Closed
Conversation
Seen in Travis logs ... Client cipher list: ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-CCM:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-CAMELLIA256-SHA384:ECDHE-ECDSA-CAMELLIA256-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-CAMELLIA256-SHA256:DHE-DSS-CAMELLIA256-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:AES256-CCM8:AES256-CCM:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA256:CAMELLIA256-SHA:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES128-CCM:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-CCM:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ECDHE-RSA-CAMELLIA128-SHA256:ECDHE-ECDSA-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA256:DHE-DSS-CAMELLIA128-SHA256:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:AES128-CCM8:AES128-CCM:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA256:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:DHE-RSA-DES-CBC3-SHA:DHE-DSS-DES-CBC3-SHA:DES-CBC3-SHA: s_cb.c:1077:41: runtime error: index 18446744073709551614 out of bounds for type 'const unsigned char [3]' SUMMARY: AddressSanitizer: undefined-behavior s_cb.c:1077 # Failed test 'Missing CertificateStatus message' # at ../test/recipes/70-test_sslcertstatus.t line 84. ....
FdaSilvaYY
pushed a commit
that referenced
this pull request
Nov 7, 2016
PKCS #1 v2.0 is the name of a document which specifies an algorithm RSASSA-PKCS1-v1_5, often referred to as "PKCS #1 v1.5" after an earlier document which specified it. This gets further confusing because the document PKCS #1 v2.1 specifies two signature algorithms, RSASSA-PKCS1-v1_5 and RSASSA-PSS. RSA_sign implements RSASSA-PKCS1-v1_5. Refer to the document using the RFC number which is easier to find anyway, and refer to the algorithm by its name. Reviewed-by: Kurt Roeckx <[email protected]> Reviewed-by: Rich Salz <[email protected]> GH: openssl#1474
FdaSilvaYY
pushed a commit
that referenced
this pull request
Nov 11, 2016
PKCS #1 v2.0 is the name of a document which specifies an algorithm RSASSA-PKCS1-v1_5, often referred to as "PKCS #1 v1.5" after an earlier document which specified it. This gets further confusing because the document PKCS #1 v2.1 specifies two signature algorithms, RSASSA-PKCS1-v1_5 and RSASSA-PSS. RSA_sign implements RSASSA-PKCS1-v1_5. Refer to the document using the RFC number which is easier to find anyway, and refer to the algorithm by its name. Reviewed-by: Kurt Roeckx <[email protected]> Reviewed-by: Rich Salz <[email protected]> GH: openssl#1474 (cherry picked from commit aa90ca1)
FdaSilvaYY
added a commit
that referenced
this pull request
Jan 6, 2019
CID 1440002 (#1 of 1): Use after free (USE_AFTER_FREE) Not a deadly error, because error was just before app exit. Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#7359)
FdaSilvaYY
added a commit
that referenced
this pull request
Jan 6, 2019
Call to i2d method returns an int value. Fix: CID 1338183 (#1 of 1): Improper use of negative value (NEGATIVE_RETURNS) CID 1371691 (#1 of 1): Improper use of negative value (NEGATIVE_RETURNS) CID 1371692 (#1 of 1): Improper use of negative value (NEGATIVE_RETURNS) [extended tests] Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#7359)
FdaSilvaYY
pushed a commit
that referenced
this pull request
Sep 12, 2019
An attack is simple, if the first CMS_recipientInfo is valid but the second CMS_recipientInfo is chosen ciphertext. If the second recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct encryption key will be replaced by garbage, and the message cannot be decoded, but if the RSA decryption fails, the correct encryption key is used and the recipient will not notice the attack. As a work around for this potential attack the length of the decrypted key must be equal to the cipher default key length, in case the certifiate is not given and all recipientInfo are tried out. The old behaviour can be re-enabled in the CMS code by setting the CMS_DEBUG_DECRYPT flag. Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#9777)
FdaSilvaYY
added a commit
that referenced
this pull request
Apr 20, 2021
