segmentation fault in crypto:crypto_one_time_aead #10652
Description
Describe the bug
Random failure of crypto:crypto_one_time_aead/4 and a segfault when stress tested.
The random failures show up as:
error:{badarg,{"aead.c",301},"Can't set in-text"}, ...error:{badarg,{"aead.c",287},"Can't set AAD"}, ...
To Reproduce
This segfaults the VM within seconds:
-module('aead-crash').
-export([test/0]).
-define(TAG_LEN, 2).
-define(CRYPTO_KEY, {?MODULE, crypto}).
test() ->
Self = self(),
Pid = spawn(fun() -> init(Self) end),
receive {Pid, done} -> ok
after 1000 -> exit(timeout) end,
garbage_collect(),
timer:sleep(100),
Bin = <<"text">>,
AAD = ~"1",
lists:foreach(
fun(X) ->
spawn(fun() -> crypto_enc_test(Bin, AAD, 100_000) end)
end, lists:seq(1, 10000)).
init(Owner) ->
Algorithm = aes_128_gcm,
Secret = ~"secret",
#{iv_length := IvLen, key_length := KeyLen} = crypto:cipher_info(Algorithm),
IV = crypto:strong_rand_bytes(IvLen),
Key = crypto:pbkdf2_hmac(sha256, Secret, IV, 16, KeyLen),
EncState = crypto:crypto_one_time_aead_init(Algorithm, Key, ?TAG_LEN, true),
DecState = crypto:crypto_one_time_aead_init(Algorithm, Key, ?TAG_LEN, false),
Crypto =
#{crypto_iv_len => IvLen,
crypto_key_len => KeyLen,
crypto_enc_state => EncState,
crypto_dec_state => DecState},
io:format("Crypto State: ~p\n", [Crypto]),
persistent_term:put(?CRYPTO_KEY, Crypto),
Owner ! {self(), done}.
crypto_enc_test(_Bin, _AAD, 0) ->
ok;
crypto_enc_test(Bin, AAD, Cnt) ->
#{crypto_iv_len := IvLen, crypto_enc_state := EncState} = persistent_term:get(?CRYPTO_KEY),
IV = crypto:strong_rand_bytes(IvLen),
try crypto:crypto_one_time_aead(EncState, IV, Bin, AAD)
catch
C:E:St ->
io:format("\nC: ~p\nE: ~p\nSt: ~p", [C, E, St]),
erlang:raise(C, E, St)
end,
crypto_enc_test(Bin, AAD, Cnt - 1).
Affected versions
The OTP versions that are affected by this bug.
- OTP 28.0, locally build with kerl
- OTP 28.3, locally build with kerl
Additional context
OS: Ubuntu 25.10
SSL: openssl 3.5.3-1ubuntu3
This smells like an unsafe, concurrent use of the OpenSSL context.