Re: [openssl.org #42] bug concerning PKCS5_pbe2_set/EVP_CipherInit_exfunctions
On Fri, 17 May 2002, Madis Janson via RT wrote: Probable bug causes SEGFAULT due to access to pointers in uninitialized EVP_CIPHER_CTX structure given to EVP_CipherInit_ex Most likely, OpenSSL_add_all_algorithms() was not run, yet function by PKCS5_pbe2_set function, when using PEM_write_PKCS8PrivateKey function to save encrypted private key into file like this: FILE *f; EVP_PKEY *pkey; /* initialisation of f and pkey... */ ... PEM_write_PKCS8PrivateKey(f, pkey, EVP_des_ede3_cbc(), blaah, 5, NULL, NULL); Debug log --- Breakpoint 2, PEM_write_PKCS8PrivateKey (fp=0x414bae94, x=0x414acfe8, enc=0x8129980, kstr=0x414a8ff8 blaah, klen=5, cb=0, u=0x0) at pem_pk8.c:208 208 return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u); (gdb) p enc $1 = (EVP_CIPHER *) 0x8129980 (gdb) p *enc $2 = {nid = 44, block_size = 8, key_len = 24, iv_len = 8, flags = 2, init = 0x808fb10 des_ede3_init_key, do_cipher = 0x808f830 des_ede_cbc_cipher, cleanup = 0, ctx_size = 384, set_asn1_parameters = 0x8092780 EVP_CIPHER_set_asn1_iv, get_asn1_parameters = 0x80926e0 EVP_CIPHER_get_asn1_iv, ctrl = 0, app_data = 0x0} (gdb) p *x $3 = {type = 6, save_type = 6, references = 1, pkey = {ptr = 0x414b4fac , rsa = 0x414b4fac, dsa = 0x414b4fac, dh = 0x414b4fac}, save_parameters = 1, attributes = 0x0} (gdb) c Continuing. Breakpoint 1, PKCS5_pbe2_set (cipher=0x8129980, iter=0, salt=0x0, saltlen=0) at p5_pbev2.c:90 90 X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL; (gdb) n 94 PBKDF2PARAM *kdf = NULL; (gdb) n 95 PBE2PARAM *pbe2 = NULL; (gdb) n 96 ASN1_OCTET_STRING *osalt = NULL; (gdb) p *cipher $4 = {nid = 44, block_size = 8, key_len = 24, iv_len = 8, flags = 2, init = 0x808fb10 des_ede3_init_key, do_cipher = 0x808f830 des_ede_cbc_cipher, cleanup = 0, ctx_size = 384, set_asn1_parameters = 0x8092780 EVP_CIPHER_set_asn1_iv, get_asn1_parameters = 0x80926e0 EVP_CIPHER_get_asn1_iv, ctrl = 0, app_data = 0x0} (gdb) n 99 alg_nid = EVP_CIPHER_type(cipher); (gdb) n 100 if(alg_nid == NID_undef) { (gdb) n 105 obj = OBJ_nid2obj(alg_nid); (gdb) n 107 if(!(pbe2 = PBE2PARAM_new())) goto merr; (gdb) n 110 scheme = pbe2-encryption; (gdb) n 112 scheme-algorithm = obj; (gdb) n 113 if(!(scheme-parameter = ASN1_TYPE_new())) goto merr; (gdb) n 116 if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) 0) (gdb) n 120 EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0); (gdb) s EVP_CipherInit_ex (ctx=0x415ea7e4, cipher=0x8129980, impl=0x0, key=0x0, iv=0x415ea7d4 EBC2A2DEC0\035h%\004A8^A\023, enc=0) at evp_enc.c:88 88 if (enc == -1) (gdb) p *ctx $5 = {cipher = 0x2, engine = 0x414e0ffc, encrypt = 0, buf_len = 0, oiv = \0\0\0\0\0\0\0\0\210A4\022\b0A8^A, iv = \225|\t\b\\A8^A\210A4\022\b\0\0\0, buf = ||\t\b\0\n\023\bB6\0\0\0D0\001\0\0\024\0\0\0\b\0\0\0l\002\0\0`A8^A, num = 134839370, app_data = 0x415ea85c, key_len = 135439496, flags = 0, cipher_data = 0x8097c2c, final_used = 135465472, block_mask = 1, final = \020\0\0\0ACCF\t\bF0CFMAF8\017NA\220A8^AT^\t\b\210A4\022\b`\002\0} (gdb) n 92 if (enc) (gdb) n 94 ctx-encrypt = enc; (gdb) n 100 if (ctx-engine ctx-cipher (!cipher || (gdb) l 95 } 96 /* Whether it's nice or not, Inits can be used on Final'd contexts 97 * so this context may already have an ENGINE! Try to avoid releasing 98 * the previous handle, re-querying for an ENGINE, and having a 99 * reinitialisation, when it may all be unecessary. */ 100 if (ctx-engine ctx-cipher (!cipher || 101 (cipher (cipher-nid == ctx-cipher-nid 102 goto skip_to_init; 103 if (cipher) 104 { (gdb) p *ctx $6 = {cipher = 0x2, engine = 0x414e0ffc, encrypt = 0, buf_len = 0, oiv = \0\0\0\0\0\0\0\0\210A4\022\b0A8^A, iv = \225|\t\b\\A8^A\210A4\022\b\0\0\0, buf = ||\t\b\0\n\023\bB6\0\0\0D0\001\0\0\024\0\0\0\b\0\0\0l\002\0\0`A8^A, num = 134839370, app_data = 0x415ea85c, key_len = 135439496, flags = 0, cipher_data = 0x8097c2c, final_used = 135465472, block_mask = 1, final = \020\0\0\0ACCF\t\bF0CFMAF8\017NA\220A8^AT^\t\b\210A4\022\b`\002\0} (gdb) p cipher $7 = (EVP_CIPHER *) 0x8129980 (gdb) p ctx-cipher $8 = (EVP_CIPHER *) 0x2 (gdb) n Program received signal SIGSEGV, Segmentation fault. 0x0808e1d2 in EVP_CipherInit_ex (ctx=0x415ea7e4, cipher=0x8129980, impl=0x0, key=0x0, iv=0x415ea7d4 EBC2A2DEC0\035h%\004A8^A\023, enc=0) at evp_enc.c:100 100 if (ctx-engine ctx-cipher (!cipher || (gdb) bt #0
Update: Bull TrustWay PKCS#11 engine