CID 1440002 (#1 of 1): Use after free (USE_AFTER_FREE) Not a deadly error, because error was just before app exit. Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#7359) (cherry picked from commit 39fc4c1)
FdaSilvaYY
added a commit
that referenced
this pull request
Apr 20, 2021
Call to i2d method returns an int value. Fix: CID 1338183 (#1 of 1): Improper use of negative value (NEGATIVE_RETURNS) CID 1371691 (#1 of 1): Improper use of negative value (NEGATIVE_RETURNS) CID 1371692 (#1 of 1): Improper use of negative value (NEGATIVE_RETURNS) [extended tests] Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#7359) (cherry picked from commit da84249)
FdaSilvaYY
pushed a commit
that referenced
this pull request
Apr 20, 2021
An attack is simple, if the first CMS_recipientInfo is valid but the second CMS_recipientInfo is chosen ciphertext. If the second recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct encryption key will be replaced by garbage, and the message cannot be decoded, but if the RSA decryption fails, the correct encryption key is used and the recipient will not notice the attack. As a work around for this potential attack the length of the decrypted key must be equal to the cipher default key length, in case the certifiate is not given and all recipientInfo are tried out. The old behaviour can be re-enabled in the CMS code by setting the CMS_DEBUG_DECRYPT flag. Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#9777) (cherry picked from commit 5840ed0)
FdaSilvaYY
pushed a commit
that referenced
this pull request
Jul 18, 2022
Direct leak of 4 byte(s) in 1 object(s) allocated from:
#0 0x4a067d in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:129:3
#1 0x57af0d in CRYPTO_malloc /src/openssl/crypto/mem.c:184:12
openssl#2 0x57af0d in CRYPTO_realloc /src/openssl/crypto/mem.c:207:16
openssl#3 0x569d17 in BUF_MEM_grow /src/openssl/crypto/buffer/buffer.c:97:15
openssl#4 0x5c3629 in str_copy /src/openssl/crypto/conf/conf_def.c:642:10
openssl#5 0x5c1cc1 in def_load_bio /src/openssl/crypto/conf/conf_def.c:452:22
openssl#6 0x56adf5 in NCONF_load_bio /src/openssl/crypto/conf/conf_lib.c:282:12
openssl#7 0x4d96cf in FuzzerTestOneInput /src/openssl/fuzz/conf.c:38:5
openssl#8 0x4d9830 in LLVMFuzzerTestOneInput /src/openssl/fuzz/driver.c:28:12
openssl#9 0x510c23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) cxa_noexception.cpp
openssl#10 0x4fc4d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
openssl#11 0x501f85 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) cxa_noexception.cpp
openssl#12 0x52ac82 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
Reviewed-by: Tomas Mraz <[email protected]>
(Merged from openssl#16813)
FdaSilvaYY
pushed a commit
that referenced
this pull request
Jul 18, 2022
Direct leak of 2 byte(s) in 1 object(s) allocated from:
#0 0x4a067d in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:129:3
#1 0x57acd9 in CRYPTO_malloc /src/openssl/crypto/mem.c:184:12
openssl#2 0x57e106 in CRYPTO_strdup /src/openssl/crypto/o_str.c:24:11
openssl#3 0x5c139f in def_load_bio /src/openssl/crypto/conf/conf_def.c:427:45
openssl#4 0x56adf5 in NCONF_load_bio /src/openssl/crypto/conf/conf_lib.c:282:12
openssl#5 0x4d96cf in FuzzerTestOneInput /src/openssl/fuzz/conf.c:38:5
openssl#6 0x4d9830 in LLVMFuzzerTestOneInput /src/openssl/fuzz/driver.c:28:12
openssl#7 0x510c23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) cxa_noexception.cpp
openssl#8 0x4fc4d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
openssl#9 0x501f85 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) cxa_noexception.cpp
openssl#10 0x52ac82 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
openssl#11 0x7f15336bf0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
Reviewed-by: Tomas Mraz <[email protected]>
(Merged from openssl#16813)
FdaSilvaYY
pushed a commit
that referenced
this pull request
Jul 18, 2022
This happens usually if an template object is created
and there is an out of memory error before the ASN1_OP_NEW_POST
method is called, but asn1_item_embed_free calls now the
ASN1_OP_FREE_POST which may crash because the object is not
properly initialized. Apparently that is only an issue with
the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which
ought to be tolerant to incomplete initialized objects.
