[openssl-users] Fwd: [BUG] Crash in PEM write functions with generated EC_KEY on Windows
Julien Kauffmann
julien.kauffmann at freelan.org
Mon Mar 23 18:34:16 UTC 2015
Hi,
I'm facing a crash (heap corruption) on Windows ever since I updated
OpenSSL to the version 1.0.2a. The same seems to happen in 1.0.1m.
I'm using Visual Studio 2013. I'm building the x64-static variant of
OpenSSL like so:
perl Configure VC-WIN64A no-asm
--prefix=F:\git\openssl_crash\third-party\install\x64
ms\do_win64a
nmake -f ms\nt.mak
nmake -f ms\nt.mak install
My sample code goes as follow:
----- main.cpp -----
#include <iostream>
#include <openssl/crypto.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/ecdh.h>
int main()
{
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
EVP_PKEY_CTX* parameters_context = EVP_PKEY_CTX_new_id(EVP_PKEY_EC,
NULL);
if (EVP_PKEY_paramgen_init(parameters_context) != 1) { return 1; }
if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(parameters_context,
NID_sect571k1) != 1) { return 1; }
EVP_PKEY* cparameters = nullptr;
if (EVP_PKEY_paramgen(parameters_context, &cparameters) != 1) { return
1; }
EVP_PKEY_CTX* key_generation_context = EVP_PKEY_CTX_new(cparameters,
NULL);
if (!key_generation_context) { return 1; }
if (EVP_PKEY_keygen_init(key_generation_context) != 1) { return 1; }
EVP_PKEY* private_key = nullptr;
if (EVP_PKEY_keygen(key_generation_context, &private_key) != 1) { return
1; }
BIO* bio = BIO_new(BIO_s_mem());
PEM_write_bio_PUBKEY(bio, private_key); // <== CRASH HERE.
ERR_free_strings();
EVP_cleanup();
::CRYPTO_cleanup_all_ex_data();
return EXIT_SUCCESS;
}
----- end of main.cpp -----
Which is compiled with:
cl /Fomain.obj /c main.cpp /TP /EHsc /MT /nologo
/Ithird-party\install\x64\include
link /nologo /OUT:crash.exe /LIBPATH:third-party\install\x64\lib
libeay32.lib user32.lib gdi32.lib advapi32.lib main.obj
I tried this sample code with all of the /MD, /MT, /MDd, /MTd variants
without success. The code seems to run fine on Linux and OSX (using gcc
& clang).
Here is the stacktrace I'm getting when the heap corruption occurs:
> openssl_crash.exe!free(void * pBlock) Line 51 C
openssl_crash.exe!CRYPTO_free(void * str) Line 440 C
openssl_crash.exe!asn1_item_combine_free(ASN1_VALUE_st * * pval, const
ASN1_ITEM_st * it, int combine) Line 172 C
openssl_crash.exe!asn1_item_combine_free(ASN1_VALUE_st * * pval, const
ASN1_ITEM_st * it, int combine) Line 160 C
openssl_crash.exe!asn1_item_combine_free(ASN1_VALUE_st * * pval, const
ASN1_ITEM_st * it, int combine) Line 160 C
openssl_crash.exe!asn1_item_combine_free(ASN1_VALUE_st * * pval, const
ASN1_ITEM_st * it, int combine) Line 160 C
openssl_crash.exe!asn1_item_combine_free(ASN1_VALUE_st * * pval, const
ASN1_ITEM_st * it, int combine) Line 130 C
openssl_crash.exe!ASN1_item_free(ASN1_VALUE_st * val, const
ASN1_ITEM_st * it) Line 73 C
openssl_crash.exe!i2d_ECPKParameters(const ec_group_st * a, unsigned
char * * out) Line 1010 C
openssl_crash.exe!eckey_param2type(int * pptype, void * * ppval,
ec_key_st * ec_key) Line 93 C
openssl_crash.exe!eckey_pub_encode(X509_pubkey_st * pk, const
evp_pkey_st * pkey) Line 113 C
openssl_crash.exe!X509_PUBKEY_set(X509_pubkey_st * * x, evp_pkey_st *
pkey) Line 101 C
openssl_crash.exe!i2d_PUBKEY(evp_pkey_st * a, unsigned char * * pp)
Line 211 C
openssl_crash.exe!PEM_ASN1_write_bio(int (void *, unsigned char * *) *
i2d, const char * name, bio_st * bp, void * x, const evp_cipher_st *
enc, unsigned char * kstr, int klen, int (char *, int, int, void *) *
callback, void * u) Line 357 C
openssl_crash.exe!PEM_write_bio_PUBKEY(bio_st * bp, evp_pkey_st * x)
Line 427 C
openssl_crash.exe!main() Line 40 C++
Is there anything wrong regarding my sample code ? If not, can anyone
else reproduce the problem ? Is it a bug in OpenSSL ?
Regards,
--
Julien.
More information about the openssl-users
mailing list