[openssl-dev] [openssl.org #3765] AutoReply: [BUG] Crash in PEM write functions with generated EC_KEY on Windows
Julien Kauffmann via RT
rt at openssl.org
Fri Mar 27 17:46:04 UTC 2015
Follow up: apparently the problem seems to go away if I add:
::EC_KEY_set_asn1_flag(private_key->pkey.ec, OPENSSL_EC_NAMED_CURVE);
Before the call.
Sadly, I'm facing a similar with the reverse operation (loading EC_KEY
from memory/file) using PEM_read_bio_EC_PUBKEY() when the generated key
did not have the OPENSSL_EC_NAMED_CURVE flag set.
Le 23/03/2015 16:48, The default queue via RT a écrit :
> Greetings,
>
> This message has been automatically generated in response to the
> creation of a trouble ticket regarding:
> "[BUG] Crash in PEM write functions with generated EC_KEY on Windows",
> a summary of which appears below.
>
> There is no need to reply to this message right now. Your ticket has been
> assigned an ID of [openssl.org #3765].
>
> Please include the string:
>
> [openssl.org #3765]
>
> in the subject line of all future correspondence about this issue. To do so,
> you may reply to this message.
>
> Thank you,
> rt at openssl.org
>
> -------------------------------------------------------------------------
> I'm facing a crash (heap corruption) on Windows ever since I updated
> OpenSSL to the version 1.0.2a. The same seems to happen in 1.0.1m.
>
> I'm using Visual Studio 2013. I'm building the x64-static variant of
> OpenSSL like so:
>
> perl Configure VC-WIN64A no-asm
> --prefix=F:\git\openssl_crash\third-party\install\x64
> ms\do_win64a
> nmake -f ms\nt.mak
> nmake -f ms\nt.mak install
>
> My sample code goes as follow:
>
> ----- main.cpp -----
> #include <iostream>
> #include <openssl/crypto.h>
> #include <openssl/evp.h>
> #include <openssl/err.h>
> #include <openssl/pem.h>
> #include <openssl/ecdh.h>
>
> int main()
> {
> OpenSSL_add_all_algorithms();
> ERR_load_crypto_strings();
>
> EVP_PKEY_CTX* parameters_context = EVP_PKEY_CTX_new_id(EVP_PKEY_EC,
> NULL);
>
> if (EVP_PKEY_paramgen_init(parameters_context) != 1) { return 1; }
> if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(parameters_context,
> NID_sect571k1) != 1) { return 1; }
>
> EVP_PKEY* cparameters = nullptr;
>
> if (EVP_PKEY_paramgen(parameters_context, &cparameters) != 1) { return
> 1; }
>
> EVP_PKEY_CTX* key_generation_context = EVP_PKEY_CTX_new(cparameters,
> NULL);
>
> if (!key_generation_context) { return 1; }
> if (EVP_PKEY_keygen_init(key_generation_context) != 1) { return 1; }
>
> EVP_PKEY* private_key = nullptr;
>
> if (EVP_PKEY_keygen(key_generation_context, &private_key) != 1) {
> return 1; }
>
> BIO* bio = BIO_new(BIO_s_mem());
> PEM_write_bio_PUBKEY(bio, private_key); // <== CRASH HERE.
>
> ERR_free_strings();
> EVP_cleanup();
> ::CRYPTO_cleanup_all_ex_data();
>
> return EXIT_SUCCESS;
> }
> ----- end of main.cpp -----
>
> Which is compiled with:
>
> cl /Fomain.obj /c main.cpp /TP /EHsc /MT /nologo
> /Ithird-party\install\x64\include
> link /nologo /OUT:crash.exe /LIBPATH:third-party\install\x64\lib
> libeay32.lib user32.lib gdi32.lib advapi32.lib main.obj
>
> I tried this sample code with all of the /MD, /MT, /MDd, /MTd variants
> without success. The code seems to run fine on Linux and OSX (using gcc
> & clang).
>
> Here is the stacktrace I'm getting when the heap corruption occurs:
>
>> openssl_crash.exe!free(void * pBlock) Line 51 C
> openssl_crash.exe!CRYPTO_free(void * str) Line 440 C
> openssl_crash.exe!asn1_item_combine_free(ASN1_VALUE_st * * pval, const
> ASN1_ITEM_st * it, int combine) Line 172 C
> openssl_crash.exe!asn1_item_combine_free(ASN1_VALUE_st * * pval, const
> ASN1_ITEM_st * it, int combine) Line 160 C
> openssl_crash.exe!asn1_item_combine_free(ASN1_VALUE_st * * pval, const
> ASN1_ITEM_st * it, int combine) Line 160 C
> openssl_crash.exe!asn1_item_combine_free(ASN1_VALUE_st * * pval, const
> ASN1_ITEM_st * it, int combine) Line 160 C
> openssl_crash.exe!asn1_item_combine_free(ASN1_VALUE_st * * pval, const
> ASN1_ITEM_st * it, int combine) Line 130 C
> openssl_crash.exe!ASN1_item_free(ASN1_VALUE_st * val, const
> ASN1_ITEM_st * it) Line 73 C
> openssl_crash.exe!i2d_ECPKParameters(const ec_group_st * a, unsigned
> char * * out) Line 1010 C
> openssl_crash.exe!eckey_param2type(int * pptype, void * * ppval,
> ec_key_st * ec_key) Line 93 C
> openssl_crash.exe!eckey_pub_encode(X509_pubkey_st * pk, const
> evp_pkey_st * pkey) Line 113 C
> openssl_crash.exe!X509_PUBKEY_set(X509_pubkey_st * * x, evp_pkey_st *
> pkey) Line 101 C
> openssl_crash.exe!i2d_PUBKEY(evp_pkey_st * a, unsigned char * * pp)
> Line 211 C
> openssl_crash.exe!PEM_ASN1_write_bio(int (void *, unsigned char * *) *
> i2d, const char * name, bio_st * bp, void * x, const evp_cipher_st *
> enc, unsigned char * kstr, int klen, int (char *, int, int, void *) *
> callback, void * u) Line 357 C
> openssl_crash.exe!PEM_write_bio_PUBKEY(bio_st * bp, evp_pkey_st * x)
> Line 427 C
> openssl_crash.exe!main() Line 40 C++
>
> Is there anything wrong regarding my sample code ? If not, can anyone
> else reproduce the problem ? Is it a bug in OpenSSL ?
>
> Regards,
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4276 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150327/d8bbde12/attachment.bin>
More information about the openssl-dev
mailing list