[openssl.org #3198] [PATCH] Fix missing NULL pointer checks and memory leaks in crypto/asn1 files
Hi, In attachment you can find 7 patches against git master (generated via git format-patch) to fix a number of memory leaks (in case of failures) and missing NULL pointer checks (generally for malloc results) for source files under crypto/asn1. I've tried to follow the coding conventions of the surrounding code. I have about 50 more similar patches to various other parts of OpenSSL, but I'll wait with submitting them in case you'd like something different about the way I'm grouping/formatting/splitting them. Jonas 0001-SetBlob-free-rgSetBlob-on-error-path.patch Description: Binary data 0002-ASN1_verify-ASN1_item_verify-cleanse-and-free-buf_in.patch Description: Binary data 0003-mime_hdr_new-free-mhdr-tmpname-tmpval-on-error-path.patch Description: Binary data 0004-mime_hdr_addparam-free-tmpname-tmpval-and-mparam-on-.patch Description: Binary data 0005-multi_split-check-for-NULL-when-allocating-parts-and.patch Description: Binary data 0006-asn1_bio_new-free-ctx-on-error-path.patch Description: Binary data 0007-asn1_set_seq_out-free-derlist-and-tmpdat-on-error-pa.patch Description: Binary data
[openssl.org #3199] [BUG] Crash in DTLS renegotiation after packet loss
Hello While testing renegotiations for DTLS-SRTP, found a crash on Windows. OpenSSL version is 1.0.1e, also tested on the latest 1.0.1 snapshot. There were 2 possible stack traces: AddLiveService.dll!EVP_MD_size(const env_md_st * md) Line 273 C AddLiveService.dll!dtls1_do_write(ssl_st * s, int type) Line 275 C AddLiveService.dll!dtls1_retransmit_message(ssl_st * s, unsigned short seq, unsigned long frag_off, int * found) Line 1293 C AddLiveService.dll!dtls1_retransmit_buffered_messages(ssl_st * s) Line 1145 C AddLiveService.dll!dtls1_handle_timeout(ssl_st * s) Line 450 C AddLiveService.dll!dtls1_read_bytes(ssl_st * s, int type, unsigned char * buf, int len, int peek) Line 832 C AddLiveService.dll!dtls1_get_message_fragment(ssl_st * s, int st1, int stn, long max, int * ok) Line 789 C AddLiveService.dll!dtls1_get_message(ssl_st * s, int st1, int stn, int mt, long max, int * ok) Line 436 C AddLiveService.dll!ssl3_get_new_session_ticket(ssl_st * s) Line 2046 C AddLiveService.dll!dtls1_connect(ssl_st * s) Line 631 C AddLiveService.dll!SSL_do_handshake(ssl_st * s) Line 2562 C and msvcr120d.dll!memcpy(unsigned char * dst, unsigned char * src, unsigned long count) Line 188 Unknown dtls_test.exe!dtls1_get_message_fragment(ssl_st * s, int st1, int stn, long max, int * ok) Line 789 C dtls_test.exe!dtls1_get_message(ssl_st * s, int st1, int stn, int mt, long max, int * ok) Line 436 C dtls_test.exe!ssl3_get_new_session_ticket(ssl_st * s) Line 2046 C dtls_test.exe!dtls1_connect(ssl_st * s) Line 631 C dtls_test.exe!SSL_do_handshake(ssl_st * s) Line 2562 C Both are segfaults (access violations). On linux rehandshake doesn't finish at all (failure after 1-2 minutes on timeout). You can find sample c++11 source file to reproduce this issue. In-memory BIO pair is used, client and server in the same process. When no flights are dropped, everything is fine. The sample can be compiled by MSVC 2013 on Windows and g++ 4.7+ (g++ -o dtlstest main.cpp -std=c++11 -lssl -lcrypto -lpthread -g) or clang 3.2+. --- Dmitry Sobinov AddLive.com Live video and voice for your application #include iostream #include string #include mutex #include thread #include condition_variable #include future #include memory #include vector #include deque #include chrono #include algorithm #include functional #include stdint.h #include assert.h #include openssl/ssl.h #include openssl/bio.h #include openssl/err.h #include openssl/x509.h // Can be built in MSVC 2013, // gcc: // g++ -o dtlstest