The error can be reproduced with the reproducible error injection patch:
$ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4
#0 0x7faae9dbeeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x408dc4 in my_malloc fuzz/test-corpus.c:114
openssl#2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230
openssl#3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341
openssl#4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318
openssl#5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78
openssl#6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240
openssl#7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
openssl#8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240
openssl#9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
openssl#10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
openssl#11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
openssl#12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
openssl#13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
openssl#14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
openssl#15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
openssl#16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
openssl#17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
openssl#18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
openssl#19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
openssl#20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
openssl#21 0x40893b in testfile fuzz/test-corpus.c:182
openssl#22 0x406b86 in main fuzz/test-corpus.c:226
openssl#23 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
AddressSanitizer:DEADLYSIGNAL
=================================================================
==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7faae9b0625f bp 0x7fffffe41a00 sp 0x7fffffe41920 T0)
==1194==The signal is caused by a READ memory access.
==1194==Hint: address points to the zero page.
#0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258
#1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113
openssl#2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150
openssl#3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
openssl#4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
openssl#5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
openssl#6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
openssl#7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
openssl#8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
openssl#9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
openssl#10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
openssl#11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
openssl#12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
openssl#13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
openssl#14 0x40893b in testfile fuzz/test-corpus.c:182
openssl#15 0x406b86 in main fuzz/test-corpus.c:226
openssl#16 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb
==1194==ABORTING
Reviewed-by: Matt Caswell <[email protected]>
Reviewed-by: Tomas Mraz <[email protected]>
(Merged from openssl#18360)
FdaSilvaYY
pushed a commit
that referenced
this pull request
Jul 18, 2022
This is reproducible with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc
140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282:
140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662:
140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464:
140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149:
140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR
140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO
140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88:
=================================================================
==19676==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230
openssl#2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246
openssl#3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257
openssl#4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655
openssl#5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030
openssl#6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463
openssl#7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46
openssl#8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84
openssl#9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151
openssl#10 0x402dba in FuzzerTestOneInput fuzz/server.c:592
openssl#11 0x40370b in testfile fuzz/test-corpus.c:182
openssl#12 0x402846 in main fuzz/test-corpus.c:226
openssl#13 0x7fdd297b9f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s).
Reviewed-by: Tomas Mraz <[email protected]>
Reviewed-by: Matt Caswell <[email protected]>
(Merged from openssl#18366)
FdaSilvaYY
pushed a commit
that referenced
this pull request
Jul 18, 2022
This is reproducible with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d
ERROR_INJECT=1653267699
#0 0x7fd485a6ad4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36
#1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114
openssl#2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230
openssl#3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139
openssl#4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44
openssl#5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
openssl#6 0x55c12d268239 in testfile fuzz/test-corpus.c:182
openssl#7 0x55c12d267c7f in main fuzz/test-corpus.c:226
openssl#8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308
openssl#9 0x55c12d267e5d in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d)
=================================================================
==1058475==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 268 byte(s) in 1 object(s) allocated from:
#0 0x7fd485a5dc3e in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163
#1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97
openssl#2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43
openssl#3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41
openssl#4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
openssl#5 0x55c12d268239 in testfile fuzz/test-corpus.c:182
openssl#6 0x55c12d267c7f in main fuzz/test-corpus.c:226
openssl#7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308
SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s).
Reviewed-by: Tomas Mraz <[email protected]>
Reviewed-by: Matt Caswell <[email protected]>
(Merged from openssl#18371)
FdaSilvaYY
pushed a commit
that referenced
this pull request
Jul 18, 2022
Prior to the crash there is an out of memory error
in X509_verify_cert which makes the chain NULL or
empty. The error is ignored by ssl_add_cert_chain,
and ssl_security_cert_chain crashes due to the
unchecked null pointer.
