New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EVP_PKEY_new_raw_private_key(NID_ED25519) does not return fail on short key #17017
Comments
Related to MR #15643. |
Hmm. This is curious. In fact the code is attempting to fail at this point. It has detected the short key and is trying to add an error to the error stack indicating that the setup of the key has failed. The assertion failure is not coming out of OpenSSL at all, but seems to come from libc!! My first thought was that some kind of memory corruption was triggering this - but recompiling with address sanitizer switched on reveals no problems - and in fact the assertion failure goes away completely and the reproducer comes back with the NULL response as expected. Is this a possible libc bug!!?? |
Nope. This really is an OpenSSL problem. |
A memory corruption is occurring. I'm not sure why address sanitizer didn't pick it up... |
If an ECX key is created and the private key is too short, a fromdata call would create the key, and then later detect the error and report it after freeing the key. However freeing the key was calling OPENSSL_secure_clear_free() and assuming that the private key was of the correct length. If it was actually too short this will write over memory that it shouldn't. Fixes openssl#17017
Fix for this in #17041 |
Thank you for a quick solution. Requested backport in RHBZ #2023671 for Fedora. |
If an ECX key is created and the private key is too short, a fromdata call would create the key, and then later detect the error and report it after freeing the key. However freeing the key was calling OPENSSL_secure_clear_free() and assuming that the private key was of the correct length. If it was actually too short this will write over memory that it shouldn't. Fixes #17017 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #17041) (cherry picked from commit 50938ae)
If an ECX key is created and the private key is too short, a fromdata call would create the key, and then later detect the error and report it after freeing the key. However freeing the key was calling OPENSSL_secure_clear_free() and assuming that the private key was of the correct length. If it was actually too short this will write over memory that it shouldn't. Fixes openssl#17017 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#17041)
Detected by failures on strongswan test suite, reported on strongswan/strongswan#753.
Above simple code raises assertion failure on openssl 3.0.0, but returned just NULL on openssl 1.1. It is deliberately passed there with too short data. I think it should not crash whole program but return error, just like previous versions.
The text was updated successfully, but these errors were encountered: