OpenSSL 1.0.2 branch on uninitialized memory in EVP_CIPHER_CTX_copy
guidovranken opened this issue · comments
#include <openssl/evp.h>
#define CF_CHECK_EQ(expr, res) if ( (expr) != (res) ) { goto end; }
#define CF_CHECK_NE(expr, res) if ( (expr) == (res) ) { goto end; }
int main(void)
{
const EVP_CIPHER* cipher = NULL;
EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new(), *ctx2 = NULL;
CF_CHECK_NE(cipher = EVP_aes_128_gcm(), NULL);
CF_CHECK_EQ(EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL), 1);
ctx2 = EVP_CIPHER_CTX_new();
EVP_CIPHER_CTX_copy(ctx2, ctx);
end:
return 0;
}
Branching on an uninitialized variable occurs at line 1261 here
1257 case EVP_CTRL_COPY:
1258 {
1259 EVP_CIPHER_CTX *out = ptr;
1260 EVP_AES_GCM_CTX *gctx_out = out->cipher_data;
1261 if (gctx->gcm.key) {
1262 if (gctx->gcm.key != &gctx->ks)
1263 return 0;
1264 gctx_out->gcm.key = &gctx_out->ks;
1265 }
1266 if (gctx->iv == c->iv)
1267 gctx_out->iv = out->iv;
1268 else {
1269 gctx_out->iv = OPENSSL_malloc(gctx->ivlen);
1270 if (!gctx_out->iv)
1271 return 0;
1272 memcpy(gctx_out->iv, gctx->iv, gctx->ivlen);
1273 }
1274 return 1;
1275 }
You could argue my PoC is invalid API use. This doesn't seem to happen in the master branch, though. If you decide not to fix this, I will work around it in my fuzzer.
Hmm. Probably this is just a bug. Since 1.0.2 is in security-fix only mode I think we'll probably not fix this.
OK I will work around it in my fuzzer.