Binary compatibility between 0.9.7g and 0.9.7h?

[Andreas Haumer]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi!

I just tried to upgrade from openssl-0.9.7g to 0.9.7h
and noticed that my openssh-4.2p1 server and clients now
crash with segfault with the new openssl shared library!
I tested this on two installations and both had this problem.

Re-compiling the openssh sources against the new openssl
library headers seems to cure the problem, but still this
is an unfortunate situation as a lot of other packages
depend on the openssl libraries. I don't want to risk
system stability by installing security updates... ;-)

I did a quick test with some other major packages (squid,
sendmail, bind, apache, cyrus-imapd), but only openssh
seems to be affected so far.

This is under linux with glibc-2.3.5

Is this expected behaviour?
I haven't found any obvious hint in the README or CHANGES
files...

- - andreas

- --
Andreas Haumer | mailto:and...@xss.co.at
*x Software + Systeme | http://www.xss.co.at/
Karmarschgasse 51/2/20 | Tel: +43-1-6060114-0
A-1100 Vienna, Austria | Fax: +43-1-6060114-71
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDS8DtxJmyeGcXPhERAkVdAKCSjTigfmcI/l8mPER82MMHkLxb9QCbBdB8
aHB+XFTjVuu5ZlUWNaJNA3E=
=4WuY
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org

[Jorey Bump]

Andreas Haumer wrote:

> I just tried to upgrade from openssl-0.9.7g to 0.9.7h
> and noticed that my openssh-4.2p1 server and clients now
> crash with segfault with the new openssl shared library!
> I tested this on two installations and both had this problem.
>
> Re-compiling the openssh sources against the new openssl
> library headers seems to cure the problem, but still this
> is an unfortunate situation as a lot of other packages
> depend on the openssl libraries. I don't want to risk
> system stability by installing security updates... ;-)
>
> I did a quick test with some other major packages (squid,
> sendmail, bind, apache, cyrus-imapd), but only openssh
> seems to be affected so far.
>
> This is under linux with glibc-2.3.5

What distribution of Linux are you using? openssl is one of those
packages you might not want to replace if you want to stay in sync with
your distribution's security/bugfix updates. In many cases, you should
ignore the version of a package because the maintainers will backport
security fixes without updating the version string. This is very common
with openssl.

[Andreas Haumer]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi!

Jorey Bump schrieb:
[...]

>
> What distribution of Linux are you using? openssl is one of those
> packages you might not want to replace if you want to stay in sync with
> your distribution's security/bugfix updates. In many cases, you should
> ignore the version of a package because the maintainers will backport
> security fixes without updating the version string. This is very common
> with openssl.

This is our own Linux distribution and _I_ am the maintainer
of it, so _I_ have to check for security fixes and updates!
I do this for about ten years now, so I'm quite used to the
procedure... ;-)

This is the first time I saw a binary incompatibility
problem between minor updates with the openssl libraries,
so I figured I'd rather report it...

- - andreas

- --
Andreas Haumer | mailto:and...@xss.co.at
*x Software + Systeme | http://www.xss.co.at/
Karmarschgasse 51/2/20 | Tel: +43-1-6060114-0
A-1100 Vienna, Austria | Fax: +43-1-6060114-71
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDS9eTxJmyeGcXPhERAm2UAJ99njDWOa+pJ1vPm9t2FhDFD8ToDACglsUS
F0f2KTMdw2WbHSzv5IL5k/g=
=6FkZ
-----END PGP SIGNATURE-----

[Dawn Keenan]

> I just tried to upgrade from openssl-0.9.7g to 0.9.7h
> and noticed that my openssh-4.2p1 server and clients now
> crash with segfault with the new openssl shared library!
> I tested this on two installations and both had this problem.

We are experiencing the same problem with the 0.9.7g to 0.9.7h
upgrade on a Solaris 8 system, using OpenSSH 4.0p1 with shared
libraries. An OpenSSH rebuild to fix the problem is in progress.

