In message <[EMAIL PROTECTED]> on Tue, 11 Oct 2005 10:22:00 -0700, "David Schwartz" <[EMAIL PROTECTED]> said:
davids> > I just tried to upgrade from openssl-0.9.7g to 0.9.7h davids> > and noticed that my openssh-4.2p1 server and clients now davids> > crash with segfault with the new openssl shared library! davids> > I tested this on two installations and both had this davids> > problem. davids> davids> We discovered similar problems caused by a change in the size davids> of the EVP_MD_CTX structure. We fixed it by changing code davids> like: davids> davids> EVP_MD_CTX ctx; davids> davids> to davids> davids> EVP_MD_CTX *ctx=EVP_MD_CTX_create(); davids> ... davids> EVP_MD_CTX_destroy(ctx); Correct analysis. What's happened is that the FIPS functions for SHA224, SHA256, SHA384 and SHA512 were added. They require a larger EVP_MAX_MD_SIZE. The functions were wrapped with an #ifdef OPENSSL_FIPS, while EVP_MAX_MD_SIZE was forgotten in that process. To say it straight out, we fucked up! The patch to correct the problem is quite easy, though, and you can find it attached to this letter. My recommendation is to apply that patch unconditionally. The security issue that caused the release of 0.9.7h is serious enough not to disregard this release and instead go through the hoops of applying an extra patch. Cheers, Richard ----- Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~levitte/
Index: crypto/evp/evp.h =================================================================== RCS file: /e/openssl/cvs/openssl/crypto/evp/evp.h,v retrieving revision 1.86.2.19 diff -u -r1.86.2.19 evp.h --- crypto/evp/evp.h 17 May 2005 19:48:42 -0000 1.86.2.19 +++ crypto/evp/evp.h 11 Oct 2005 19:51:13 -0000 @@ -132,7 +132,11 @@ #define EVP_CAST5_KEY_SIZE 16 #define EVP_RC5_32_12_16_KEY_SIZE 16 */ +#ifdef OPENSSL_FIPS #define EVP_MAX_MD_SIZE 64 /* longest known SHA512 */ +#else +#define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */ +#endif #define EVP_MAX_KEY_LENGTH 32 #define EVP_MAX_IV_LENGTH 16 #define EVP_MAX_BLOCK_LENGTH 32