dtlstest.cpp -std=c++11 -lssl -lcrypto -lpthread -g // clang with libc++: // clang++ -o dtlstest dtlstest.cpp -std=c++11 -lssl -lcrypto -lpthread -stdlib=libc++ -lc++abi -g std::chrono::steady_clock::time_point logStartingTime = std::chrono::steady_clock::now(); #define MLOG_D(x) std::cout std::chrono::duration_caststd::chrono::milliseconds(std::chrono::steady_clock::now() - logStartingTime).count() _label x std::endl; #define LOG_E(x) std::cout [ERROR] x std::endl; #define MLOG_E(x) LOG_E(_label x) #ifdef X509_NAME #undef X509_NAME // disable macro from wincrypt.h (included from dtls1.h/winsock.h) #endif struct DtlsIdentity { EVP_PKEY* key; X509* certificate; }; namespace { /** * Helper functions */ unsigned long idFunction(); void opensslLockingFunc(int mode, int n, const char* /*file*/, int /*line*/); void opensslInit(); void opensslCleanup(); EVP_PKEY* generateRsaKeyPair(); X509* generateCertificate(EVP_PKEY* pkey, const char* commonName); DtlsIdentity generateIdentity(); void logOpenSslErrors(const std::string prefix); } typedef std::functionvoid() DispatcherTask; /** * Helper class to serialize all requests and data transmissions in * one separate thread (implementation of ActiveObject pattern). */ class AsyncDispatcher { struct TimedTask { DispatcherTask task; std::chrono::steady_clock::time_point timeToFire; int id; }; public: AsyncDispatcher() { _thread = std::thread([this](){ run(); }); } int push(const DispatcherTask task, std::chrono::milliseconds delay = std::chrono::milliseconds(0)) { std::unique_lockstd::mutex lk(_queueMutex); int id = _idCounter++; _queue.push_back({ task, std::chrono::steady_clock::now() + delay, id }); std::stable_sort(_queue.begin(), _queue.end(), [](const TimedTask t1, const TimedTask t2) - bool { return t1.timeToFire t2.timeToFire; }); lk.unlock(); _condVar.notify_one(); return id; } void stop() { std::unique_lockstd::mutex lk(_queueMutex); _active = false; _queue.clear(); lk.unlock(); _condVar.notify_one(); _thread.join(); } void cancelTimedTask(int id) { std::unique_lockstd::mutex lk(_queueMutex); _queue.erase(std::remove_if(_queue.begin(), _queue.end(),
Re: [openssl.org #3198] [PATCH] Fix missing NULL pointer checks and memory leaks in crypto/asn1 files
On 13 Dec 2013, at 11:54, The default queue via RT wrote: In attachment you can find 7 patches against git master (generated via git format-patch) to fix a number of memory leaks (in case of failures) and missing NULL pointer checks (generally for malloc results) for source files under crypto/asn1. I've tried to follow the coding conventions of the surrounding code. Of course, right before I sent those patches I discovered some more issues, changed the code, rebased/fixed up the previous commits and then forgot to test the result. Please find corrected replacements for patches 0003 and 0004 in the previous series in attachments. Sorry. Jonas 0003-mime_hdr_new-free-mhdr-tmpname-tmpval-on-error-path.patch Description: Binary data 0004-mime_hdr_addparam-free-tmpname-tmpval-and-mparam-on-.patch Description: Binary data
Re: [PATCH] Fix to x509v3_config docs
As I mentioned in the comments I included, a trailing slash, while totally *valid*, causes problems with MS-CAPI. MS-CAPI likes to use HTTP GET for its OCSP requests, and it seems to like to add an extra slash even if it's not needed. I'm not finding anything online documenting this online, but have a look at some certificates from commercial CAs - none of them have trailing slashes. I'll dig up some request logs from my server that show the problem. On Fri, Dec 13, 2013 at 5:20 AM, Martin Hecht he...