You can find here the last updates for Trustway PKCS#11 engine. ChangeLog: - add of PKCS#11 free session callback function - add of generate RSA temp keys callback function - logging PKCS#11 error codes These patches applies to openssl-engine-0.9.6c and mod_ssl-2.2.8-1.3.24. Afchine __ [EMAIL PROTECTED] Bull Trustway RD - Networking Security http://www.servers.bull.com/trustway mod_ssl-2.8.8-1.3.24-tw.patch Description: Binary data openssl-engine-0.9.6c-tw.patch Description: Binary data
[openssl.org #43] Double Free Error
Installed openssl-0.9.6d source and built it locally. Built a PEM certificate for testing U of W IMAP with SSL. SSL didn't work, wouldn't accept the certificate. Discovered that code still has a double free bug that was reported back in 2000? :(( Fixed double free by hand by setting pointer to NULL after call to xxx_free in three locations. IMAP with SSL now appears to work. Bug report fix (discovered on the web) attached. Here's the version info: host /usr/local/ssl/bin/openssl version -a OpenSSL 0.9.6d 9 May 2002 built on: Thu May 16 20:46:56 ADT 2002 platform: solaris-sparcv9-gcc options: bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,16,long) idea(int) blowfish(ptr) compiler: gcc -fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC -DMD5_ASM Love the package, All the best, Rgds, -H- -- Harvey M Wamboldt^ E-Mail: [EMAIL PROTECTED] MDA Inc 1000 Windmill Rd. Suite 60 ^ Fax:(902)468-2278 Dartmouth NS, B3B 1L7, Canada^ Phone: (902)481-3531 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
OpenSSL_add_all_algorithms problems in Win32
Hi: I´m having ugly crashes in Win32 when I call several times OpenSSL_add_all_algoritms(), mainly when I use my C code from Visual Basic but also if I use several DLLs. The problemcomes upifI call that funcion fromseveral C DLLs to initialize library. I think thatit would be useful to have an static variable insideOpenSSL_add_all_algoritms(), in such a way initialized that only one time the initialize is made.This way , no matter how many times from no matter which other DLLs I call the function it only gets initialized one time. In short way, to use a singleton. I have debugged my code a lot,used purify...etc and I think the problem is not in OpenSSLor my C code(is working under heavy pressure in other programs),but in the extrange things with COM apartments and threads, and I suppose this change in library would not break compatibility much. It would be possible such a change or similar?.If you know another solution I would like to hear... Thank you Pablo J. Royo
[openssl.org #44] OpenSSL_add_all_algorithms problems in Win32
Hi: I´m having ugly crashes in Win32 when I call several times OpenSSL_add_all_algoritms(), mainly when I use my C code from Visual Basic but also if I use several DLLs. The problem comes up if I call that funcion from several C DLLs to initialize library. I think that it would be useful to have an static variable inside OpenSSL_add_all_algoritms(), in such a way initialized that only one time the initialize is made.This way , no matter how many times from no matter which other DLLs I call the function it only gets initialized one time. In short way, to use a singleton. I have debugged my code a lot, used purify...etc and I think the problem is not in OpenSSL or my C code (is working under heavy pressure in other programs),but in the extrange things with COM apartments and threads, and I suppose this change in library would not break compatibility much. It would be possible such a change or similar?.If you know another solution I would like to hear... Thank you Pablo J. Royo __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #44] OpenSSL_add_all_algorithms problems in Win32
Are you sure your problem is in OpenSSL_add_all_algorithms() and not a call to RAND_poll()? Many of the methods used in RAND_poll() to collect random data are incompatible with COM when called from within DLL initializers. Hi: I´m having ugly crashes in Win32 when I call several times OpenSSL_add_all_algoritms(), mainly when I use my C code from Visual Basic but also if I use several DLLs. The problem comes up if I call that funcion from several C DLLs to initialize library. I think that it would be useful to have an static variable inside OpenSSL_add_all_algoritms(), in such a way initialized that only one time the initialize is made.This way , no matter how many times from no matter which other DLLs I call the function it only gets initialized one time. In short way, to use a singleton. I have debugged my code a lot, used purify...etc and I think the problem is not in OpenSSL or my C code (is working under heavy pressure in other programs),but in the extrange things with COM apartments and threads, and I suppose this change in library would not break compatibility much. It would be possible such a change or similar?.If you know another solution I would like to hear... Thank you Pablo J. Royo __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Jeffrey Altman * Sr.Software Designer Kermit 95 1.1.21 available now!!! The Kermit Project @ Columbia University SSH plus Telnet, FTP and HTTP http://www.kermit-project.org/ secured with Kerberos, SRP, and [EMAIL PROTECTED]OpenSSL. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #44] OpenSSL_add_all_algorithms problems in Win32
