bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-07 14:00 UTC
[Bug 1934] New: mac_init() calls HMAC_Init() without previously having called HMAC_CTX_init().
https://bugzilla.mindrot.org/show_bug.cgi?id=1934 Bug #: 1934 Summary: mac_init() calls HMAC_Init() without previously having called HMAC_CTX_init(). Classification: Unclassified Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: unassigned-bugs at mindrot.org ReportedBy: rdugal at certicom.com I have been doing some work with OpenSSH 5.8p1, attempting to use an alternative engine for crypto. In mac.c, the function mac_init() calls HMAC_Init() without previously having called HMAC_CTX_init(). However, OpenSSL documentation states that HMAC_CTX_init() is mandatory. See http://www.openssl.org/docs/crypto/hmac.html HMAC_CTX_init() initialises a HMAC_CTX before first use. It must be called. HMAC_CTX_init() must have been called before the first use of an HMAC_CTX in this function. N.B. HMAC_Init() had this undocumented behaviour in previous versions of OpenSSL - failure to switch to HMAC_Init_ex() in programs that expect it will cause them to stop working. While this appears to currently cause no issues with OpenSSH 5.8p1 using OpenSSL 1.0.0d and the default crypto engine, it may cause problems (such as segfaults in my case) when attempting to use an alternative engine. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Dec-02 00:27 UTC
[Bug 1934] mac_init() calls HMAC_Init() without previously having called HMAC_CTX_init().
https://bugzilla.mindrot.org/show_bug.cgi?id=1934 --- Comment #1 from Damien Miller <djm at mindrot.org> 2011-12-02 11:27:12 EST --- Created attachment 2110 --> https://bugzilla.mindrot.org/attachment.cgi?id=2110 macinit.diff insert HMAC_CTX_init -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Dec-02 00:28 UTC
[Bug 1934] mac_init() calls HMAC_Init() without previously having called HMAC_CTX_init().
https://bugzilla.mindrot.org/show_bug.cgi?id=1934 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2110| |ok?(dtucker at zip.com.au) Flags| | -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Dec-02 00:29 UTC
[Bug 1934] mac_init() calls HMAC_Init() without previously having called HMAC_CTX_init().
https://bugzilla.mindrot.org/show_bug.cgi?id=1934 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org Blocks| |1930 -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Dec-02 00:33 UTC
[Bug 1934] mac_init() calls HMAC_Init() without previously having called HMAC_CTX_init().
https://bugzilla.mindrot.org/show_bug.cgi?id=1934 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2110|ok?(dtucker at zip.com.au) |ok+ Flags| | -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Dec-02 00:44 UTC
[Bug 1934] mac_init() calls HMAC_Init() without previously having called HMAC_CTX_init().
https://bugzilla.mindrot.org/show_bug.cgi?id=1934 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #2 from Damien Miller <djm at mindrot.org> 2011-12-02 11:44:15 EST --- patch applied - will be in openssh-6.0. Thanks! -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.