Example code for Secure Comparator crash with BoringSSL

crash.c

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include <themis/themis.h>

static void append_secret(secure_comparator_t *comparator, const char *secret,
                          const char *name)
{
	themis_status_t status;

	printf("[=] appending data to %s: %s\n", name, secret);

	status = secure_comparator_append_secret(comparator,
		secret, strlen(secret));

	if (status != THEMIS_SUCCESS) {
		printf("[*] append_secret(%s) failed: %d\n", name, status);
		exit(1);
	}
}

static void perform_comparison(secure_comparator_t *alice,
                               secure_comparator_t *bob)
{
	themis_status_t status;
	char alice_data[4096];
	size_t alice_data_len;
	char bob_data[4096];
	size_t bob_data_len;

	printf("[-] begin   comparison: A\n");

	alice_data_len = sizeof(alice_data);
	status = secure_comparator_begin_compare(alice,
		alice_data, &alice_data_len);

	if (status != THEMIS_SCOMPARE_SEND_OUTPUT_TO_PEER) {
		printf("begin_compare(A) failed: %d\n", status);
		exit(1);
	}

	for (;;) {
		printf("[~] proceed comparison: B\n");

		bob_data_len = sizeof(bob_data);
		status = secure_comparator_proceed_compare(bob,
			alice_data, alice_data_len, bob_data, &bob_data_len);

		if (status == THEMIS_SUCCESS)
			break;

		if (status != THEMIS_SCOMPARE_SEND_OUTPUT_TO_PEER) {
			printf("[*] proceed_compare(B) failed: %d", status);
			exit(1);
		}

		printf("[~] proceed comparison: A\n");

		alice_data_len = sizeof(alice_data);
		status = secure_comparator_proceed_compare(alice,
			bob_data, bob_data_len, alice_data, &alice_data_len);

		if (status == THEMIS_SUCCESS)
			break;

		if (status != THEMIS_SCOMPARE_SEND_OUTPUT_TO_PEER) {
			printf("[*] proceed_compare(A) failed: %d", status);
			exit(1);
		}
	}

	printf("[!] comparison complete\n");
}

static void check_comparison(secure_comparator_t *cmp, const char *name)
{
	themis_status_t status;

	status = secure_comparator_get_result(cmp);

	switch (status) {
	case THEMIS_SCOMPARE_MATCH:
		printf("[>] result %s: (+++) match\n", name);
		break;
	case THEMIS_SCOMPARE_NO_MATCH:
		printf("[>] result %s: (---) mismatch\n", name);
		break;
	default:
		printf("[*] get_result() failed: %d\n", status);
		exit(1);
	}
}

int main()
{
	secure_comparator_t *comparator1;
	secure_comparator_t *comparator2;

	comparator1 = secure_comparator_create();
	comparator2 = secure_comparator_create();

	/* Round 1 */

	append_secret(comparator1, "different", "A");
	append_secret(comparator2, "test data", "B");

	perform_comparison(comparator1, comparator2);

	check_comparison(comparator1, "A");
	check_comparison(comparator2, "B");

	/* Round 2 */

	append_secret(comparator1, "the same data", "A");
	append_secret(comparator2, "the same data", "B");

	perform_comparison(comparator1, comparator2);

	check_comparison(comparator1, "A");
	check_comparison(comparator2, "B");

	return 0;
}

reproduce.sh

#!/bin/sh
#
# Reproduces the crash.
#
# Expects to be run as "./reproduce.sh" and "crash.c" beside it.

# Clone Themis
git clone [email protected]:cossacklabs/themis
cd themis

# Pull in submodules
git submodule update --init --recursive

# Configure, build, and prepare BoringSSL
mkdir build
cd build
# Tell it to use -fPIC so that static libs can be embedded into *.so
cmake -DCMAKE_C_FLAGS="-fPIC" -DCMAKE_CXX_FLAGS="-fPIC" \
  ../third_party/boringssl/src
make crypto decrepit
cp crypto/libcrypto.a decrepit/libdecrepit.a .

# Configure and build Themis with BoringSSL
cd ..
mkdir install
export PREFIX=$PWD/install
export ENGINE=boringssl
export ENGINE_INCLUDE_PATH=$PWD/third_party/boringssl/src/include
export ENGINE_LIB_PATH=$PWD/build
export LD_LIBRARY_PATH=$PWD/install/lib
make install

# Build and run example
cd ..
cc crash.c \
  -I$PWD/themis/install/include -L$PWD/themis/install/lib \
  -I$ENGINE_INCLUDE_PATH -L$ENGINE_LIB_PATH \
  -static -lthemis -lsoter -lcrypto -ldecrepit -pthread

echo "Running ./a.out..."
./a.out