Fix hang on Windows in x509 policy code by paulidale · Pull Request #19652 · openssl/openssl

paulidale · 2022-11-10T22:43:34Z

This reverts commit 9aa4be6.

Fixes #19643

t8m · 2022-11-11T08:36:40Z

A test will probably work only in tsan or on Windows. But yeah, it would be useful.

crypto/x509/pcy_map.c

paulidale · 2022-11-13T23:35:06Z

Testcase added.

I suspect getting the test/pkits-test.pl script running as a unit test would be better. I've raised this as #19663.

t8m

Please amend the first commit message because the commit is no longer just revert but it completely drops the unnecessary ex_flags setting.

mattcaswell · 2022-11-14T09:56:56Z

Are there licence and/or CLA issues with just including the PKITS test data in our codebase?

paulidale · 2022-11-14T10:21:27Z

They come from NIST which generally mean fair game to use. We've a lot of other NIST test cases already.

mattcaswell · 2022-11-14T10:40:36Z

They come from NIST which generally mean fair game to use.

We should check this with OMC.

test/recipes/90-test_threads.t

mattcaswell · 2022-11-30T08:31:40Z

OMC: Inclusion of this test data is ok to proceed.

t-j-h · 2022-11-30T08:32:49Z

FYI https://csrc.nist.gov/projects/pki-testing is the web page from which the test data is located.

Proposing moving the test to test_cms recipe

t8m · 2022-11-30T09:22:32Z

@paulidale could you please move the testcase to test_cms recipe? It does not look to me it should be in test_threads as it does not really spawn any threads.

This reverts commit 9aa4be6 and removed the redundant flag setting. Fixes openssl#19643 Fixes LOW CVE-2022-3996

paulidale · 2022-12-04T23:00:52Z

Relocated.

test/recipes/90-test_threads.t

t8m · 2022-12-07T08:32:50Z

ping for second review

beldmit

LGTM

FdaSilvaYY · 2022-12-07T11:06:21Z

crypto/x509/pcy_map.c

    ret = 1;
 bad_mapping:
-    if (ret == -1 && CRYPTO_THREAD_write_lock(x->lock)) {
-        x->ex_flags |= EXFLAG_INVALID_POLICY;


This line of code was presented in original code version, no ?
The version before the reverted commit ?

Yes, but it is useless. The caller will set the flag instead.

openssl-machine · 2022-12-08T09:00:26Z

This pull request is ready to merge

This reverts commit 9aa4be6 and removed the redundant flag setting. Fixes #19643 Fixes LOW CVE-2022-3996 Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #19652)

Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #19652)

This reverts commit 9aa4be6 and removed the redundant flag setting. Fixes #19643 Fixes LOW CVE-2022-3996 Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #19652) (cherry picked from commit 4d0340a)

Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #19652) (cherry picked from commit 61203c2)

t8m · 2022-12-08T10:14:30Z

Merged to master, 3.1, and 3.0 branches. Thank you.

This reverts commit 9aa4be6 and removed the redundant flag setting. Fixes #19643 Fixes LOW CVE-2022-3996 Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #19652) (cherry picked from commit 4d0340a)

Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #19652) (cherry picked from commit 61203c2)

This reverts commit 9aa4be6 and removed the redundant flag setting. Fixes openssl#19643 Fixes LOW CVE-2022-3996 Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#19652)

Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#19652)

This reverts commit 9aa4be691f5c73eb3c68606d824c104550c053f7 and removed the redundant flag setting. Fixes #19643 Fixes LOW CVE-2022-3996 Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl/openssl#19652) (cherry picked from commit 4d0340a6d2f327700a059f0b8f954d6160f8eef5) Gbp-Pq: Name x509-fix-double-locking-problem.patch

This reverts commit 9aa4be691f5c73eb3c68606d824c104550c053f7 and removed the redundant flag setting. Fixes #19643 Fixes LOW CVE-2022-3996 Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl/openssl#19652) (cherry picked from commit 4d0340a6d2f327700a059f0b8f954d6160f8eef5) Signed-off-by: code4lala <[email protected]> Change-Id: I1013e00e8fe7c7975cf8e6dd4db380f37179660d

paulidale added branch: master Applies to master branch approval: review pending This pull request needs review by a committer approval: otc review pending branch: 3.0 Applies to openssl-3.0 branch branch: 3.1 Applies to openssl-3.1 (EOL) labels Nov 10, 2022

paulidale self-assigned this Nov 10, 2022

kroeckx added the hold: needs tests The PR needs tests to be added to it label Nov 10, 2022

