AES GCM without additional authenticated data crashes SoftHSM #664
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Refactor encryptDecrypt to use mechanism details supplied from the caller. This way it can be used to try various variable parameters for AES modes.
With C++ library assertions enabled, this crashes the p11test: * thread opendnssec#1, name = 'p11test', stop reason = signal SIGABRT * frame #0: 0x0000000800aa569a libc.so.7`__sys_thr_kill + 10 frame opendnssec#1: 0x0000000800aa3af4 libc.so.7`__raise + 52 frame opendnssec#2: 0x0000000800a19719 libc.so.7`abort + 73 frame opendnssec#3: 0x00000008007df9a2 libc++.so.1`std::__1::__libcpp_abort_debug_function(std::__1::__libcpp_debug_info const&) + 82 frame opendnssec#4: 0x00000000003beb6a p11test`std::__1::vector<unsigned char, SecureAllocator<unsigned char> >::operator[](unsigned long) + 122 frame opendnssec#5: 0x00000000003be096 p11test`ByteString::operator[](unsigned long) + 38 frame opendnssec#6: 0x00000000003412a6 p11test`SoftHSM::SymEncryptInit(unsigned long, _CK_MECHANISM*, unsigned long) + 3190 frame opendnssec#7: 0x000000000034267b p11test`SoftHSM::C_EncryptInit(unsigned long, _CK_MECHANISM*, unsigned long) + 75 frame opendnssec#8: 0x00000000003363b7 p11test`C_EncryptInit + 55 frame opendnssec#9: 0x0000000000283cfb p11test`SymmetricAlgorithmTests::encryptDecrypt(_CK_MECHANISM, unsigned long, unsigned long, unsigned long, unsigned long, bool) + 555 frame opendnssec#10: 0x000000000028c682 p11test`SymmetricAlgorithmTests::testAesEncryptDecrypt() + 3378
|
Thanks @rijswijk for taking care of this so quickly! 🚀 |
|
Just ran into this same issue. Could a new version with this fix be released so it actually percolates to distributions? |
|
good question, looks some recent changes broke some parts of the build (like Windows stuff), I wouldn't hold my breath. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When building SoftHSMv2 with C++ library assertions enabled (as this is the case of SoftHSMv2 RPM for Red Hat Enterprise Linux), AES GCM encryption fails when no additional authenticated data are supplied:
(this backtrace is from FreeBSD using clang and c++)
This refactors the AES tests and enables additional assertions in the Travis CI build.