Please ignore. Turned out another library I was linking against had a function called MD5_Final and the linker was using this one instead of OpenSSL's.

On 6/4/2014 4:12 PM, Brandon W Yuille wrote:


Hi,

I'm getting the following error when using SSL_Connect on a non-blocking
socket. I've included some debug output that shows POLLOUT was set after
the socket successfully connected. SSL_Connect then returns
SSL_ERROR_WANT_READ, so the program waits for a POLLIN to be set at
which point it calls SSL_Connect again and then the error occurs.

It would appear OpenSSL is writing past the 100 Bytes allocated for work
with an HMAC:

_thread: POLLOUT (src/thread.c, line 1005)
_sock_connected: attempting ssl connect... (src/sock.c, line 603)
_sock_connected: SSL_ERROR_WANT_READ (src/sock.c, line 619)
_thread: POLLIN (src/thread.c, line 375)
_sock_connected: attempting ssl connect... (src/sock.c, line 603)
==21614== Thread 14:
==21614== Invalid write of size 4
==21614==    at 0x4C2B4FF: memset (mc_replace_strmem.c:966)
==21614==    by 0x589E372: MD5_Final (md5.c:293)
==21614==    by 0x72BEEED: EVP_DigestFinal_ex (digest.c:272)
==21614==    by 0x723F879: HMAC_Final (hmac.c:174)
==21614==    by 0x723FF56: hmac_signctx (hm_pmeth.c:172)
==21614==    by 0x72CDBF7: EVP_DigestSignFinal (m_sigver.c:147)
==21614==    by 0x67595BE: tls1_PRF.constprop.0 (t1_enc.c:193)
==21614==    by 0x675AFDA: tls1_generate_master_secret (t1_enc.c:1099)
==21614==    by 0x674A155: ssl3_send_client_key_exchange (s3_clnt.c:2300)
==21614==    by 0x674BB82: ssl3_connect (s3_clnt.c:416)
==21614==    by 0x67552A8: ssl23_connect (s23_clnt.c:776)
==21614==    by 0x5888028: _sock_connected (sock.c:604)
==21614==  Address 0x78c8554 is 0 bytes after a block of size 100 alloc'd
==21614==    at 0x4C28BED: malloc (vg_replace_malloc.c:263)
==21614==    by 0x723177F: CRYPTO_malloc (mem.c:308)
==21614==    by 0x72BF340: EVP_MD_CTX_copy_ex (digest.c:323)
==21614==    by 0x723F9CD: HMAC_CTX_copy (hmac.c:200)
==21614==    by 0x7240251: pkey_hmac_copy (hm_pmeth.c:103)
==21614==    by 0x72CC3CE: EVP_PKEY_CTX_dup (pmeth_lib.c:343)
==21614==    by 0x72BF26B: EVP_MD_CTX_copy_ex (digest.c:337)
==21614==    by 0x72CDBD1: EVP_DigestSignFinal (m_sigver.c:144)
==21614==    by 0x67595BE: tls1_PRF.constprop.0 (t1_enc.c:193)
==21614==    by 0x675AFDA: tls1_generate_master_secret (t1_enc.c:1099)
==21614==    by 0x674A155: ssl3_send_client_key_exchange (s3_clnt.c:2300)
==21614==    by 0x674BB82: ssl3_connect (s3_clnt.c:416)
==21614==
==21614== Invalid write of size 4
==21614==    at 0x4C2B4FF: memset (mc_replace_strmem.c:966)
==21614==    by 0x589E372: MD5_Final (md5.c:293)
==21614==    by 0x72BEEED: EVP_DigestFinal_ex (digest.c:272)
==21614==    by 0x723F8E2: HMAC_Final (hmac.c:180)
==21614==    by 0x723FF56: hmac_signctx (hm_pmeth.c:172)
==21614==    by 0x72CDBF7: EVP_DigestSignFinal (m_sigver.c:147)
==21614==    by 0x67595BE: tls1_PRF.constprop.0 (t1_enc.c:193)
==21614==    by 0x675AFDA: tls1_generate_master_secret (t1_enc.c:1099)
==21614==    by 0x674A155: ssl3_send_client_key_exchange (s3_clnt.c:2300)
==21614==    by 0x674BB82: ssl3_connect (s3_clnt.c:416)
==21614==    by 0x67552A8: ssl23_connect (s23_clnt.c:776)
==21614==    by 0x5888028: _sock_connected (sock.c:604)
==21614==  Address 0x78c8554 is 0 bytes after a block of size 100 alloc'd
==21614==    at 0x4C28BED: malloc (vg_replace_malloc.c:263)
==21614==    by 0x723177F: CRYPTO_malloc (mem.c:308)
==21614==    by 0x72BF340: EVP_MD_CTX_copy_ex (digest.c:323)
==21614==    by 0x723F9CD: HMAC_CTX_copy (hmac.c:200)
==21614==    by 0x7240251: pkey_hmac_copy (hm_pmeth.c:103)
==21614==    by 0x72CC3CE: EVP_PKEY_CTX_dup (pmeth_lib.c:343)
==21614==    by 0x72BF26B: EVP_MD_CTX_copy_ex (digest.c:337)
==21614==    by 0x72CDBD1: EVP_DigestSignFinal (m_sigver.c:144)
==21614==    by 0x67595BE: tls1_PRF.constprop.0 (t1_enc.c:193)
==21614==    by 0x675AFDA: tls1_generate_master_secret (t1_enc.c:1099)
==21614==    by 0x674A155: ssl3_send_client_key_exchange (s3_clnt.c:2300)
==21614==    by 0x674BB82: ssl3_connect (s3_clnt.c:416)
==21614==


Here's the openssl version I'm running:

OpenSSL 1.0.1e 11 Feb 2013
built on: Mon May 12 20:22:52 UTC 2014
platform: debian-amd64
options:  bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT
-DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2
-fstack-protector --param=ssp-buffer-size=4 -Wformat
-Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-z,relro
-Wa,--noexecstack -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m
-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM
-DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/lib/ssl"


Thanks for your help,
Brandon



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [email protected]
Automated List Manager                           [email protected]

Reply via email to