t8m added the triaged: bug The issue/pr is/fixes a bug label Nov 11, 2022

mattcaswell reviewed Nov 11, 2022

View reviewed changes

crypto/x509/pcy_map.c Outdated Show resolved Hide resolved

paulidale added tests: present The PR has suitable tests present and removed hold: needs tests The PR needs tests to be added to it labels Nov 14, 2022

t8m previously approved these changes Nov 14, 2022

View reviewed changes

t8m removed the approval: otc review pending label Nov 14, 2022

paulidale force-pushed the fix-19643 branch from ab664b3 to c8be1d2 Compare November 14, 2022 10:17

mattcaswell added the hold: need omc decision label Nov 14, 2022

t8m reviewed Nov 28, 2022

View reviewed changes

test/recipes/90-test_threads.t Outdated Show resolved Hide resolved

mattcaswell removed the hold: need omc decision label Nov 30, 2022

t8m removed the approval: review pending This pull request needs review by a committer label Nov 30, 2022

paulidale force-pushed the fix-19643 branch from c8be1d2 to 472bafb Compare November 30, 2022 08:45

paulidale added 2 commits December 5, 2022 09:59

x509: fix double locking problem

e056178

This reverts commit 9aa4be6 and removed the redundant flag setting. Fixes openssl#19643 Fixes LOW CVE-2022-3996

test: add test case for deadlock reported in openssl#19643

b760ea3

fixup! test: add test case for deadlock reported in openssl#19643

14f413b

paulidale force-pushed the fix-19643 branch from 472bafb to 14f413b Compare December 4, 2022 23:00

t8m reviewed Dec 5, 2022

View reviewed changes

test/recipes/90-test_threads.t Outdated Show resolved Hide resolved

fixup! fixup! test: add test case for deadlock reported in openssl#19643

dab4fee

t8m approved these changes Dec 7, 2022

View reviewed changes

t8m added the approval: review pending This pull request needs review by a committer label Dec 7, 2022

beldmit approved these changes Dec 7, 2022

View reviewed changes

beldmit added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels Dec 7, 2022

FdaSilvaYY reviewed Dec 7, 2022

View reviewed changes

openssl-machine added approval: ready to merge The 24 hour grace period has passed, ready to merge and removed approval: done This pull request has the required number of approvals labels Dec 8, 2022

openssl-machine pushed a commit that referenced this pull request Dec 8, 2022

test: add test case for deadlock reported in #19643

61203c2

Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #19652)

openssl-machine pushed a commit that referenced this pull request Dec 8, 2022

test: add test case for deadlock reported in #19643

d2cdcb6

Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #19652) (cherry picked from commit 61203c2)

t8m closed this Dec 8, 2022

openssl-machine pushed a commit that referenced this pull request Dec 8, 2022

test: add test case for deadlock reported in #19643

6fbbb53

Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #19652) (cherry picked from commit 61203c2)

paulidale deleted the fix-19643 branch December 8, 2022 22:25

mattcaswell mentioned this pull request Dec 15, 2022

Fix BIO_f_cipher flushing and other BIO related fixes #19918

Closed

beldmit pushed a commit to beldmit/openssl that referenced this pull request Dec 26, 2022

test: add test case for deadlock reported in openssl#19643

2f2cca9

Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#19652)

Uh oh!

Conversation

paulidale commented Nov 10, 2022

Uh oh!

t8m commented Nov 11, 2022

Uh oh!

Uh oh!

paulidale commented Nov 13, 2022

Uh oh!

t8m left a comment

Choose a reason for hiding this comment

Uh oh!

mattcaswell commented Nov 14, 2022

Uh oh!

paulidale commented Nov 14, 2022

Uh oh!

mattcaswell commented Nov 14, 2022

Uh oh!

Uh oh!

mattcaswell commented Nov 30, 2022

Uh oh!

t-j-h commented Nov 30, 2022

Uh oh!

t8m commented Nov 30, 2022

Uh oh!

paulidale commented Dec 4, 2022

Uh oh!

Uh oh!

t8m commented Dec 7, 2022

Uh oh!

beldmit left a comment

Choose a reason for hiding this comment

Uh oh!

FdaSilvaYY Dec 7, 2022

Choose a reason for hiding this comment

Uh oh!

t8m Dec 7, 2022

Choose a reason for hiding this comment

Uh oh!

openssl-machine commented Dec 8, 2022

Uh oh!

t8m commented Dec 8, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

8 participants