NetBSD Problem Report #42881
From www@NetBSD.org Wed Feb 24 17:43:00 2010
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id 0750563C594
for <gnats-bugs@gnats.NetBSD.org>; Wed, 24 Feb 2010 17:42:59 +0000 (UTC)
Message-Id: <20100224174259.C243E63C49F@www.NetBSD.org>
Date: Wed, 24 Feb 2010 17:42:59 +0000 (UTC)
From: remi_zara@mac.com
Reply-To: remi_zara@mac.com
To: gnats-bugs@NetBSD.org
Subject: openssl sha384 broken. Returns 64 bytes instead of 48
X-Send-Pr-Version: www-1.0
>Number: 42881
>Category: bin
>Synopsis: openssl sha384 broken. Returns 64 bytes instead of 48
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: joerg
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Feb 24 17:45:00 +0000 2010
>Closed-Date: Tue Mar 23 19:53:01 +0000 2010
>Last-Modified: Sat Jun 12 18:35:01 +0000 2010
>Originator: Rémi Zara
>Release: NetBSD 5.0.2
>Organization:
>Environment:
NetBSD qube2.example.com 5.0.2 NetBSD 5.0.2 (GENERIC) #0: Sat Feb 6 14:56:24 UTC 2010 builds@b8.netbsd.org:/home/builds/ab/netbsd-5-0-2-RELEASE/cobalt/201002061851Z-obj/home/builds/ab/netbsd-5-0-2-RELEASE/src/sys/arch/cobalt/compile/GENERIC cobalt
>Description:
the version of openssl shipped with NetBSD 5.0.2 returns 64 bytes for sha384 instead of 48.
Both OpenSSL 0.9.8 and 1.0-beta5 seem fine.
The problem was discovered by running the tests for the pgcrypto postgresql contrib module (see http://archives.postgresql.org/pgsql-hackers/2010-02/msg01891.php)
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
From: Joerg Sonnenberger <joerg@britannica.bec.de>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: bin/42881: openssl sha384 broken. Returns 64 bytes instead of
48
Date: Wed, 24 Feb 2010 20:45:44 +0100
--YiEDa0DAkWCtVeE4
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Please try the attached patch.
Joerg
--YiEDa0DAkWCtVeE4
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="m_sha1.c.diff"
Index: crypto/dist/openssl/crypto/evp/m_sha1.c
===================================================================
RCS file: /home/joerg/repo/netbsd/src/crypto/dist/openssl/crypto/evp/Attic/m_sha1.c,v
retrieving revision 1.1.1.5.4.1
diff -u -p -r1.1.1.5.4.1 m_sha1.c
--- crypto/dist/openssl/crypto/evp/m_sha1.c 14 Jul 2009 19:48:03 -0000 1.1.1.5.4.1
+++ crypto/dist/openssl/crypto/evp/m_sha1.c 24 Feb 2010 19:45:21 -0000
@@ -158,8 +158,12 @@ static int init384(EVP_MD_CTX *ctx)
static int init512(EVP_MD_CTX *ctx)
{ return SHA512_Init(ctx->md_data); }
/* See comment in SHA224/256 section */
+static int update384(EVP_MD_CTX *ctx,const void *data,size_t count)
+ { return SHA384_Update(ctx->md_data,data,count); }
static int update512(EVP_MD_CTX *ctx,const void *data,size_t count)
{ return SHA512_Update(ctx->md_data,data,count); }
+static int final384(EVP_MD_CTX *ctx,unsigned char *md)
+ { return SHA384_Final(md,ctx->md_data); }
static int final512(EVP_MD_CTX *ctx,unsigned char *md)
{ return SHA512_Final(md,ctx->md_data); }
@@ -170,8 +174,8 @@ static const EVP_MD sha384_md=
SHA384_DIGEST_LENGTH,
EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
init384,
- update512,
- final512,
+ update384,
+ final384,
NULL,
NULL,
EVP_PKEY_RSA_method,
--YiEDa0DAkWCtVeE4--
Responsible-Changed-From-To: bin-bug-people->joerg
Responsible-Changed-By: joerg@NetBSD.org
Responsible-Changed-When: Wed, 24 Feb 2010 20:04:00 +0000
Responsible-Changed-Why:
Let's deal with it.
From: Joerg Sonnenberger <joerg@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/42881 CVS commit: src/crypto/external/bsd/openssl/dist/crypto/evp
Date: Mon, 1 Mar 2010 21:47:44 +0000
Module Name: src
Committed By: joerg
Date: Mon Mar 1 21:47:43 UTC 2010
Modified Files:
src/crypto/external/bsd/openssl/dist/crypto/evp: m_sha1.c
Log Message:
Ensure that SHA384 always calls the SHA384 functions.
