[Openvpn-devel] openvpn segfaults on --management-external-key with ECC certificate

Tue, 02 Jan 2018 18:23:53 -0800 

Hi,

I expected an error message saying only RSA certs are supported for
--management-external-key, but openvpn appears to segfault if a cert
with an ECC key is used with that option.

A stack trace shows it fails in ssl_openssl.c line 1117 when trying to
copy n and e. In fact the call

pub_rsa = EVP_PKEY_get0_RSA(pkey);

before that (line 1104) should have failed and the code does correctly
check its return value. But that call succeeds for some reason.
Instead, RSA_get0_key() returns invalid n and e pointers and passing
those to BN_dup() fails.

This is with openssl 1.0.1 and that could be the problem -- it may not
have EVP_PKEY_get0_RSA() in which case the compatibility interface in
use is probably not smart enough...

Is this a known issue or is it just me?

Selva

P.S.

FWIW, here is where it blows up: master built with --disable-lzo and CLFAGS = -g

#0  0x00007ffff73fdc49 in BN_copy () from
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0
#1  0x00007ffff73fdd46 in BN_dup () from
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0
#2  0x0000000000488932 in tls_ctx_use_external_private_key
(ctx=0x7fffffffded0, cert_file=0x70faa8 "sansel-ecc.crt",
    cert_file_inline=0x0) at ssl_openssl.c:1117
#3  0x000000000047e88d in init_ssl (options=0x7fffffffd730,
new_ctx=0x7fffffffded0) at ssl.c:658
#4  0x00000000004240e4 in do_init_crypto_tls_c1 (c=0x7fffffffd730) at
init.c:2514
#5  0x00000000004244ce in do_init_crypto_tls (c=0x7fffffffd730,
flags=3) at init.c:2617
#6  0x0000000000424f64 in do_init_crypto (c=0x7fffffffd730, flags=3)
at init.c:2866
#7  0x00000000004271a8 in init_instance (c=0x7fffffffd730,
env=0x707c90, flags=4) at init.c:4083
#8  0x0000000000426d6f in init_instance_handle_signals
(c=0x7fffffffd730, env=0x707c90, flags=4) at init.c:3894
#9  0x00000000004445bc in tunnel_point_to_point (c=0x7fffffffd730) at
openvpn.c:91
#10 0x00000000004449c4 in openvpn_main (argc=3, argv=0x7fffffffe618)
at openvpn.c:305
#11 0x0000000000444ac8 in main (argc=3, argv=0x7fffffffe618) at openvpn.c:388

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to