From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS4713 221.184.0.0/13 X-Spam-Status: No, score=-3.1 required=3.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, FORGED_GMAIL_RCVD,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from neon.ruby-lang.org (neon.ruby-lang.org [221.186.184.75]) by dcvr.yhbt.net (Postfix) with ESMTP id 2F1D81F461 for ; Sun, 12 May 2019 16:55:53 +0000 (UTC) Received: from neon.ruby-lang.org (localhost [IPv6:::1]) by neon.ruby-lang.org (Postfix) with ESMTP id 4C6BD12090A; Mon, 13 May 2019 01:55:47 +0900 (JST) Received: from o1678916x28.outbound-mail.sendgrid.net (o1678916x28.outbound-mail.sendgrid.net [167.89.16.28]) by neon.ruby-lang.org (Postfix) with ESMTPS id ADA08120902 for ; Mon, 13 May 2019 01:55:45 +0900 (JST) Received: by filter0059p3mdw1.sendgrid.net with SMTP id filter0059p3mdw1-23372-5CD85011-17 2019-05-12 16:55:45.527893051 +0000 UTC m=+256030.029653959 Received: from herokuapp.com (unknown [3.93.66.119]) by ismtpd0004p1iad1.sendgrid.net (SG) with ESMTP id iOIhHeZyRm-ovJ0pvluMbw for ; Sun, 12 May 2019 16:55:45.502 +0000 (UTC) Date: Sun, 12 May 2019 16:55:45 +0000 (UTC) From: Greg.mpls@gmail.com Message-ID: References: Mime-Version: 1.0 X-Redmine-MailingListIntegration-Message-Ids: 68110 X-Redmine-Project: ruby-trunk X-Redmine-Issue-Id: 15841 X-Redmine-Issue-Author: thekuwayama X-Redmine-Sender: MSP-Greg X-Mailer: Redmine X-Redmine-Host: bugs.ruby-lang.org X-Redmine-Site: Ruby Issue Tracking System X-Auto-Response-Suppress: All Auto-Submitted: auto-generated X-SG-EID: =?us-ascii?Q?M4W5dkI32Qt1AHWPzmUKqncwpr1RYzW=2Fh5io+QGCFbpMZ0AojP3tUWssJiOi8A?= =?us-ascii?Q?m=2FZkEHGvnsWwCZpUwCIDzY3z6hrozx09x1z4ZGy?= =?us-ascii?Q?PoO6nDw+ZpTb4vhn4O6ra=2FarTs2U3Am+yMbneo7?= =?us-ascii?Q?znq7rnxFO1e3WOYfNrImraVM4JO2QoONYKWOkXI?= =?us-ascii?Q?16ztigkwEzJ7usXe7iCFaoEuJoKYlJwJU2g=3D=3D?= To: ruby-core@ruby-lang.org X-ML-Name: ruby-core X-Mail-Count: 92627 Subject: [ruby-core:92627] [Ruby trunk Bug#15841] SegFault in OpenSSL::PKey::RSA#private_encrypt X-BeenThere: ruby-core@ruby-lang.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: Ruby developers List-Id: Ruby developers List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ruby-core-bounces@ruby-lang.org Sender: "ruby-core" Issue #15841 has been updated by MSP-Greg (Greg L). Interesting. I've meant to create a repo that allowed one to write a test, and run it against MinGW, Linux, & OSX builds, using current Ruby builds (2.4 thru trunk). All darwin18 builds passed, Linux Xenial builds failed, and MinGW builds passed. Some use OpenSSL 1.1.1, others 1.0.2. The test is here: https://github.com/MSP-Greg/ruby-test/blob/15841/test/test_15841.rb Travis: https://travis-ci.org/MSP-Greg/ruby-test/builds/531454106 Appveyor: https://ci.appveyor.com/project/MSP-Greg/ruby-test Re this issue, when and where SEGV's are considered 'improper' is not something I'll weigh in on... ---------------------------------------- Bug #15841: SegFault in OpenSSL::PKey::RSA#private_encrypt https://bugs.ruby-lang.org/issues/15841#change-77989 * Author: thekuwayama (tomoya kuwayama) * Status: Open * Priority: Normal * Assignee: * Target version: * ruby -v: ruby-trunk * Backport: 2.4: UNKNOWN, 2.5: UNKNOWN, 2.6: UNKNOWN ---------------------------------------- Hi. I am writing code that gets rsa private_key using `OpenSSL::PKey::RSA#set_key`. As a test, I tried to run following code, and got a crash report. ``` require 'openssl' MODULUS = OpenSSL::BN.new('126914039353434453831661971268647447269232081862082764501010934367441434199199964254884893447916776634375786528636229937728173623541291144426274921409848997181513107190580453415730826852070626720125773687471242\ 611642649234390348699947633571205684722799950579951120477619298143923772148965919919195784168283711', 10) PUBLIC_EXPONENT = OpenSSL::BN.new('65537', 10) PRIVATE_EXPONENT = OpenSSL::BN.new('341964495821065129936072986248372022243660770187105326365541869938588248782459643985676392231199635777382326886137241414828657902188760530546426203854726301121665061632837569847323878241274517300277489\ 6102686920500059152100016165854694372963975060765003171003826784408362498480661236694500218201182323054913', 10) PRIME1 = OpenSSL::BN.new('11952373024606947105152469897150254148042322654516052874548960228374163164391052864033557517269946782417764389875359650595699633451962690417812447456789781', 10) PRIME2 = OpenSSL::BN.new('10618313124276675806272072098863521356129998721878748974728637357066521302704987846522920724710466419737573058767973827707394086143442677100153976677110531', 10) rsa = OpenSSL::PKey::RSA.new rsa.set_key(MODULUS, PUBLIC_EXPONENT, nil)# PRIVATE_EXPONENT) rsa.set_factors(PRIME1, PRIME2) puts rsa.private_encrypt('plaintext') if rsa.private? ``` I expected that 1. `rsa.private_encrypt` should not crash, raise RSAError. 2. if `rsa.set_key` had called without `d` argument, `rsa.private?` should return false. This is the execute environment. ``` $ ruby --version ruby 2.6.3p62 (2019-04-16 revision 67580) [x86_64-darwin18] $ ruby -ropenssl -e 'puts OpenSSL::OPENSSL_VERSION' OpenSSL 1.1.1b 26 Feb 2019 $ gem list openssl *** LOCAL GEMS *** openssl (default: 2.1.2) ``` with 2.7.0-dev too ``` $ ruby --version ruby 2.7.0dev (2019-05-09 trunk 025206d0dd) [x86_64-darwin18] $ ruby -ropenssl -e 'puts OpenSSL::OPENSSL_VERSION' OpenSSL 1.1.1b 26 Feb 2019 $ gem list openssl *** LOCAL GEMS *** openssl (default: 2.1.2) ``` Thanks. ---Files-------------------------------- ruby_2019-05-09-191920_MacBookPro.crash (39.1 KB) ruby_2019-05-09-192040_MacBookPro.crash (39.1 KB) -- https://bugs.ruby-lang.org/