[openssl.org #2949] OpenSSL bug

Fri, 28 Dec 2012 11:52:56 -0800 

Details: 

    • Operating System: 


        • Windows 7 Enterprise SP1 - 64-bit 
    • 
OpenSSL version: (From opensslv.h) 

        • #define OPENSSL_VERSION_NUMBER 0x0090807fL 
    • 
Visual Studio: 

        • Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 16.00.30319.01 
for 80x86 

Problem: 
Sending an empty string to EVP_EncryptUpdate() causes this message and 
core/program exception: 


.\crypto\evp\evp_enc.c(282): OpenSSL internal error, assertion failed: inl > 0 


As an aside, this works fine on Unix 

Compile string: 
cl /wd4996 /EHsc -D _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES=1 
/I/openssl/include /W3 /Zi openssl_bug.c ws2_32.lib advapi32.lib ws2_32.lib 
advapi32.lib user32.lib gdi32.lib /link /libpath:c:\openssl\lib libeay32.lib 
ssleay32.lib 

Sample code: 
#include <stdio.h> 
#include <string.h> 

#include "openssl/evp.h" 

int main () 
{ 
const EVP_CIPHER *cipher = EVP_bf_cbc (); 
EVP_CIPHER_CTX ctx; 
char* plaintext = "test"; 
unsigned char encrypted_block[1024]; 
unsigned char *encrypted = encrypted_block; 
int encrypted_size; 

EVP_CIPHER_CTX_init (&ctx); 

EVP_EncryptInit (&ctx, 
cipher, 
NULL, 
NULL); 

// Works 
if (!EVP_EncryptUpdate(&ctx, 
encrypted, 
&encrypted_size, 
plaintext, 
strlen(plaintext))) { 
printf ("Failure @ #1\n"); 
} else { 
printf ("Success @ #1\n"); 
} 

// Doesn't work (cores actually) 
plaintext[0] = '\0'; 
if (!EVP_EncryptUpdate(&ctx, 
encrypted, 
&encrypted_size, 
plaintext, 
strlen(plaintext))) { 
printf ("Failure @ #2\n"); 
} else { 
printf ("Success @ #2\n"); 
} 
} 

Let me know if you need any additional information, 
Greg Sternberg
Details:
  • Operating System:
    • Windows 7 Enterprise SP1 - 64-bit
  • OpenSSL version: (From opensslv.h)
    • #define OPENSSL_VERSION_NUMBER    0x0090807fL
  • Visual Studio:
    • Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 16.00.30319.01 for 80x86
Problem:
Sending an empty string to EVP_EncryptUpdate() causes this message and core/program exception:
.\crypto\evp\evp_enc.c(282): OpenSSL internal error, assertion failed: inl > 0
As an aside, this works fine on Unix

Compile string:
cl /wd4996 /EHsc -D _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES=1 /I/openssl/include /W3 /Zi openssl_bug.c ws2_32.lib advapi32.lib ws2_32.lib advapi32.lib user32.lib gdi32.lib /link /libpath:c:\openssl\lib libeay32.lib ssleay32.lib

Sample code:
#include <stdio.h>
#include <string.h>

#include "openssl/evp.h"

int main ()
{
   const EVP_CIPHER *cipher = EVP_bf_cbc ();
   EVP_CIPHER_CTX ctx;
   char* plaintext = "test";
   unsigned char encrypted_block[1024];
   unsigned char *encrypted = encrypted_block;
   int encrypted_size;
  
   EVP_CIPHER_CTX_init (&ctx);
  
   EVP_EncryptInit (&ctx,
                    cipher,
                    NULL,
                    NULL);

   // Works
   if (!EVP_EncryptUpdate(&ctx,
                          encrypted,
                          &encrypted_size,
                          plaintext,
                          strlen(plaintext))) {
      printf ("Failure @ #1\n");
   } else {
      printf ("Success @ #1\n");
   }

   // Doesn't work (cores actually)
   plaintext[0] = '\0';
   if (!EVP_EncryptUpdate(&ctx,
                          encrypted,
                          &encrypted_size,
                          plaintext,
                          strlen(plaintext))) {
      printf ("Failure @ #2\n");
   } else {
      printf ("Success @ #2\n");
   }
}

Let me know if you need any additional information,
Greg Sternberg

Reply via email to