@hlrs.de wrote: Hi, shouldn't the trailing slash be allowed? In RFC 2560 section 3.1 it reads: The value of the accessLocation field in the subject certificate defines the transport (e.g. HTTP) used to access the OCSP responder and may contain other transport dependent information (e.g. a URL). and in the references (section 6) RFC 1738 is mentioned for [URL], and there, in section 3.3 HTTP it reads: An HTTP URL takes the form: http://host:port/path?searchpart [...] If neither path nor searchpart is present, the / may also be omitted. To my understanding there is nothing wrong, if there is a trailing (single) slash. It is the separator between host with (optional) :port and an empty path value. It MAY be omitted, but it may also be there, right? Please correct me if I am missing something. best regards, Martin On 10.12.2013 01:34, Ryan Castellucci wrote: I've discovered that having a trailing slash in an OCSP URL can cause problems with MS-CAPI. This is a minimal patch to make the example non-broken. I haven't added any additional text to the documentation to explain this because all that was there in the first place was the example. Please let me know if this needs to be more extensively documented. I've CC'd cr...@bis.doc.gov is requested in the readme, however this is a trivial documentation change which doesn't touch any encryption code. diff --git a/doc/apps/x509v3_config.pod b/doc/apps/x509v3_config.pod index 06d8467..8e3d48a 100644 --- a/doc/apps/x509v3_config.pod +++ b/doc/apps/x509v3_config.pod @@ -220,7 +220,7 @@ certain values are meaningful, for example OCSP and caIssuers. Example: - authorityInfoAccess = OCSP;URI:http://ocsp.my.host/ + authorityInfoAccess = OCSP;URI:http://ocsp.my.host authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3200] Crash in OpenSSL 1.0.1e w/TLS 1.2 (under load)
We are seeing a segfault when TLS 1.2 is enabled with OpenSSL 1.0.1e (also with 1.0.1a). We are running Apache Traffic Server on RHEL6 and when we upgraded OpenSSL from 1.0.0 to 1.0.1 we started seeing this issue. I was able to narrow down the issue to TLS 1.2 by disabling TLS 1.2. The crash consistently happens in less than 1 hour when receiving production load (~1000 requests per second) where approx. 15-20% of requests are https. Some more details can be obtained from the traffic server reported bug (https://issues.apache.org/jira/browse/TS-2355). I don't know anything about OpenSSL but did some poking around on the core dump (maybe this will help): [OS-RHEL6 OpenSSL-1.0.1e debug build] Program terminated with signal 11, Segmentation fault. #0 0x2aed38e036b1 in EVP_DigestFinal_ex (ctx=0x2aed482007d0, md=0x2aed48200750 , size=0x2aed48200804) at digest.c:271 271 digest.c: No such file or directory. in digest.c Missing separate debuginfos, use: debuginfo-install expat-2.0.1-11.el6_2.x86_64 glibc-2.12-1.107.el6.x86_64 hwloc-1.5-1.el6.x86_64 libattr-2.4.44-7.el6.x86_64 libcap-2.16-5.5.el6.x86_64 libevent-1.4.13-4.el6.x86_64 libgcc-4.4.7-3.el6.x86_64 libstdc++-4.4.7-3.el6.x86_64 libxml2-2.7.6-12.el6_4.1.x86_64 nss-softokn-freebl-3.12.9-11.el6.x86_64 numactl-2.0.7-6.el6.x86_64 openssl-1.0.0-27.el6.x86_64 pciutils-libs-3.1.10-2.el6.x86_64 pcre-7.8-6.el6.x86_64 tcl-8.5.7-6.el6.x86_64 xz-libs-4.999.9-0.3.beta.20091007git.el6.x86_64 zlib-1.2.3-29.el6.x86_64 (gdb) where #0 0x2aed38e036b1 in EVP_DigestFinal_ex (ctx=0x2aed482007d0, md=0x2aed48200750 , size=0x2aed48200804) at digest.c:271 #1 0x2aed38ab0c0b in tls1_final_finish_mac (s=0x2aedd06d7990, str=0x2aed38ad7869 client finished, slen=15, out=0x2aedd04b0b24 ) at t1_enc.c:926 #2 0x2aed38aa413c in ssl3_do_change_cipher_spec (s=0x2aedd06d7990) at s3_pkt.c:1462 #3 0x2aed38aa3c58 in ssl3_read_bytes (s=0x2aedd06d7990, type=22, buf=0x2aedd0388400 \020, len=4, peek=0) at s3_pkt.c:1306 #4 0x2aed38aa5068 in ssl3_get_message (s=0x2aedd06d7990, st1=8608, stn=8609, mt=-1, max=516, ok=0x2aed48200a9c) at s3_both.c:451 #5 