Opened 4 months ago

Closed 4 months ago

#27226 closed defect (fixed)

Crash in tortls/cert_matches_key with openssl 1.0.2p

Reported by: nickm Owned by: nickm
Priority: High Milestone: Tor: 0.2.9.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: 034-must 029-backport 032-backport 033-backport 034-backport
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Our unit test, tortls/cert_matches_key, does some questionable stuff that is not compatible with openssl 1.0.2p.

Namely, it calls EVP_PKEY_asn1_new(999, 0, NULL, NULL), which now returns NULL.

Looking at the test, I'm not sure what it's trying to do with this -- it's making a bogus public key method with a "compare" function that will always return "1". Later, it's using this thing to construct bogus PKEY objects.

This, like a lot of other tortls.c tests, is way too tightly coupled to openssl internals.

Child Tickets

Change History (5)

comment:1 Changed 4 months ago by nickm

Keywords: 029-backport 032-backport 033-backport 034-backport added; 029- removed
Owner: set to nickm
Status: newaccepted

comment:2 Changed 4 months ago by nickm

Status: acceptedneeds_review

See branch bug27226_029 in my public repository, PR at https://github.com/torproject/tor/pull/282 .

comment:3 Changed 4 months ago by nickm

Milestone: Tor: 0.3.5.x-finalTor: 0.3.4.x-final

comment:4 Changed 4 months ago by catalyst

Status: needs_reviewmerge_ready

Looks good to me! I think it has merge conflicts on 0.3.4 and newer, but I didn't try very hard to resolve them. (They might be easy to resolve though.)

comment:5 Changed 4 months ago by nickm

Milestone: Tor: 0.3.4.x-finalTor: 0.2.9.x-final
Resolution: fixed
Status: merge_readyclosed

Okay; I've merged and resolved the conflicts. I'm going to keep an eye on Jenkins in the next day or so, since this kind of thing is prone to have some minor issue somewhere.

Note: See TracTickets for help on using tickets.