--
Dawn Keenan
Information Systems and Technology, University of Waterloo

[Thomas J. Hruska]

Dawn Keenan wrote:
>>I just tried to upgrade from openssl-0.9.7g to 0.9.7h
>>and noticed that my openssh-4.2p1 server and clients now
>>crash with segfault with the new openssl shared library!
>>I tested this on two installations and both had this problem.
>
>
> We are experiencing the same problem with the 0.9.7g to 0.9.7h
> upgrade on a Solaris 8 system, using OpenSSH 4.0p1 with shared
> libraries. An OpenSSH rebuild to fix the problem is in progress.
>
> --
> Dawn Keenan
> Information Systems and Technology, University of Waterloo

I was going to build Win32 OpenSSL 0.9.7h (Installation Project) and
release it later today, but since people are experiencing binary
compatability issues, I'll hold off until Richard or someone can verify
that I'm not going to be deluged with "Your upgrade broke my software"
requests. I'll download the source later and look at the CHANGELOG and
diff the source to see what might have broken things, but a security fix
shouldn't be breaking binary compatability. It will probably be several
days before this gets sorted out. Apologies for any inconvienence.

--
Thomas Hruska
Shining Light Productions

Home of BMP2AVI, Nuclear Vision, ProtoNova, and Win32 OpenSSL.
http://www.slproweb.com/

Ask me about discounts on any Shining Light Productions product!

[David Schwartz]

> I just tried to upgrade from openssl-0.9.7g to 0.9.7h
> and noticed that my openssh-4.2p1 server and clients now
> crash with segfault with the new openssl shared library!
> I tested this on two installations and both had this problem.

We discovered similar problems caused by a change in the size of the
EVP_MD_CTX structure. We fixed it by changing code like:

EVP_MD_CTX ctx;

to

EVP_MD_CTX *ctx=EVP_MD_CTX_create();
...
EVP_MD_CTX_destroy(ctx);

DS

[Andy Polyakov]

>>I just tried to upgrade from openssl-0.9.7g to 0.9.7h
>>and noticed that my openssh-4.2p1 server and clients now
>>crash with segfault with the new openssl shared library!
>>I tested this on two installations and both had this problem.
>
> We discovered similar problems caused by a change in the size of the
> EVP_MD_CTX structure.

Double-check that http://cvs.openssl.org/chngview?cn=14514 fixes the
problem.

> We fixed it by changing code like:
>
> EVP_MD_CTX ctx;
>
> to
>
> EVP_MD_CTX *ctx=EVP_MD_CTX_create();
> ...
> EVP_MD_CTX_destroy(ctx);

Admirable attitute and proper solution. A.

[Richard Levitte - VMS Whacker]

----Next_Part(Tue_Oct_11_21_53_23_2005_868)--
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

In message <MDEHLPKNGKAHNMBLJ...@webmaster.com> on Tue, 11 Oct 2005 10:22:00 -0700, "David Schwartz" <dav...@webmaster.com> said:

davids> > I just tried to upgrade from openssl-0.9.7g to 0.9.7h
davids> > and noticed that my openssh-4.2p1 server and clients now
davids> > crash with segfault with the new openssl shared library!
davids> > I tested this on two installations and both had this
davids> > problem.
davids>
davids> We discovered similar problems caused by a change in the size
davids> of the EVP_MD_CTX structure. We fixed it by changing code
davids> like:
davids>
davids> EVP_MD_CTX ctx;
davids>
davids> to
davids>
davids> EVP_MD_CTX *ctx=EVP_MD_CTX_create();
davids> ...
davids> EVP_MD_CTX_destroy(ctx);

Correct analysis.

What's happened is that the FIPS functions for SHA224, SHA256, SHA384
and SHA512 were added. They require a larger EVP_MAX_MD_SIZE. The
functions were wrapped with an #ifdef OPENSSL_FIPS, while
EVP_MAX_MD_SIZE was forgotten in that process.