Should fix PR 42881.
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 \
src/crypto/external/bsd/openssl/dist/crypto/evp/m_sha1.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Stephen Borrill <sborrill@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/42881 CVS commit: [netbsd-5] src/crypto/dist/openssl/crypto/evp
Date: Sat, 6 Mar 2010 22:57:49 +0000
Module Name: src
Committed By: sborrill
Date: Sat Mar 6 22:57:49 UTC 2010
Modified Files:
src/crypto/dist/openssl/crypto/evp [netbsd-5]: m_sha1.c
Log Message:
Pull up the following revisions(s) (requested by joerg in ticket #1320):
crypto/dist/openssl/crypto/evp/m_sha1.c: patch
Ensure that SHA384 always calls the SHA384 functions.
Should fix PR#42881.
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.5.4.1 -r1.1.1.5.4.2 \
src/crypto/dist/openssl/crypto/evp/m_sha1.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Stephen Borrill <sborrill@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/42881 CVS commit: [netbsd-5-0] src/crypto/dist/openssl/crypto/evp
Date: Sat, 6 Mar 2010 23:20:03 +0000
Module Name: src
Committed By: sborrill
Date: Sat Mar 6 23:20:03 UTC 2010
Modified Files:
src/crypto/dist/openssl/crypto/evp [netbsd-5-0]: m_sha1.c
Log Message:
Pull up the following revisions(s) (requested by joerg in ticket #1320):
crypto/dist/openssl/crypto/evp/m_sha1.c: patch
Ensure that SHA384 always calls the SHA384 functions.
Should fix PR#42881.
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.5.8.1 -r1.1.1.5.8.2 \
src/crypto/dist/openssl/crypto/evp/m_sha1.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->feedback
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Sat, 06 Mar 2010 23:58:42 +0000
State-Changed-Why:
Did that fix it?
From: Marko Kreen <markokr@gmail.com>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: bin/42881: openssl sha384 broken. Returns 64 bytes instead of 48
Date: Wed, 10 Mar 2010 14:25:10 +0200
--001636498b65b3f0b10481716331
Content-Type: text/plain; charset=ISO-8859-1
test program for the bug.
--
marko
--001636498b65b3f0b10481716331
Content-Type: text/plain; charset=US-ASCII; name="test.c"
Content-Disposition: attachment; filename="test.c"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_g6m3qjx0
I2luY2x1ZGUgPHN0ZGlvLmg+CiNpbmNsdWRlIDxzdHJpbmcuaD4KI2luY2x1ZGUgPG9wZW5zc2wv
ZXZwLmg+CgpzdGF0aWMgdm9pZCB0ZXN0X2hhc2goY29uc3QgY2hhciAqbmFtZSkKewoJY29uc3Qg
RVZQX01EICptZDsKCUVWUF9NRF9DVFggY3R4WzFdOwoJaW50IGksIHJsZW47Cgl1bnNpZ25lZCBj
aGFyIGhhc2hbMTAwXTsKCgltZCA9IEVWUF9nZXRfZGlnZXN0YnluYW1lKG5hbWUpOwoJaWYgKCFt
ZCkgewoJCXByaW50ZigiJS02czogbm90IGF2YWlsYWJsZVxuIiwgbmFtZSk7CgkJcmV0dXJuOwoJ
fQoKCWZvciAoaSA9IDA7IGkgPCAxMDA7IGkrKykKCQloYXNoW2ldID0gJzAnICsgaS8xMDsKCWhh
c2hbaV0gPSAwOwoKCW1lbXNldChjdHgsIDAsIHNpemVvZihjdHgpKTsKCUVWUF9EaWdlc3RJbml0
X2V4KGN0eCwgbWQsIE5VTEwpOwoJcmxlbiA9IEVWUF9NRF9DVFhfc2l6ZShjdHgpOwoJRVZQX0Rp
Z2VzdEZpbmFsX2V4KGN0eCwgaGFzaCwgTlVMTCk7CglFVlBfTURfQ1RYX2NsZWFudXAoY3R4KTsK
Cglmb3IgKGkgPSBybGVuOyBpIDwgMTAwOyBpKyspIHsKCQlpZiAoaGFzaFtpXSAhPSAnMCcgKyBp
LzEwKQoJCQlnb3RvIHByb2JsZW07Cgl9CglwcmludGYoIiUtNnM6IHJsZW46ICVkICB0YWlsOiBP
S1xuIiwgbmFtZSwgcmxlbik7CglyZXR1cm47Cgpwcm9ibGVtOgoJcHJpbnRmKCIlLTZzOiBybGVu
OiAlZCAgdGFpbDogIiwgbmFtZSwgcmxlbik7Cglmb3IgKGkgPSBybGVuOyBpIDwgMTAwOyBpKysp
CgkJcHV0Y2hhcigoaGFzaFtpXSA8IDB4MjEgfHwgaGFzaFtpXSA+IDEyNikgPyAnLicgOiBoYXNo
