Bug 1934 - mac_init() calls HMAC_Init() without previously having called HMAC_CTX_init().
Summary: mac_init() calls HMAC_Init() without previously having called HMAC_CTX_init().
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: Miscellaneous (show other bugs)
Version: 5.8p1
Hardware: All All
: P2 normal
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks: V_6_0
  Show dependency treegraph
 
Reported: 2011-09-08 00:00 AEST by Robert Dugal
Modified: 2015-08-11 23:02 AEST (History)
1 user (show)

See Also:

Attachments
macinit.diff (473 bytes, patch)
2011-12-02 11:27 AEDT, Damien Miller 		dtucker: ok+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Dugal 2011-09-08 00:00:50 AEST 
I have been doing some work with OpenSSH 5.8p1, attempting to use an alternative engine for crypto. In mac.c, the function mac_init() calls HMAC_Init() without previously having called HMAC_CTX_init(). However, OpenSSL documentation states that HMAC_CTX_init() is mandatory.

See http://www.openssl.org/docs/crypto/hmac.html

HMAC_CTX_init() initialises a HMAC_CTX before first use. It must be called. HMAC_CTX_init() must have been called before the first use of an HMAC_CTX in this function. N.B. HMAC_Init() had this undocumented  behaviour in previous versions of OpenSSL - failure to switch to  HMAC_Init_ex() in programs that expect it will cause them to stop working.

While this appears to currently cause no issues with OpenSSH 5.8p1 using OpenSSL 1.0.0d and the default crypto engine, it may cause problems (such as segfaults in my case) when attempting to use an alternative engine.
Comment 1 Damien Miller 2011-12-02 11:27:12 AEDT 
Created attachment 2110 [details]
macinit.diff

insert HMAC_CTX_init
Comment 2 Damien Miller 2011-12-02 11:44:15 AEDT 
patch applied - will be in openssh-6.0. Thanks!
Comment 3 Damien Miller 2015-08-11 23:02:20 AEST 
Set all RESOLVED bugs to CLOSED with release of OpenSSH 7.1