This is reproducible with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8
#0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x403ba4 in my_malloc fuzz/test-corpus.c:114
openssl#2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230
openssl#3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180
openssl#4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242
openssl#5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99
openssl#6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286
openssl#7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959
openssl#8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
openssl#9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
openssl#10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
openssl#11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
openssl#12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
openssl#13 0x403202 in FuzzerTestOneInput fuzz/server.c:740
openssl#14 0x40371b in testfile fuzz/test-corpus.c:182
openssl#15 0x402856 in main fuzz/test-corpus.c:226
openssl#16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
openssl#17 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936)
AddressSanitizer:DEADLYSIGNAL
=================================================================
==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0)
==8400==The signal is caused by a READ memory access.
==8400==Hint: address points to the zero page.
#0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386
#1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84
openssl#2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921
openssl#3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518
openssl#4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542
openssl#5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562
openssl#6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963
openssl#7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
openssl#8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
openssl#9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
openssl#10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
openssl#11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
openssl#12 0x403202 in FuzzerTestOneInput fuzz/server.c:740
openssl#13 0x40371b in testfile fuzz/test-corpus.c:182
openssl#14 0x402856 in main fuzz/test-corpus.c:226
openssl#15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
openssl#16 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in x509v3_cache_extensions
==8400==ABORTING
Reviewed-by: Tomas Mraz <[email protected]>
Reviewed-by: Matt Caswell <[email protected]>
(Merged from openssl#18376)
FdaSilvaYY
pushed a commit
that referenced
this pull request
Jul 18, 2022
This can be reproduced with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1
log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out
ERROR_INJECT=1653520461
#0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x402fc4 in my_realloc fuzz/test-corpus.c:129
openssl#2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198
openssl#3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242
openssl#4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168
openssl#5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111
openssl#6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246
openssl#7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
openssl#8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
openssl#9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
openssl#10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
openssl#11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
openssl#12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
openssl#13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
openssl#14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
openssl#15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
openssl#16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
openssl#17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
openssl#18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
openssl#19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
openssl#20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
openssl#21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
openssl#22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
openssl#23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
openssl#24 0x402bbb in testfile fuzz/test-corpus.c:182
openssl#25 0x402626 in main fuzz/test-corpus.c:226
openssl#26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
openssl#27 0x402706 (/home/ed/OPC/openssl/fuzz/cms-test+0x402706)
=================================================================
==29625==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230
openssl#2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209
openssl#3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928
openssl#4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577
openssl#5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
openssl#6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178
openssl#7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
openssl#8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
openssl#9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142
openssl#10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97
openssl#11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246
openssl#12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
openssl#13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
openssl#14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
openssl#15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
openssl#16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
openssl#17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
openssl#18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
openssl#19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
openssl#20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
openssl#21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
openssl#22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
openssl#23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
openssl#24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
openssl#25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
openssl#26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
openssl#27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
openssl#28 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
openssl#29 0x402bbb in testfile fuzz/test-corpus.c:182
openssl#30 0x402626 in main fuzz/test-corpus.c:226
openssl#31 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).
Reviewed-by: Paul Dale <[email protected]>
Reviewed-by: Tomas Mraz <[email protected]>
(Merged from openssl#18391)
FdaSilvaYY
pushed a commit
that referenced
this pull request
Jul 18, 2022
This can be reproduced with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2
#0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x402f84 in my_malloc fuzz/test-corpus.c:114
openssl#2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
openssl#3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
openssl#4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
openssl#5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
openssl#6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503
openssl#7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559
openssl#8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814
openssl#9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
openssl#10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
openssl#11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
openssl#12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
openssl#13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
openssl#14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
openssl#15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
openssl#16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
openssl#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
openssl#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
openssl#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
openssl#20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
openssl#21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
openssl#22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
openssl#23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
openssl#24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
openssl#25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
openssl#26 0x402afb in testfile fuzz/test-corpus.c:182
openssl#27 0x402656 in main fuzz/test-corpus.c:226
openssl#28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
openssl#29 0x402756 (/home/ed/OPC/openssl/fuzz/x509-test+0x402756)
=================================================================
==12221==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
openssl#2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246
openssl#3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440
openssl#4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
openssl#5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
openssl#6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
openssl#7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
openssl#8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
openssl#9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
openssl#10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
openssl#11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
openssl#12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
openssl#13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
openssl#14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
openssl#15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
openssl#16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
openssl#17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
openssl#18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
openssl#19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
openssl#20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
openssl#21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
openssl#22 0x402afb in testfile fuzz/test-corpus.c:182
openssl#23 0x402656 in main fuzz/test-corpus.c:226
openssl#24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
Indirect leak of 56 byte(s) in 1 object(s) allocated from:
#0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
openssl#2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
openssl#3 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
openssl#4 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
openssl#5 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
openssl#6 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
openssl#7 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
openssl#8 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
openssl#9 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
openssl#10 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
openssl#11 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
openssl#12 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
openssl#13 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
openssl#14 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
openssl#15 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
openssl#16 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
openssl#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
openssl#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
openssl#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
openssl#20 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
openssl#21 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
openssl#22 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
openssl#23 0x402afb in testfile fuzz/test-corpus.c:182
openssl#24 0x402656 in main fuzz/test-corpus.c:226
openssl#25 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s).
