How to debug ssl library in OpenSSL 1.1.1a? Thanks in advance.

2021-08-13 Thread Ma Zhenhua 
Hi Team,

I modified OpenSSL 1.1.1a ssl library but it seemed that there was some problem.
How can I debug it? Thanks in advance.

Sincerely,
Allen

Re: Hi team, I modified openssl code and make test failed. What should I do with the failed cases. Thx in advance.

2021-08-13 Thread Dr Paul Dale 
I suggest working out why they failed and getting them working again.  
You've broken something with your modifications, you need to understand 
what's broken and why before continuing.



Paul Dale

On 14/8/21 9:56 am, Ma Zhenhua wrote:

Hi team,

I modified openssl code and make test failed. What should I do with 
the failed cases. Thx in advance.


Best regards,
Allen

Hi team, I modified openssl code and make test failed. What should I do with the failed cases. Thx in advance.

2021-08-13 Thread Ma Zhenhua 
Hi team,

I modified openssl code and make test failed. What should I do with the failed 
cases. Thx in advance.

Best regards,
Allen

Openssl 1.1.1 - QNX support removed?

2021-08-13 Thread Mishra, Ankur 
Hi,

At following website it is mentioned that QNX support is removed in 1.1.1 
version of OpenSSL. Anyone know if this is right information and in that case 
what is alternate for it.

OpenSSL - Wikipedia


[cid:image001.png@01D79045.199642A0]

Regards,
Ankur Mishra
Product Cybersecurity
Business and Technology Service (BTS)
Bldg. J-46, Waukegan, IL
O
:  +1 224-668-4939
Email: ankur.k.mis...@abbott.com

This communication may contain information that is proprietary, confidential, 
or exempt from disclosure. If you are not the intended recipient, please note 
that any other dissemination, distribution, use or copying of this 
communication is strictly prohibited. Anyone who receives this message in error 
should notify the sender immediately by telephone or by return e-mail and 
delete it from his or her computer.

Re: Crash seen in OPENSSL_sk_pop_free

2021-08-13 Thread Matt Caswell 




On 13/08/2021 17:31, Bala Duvvuri via openssl-users wrote:

Hi All,

We are using OpenSSl version 1.1.1d in our program and crash is being seen in 
"OPENSSL_sk_pop_free" API, we invoke this API in our certificate verification 
API. Since crash is not seen always, trying to understand from OpenSSL code, when can 
this occur?


My first suspicion would be a double-free, i.e. calling a free routine 
on data that has already been freed. You might like to compile OpenSSL 
and your application with asan (use the enable-asan compile time 
Configure option for OpenSSL) and see if anything shows up.


Matt



Below is the bt of the crash

#0  0x0f31f438 in OPENSSL_sk_pop_free (st=0x1041de20, func=0xf34d5b0 
) at crypto/stack/stack.c:367
 i = 0
#1  0x0f344c74 in sk_X509_pop_free (freefunc=, sk=) at include/openssl/x509.h:99
No locals.
#2  X509_STORE_CTX_cleanup (ctx=ctx@entry=0x1041ba70) at 
crypto/x509/x509_vfy.c:2454
No locals.
#3  0x0f344cf4 in X509_STORE_CTX_free (ctx=ctx@entry=0x1041ba70) at 
crypto/x509/x509_vfy.c:2281
No locals


Below is the OpenSSL API

360 void OPENSSL_sk_pop_free(OPENSSL_STACK *st, OPENSSL_sk_freefunc func)
361 {
362 int i;
363
364 if (st == NULL)
365 return;
366 for (i = 0; i < st->num; i++)
367 if (st->data[i] != NULL)-> Crash seen here
368 func((char *)st->data[i]);
369 OPENSSL_sk_free(st);
370 }

Can someone please help to understand under what conditions this can happen?

We use the below API's during certificate verification:

X509_STORE_new()
X509_STORE_CTX_new()
X509_STORE_set_verify_cb_func
X509_STORE_set_default_paths
X509_STORE_load_locations
X509_STORE_CTX_init
X509_STORE_CTX_set_flags
X509_verify_cert

/* Cleanup. */
FREE_X509_STORE_CTX(pContext);

Thanks
Bala

Crash seen in OPENSSL_sk_pop_free

2021-08-13 Thread Bala Duvvuri via openssl-users 
Hi All,

We are using OpenSSl version 1.1.1d in our program and crash is being seen in 
"OPENSSL_sk_pop_free" API, we invoke this API in our certificate verification 
API. Since crash is not seen always, trying to understand from OpenSSL code, 
when can this occur?

Below is the bt of the crash

#0  0x0f31f438 in OPENSSL_sk_pop_free (st=0x1041de20, func=0xf34d5b0 
) at crypto/stack/stack.c:367
i = 0
#1  0x0f344c74 in sk_X509_pop_free (freefunc=, sk=) at include/openssl/x509.h:99
No locals.
#2  X509_STORE_CTX_cleanup (ctx=ctx@entry=0x1041ba70) at 
crypto/x509/x509_vfy.c:2454
No locals.
#3  0x0f344cf4 in X509_STORE_CTX_free (ctx=ctx@entry=0x1041ba70) at 
crypto/x509/x509_vfy.c:2281
No locals


Below is the OpenSSL API

360 void OPENSSL_sk_pop_free(OPENSSL_STACK *st, OPENSSL_sk_freefunc func)
361 {
362 int i;
363
364 if (st == NULL)
365 return;
366 for (i = 0; i < st->num; i++)
367 if (st->data[i] != NULL)-> Crash seen here
368 func((char *)st->data[i]);
369 OPENSSL_sk_free(st);
370 }

Can someone please help to understand under what conditions this can happen? 

We use the below API's during certificate verification:

X509_STORE_new()
X509_STORE_CTX_new()
X509_STORE_set_verify_cb_func
X509_STORE_set_default_paths
X509_STORE_load_locations
X509_STORE_CTX_init
X509_STORE_CTX_set_flags
X509_verify_cert

/* Cleanup. */
FREE_X509_STORE_CTX(pContext);

Thanks
Bala