There were some openssl DTLS bugs that MAtt found and fixed, and the last word
in this ticket was that there were Asterisk bugs causing memory corruption.
Closing ticket.
___
openssl-dev mailing list
To unsubscribe:
i found that Asterisk do corruption in SSL. I will fix it and replay to you
2014-12-25 5:58 GMT+03:00 Вячеслав Бадалян v.badal...@open-bs.ru:
New place crash
(gdb) bt
#0 0x0037c9e32625 in raise (sig=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1 0x0037c9e33e05 in abort ()
New place crash
(gdb) bt
#0 0x0037c9e32625 in raise (sig=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1 0x0037c9e33e05 in abort () at abort.c:92
#2 0x003dbac69e3f in OpenSSLDie (file=value optimized out,
line=value optimized out, assertion=value optimized out) at
On Thu Dec 18 04:54:57 2014, v.badal...@open-bs.ru wrote:
Thanks! Great!
6000 calls. No crashes or leaks only messages like this in
asterisk
[2014-12-18 04:59:20] ERROR[31074][C-13d4] res_rtp_asterisk.c:
DTLS
failure occurred on RTP instance '0x298c1d68' due to reason 'digest
check
Thanks! Great!
6000 calls. No crashes or leaks only messages like this in asterisk
[2014-12-18 04:59:20] ERROR[31074][C-13d4] res_rtp_asterisk.c: DTLS
failure occurred on RTP instance '0x298c1d68' due to reason 'digest check
failed', terminating
[2014-12-18 04:59:28]
On Mon Dec 15 13:39:43 2014, v.badal...@open-bs.ru wrote:
Got assert
d1_both.c(296): OpenSSL internal error, assertion failed: s-init_num ==
(int)s-d1-w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH
To confirm: you did retain your change to check the return value from
dtls1_output_cert_chain?
The
Hello. We got openssl assert on header len... sorry i can't send it to you
becouse i delete screen log :(
2014-12-14 4:07 GMT+03:00 Вячеслав Бадалян v.badal...@open-bs.ru:
We got openssl assert.
13 дек. 2014 г. 17:49 пользователь Вячеслав Бадалян
v.badal...@open-bs.ru написал:
Thanks!
I
On vagrind we got this
==48882== Thread 40:
==48882== Invalid write of size 8
==48882==at 0x4A0B4BC: memset (vg_replace_strmem.c:1094)
==48882==by 0x34354DAB63: BUF_MEM_grow_clean (buffer.c:152)
==48882==by 0x34354DC512: mem_write (bss_mem.c:189)
==48882==by 0x34354DB746:
Got assert
d1_both.c(296): OpenSSL internal error, assertion failed: s-init_num ==
(int)s-d1-w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH
2014-12-15 15:19 GMT+03:00 Вячеслав Бадалян v.badal...@open-bs.ru:
On vagrind we got this
==48882== Thread 40:
==48882== Invalid write of size 8
==48882==
Thanks!
I apply patch and run test robot. On monday will send to you results.
2014-12-12 19:13 GMT+03:00 Matt Caswell via RT r...@openssl.org:
On Wed Dec 10 10:08:48 2014, v.badal...@open-bs.ru wrote:
Also valgrind output
==17767== Thread 37:
==17767== Source and
destination overlap
On Wed Dec 10 09:18:57 2014, v.badal...@open-bs.ru wrote:
Looks like need add some check to return code len
I agree. Co-incidentally I already have a very similar fix for the same defect
going through the review process.
Matt
___
openssl-dev
On Wed Dec 10 10:08:48 2014, v.badal...@open-bs.ru wrote:
Also valgrind output
==17767== Thread 37:
==17767== Source and
destination overlap in memcpy(0x253bfcbd, 0x7e9c51b,
4294967209)
This is interesting. That equates to -87. I think there is a
signed/unsigned conversion issue
Sorry. Line 1244 is
OPENSSL_assert(s-d1-w_msg_hdr.msg_len +
DTLS1_HM_HEADER_LENGTH == (unsigned
int)s-init_num);
2014-12-10 11:05 GMT+03:00 Вячеслав Бадалян v.badal...@open-bs.ru:
(gdb) p s-d1-w_msg_hdr.msg_len
$2 = 0
(gdb) p s-init_num
$3 = 0
Looks like need add some check to return code len
2014-12-10 11:06 GMT+03:00 Вячеслав Бадалян v.badal...@open-bs.ru:
Sorry. Line 1244 is
OPENSSL_assert(s-d1-w_msg_hdr.msg_len +
DTLS1_HM_HEADER_LENGTH == (unsigned
int)s-init_num);
2014-12-10
Hello. I begin test you patch. I attach to mail patched version of you
patch wthat may clear added current SRPM of Centos 6
2014-12-03 5:16 GMT+03:00 Вячеслав Бадалян v.badal...@open-bs.ru:
Thanks! I need time to test it... i will try answer at this week
