segmentation fault while checking algorithm from which provider being used

Fri Jul 21 05:53:11 UTC 2023

I rewrote your program with some memory cleanup and the program was able to print the provider name.

===========
Program
===========
#include <stdio.h>
#include <stdlib.h>
#include <openssl/provider.h>
#include <openssl/evp.h>

void foo(const char *cipher_name) {
int rc = 1;
unsigned char key[] = "0123456789abcdeF";
unsigned char iv[] = "1234567887654321";
EVP_CIPHER *cipher = NULL;
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();

if (ctx == NULL || (cipher = EVP_CIPHER_fetch(NULL, cipher_name, NULL)) == NULL) {
rc = 0;
goto fail;
}
if (!EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1)) {
rc = 0;
goto fail;
}
const EVP_CIPHER *cipher_from_ctx = EVP_CIPHER_CTX_get0_cipher(ctx);
if (cipher_from_ctx != NULL) {
const OSSL_PROVIDER *ossl_prov = EVP_CIPHER_get0_provider(cipher_from_ctx);
if (ossl_prov != NULL) {
printf("Provider: %s\n", OSSL_PROVIDER_get0_name(ossl_prov));
}
}
fail:
EVP_CIPHER_free(cipher);
EVP_CIPHER_CTX_free(ctx);
ERR_print_errors_fp(stderr);
if (!rc) {
exit(EXIT_FAILURE);
}
}

int main() {
char *cipher_name = "aes-128-gcm";
foo(cipher_name);
return 0;}

===========
Compilation
===========
$ gcc -Iinclude -Llibs -ggdb3 -O0 -o program main.c -lcrypto -lssl -ldl -lpthread

===========
Run
===========
$ ./program
Provider: default

$ valgrind --show-leak-kinds=all --leak-check=full --track-origins=yes ./program
==21148== Memcheck, a memory error detector
==21148== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==21148== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==21148== Command: ./program
==21148==
Provider: default
==21148==
==21148== HEAP SUMMARY:
==21148== in use at exit: 0 bytes in 0 blocks
==21148== total heap usage: 6,714 allocs, 6,714 frees, 538,632 bytes allocated
==21148==
==21148== All heap blocks were freed -- no leaks are possible
==21148==
==21148== For lists of detected and suppressed errors, rerun with: -s==21148== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
===========

It may provide more context if you can show your compilation, program run, gdb backtrace when segfault occurs.

Sent with [Proton Mail](https://proton.me/) secure email.

------- Original Message -------
On Tuesday, July 18th, 2023 at 11:37, Ishani <18r01a05n6 at gmail.com> wrote:

> Hi All,
>
> I'm trying to get provider name to know which provider algo implementation is being used but I'm facing segmentation fault issue. Here is my code
>
> EVP_CIPHER_CTX *ect = EVP_CIPHER_CTX_new();
> if(ect == NULL){
> return err;
> }
> const EVP_CIPHER *c = EVP_CIPHER_fetch(NULL,(char *)cipher_name,NULL);
> if(c == NULL){
> return err;
> }
> int ret = EVP_CipherInit_ex(ect, c, NULL, Key, IV, 1); // no IV provided
> if(!ret){
> return err;
> }
>
> const EVP_CIPHER *ctx = EVP_CIPHER_CTX_get0_cipher(ect);
> if(ctx != NULL){
> const OSSL_PROVIDER *ossl_prov = EVP_CIPHER_get0_provider(ctx);
> if(ossl_prov != NULL){
> const char *provname = OSSL_PROVIDER_get0_name(ossl_prov);
> printf("The provider used is : %s",provname);
> }
> }
>
> Little more details:
> It's failing while printing provname, while debugging it step by step and trying to print OSSL_PROVIDER_get0_name(ossl_prov) is printing default (ran command : p OSSL_PROVIDER_get0_name(ossl_prov)) but failing while printing provname. I don't see any issues with provname variable definition and it's usage.
>
> Initially I was testing with loading fips provider programmatically , I assumed it didn't work as some deprecated API's were also being used and invoked before the above code is executed in the application (as mentioned in openssl document that if deprecated API's like engines are used then fips cannot be used so was expecting that fips will not load but it's loading successfully and also encryption/decryption working fine somehow ).
>
> At what point fips will not work if deprecated API's like engines are used?
>
> Also, similar error i.e; segmentation fault is being thrown with default,legacy providers as well.
>
> Tried printing directly the output like printf(OSSL_PROVIDER_get0_name(ossl_prov)) or printf("%s", OSSL_PROVIDER_get0_name(ossl_prov)) or printf(OSSL_PROVIDER_get0_name(EVP_CIPHER_get0_provider(EVP_CIPHER_CTX_get0_cipher(ect)))) but still same issue 😔.
>
> tried many other things but still same issue...
>
> Any idea what wrong am I doing? any help/suggestions please?
>
> Regards
> Ishani
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230721/0ca1f6a5/attachment-0001.htm>