Hi,

I'm facing a crash (heap corruption) on Windows ever since I updated OpenSSL to the version 1.0.2a. The same seems to happen in 1.0.1m.

I'm using Visual Studio 2013. I'm building the x64-static variant of OpenSSL like so:

perl Configure VC-WIN64A no-asm --prefix=F:\git\openssl_crash\third-party\install\x64
ms\do_win64a
nmake -f ms\nt.mak
nmake -f ms\nt.mak install

My sample code goes as follow:

----- main.cpp -----
#include <iostream>
#include <openssl/crypto.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/ecdh.h>

int main()
{
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();

EVP_PKEY_CTX* parameters_context = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);

if (EVP_PKEY_paramgen_init(parameters_context) != 1) { return 1; }
if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(parameters_context, NID_sect571k1) != 1) { return 1; }

EVP_PKEY* cparameters = nullptr;

if (EVP_PKEY_paramgen(parameters_context, &cparameters) != 1) { return 1; }

EVP_PKEY_CTX* key_generation_context = EVP_PKEY_CTX_new(cparameters, NULL);

if (!key_generation_context) { return 1; }
if (EVP_PKEY_keygen_init(key_generation_context) != 1) { return 1; }

EVP_PKEY* private_key = nullptr;

if (EVP_PKEY_keygen(key_generation_context, &private_key) != 1) { return 1; }

BIO* bio = BIO_new(BIO_s_mem());
PEM_write_bio_PUBKEY(bio, private_key); // <== CRASH HERE.

ERR_free_strings();
EVP_cleanup();
::CRYPTO_cleanup_all_ex_data();

return EXIT_SUCCESS;
}
----- end of main.cpp -----

Which is compiled with:

cl /Fomain.obj /c main.cpp /TP /EHsc /MT /nologo /Ithird-party\install\x64\include link /nologo /OUT:crash.exe /LIBPATH:third-party\install\x64\lib libeay32.lib user32.lib gdi32.lib advapi32.lib main.obj

I tried this sample code with all of the /MD, /MT, /MDd, /MTd variants without success. The code seems to run fine on Linux and OSX (using gcc & clang).

Here is the stacktrace I'm getting when the heap corruption occurs:

        openssl_crash.exe!free(void * pBlock) Line 51   C
        openssl_crash.exe!CRYPTO_free(void * str) Line 440      C
openssl_crash.exe!asn1_item_combine_free(ASN1_VALUE_st * * pval, const ASN1_ITEM_st * it, int combine) Line 172 C openssl_crash.exe!asn1_item_combine_free(ASN1_VALUE_st * * pval, const ASN1_ITEM_st * it, int combine) Line 160 C openssl_crash.exe!asn1_item_combine_free(ASN1_VALUE_st * * pval, const ASN1_ITEM_st * it, int combine) Line 160 C openssl_crash.exe!asn1_item_combine_free(ASN1_VALUE_st * * pval, const ASN1_ITEM_st * it, int combine) Line 160 C openssl_crash.exe!asn1_item_combine_free(ASN1_VALUE_st * * pval, const ASN1_ITEM_st * it, int combine) Line 130 C openssl_crash.exe!ASN1_item_free(ASN1_VALUE_st * val, const ASN1_ITEM_st * it) Line 73 C openssl_crash.exe!i2d_ECPKParameters(const ec_group_st * a, unsigned char * * out) Line 1010 C openssl_crash.exe!eckey_param2type(int * pptype, void * * ppval, ec_key_st * ec_key) Line 93 C openssl_crash.exe!eckey_pub_encode(X509_pubkey_st * pk, const evp_pkey_st * pkey) Line 113 C openssl_crash.exe!X509_PUBKEY_set(X509_pubkey_st * * x, evp_pkey_st * pkey) Line 101 C openssl_crash.exe!i2d_PUBKEY(evp_pkey_st * a, unsigned char * * pp) Line 211 C openssl_crash.exe!PEM_ASN1_write_bio(int (void *, unsigned char * *) * i2d, const char * name, bio_st * bp, void * x, const evp_cipher_st * enc, unsigned char * kstr, int klen, int (char *, int, int, void *) * callback, void * u) Line 357 C openssl_crash.exe!PEM_write_bio_PUBKEY(bio_st * bp, evp_pkey_st * x) Line 427 C
        openssl_crash.exe!main() Line 40        C++

Is there anything wrong regarding my sample code ? If not, can anyone else reproduce the problem ? Is it a bug in OpenSSL ?

Regards,

--
Julien.
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to