Reviewed-by: Tomas Mraz <[email protected]>
Reviewed-by: Kurt Roeckx <[email protected]>
(Merged from openssl#18633)
FdaSilvaYY
pushed a commit
that referenced
this pull request
Aug 21, 2022
Running test_tfo_cli under asan yields
==166214==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60700000d57c at pc 0x03ffa004ed86 bp 0x03ffe2977e80 sp 0x03ffe2977668
READ of size 112 at 0x60700000d57c thread T0
#0 0x3ffa004ed85 in memcpy (/lib64/libasan.so.8+0x4ed85)
#1 0x3ff9f3615b7 in BIO_ADDR_dup crypto/bio/bio_addr.c:77
[...]
and fails the test.
Fix this by copying the right structure of the union.
Signed-off-by: Juergen Christ <[email protected]>
Reviewed-by: Todd Short <[email protected]>
Reviewed-by: Matt Caswell <[email protected]>
(Merged from openssl#18979)
FdaSilvaYY
pushed a commit
that referenced
this pull request
Aug 21, 2022
Running bio_tfo_test under asan yields
==172342==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 380 byte(s) in 5 object(s) allocated from:
#0 0x3ff89bba251 in malloc (/lib64/libasan.so.8+0xba251)
#1 0x3ff88cf9fd5 in gaih_inet.constprop.0 (/lib64/libc.so.6+0xf9fd5)
openssl#2 0x3ff88cfaf6f in getaddrinfo (/lib64/libc.so.6+0xfaf6f)
openssl#3 0x3ff89ba52a9 in __interceptor_getaddrinfo.part.0 (/lib64/libasan.so.8+0xa52a9)
openssl#4 0x1004909 in test_fd_tfo test/bio_tfo_test.c:241
[...]
and fails the test.
Fix this by freeing the return addrinfo on exit.
Signed-off-by: Juergen Christ <[email protected]>
Reviewed-by: Todd Short <[email protected]>
Reviewed-by: Matt Caswell <[email protected]>
(Merged from openssl#18979)
FdaSilvaYY
pushed a commit
that referenced
this pull request
Nov 19, 2022
Leak sanitizer reports following leak for ssl-test-new subtest
4-tlsv1_2-both-compress:
==335733==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 17728 byte(s) in 1 object(s) allocated from:
#0 0x3ff9fbba251 in malloc (/usr/lib64/libasan.so.8+0xba251)
#1 0x3ff9f71744f in tls_do_uncompress ssl/record/methods/tls_common.c:868
openssl#2 0x3ff9f7175bd in tls_default_post_process_record ssl/record/methods/tls_common.c:896
openssl#3 0x3ff9f715ee7 in tls_get_more_records ssl/record/methods/tls_common.c:773
openssl#4 0x3ff9f712209 in tls_read_record ssl/record/methods/tls_common.c:958
openssl#5 0x3ff9f6ef73f in ssl3_read_bytes ssl/record/rec_layer_s3.c:1235
openssl#6 0x3ff9f776165 in tls_get_message_header ssl/statem/statem_lib.c:1198
openssl#7 0x3ff9f74709b in read_state_machine ssl/statem/statem.c:624