To say it straight out, we fucked up!

The patch to correct the problem is quite easy, though, and you can
find it attached to this letter.

My recommendation is to apply that patch unconditionally. The
security issue that caused the release of 0.9.7h is serious enough not
to disregard this release and instead go through the hoops of applying
an extra patch.

Cheers,
Richard

-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.

--
Richard Levitte lev...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/

----Next_Part(Tue_Oct_11_21_53_23_2005_868)--
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="evp.h.diff"

Index: crypto/evp/evp.h
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/evp/evp.h,v
retrieving revision 1.86.2.19
diff -u -r1.86.2.19 evp.h
--- crypto/evp/evp.h 17 May 2005 19:48:42 -0000 1.86.2.19
+++ crypto/evp/evp.h 11 Oct 2005 19:51:13 -0000
@@ -132,7 +132,11 @@
#define EVP_CAST5_KEY_SIZE 16
#define EVP_RC5_32_12_16_KEY_SIZE 16
*/
+#ifdef OPENSSL_FIPS
#define EVP_MAX_MD_SIZE 64 /* longest known SHA512 */
+#else
+#define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */
+#endif
#define EVP_MAX_KEY_LENGTH 32
#define EVP_MAX_IV_LENGTH 16
#define EVP_MAX_BLOCK_LENGTH 32

----Next_Part(Tue_Oct_11_21_53_23_2005_868)----

[Richard Levitte - VMS Whacker]

In message <20051011.215323....@openssl.org> on Tue, 11 Oct 2005 21:53:23 +0200 (CEST), Richard Levitte - VMS Whacker <lev...@openssl.org> said:

levitte> The patch to correct the problem is quite easy, though, and
levitte> you can find it attached to this letter.

That patch isn't enough, apparently. Follow Andy's directions
instead.

Cheers,
Richard

-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.

--
Richard Levitte ric...@levitte.org
http://richard.levitte.org/

"When I became a man I put away childish things, including
the fear of childishness and the desire to be very grown up."
-- C.S. Lewis

[Matthias Buecher / Germany]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=20
Do I have to apply this to 0.9.8a too?

Matthias "Maddes" B=FCcher

On 11.10.2005 21:53, Richard Levitte - VMS Whacker wrote:

> Correct analysis.
>
> What's happened is that the FIPS functions for SHA224, SHA256,
> SHA384 and SHA512 were added. They require a larger
> EVP_MAX_MD_SIZE. The functions were wrapped with an #ifdef
> OPENSSL_FIPS, while EVP_MAX_MD_SIZE was forgotten in that process.
>

> The patch to correct the problem is quite easy, though, and you can

> find it attached to this letter.
>

> My recommendation is to apply that patch unconditionally. The
> security issue that caused the release of 0.9.7h is serious enough
> not to disregard this release and instead go through the hoops of
> applying an extra patch.
>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

=20
iD8DBQFDTBvDUXXT+9wZdbURAsuxAKCbwRrZWtuM/hST7JJQW7qQKIo+2gCg0WOY
awCBYQk+Q9dQwg/haRemcrk=3D
=3Daqtv
-----END PGP SIGNATURE-----

--=20
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database: 267.11.14/128 - Release Date: 10.10.20=
05

[Andy Polyakov]

> Do I have to apply this to 0.9.8a too?

NO. A.

[Richard Levitte - VMS Whacker]

In message <434C1BC3...@arcor.de> on Tue, 11 Oct 2005 22:08:35 +0200, "Matthias Buecher / Germany" <madd...@arcor.de> said:

maddes.b> Do I have to apply this to 0.9.8a too?

No, this is a 0.9.7h issue only.

Cheers,
Richard

-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.

--
Richard Levitte ric...@levitte.org
http://richard.levitte.org/

"When I became a man I put away childish things, including
the fear of childishness and the desire to be very grown up."
-- C.S. Lewis