W2ldKTsKCXByaW50ZigiXG4iKTsKfQoKaW50IG1haW4odm9pZCkKewoJT3BlblNTTF9hZGRfYWxs
X2RpZ2VzdHMoKTsKCXRlc3RfaGFzaCgibWQ1Iik7Cgl0ZXN0X2hhc2goInNoYTEiKTsKCXRlc3Rf
aGFzaCgic2hhMjI0Iik7Cgl0ZXN0X2hhc2goInNoYTI1NiIpOwoJdGVzdF9oYXNoKCJzaGEzODQi
KTsKCXRlc3RfaGFzaCgic2hhNTEyIik7Cgl0ZXN0X2hhc2goInJpcGVtZCIpOwoJcmV0dXJuIDA7
Cn0KCg==
--001636498b65b3f0b10481716331--
From: Joerg Sonnenberger <joerg@britannica.bec.de>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: bin/42881: openssl sha384 broken. Returns 64 bytes instead of
48
Date: Wed, 10 Mar 2010 14:01:06 +0100
On Wed, Mar 10, 2010 at 12:30:05PM +0000, Marko Kreen wrote:
> test program for the bug.
Right, that's the issue the commit (and pullup) is supposed to fix.
Does it?
Joerg
From: Marko Kreen <markokr@gmail.com>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: bin/42881: openssl sha384 broken. Returns 64 bytes instead of 48
Date: Wed, 10 Mar 2010 16:00:30 +0200
> Right, that's the issue the commit (and pullup) is supposed to fix.
> Does it?
Unlikely, please see what SHA384_Final() actually does.
As I don't use NetBSD, I can't help you test patches.
--
marko
From: Joerg Sonnenberger <joerg@britannica.bec.de>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: bin/42881: openssl sha384 broken. Returns 64 bytes instead of
48
Date: Wed, 10 Mar 2010 15:38:58 +0100
On Wed, Mar 10, 2010 at 02:05:06PM +0000, Marko Kreen wrote:
> The following reply was made to PR bin/42881; it has been noted by GNATS.
>
> From: Marko Kreen <markokr@gmail.com>
> To: gnats-bugs@netbsd.org
> Cc:
> Subject: Re: bin/42881: openssl sha384 broken. Returns 64 bytes instead of 48
> Date: Wed, 10 Mar 2010 16:00:30 +0200
>
> > Right, that's the issue the commit (and pullup) is supposed to fix.
> > Does it?
>
> Unlikely, please see what SHA384_Final() actually does.
I know what it did. To save a few instructions, OpenSSL creates ad-hoc
calls between SHA384 functions and SHA512 functions. The EVP code
slipped through when I adjusted the rest. The problem was that NetBSD
already had SHA2 support in libc, but OpenSSL uses a larger context.
As I said, that's fixed.
Joerg
From: =?iso-8859-1?Q?R=E9mi_Zara?= <remi_zara@mac.com>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: bin/42881 (openssl sha384 broken. Returns 64 bytes instead of 48)
Date: Tue, 23 Mar 2010 20:46:59 +0100
The change committed fixed the problem for me. Thanks !
Regards,
R=E9mi Zara=
State-Changed-From-To: feedback->closed
State-Changed-By: joerg@NetBSD.org
State-Changed-When: Tue, 23 Mar 2010 19:53:01 +0000
State-Changed-Why:
Reported as fixed. Thanks for the PR.
From: Jeff Rizzo <riz@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/42881 CVS commit: [netbsd-4] src/crypto/dist/openssl/crypto/evp
Date: Sat, 12 Jun 2010 18:32:22 +0000
Module Name: src
Committed By: riz
Date: Sat Jun 12 18:32:22 UTC 2010
Modified Files:
src/crypto/dist/openssl/crypto/evp [netbsd-4]: m_sha1.c
Log Message:
Pull up following revision(s) (requested by joerg in ticket #1386):
crypto/dist/openssl/crypto/evp/m_sha1.c: patch
Ensure that SHA384 always calls the SHA384 functions.
Should fix PR 42881.
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.4.4.1 -r1.1.1.4.4.2 \
src/crypto/dist/openssl/crypto/evp/m_sha1.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.