openssl#8 0x3ff9f74709b in state_machine ssl/statem/statem.c:478
openssl#9 0x3ff9f662e61 in SSL_do_handshake ssl/ssl_lib.c:4430
openssl#10 0x100c55d in do_handshake_step test/helpers/handshake.c:775
openssl#11 0x100c55d in do_connect_step test/helpers/handshake.c:1134
openssl#12 0x100e85b in do_handshake_internal test/helpers/handshake.c:1544
openssl#13 0x1011715 in do_handshake test/helpers/handshake.c:1738
openssl#14 0x101d1a7 in test_handshake test/ssl_test.c:543
openssl#15 0x1027875 in run_tests test/testutil/driver.c:370
openssl#16 0x1008393 in main test/testutil/main.c:30
openssl#17 0x3ff9cc2b871 in __libc_start_call_main (/usr/lib64/libc.so.6+0x2b871)
openssl#18 0x3ff9cc2b94f in __libc_start_main_alias_2 (/usr/lib64/libc.so.6+0x2b94f)
openssl#19 0x100864f (/code/openssl/test/ssl_test+0x100864f)
Direct leak of 17728 byte(s) in 1 object(s) allocated from:
#0 0x3ff9fbba251 in malloc (/usr/lib64/libasan.so.8+0xba251)
#1 0x3ff9f71744f in tls_do_uncompress ssl/record/methods/tls_common.c:868
openssl#2 0x3ff9f7175bd in tls_default_post_process_record ssl/record/methods/tls_common.c:896
openssl#3 0x3ff9f715ee7 in tls_get_more_records ssl/record/methods/tls_common.c:773
openssl#4 0x3ff9f712209 in tls_read_record ssl/record/methods/tls_common.c:958
openssl#5 0x3ff9f6ef73f in ssl3_read_bytes ssl/record/rec_layer_s3.c:1235
openssl#6 0x3ff9f776165 in tls_get_message_header ssl/statem/statem_lib.c:1198
openssl#7 0x3ff9f74709b in read_state_machine ssl/statem/statem.c:624
openssl#8 0x3ff9f74709b in state_machine ssl/statem/statem.c:478
openssl#9 0x3ff9f662e61 in SSL_do_handshake ssl/ssl_lib.c:4430
openssl#10 0x100c55d in do_handshake_step test/helpers/handshake.c:775
openssl#11 0x100c55d in do_connect_step test/helpers/handshake.c:1134
openssl#12 0x1010b09 in do_handshake_internal test/helpers/handshake.c:1550
openssl#13 0x1011715 in do_handshake test/helpers/handshake.c:1738
openssl#14 0x101d1a7 in test_handshake test/ssl_test.c:543
openssl#15 0x1027875 in run_tests test/testutil/driver.c:370
openssl#16 0x1008393 in main test/testutil/main.c:30
openssl#17 0x3ff9cc2b871 in __libc_start_call_main (/usr/lib64/libc.so.6+0x2b871)
openssl#18 0x3ff9cc2b94f in __libc_start_main_alias_2 (/usr/lib64/libc.so.6+0x2b94f)
openssl#19 0x100864f (/code/openssl/test/ssl_test+0x100864f)
SUMMARY: AddressSanitizer: 35456 byte(s) leaked in 2 allocation(s).
Fix this by freeing the SSL3_RECORD structure inside the OSSL_RECORD_LAYER.