0x2aed38a93ed7 in ssl3_get_cert_verify (s=0x2aedd06d7990) at s3_srvr.c:2924 #6 0x2aed38a8f25c in ssl3_accept (s=0x2aedd06d7990) at s3_srvr.c:677 #7 0x2aed38ac131c in SSL_accept (s=0x2aedd06d7990) at ssl_lib.c:940 #8 0x006710ba in SSLNetVConnection::sslServerHandShakeEvent (this=0x2aedc0129cb0, err=@0x2aed48200d1c) at SSLNetVConnection.cc:488 #9 0x00672977 in SSLNetVConnection::sslStartHandShake (this=0x2aedc0129cb0, event=value optimized out, err=@0x2aed48200d1c) at SSLNetVConnection.cc:470 #10 0x00671bd2 in SSLNetVConnection::net_read_io (this=0x2aedc0129cb0, nh=0x2aed42834bf0, lthread=0x2aed42831010) at SSLNetVConnection.cc:217 #11 0x0067b6b2 in NetHandler::mainNetEvent (this=0x2aed42834bf0, event=value optimized out, e=value optimized out) at UnixNet.cc:386 #12 0x006a314f in handleEvent (this=0x2aed42831010, e=0x113cc70, calling_code=5) at I_Continuation.h:146 #13 EThread::process_event (this=0x2aed42831010, e=0x113cc70, calling_code=5) at UnixEThread.cc:141 #14 0x006a3b33 in EThread::execute (this=0x2aed42831010) at UnixEThread.cc:265 #15 0x006a1fea in spawn_thread_internal (a=0x1349630) at Thread.cc:88 #16 0x2aed3934d851 in start_thread () from /lib64/libpthread.so.0 #17 0x00324f0e890d in clone () from /lib64/libc.so.6 (gdb) f 7 #7 0x2aed38ac131c in SSL_accept (s=0x2aedd06d7990) at ssl_lib.c:940 940 ssl_lib.c: No such file or directory. in ssl_lib.c (gdb) print *s $1 = {version = 769, type = 8192, method = 0x2aed38ce6e00, rbio = 0x2aedd024f760, wbio = 0x2aedd006a7e0, bbio = 0x2aedd006a7e0, rwstate = 1, in_handshake = 1, handshake_func = 0x2aed38a8e41e ssl3_accept, server = 1, new_session = 0, quiet_shutdown = 1, shutdown = 0, state = 8608, rstate = 240, init_buf = 0x2aedd055b2d0, init_msg = 0x2aedd0388404, init_num = 0, init_off = 0, packet = 0x2aee3816fbf3 \024\003\001, packet_length = 0, s2 = 0x0, s3 = 0x2aedd04b0810, d1 = 0x0, read_ahead = 0, msg_callback = 0, msg_callback_arg = 0x0, hit = 0, param = 0x2aedd00060e0, cipher_list = 0x0, cipher_list_by_id = 0x0, mac_flags = 0, enc_read_ctx = 0x2aedd0697ce0, read_hash = 0x2aedd03399a0, expand = 0x0, enc_write_ctx = 0x0, write_hash = 0x0, compress = 0x0, cert = 0x2aedd00e4030, sid_ctx_length = 0, sid_ctx = '\000' repeats 31 times, session = 0x2aedd01cc080, generate_session_id = 0, verify_mode = 0, verify_callback = 0, info_callback = 0, error = 0, error_code = 0, psk_client_callback = 0, psk_server_callback = 0, ctx = 0x1344430, debug = 0, verify_result = 0, ex_data = {sk = 0x2aedd033a6c0, dummy = 0}, client_CA = 0x0, references = 1, options = 21102596, mode = 0, max_cert_list = 102400, first_packet = 0, client_version = 771, max_send_fragment = 16384, tlsext_debug_cb = 0, tlsext_debug_arg = 0x0, tlsext_hostname = 0x0, servername_done = 1,
[openssl.org #3201] EVP_DigestUpdate crashes because of a NULL pointer
Hello, We have encountered a Segmentation Fault while trying to send a SSL packet via Oracle VM agent. The Segmentation Fault occurred when EVP_MD_CTX_copy() failed in tls1_mac(). tls1_mac() doesn't check the return code of EVP_MD_CTX_copy() and keep going, which results in Segmentation Fault at EVP_DigestUpdate(). The following change in tls1_mac() fixes the segfault issue. 1 Index: openssl/ssl/t1_enc.c 2 3 $ diff -ru ssl/t1_enc.c ssl/t1_enc.c 4 --- t1_enc.c.orig Tue Dec 10 15:36:05 2013 5 +++ t1_enc.cWed Dec 11 09:29:02 2013 6 @@ -980,7 +980,10 @@ 7 } 8 else 9 { 10 - EVP_MD_CTX_copy(hmac,hash); 11 + if (EVP_MD_CTX_copy(hmac,hash) != 1) 12 + { 13 + return (0); 14 + } 15 mac_ctx =hmac; 16 } 17 I would greatly appreciate it if the suggest fix gets integrated into the next release of OpenSSL. Best regards, Misaki Miyashita Oracle Solaris Security Senior Software Engineer Austin, TX, US __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org