subject:"\[openssl.org #3201\] EVP_DigestUpdate crashes because of a NULL pointer"

Re: [openssl.org #3201] EVP_DigestUpdate crashes because of a NULL pointer

2014-02-25 Thread Andy Polyakov via RT

 We have encountered a Segmentation Fault while trying to send a SSL 
 packet via Oracle VM agent.
 
 The Segmentation Fault occurred when EVP_MD_CTX_copy() failed in tls1_mac().
 tls1_mac() doesn't check the return code of EVP_MD_CTX_copy() and keep 
 going, which results in Segmentation Fault at EVP_DigestUpdate().
 
 The following change in tls1_mac() fixes the segfault issue.
 
 1 Index: openssl/ssl/t1_enc.c
 2 
 
 3 $ diff -ru ssl/t1_enc.c ssl/t1_enc.c
 4 --- t1_enc.c.orig   Tue Dec 10 15:36:05 2013
 5 +++ t1_enc.cWed Dec 11 09:29:02 2013
 6 @@ -980,7 +980,10 @@
 7 }
 8 else
 9 {
10 -   EVP_MD_CTX_copy(hmac,hash);
11 +   if (EVP_MD_CTX_copy(hmac,hash) != 1)
12 +   {
13 +   return (0);
14 +   }
15 mac_ctx =hmac;
16 }
17

The return value indicating error is -1 in this case. 
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=03da57fe14f2de5bde9d4496a2ae9a4ae8879f88


__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: [openssl.org #3201] EVP_DigestUpdate crashes because of a NULL pointer

2013-12-28 Thread Andrey Kulikov

EVP_MD_CTX_copy() also can fail due to external engine usage (including HW
engine).
In this case underlying work can be more complicated that memory allocation.
Descriptors shortage, amount of simultaneous contexts constraints, etc. Or
just bugs in engine code.

On 27 December 2013 21:39, Misaki.Miyashita via RT r...@openssl.org wrote:

 
  I agree that the return value should be checked but I'd like to know the
  underlying cause. EVP_MD_CTX_copy() shouldn't normally fail unless
 something is
  seriously wrong, e.g. memory allocation failures.

Re: [openssl.org #3201] EVP_DigestUpdate crashes because of a NULL pointer

2013-12-27 Thread Misaki.Miyashita via RT

Hi Steve,

Sorry for the late response.

Thank you for looking into the bug.

In our case, EVP_MD_CTX_copy() failure was caused by an application bug.
A child process was trying to use the session from its parent process, 
and that caused an issue down in pkcs11 engine.

The application will be fixed.  At the same time, please consider 
returning an error so that  segmentation fault can be prevented.

Thank you,

-- misaki


On 12/17/13 10:39, Stephen Henson via RT wrote:
 On Sat Dec 14 08:42:01 2013, misaki.miyash...@oracle.com wrote:
 The Segmentation Fault occurred when EVP_MD_CTX_copy() failed in
 tls1_mac().
 tls1_mac() doesn't check the return code of EVP_MD_CTX_copy() and keep
 going, which results in Segmentation Fault at EVP_DigestUpdate().

 The following change in tls1_mac() fixes the segfault issue.

 I agree that the return value should be checked but I'd like to know the
 underlying cause. EVP_MD_CTX_copy() shouldn't normally fail unless something 
 is
 seriously wrong, e.g. memory allocation failures.

 Steve.
 --
 Dr Stephen N. Henson. OpenSSL project core developer.
 Commercial tech support now available see: http://www.openssl.org



__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: [openssl.org #3201] EVP_DigestUpdate crashes because of a NULL pointer

2013-12-27 Thread Misaki.Miyashita


Hi Steve,

Sorry for the late response.

Thank you for looking into the bug.

In our case, EVP_MD_CTX_copy() failure was caused by an application bug.
A child process was trying to use the session from its parent process, 
and that caused an issue down in pkcs11 engine.


The application will be fixed.  At the same time, please consider 
returning an error so that  segmentation fault can be prevented.


Thank you,

-- misaki


On 12/17/13 10:39, Stephen Henson via RT wrote:

On Sat Dec 14 08:42:01 2013, misaki.miyash...@oracle.com wrote:

The Segmentation Fault occurred when EVP_MD_CTX_copy() failed in
tls1_mac().
tls1_mac() doesn't check the return code of EVP_MD_CTX_copy() and keep
going, which results in Segmentation Fault at EVP_DigestUpdate().

The following change in tls1_mac() fixes the segfault issue.


I agree that the return value should be checked but I'd like to know the
underlying cause. EVP_MD_CTX_copy() shouldn't normally fail unless something is
seriously wrong, e.g. memory allocation failures.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org



__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

[openssl.org #3201] EVP_DigestUpdate crashes because of a NULL pointer

2013-12-17 Thread Stephen Henson via RT

On Sat Dec 14 08:42:01 2013, misaki.miyash...@oracle.com wrote:

 The Segmentation Fault occurred when EVP_MD_CTX_copy() failed in
 tls1_mac().
 tls1_mac() doesn't check the return code of EVP_MD_CTX_copy() and keep
 going, which results in Segmentation Fault at EVP_DigestUpdate().

 The following change in tls1_mac() fixes the segfault issue.


I agree that the return value should be checked but I'd like to know the
underlying cause. EVP_MD_CTX_copy() shouldn't normally fail unless something is
seriously wrong, e.g. memory allocation failures.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

[openssl.org #3201] EVP_DigestUpdate crashes because of a NULL pointer

2013-12-13 Thread Misaki.Miyashita via RT

Hello,

We have encountered a Segmentation Fault while trying to send a SSL 
packet via Oracle VM agent.

The Segmentation Fault occurred when EVP_MD_CTX_copy() failed in tls1_mac().
tls1_mac() doesn't check the return code of EVP_MD_CTX_copy() and keep 
going, which results in Segmentation Fault at EVP_DigestUpdate().

The following change in tls1_mac() fixes the segfault issue.

1 Index: openssl/ssl/t1_enc.c
2 

3 $ diff -ru ssl/t1_enc.c ssl/t1_enc.c
4 --- t1_enc.c.orig   Tue Dec 10 15:36:05 2013
5 +++ t1_enc.cWed Dec 11 09:29:02 2013
6 @@ -980,7 +980,10 @@
7 }
8 else
9 {
   10 -   EVP_MD_CTX_copy(hmac,hash);
   11 +   if (EVP_MD_CTX_copy(hmac,hash) != 1)
   12 +   {
   13 +   return (0);
   14 +   }
   15 mac_ctx =hmac;
   16 }
   17



I would greatly appreciate it if the suggest fix gets integrated into 
the next release of OpenSSL.

Best regards,

Misaki Miyashita
Oracle Solaris Security
Senior Software Engineer
Austin, TX, US

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: [openssl.org #3201] EVP_DigestUpdate crashes because of a NULL pointer

Re: [openssl.org #3201] EVP_DigestUpdate crashes because of a NULL pointer

Re: [openssl.org #3201] EVP_DigestUpdate crashes because of a NULL pointer

Re: [openssl.org #3201] EVP_DigestUpdate crashes because of a NULL pointer

[openssl.org #3201] EVP_DigestUpdate crashes because of a NULL pointer

[openssl.org #3201] EVP_DigestUpdate crashes because of a NULL pointer

6 matches

Site Navigation

Mail list logo

Footer information