Signed-off-by: Juergen Christ <[email protected]>
Reviewed-by: Matt Caswell <[email protected]>
Reviewed-by: Tomas Mraz <[email protected]>
(Merged from openssl#19030)
FdaSilvaYY
pushed a commit
that referenced
this pull request
Nov 19, 2022
While POSIX threads are cancellable and may be asynchronously cancelled, their cancellation is not guaranteed by the POSIX standard. test_thread_noreturn, which simulates a long-running possibly unresponsive thread: THREAD #1 THREAD openssl#2 LOCK L1 SPAWN openssl#2 LOCK L1 On MacOS, cancelling such thread only queues cancellation request, but the following pthread_join hangs. Replace this implementation by an unbounded sequence of sleeps instead. Signed-off-by: Čestmír Kalina <[email protected]> Reviewed-by: Hugo Landau <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#19433)
FdaSilvaYY
pushed a commit
that referenced
this pull request
Jan 16, 2023
FIPS 186-4 section 5 "The RSA Digital Signature Algorithm", subsection 5.5 "PKCS #1" says: "For RSASSA-PSS […] the length (in bytes) of the salt (sLen) shall satisfy 0 <= sLen <= hLen, where hLen is the length of the hash function output block (in bytes)." Introduce a new option RSA_PSS_SALTLEN_AUTO_DIGEST_MAX and make it the default. The new value will behave like RSA_PSS_SALTLEN_AUTO, but will not use more than the digest length when signing, so that FIPS 186-4 is not violated. This value has two advantages when compared with RSA_PSS_SALTLEN_DIGEST: (1) It will continue to do auto-detection when verifying signatures for maximum compatibility, where RSA_PSS_SALTLEN_DIGEST would fail for other digest sizes. (2) It will work for combinations where the maximum salt length is smaller than the digest size, which typically happens with large digest sizes (e.g., SHA-512) and small RSA keys. J.-S. Coron shows in "Optimal Security Proofs for PSS and Other Signature Schemes. Advances in Cryptology – Eurocrypt 2002, volume 2332 of Lecture Notes in Computer Science, pp. 272 – 287. Springer Verlag, 2002." that longer salts than the output size of modern hash functions do not increase security: "For example,for an application in which at most one billion signatures will be generated, k0 = 30 bits of random salt are actually sufficient to guarantee the same level of security as RSA, and taking a larger salt does not increase the security level." Signed-off-by: Clemens Lang <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#19724)
FdaSilvaYY
pushed a commit
that referenced
this pull request
Aug 6, 2024
The following issue was found in automatic tests with thread sanitizer builds in ClickHouse (which uses OpenSSL 3.2.1) [0]. The first stack [1] does proper locking (function 'x509_store_add', x509_lu.c) but in the second stack [2], function 'get_cert_by_subject_ex' (by_dir.b) forgets to lock when calling 'sk_X509_OBJECT_is_sorted'. [0] ClickHouse/ClickHouse#63049 [1] WARNING: ThreadSanitizer: data race (pid=1870) Write of size 4 at 0x7b08003d6810 by thread T552 (mutexes: write M0, write M1, write M2, write M3): #0 OPENSSL_sk_insert build_docker/./contrib/openssl/crypto/stack/stack.c:280:16 (clickhouse+0x203ad7e4) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #1 OPENSSL_sk_push build_docker/./contrib/openssl/crypto/stack/stack.c:401:12 (clickhouse+0x203ad7e4) openssl#2 x509_store_add build_docker/./contrib/openssl/crypto/x509/x509_lu.c:419:17 (clickhouse+0x203d4a52) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#3 X509_STORE_add_cert build_docker/./contrib/openssl/crypto/x509/x509_lu.c:432:10 (clickhouse+0x203d48a2) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#4 X509_load_cert_file_ex build_docker/./contrib/openssl/crypto/x509/by_file.c:127:18 (clickhouse+0x203b74e6) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#5 get_cert_by_subject_ex build_docker/./contrib/openssl/crypto/x509/by_dir.c:333:22 (clickhouse+0x203b684c) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#6 X509_LOOKUP_by_subject_ex build_docker/./contrib/openssl/crypto/x509/x509_lu.c:105:16 (clickhouse+0x203d46ec) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#7 ossl_x509_store_ctx_get_by_subject build_docker/./contrib/openssl/crypto/x509/x509_lu.c:360:17 (clickhouse+0x203d46ec) openssl#8 X509_STORE_CTX_get1_issuer build_docker/./contrib/openssl/crypto/x509/x509_lu.c:782:10 (clickhouse+0x203d56cb) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#9 get1_trusted_issuer build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3194:10 (clickhouse+0x203db4a9) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#10 build_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3324:40 (clickhouse+0x203db4a9) openssl#11 verify_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:240:15 (clickhouse+0x203dbe27) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#12 x509_verify_x509 build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:358 (clickhouse+0x203d7fd8) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#13 X509_verify_cert build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:293:56 (clickhouse+0x203d8215) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#14 