Hi Jeffrey: Are you sure your problem is in OpenSSL_add_all_algorithms() and not a call to RAND_poll()? Many of the methods used in RAND_poll() to collect random data are incompatible with COM when called from within DLL initializers. Yes, I have seen it to happen several times in my debugger.I have the problematic code inside a try-catch and I see clearly an exception delivered when execution reaches OpenSSL_add_all_algoritms(). And it isn't the first time this happens to me.Other program I made had a very similar problem (also using COM ) but that time I fixed moving my calls to OpenSSL_add... to be called only one time. I would like to give you a piece of this code, but the calls are so nested and in so many places that it woldn't be useful. I wonder it there would be a method to select only desired ciphers and digests (OpenSLL_add_all_algoritms() would be excessive) in DLLEntryPoint(), called at loading program only one time. Thank you Pablo J. Royo __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #44] OpenSSL_add_all_algorithms problems in Win32
Take a look at the source code for OpenSSL_add_all_algorithms(). For each cipher there is a block of code to initialize it. Simply initialize the ones you want in your code. There is no requirement that OpenSSL_add_all_algorithms() be called. Although, I would be interested in where the exception is being generated. Since you are in a debugger, can you present the stack trace for libeay32.dll when built with debug info? Hi Jeffrey: Are you sure your problem is in OpenSSL_add_all_algorithms() and not a call to RAND_poll()? Many of the methods used in RAND_poll() to collect random data are incompatible with COM when called from within DLL initializers. Yes, I have seen it to happen several times in my debugger.I have the problematic code inside a try-catch and I see clearly an exception delivered when execution reaches OpenSSL_add_all_algoritms(). And it isn't the first time this happens to me.Other program I made had a very similar problem (also using COM ) but that time I fixed moving my calls to OpenSSL_add... to be called only one time. I would like to give you a piece of this code, but the calls are so nested and in so many places that it woldn't be useful. I wonder it there would be a method to select only desired ciphers and digests (OpenSLL_add_all_algoritms() would be excessive) in DLLEntryPoint(), called at loading program only one time. Thank you Pablo J. Royo __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Jeffrey Altman * Sr.Software Designer Kermit 95 1.1.21 available now!!! The Kermit Project @ Columbia University SSH plus Telnet, FTP and HTTP http://www.kermit-project.org/ secured with Kerberos, SRP, and [EMAIL PROTECTED]OpenSSL. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #44] OpenSSL_add_all_algorithms problems in Win32
Hi: Take a look at the source code for OpenSSL_add_all_algorithms(). For each cipher there is a block of code to initialize it. Simply initialize the ones you want in your code. There is no requirement that OpenSSL_add_all_algorithms() be called. The problem is that as this are COMponents I can't to know from where they will be called, so althought I put a single cipher initialization in one place of my code, some other component can also to initialize the same cipher in other place and then the problem remains.For example, I have a component to do signing and other to do SSL.And both must do some kind of algorithm initialization, because they can also be called separatedly (sorry for my english,I mean they can be called alone). So its very difficult to know if you have put too much initializations or not. Although, I would be interested in where the exception is being generated. Since you are in a debugger, can you present the stack trace for libeay32.dll when built with debug info? I will try it on Monday again.But what I see is only a lot of hex addresses and no back trace.It is as if crash had corrupted also the stack.I don't know...The variables and all seems OK just one step before the OpenSSL_add_all_algoritms(). thanks again Pablo J. Royo __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]