Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SHA3_squeeze causes segmentation fault on some platforms #9431

Closed
tniessen opened this issue Jul 22, 2019 · 5 comments

Comments

@tniessen
Copy link
Contributor

commented Jul 22, 2019

While trying to add support for variable output lengths for shake128 and shake256 to Node.js, I noticed a number of segmentation faults on some of our CI platforms such as s390x. We are using OpenSSL 1.1.c.

One test case calls EVP_DigestFinalXOF with a requested output size of zero bytes. I expected OpenSSL not to write to the supplied buffer in this case, and that is true on some platforms. On other platforms such as s390x, SHA3_squeeze causes a segmentation fault, maybe trying to access the buffer which is NULL.

It is possible that other inputs are affected as well, even though I was not able to produce any segmentation faults for inputs other than 0.

Arguably, calling EVP_DigestFinalXOF with an output size of 0 bytes makes little sense, but it still should not cause a segmentation fault in my opinion. The C implementation of SHA3_squeeze seems to handle this case nicely.

@tniessen tniessen added the bug label Jul 22, 2019
@mattcaswell

This comment has been minimized.

Copy link
Member

commented Jul 22, 2019

Ping @p-steuer.

Is it only s390x, or are there are platforms impacted?

@tniessen

This comment has been minimized.

Copy link
Contributor Author

commented Jul 22, 2019

The following platforms appear to be impacted:

  • s390x
  • Raspberry Pi 2, Raspberry Pi 3
  • ppc64
  • armv7
  • ppcle

There might be other affected platforms that we are not testing against.

@p-steuer

This comment has been minimized.

Copy link
Member

commented Jul 22, 2019

Im working on a fix (that is, match sha3_squeeze asm implementations to the reference implementation), but may need help to verify the fix for architectures i have no access.

@p-steuer p-steuer self-assigned this Jul 22, 2019
@p-steuer

This comment has been minimized.

Copy link
Member

commented Aug 18, 2019

should be fixed by a890ef8 (master) resp. 6087d4a (1.1.1).

please verify.

tniessen added a commit to tniessen/node that referenced this issue Oct 5, 2019
This guard used to prevent segfaults caused by a bug in OpenSSL, but
this was fixed in OpenSSL 1.1.1d.

Refs: openssl/openssl#9433
Refs: openssl/openssl#9431
@tniessen tniessen referenced this issue Oct 5, 2019
3 of 3 tasks complete
@tniessen

This comment has been minimized.

Copy link
Contributor Author

commented Oct 5, 2019

I can confirm that this fixes the problem for output lengths of zero bytes, I have never been able to produce segfaults using other sizes.

@tniessen tniessen closed this Oct 5, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.