[Bug 1975347] Re: Backport OPENSSL_strcasecmp fixes from 3.0 branch
Davide Pesavento
1975347 at bugs.launchpad.net
Mon May 23 08:12:51 UTC 2022
EVP_EC_gen() is just a macro that expands to EVP_PKEY_Q_keygen(), so
yeah, it's exactly the same as
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1974037
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1975347
Title:
Backport OPENSSL_strcasecmp fixes from 3.0 branch
Status in openssl package in Ubuntu:
New
Bug description:
The recent openssl update to 3.0.2-0ubuntu1.2 in jammy included some
buggy changes related to OPENSSL_strcasecmp. Briefly, it's possible
for OPENSSL_strcasecmp to be called before the global locale_t object
has been initialized, causing a crash in strcasecmp_l. For example,
this bug can be trivially triggered with the program below.
#include <openssl/evp.h>
int main()
{
EVP_PKEY_Q_keygen(NULL, NULL, "EC", "P-256");
}
The problem is already fixed in the openssl-3.0 branch. Please
consider backporting this PR
https://github.com/openssl/openssl/pull/18293 or updating the ubuntu
package to a more recent commit of that branch that includes the
fixes.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1975347/+subscriptions
More information about the foundations-bugs
mailing list