I'd really like to know about it.

backtrace:

- stunnel dies on a SIGSEGV

- in crypto/rsa/rsa_lib.c, line 183 (RSA_new_method):

   179          ret->_method_mod_p=NULL;
   180          ret->_method_mod_q=NULL;
   181          ret->blinding=NULL;
   182          ret->bignum_data=NULL;
 ->183          ret->flags=ret->meth->flags;
   184          CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
   185          if ((ret->meth->init != NULL) && !ret->meth->init(ret))
   186                  {

  ret->meth has been mulched.

- in crypto/engine/eng_table.c

  engine_table_select() seems to walk through rsa_table, looking for
  a valid engine.  It goes through:

        CryptoSwift hardware engine support
    nCipher hardware engine support
    Atalla hardware engine support
    Nuron hardware engine support
    UBSEC hardware engine support
    Aep hardware engine support
    SureWare hardware engine support
    IBM 4758 CCA hardware engine support

  up to this point, the struct returned by sk_ENGINE_value() looks ok.
  For example, for the last one:

    struct {
        id = 0x3ffbfef2f90 = "4758cca"
        name = 0x3ffbfef3188 = "IBM 4758 CCA hardware engine support"
        rsa_meth = 0x3fffffd3140
        dsa_meth = (nil)
        dh_meth = (nil)
        rand_meth = 0x3fffffd2fe0
        ciphers = (nil)
        digests = (nil)
        destroy = 0x3ffbff7a54c
        init = 0x3ffbff7a578
        finish = 0x3ffbff7a838
        ctrl = 0x3ffbff7a908
        load_privkey = 0x3ffbff7a9dc
        load_pubkey = 0x3ffbff7ad34
        cmd_defns = 0x3fffffe4e80
        flags = 0
        struct_ref = 1
        funct_ref = 0
        ex_data = struct {
            sk = (nil)
            dummy = 0
        }
        prev = 0x1400131c0
        next = (nil)
    } 

  however, the next one is garbage:

    struct {
        id = 0x3fffffd3c20 = ""
        name = 0x140047560 = "`^9\375\377\377^C"
        rsa_meth = 0x20000d2
        dsa_meth = 0x2
        dh_meth = 0x3fffffd3c30
        rand_meth = 0x1400478c0
        ciphers = 0x3000042
        digests = 0x2
        destroy = 0x3fffffd3c40
        init = 0x1400476a0
        finish = 0x40000ad
        ctrl = 0x2
        load_privkey = 0x3fffffd3c50
        load_pubkey = 0x140046120
        cmd_defns = 0x500001f
        flags = 2
        struct_ref = 0
        funct_ref = -181152
        ex_data = struct {
            sk = 0x140044fc0
            dummy = 100663428
        }
        prev = 0x2
        next = 0x3fffffd3c70
    } 

Help?

Robert Urban
Munich, Germany
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to