2014-12-02 19:37 GMT+03:00 Matt
After add check get crash
2014-12-10 11:18 GMT+03:00 Вячеслав Бадалян v.badal...@open-bs.ru:
Looks like need add some check to return code len
2014-12-10 11:06 GMT+03:00 Вячеслав Бадалян v.badal...@open-bs.ru:
Sorry. Line 1244 is
OPENSSL_assert(s-d1-w_msg_hdr.msg_len +
(gdb) p s-d1-w_msg_hdr.msg_len
$2 = 0
(gdb) p s-init_num
$3 = 0
2014-12-10 10:59 GMT+03:00 Вячеслав Бадалян v.badal...@open-bs.ru:
Get again ASSERT in d1_both.c:1244
OPENSSL_assert(s-d1-w_msg_hdr.msg_len +
((s-version==DTLS1_VERSION)?DTLS1_CCS_HEADER_LENGTH:3) == (unsigned
Get again ASSERT in d1_both.c:1244
OPENSSL_assert(s-d1-w_msg_hdr.msg_len +
((s-version==DTLS1_VERSION)?DTLS1_CCS_HEADER_LENGTH:3) == (unsigned
int)s-init_num);
}
2014-12-10 6:32 GMT+03:00 Вячеслав Бадалян v.badal...@open-bs.ru:
Hello. I begin test you
Also valgrind output
==17767== Thread 37:
==17767== Source and destination overlap in memcpy(0x253bfcbd, 0x7e9c51b,
4294967209)
==17767==at 0x4A09A48: memcpy (vg_replace_strmem.c:916)
==17767==by 0x4E5A2B6: do_dtls1_write (d1_pkt.c:1592)
==17767==by 0x4E5DA69: dtls1_do_write
if you send patch i can add it to SRPM build and try results
2014-12-02 19:02 GMT+03:00 Matt Caswell via RT r...@openssl.org:
On Sun Nov 30 01:34:37 2014, matt wrote:
On Fri Nov 28 17:40:59 2014, v.badal...@open-bs.ru wrote:
Full backtrace
Thanks! That's a big help. I have managed to
On Tue Dec 02 17:31:05 2014, v.badal...@open-bs.ru wrote:
if you send patch i can add it to SRPM build and try results
The patch is attached. However you may have problems with this approach. I have
built the patch for 1.0.1e (which is the version you originally said you were
running). However
Thanks! I need time to test it... i will try answer at this week
2014-12-02 19:37 GMT+03:00 Matt Caswell via RT r...@openssl.org:
On Tue Dec 02 17:31:05 2014, v.badal...@open-bs.ru wrote:
if you send patch i can add it to SRPM build and try results
The patch is attached. However you may
Hmm try add ENV... valgrind is clear but asterisk crash with
d1_both.c(332): OpenSSL internal error, assertion failed: len =
DTLS1_HM_HEADER_LENGTH
2014-11-24 20:06 GMT+03:00 Matt Caswell via RT r...@openssl.org:
On Sat Nov 22 13:19:13 2014, v.badal...@open-bs.ru wrote:
Find this:
Full backtrace
2014-11-28 19:26 GMT+03:00 Вячеслав Бадалян v.badal...@open-bs.ru:
Hmm try add ENV... valgrind is clear but asterisk crash with
d1_both.c(332): OpenSSL internal error, assertion failed: len =
DTLS1_HM_HEADER_LENGTH
2014-11-24 20:06 GMT+03:00 Matt Caswell via RT
On Sat Nov 22 13:19:13 2014, v.badal...@open-bs.ru wrote:
Find this:
https://bugzilla.redhat.com/show_bug.cgi?format=multipleid=987158
http://openssl.6102.n7.nabble.com/AES-cbc-encrypt-amp-aesni-cbc-
encrypt-length-parameter-td52370.html
We fix all leaks in asteris and libsrtp many calls have one leak path
==44910== Use of uninitialised value of size 8
==44910==at 0x4A08DEF: memcpy (mc_replace_strmem.c:882)
==44910==by 0x38E3EFD266: c2i_ASN1_INTEGER (string3.h:52)
==44910==by 0x38E3F08823: asn1_ex_c2i
Find this:
https://bugzilla.redhat.com/show_bug.cgi?format=multipleid=987158
http://openssl.6102.n7.nabble.com/AES-cbc-encrypt-amp-aesni-cbc-encrypt-length-parameter-td52370.html
http://www.hardening-consulting.com/en/posts/20140512openssl-and-valgrind.html
2014-11-22 15:09 GMT+03:00 Вячеслав
That link just asks me to log in?
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
On Thu Nov 06 10:38:23 2014, v.badal...@open-bs.ru wrote:
HI all
CentOS x86_64 release 6.6 (Final)
OpenSSL version
OpenSSL 1.0.1e-fips 11 Feb 2013
# rpm -qa | grep openssl
openssl-devel-1.0.1e-30.el6_6.2.x86_64
openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64
openssl-1.0.1e-30.el6_6.2.x86_64
HI all
CentOS x86_64 release 6.6 (Final)
OpenSSL version
OpenSSL 1.0.1e-fips 11 Feb 2013
# rpm -qa | grep openssl
openssl-devel-1.0.1e-30.el6_6.2.x86_64
openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64
openssl-1.0.1e-30.el6_6.2.x86_64
Please look to
30 matches
Mail list logo