ssl_verify_internal build_docker/./contrib/openssl/ssl/ssl_cert.c:496:13 (clickhouse+0x2019a2a4) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#15 ssl_verify_cert_chain build_docker/./contrib/openssl/ssl/ssl_cert.c:543:12 (clickhouse+0x2019a402) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#16 tls_post_process_server_certificate build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:2072:9 (clickhouse+0x20227658) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#17 ossl_statem_client_post_process_message build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:1159:16 (clickhouse+0x202272ee) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#18 read_state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:712:35 (clickhouse+0x2021e96d) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#19 state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:478:21 (clickhouse+0x2021e96d) openssl#20 ossl_statem_connect build_docker/./contrib/openssl/ssl/statem/statem.c:297:12 (clickhouse+0x2021ddce) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#21 SSL_do_handshake build_docker/./contrib/openssl/ssl/ssl_lib.c:4746:19 (clickhouse+0x201a5781) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#22 SSL_connect build_docker/./contrib/openssl/ssl/ssl_lib.c:2208:12 (clickhouse+0x201a5893) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#23 Poco::Net::SecureSocketImpl::connectSSL(bool) build_docker/./base/poco/NetSSL_OpenSSL/src/SecureSocketImpl.cpp:206:11 (clickhouse+0x1d179567) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) [2] Previous read of size 4 at 0x7b08003d6810 by thread T553 (mutexes: write M4, write M5, write M6): #0 OPENSSL_sk_is_sorted build_docker/./contrib/openssl/crypto/stack/stack.c:490:33 (clickhouse+0x203adcff) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #1 get_cert_by_subject_ex build_docker/./contrib/openssl/crypto/x509/by_dir.c:423:10 (clickhouse+0x203b6d8f) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#2 X509_LOOKUP_by_subject_ex build_docker/./contrib/openssl/crypto/x509/x509_lu.c:105:16 (clickhouse+0x203d46ec) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#3 ossl_x509_store_ctx_get_by_subject build_docker/./contrib/openssl/crypto/x509/x509_lu.c:360:17 (clickhouse+0x203d46ec) openssl#4 X509_STORE_CTX_get1_issuer build_docker/./contrib/openssl/crypto/x509/x509_lu.c:782:10 (clickhouse+0x203d56cb) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#5 get1_trusted_issuer build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3194:10 (clickhouse+0x203db4a9) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#6 build_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3324:40 (clickhouse+0x203db4a9) openssl#7 verify_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:240:15 (clickhouse+0x203dbe27) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#8 x509_verify_x509 build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:358 (clickhouse+0x203d7fd8) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#9 X509_verify_cert build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:293:56 (clickhouse+0x203d8215) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#10 ssl_verify_internal build_docker/./contrib/openssl/ssl/ssl_cert.c:496:13 (clickhouse+0x2019a2a4) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#11 ssl_verify_cert_chain build_docker/./contrib/openssl/ssl/ssl_cert.c:543:12 (clickhouse+0x2019a402) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#12 tls_post_process_server_certificate build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:2072:9 (clickhouse+0x20227658) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#13 ossl_statem_client_post_process_message build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:1159:16 (clickhouse+0x202272ee) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#14 read_state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:712:35 (clickhouse+0x2021e96d) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#15 state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:478:21 (clickhouse+0x2021e96d) openssl#16 ossl_statem_connect build_docker/./contrib/openssl/ssl/statem/statem.c:297:12 (clickhouse+0x2021ddce) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#17 SSL_do_handshake build_docker/./contrib/openssl/ssl/ssl_lib.c:4746:19 (clickhouse+0x201a5781) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#18 SSL_connect build_docker/./contrib/openssl/ssl/ssl_lib.c:2208:12 (clickhouse+0x201a5893) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#19 Poco::Net::SecureSocketImpl::connectSSL(bool) build_docker/./base/poco/NetSSL_OpenSSL/src/SecureSocketImpl.cpp:206:11 (clickhouse+0x1d179567) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) CLA: trivial Reviewed-by: Todd Short <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#24295) (cherry picked from commit af75373)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Seen in a Travis log while building CONFIG_OPTS="no-asm --debug --strict-warnings -fno-sanitize-recover -fsanitize=address -fsanitize=undefined enable-crypto-mdebug enable-rc5 enable-md2"