Subject: [libssh2] #279: libssh2 core dumps with FIPS openssl libraries

[libssh2] #279: libssh2 core dumps with FIPS openssl libraries

From: libssh2 Trac <trac_at_libssh2.stuge.se>
Date: Wed, 13 Nov 2013 00:35:06 -0000

#279: libssh2 core dumps with FIPS openssl libraries
----------------------------+--------------------
Reporter: Mark_McPherson | Owner:
Type: defect | Status: new
Priority: high | Milestone: 1.4.3
Component: crypto | Version: 1.4.2
Keywords: FIPS OpenSSL | Blocked By:
Blocks: |
----------------------------+--------------------
Using:
libssh2 - 1.4.3
OpenSSL - 1.0.1e
OpenSSL FIPS module - 2.0.5

When using the OpenSSL libraries in FIPS mode, the function call
EVP_DigestInit() is actually #defined to FIPS_digestinit().
Unfortunately wheres EVP_DigestInit() initialises the context and then
calls EVP_DigestInit_ex(), this function assumes that the context has been
pre-initialised and crashes when it isn't.

The fix is to pre-initialise the context using EVP_MD_CTX_init() before
calling EVP_DigestInit.

I attach a patch to openssl.h/.c to fix this problem.

-- 
Ticket URL: <https://trac.libssh2.org/ticket/279>
libssh2 <https://trac.libssh2.org/>
C library for writing portable SSH2 clients
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

Received on 2013-11-13

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: [PATCH] Added Windows Cryptography API: Next Generation backend"
Previous message: Peter Stuge: "Re: Explicit zlib path not used by configure for building tests"
Next in thread: libssh2 Trac: "Re: [libssh2] #279: libssh2 core dumps with FIPS openssl libraries"
Reply: libssh2 Trac: "Re: [libssh2] #279: libssh2 core dumps with FIPS openssl libraries"
Reply: libssh2 Trac: "Re: [libssh2] #279: libssh2 core dumps with FIPS openssl libraries"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]